August 23, 2010
Google Avoids Liability for Failed Google Search Appliance Installation--Market America v. Google
By Eric Goldman
Market America, Inc. v. Google, Inc., 2010 WL 3156044 (D. Del. Aug. 9, 2010)
This lawsuit comes from an unhappy Google Search Appliance (GSA) customer, Market America, who (like many unhappy systems purchasers) claims that Google and its systems integrator LTech overpromised and underdelivered. Unfortunately for Market America, like so many unhappy customers, it didn't get the necessary promises in writing. As a result, the defendants knock out a chunk of the case.
Market America operates an online mall. I don't exactly understand its value proposition; see if you can figure it out. It wanted a mallwide search functionality that scaled to nearly 100M products. Market America entered into a million dollar contract for GSAs to provide that functionality. The implementation did not go well (with allegedly very long search latencies), and ultimately Market America gave up on the GSA implementation.
The fraud/fraudulent inducement claims are dismissed per Twombly for conclusory allegations about scienter. Even if Market America's allegations about Google's and LTech's performance promises are true, Market America didn't adequately plead that Google or LTech had the requisite scienter to make false promises.
The rescission claim is dismissed because neither Google nor LTech promised a minimum quantified performance standard in their contracts, and the contracts contained standard vendor-favorable risk mitigation clauses. As usual, if buyers really care about a promise made by the vendor, make sure the promise gets into the contract.
Trivia: I had previously blogged about Market America in a jurisdictional matter. Market America has a surprisingly active litigation docket for a mass-market consumer-facing company I haven't heard of otherwise.
Posted by Eric at 11:20 AM | Licensing/Contracts | TrackBack
August 03, 2010
Baidu Can Maintain Negligence Claims Against Register.com for Lax Security Practices Which Allegedly Facilitated Cyber-Attack - Baidu v. Register.com
[Post by Venkat]
Baidu, Inc. v. Register.com, Inc., Case no. 10 Civ. 444 (DC) (S.D.N.Y.) (July 22, 2010).
Background: Baidu registered the
The cyber-attacker gained access to Baidu's account with Register through engaging in an online chat with a Register customer service representative. The representative asked the intruder for Baidu's security verification information. The intruder did not provide the representative with the correct information, "but the [representative] nonetheless emailed a security code to the email address that Baidu had on file." When asked for the security code, the intruder did not provide the correct code (the intruder did not have access to the Baidu email address on file). Notwithstanding the discrepancy in the security codes, at the intruder's request, the representative changed the email address on file (to "antiwahabi2008@gmail.com"). From here, the intruder was easily able to access the account, by utilizing the "forgot password" function.
Discussion: Baidu brought claims for breach of contract, negligence (gross negligence), recklessness, and contributory trademark infringement.
The limitation of liability clause: Register pointed to the limitation of liability clause in its Master Services Agreement. The clause provided that Register would not be held liable for, among other things, "termination . . . or modification of [the Services,] . . . inability to use the Service[s], . . . loss incurred in connection with [the customer's] services," or "any other matter relating to [customer's] use of the Service[s]." The agreement also contained a limitation of liability clause that limited Register's liability at five hundred dollars, and also provided that it was the customer's "responsibility to safeguard the User name, password and any secret question/secret answer . . . from any unauthorized use."
The court held that as a general matter, courts in New York enforce limitations of liability clauses, particularly where these limitations are contained in a contract entered into by "those of equal bargaining power." However, New York courts do not enforce such limitations where they purport to limit liability for willful or grossly negligent acts. This "gross negligence exception" applies even to agreements between sophisticated commercial parties, although the standard for gross negligence is somewhat higher in this context. The court held that the complaint satisfied this standard, in alleging that:
(1) the rep proceeded with processing the intruder's request even though the intruder provided an incorrect response to the security question; (2) the rep didn't even bother to compare the code provided by the intruder with the security code on file; (3) the rep failed to notice the red flags raised by the rep providing the "antiwahabi2008@gmail.com" email address (which was tied to Google, a Baidu competitor); and (4) the rep ultimately provided the intruder with Baidu's user name.
Ultimately, the court found that Register's failure to follow its own security procedures (or any minimal security procedures, for that matter) were sufficient to get Baidu past the gross negligence hurdle. Register also pointed to the provision in the contract that the customer was responsible for maintaining the security of any password/security information and thus Register had no duty to maintain any security procedures with respect to Baidu's account. The court rejects this argument, noting that although Register may not have had any duty to provide any security, once it undertook to do so, it was required to do so in a non-negligent manner:
The attack by the Intruder was reasonably foreseeable - it was precisely because these cyber attacks are foreseeable that the security measures were adopted.
Lanham Act Claim: With respect to the Lanham Act claim, Register argued that it was entitled to immunity as a registrar and in any event Baidu failed to adequately allege the elements for contributory trademark infringement.
The court rejects the registrar immunity argument out of hand (registrars are only entitled to immunity when they act as registrars - i.e., "when [a registrar] accepts registrations for domain names for customers"). However, the court agreed with Register that Baidu failed to allege the elements for contributory trademark infringement. Citing to Inwood Labs., Inc. v. Ives Labs., Inc. (a flea market case) the court notes that contributory liability only attaches where the defendant either intentionally induces infringement or continues to supply products or services to the infringer where the defendant knows or has reason to know that the infringer is engaged in infringement. The court also cites to the Tiffany v. eBay case (discussed by Professor Goldman here).
___
The interesting aspect of this case is the fact that Register's broad contractual protections did not protect it against Baidu's claims. It's unclear as to whether the court's ruling would encompass a situation where someone just plain hacked into Register's system and gained access to Baidu's accounts. I would think not. Disclaimers often insulate service providers (see Duffy v. The Ticketreserve and Grace v. Neeley) but here the facts alleged by Baidu with respect to Register's negligence were pretty egregious. Given the exception in New York law for gross negligence and reckless conduct, I'm not sure any sort of limitation/disclaimer could have saved Register here.
The trademark claims are curious. To be honest, I can't even see where there's basic trademark infringement by the cyber-attacker. The cyber-attacker was not interested in selling any products or services, and the Baidu webpage text clearly stated that the website had been hacked. Moreover, any finding of infringement would have been based on the much-discredited initial interest confusion doctrine. In any event, it's tough to see - given Baidu's allegations of an attack - how Register would have harbored the requisite knowledge to have been able to prevent the infringement.
It's worth noting also that this isn't a typical domain name conversion case (a la sex.com). The case is really about failed security procedures, and the ease of gaining access to an account through social engineering. There's a big lesson in the Register rep's alleged dealings with the cyber-attacker.
Added: This interview with Elisa Cooper by Dancho Danchev ("Hundreds of High Profile Sites Unprotected From Domain Hijacking") looks at the efficacy of using Verisign's "Registry Lock Service." Some interesting bits from the interview:
1. The Registry Lock Service offers protection at the registry-level so even if the registrar account is compromised, the attacker will not be unable to update any domain settings.
2. Elisa notes that DNS hijacking may only amount to a PR/brand hit unless the website is collecting information or conducting transactions.
3. "[D]omains that are registered by large retail registrars are . . . highly vulnerable to social engineering attacks." [That's exactly what happened in the Baidu case.]
Of course, the registrar does not have an obligation to implement the additional security measures that are mentioned in the interview. It would be up to the registrant to do so.
Posted by Venkat at 11:54 AM | Domain Names , Licensing/Contracts , Privacy/Security , Trademark
July 28, 2010
E-SIGN Prevents Enforcement of Emailed Contract Terms--Buckles v. Investordigs
Buckles Management, LLC v. Investordigs, LLC, No. 10-cv-00508-LTB-BNB (D. Colo. July 23, 2010).
It has been about 10 years now since Congress adopted the federal Electronic Signatures in Global and National Commerce Act (commonly known as “E-Sign”). Cases interpreting E-Sign have been relatively rare. A Colorado federal court judge last week purported to decide whether an e-mail could constitute an enforceable contract under E-Sign, and concluded that the e-mail in question could not be enforced as a contract. Unfortunately, the Court (and the parties briefing the motion) did not realize that this was not an E-Sign case. The Court should have analyzed the case under the Colorado Uniform Electronic Transactions Act. Had it done so, the result may have been different.
Background
The case involves a failed business relationship that is all too typical. An investor provides money, consulting services, and commercial space to a struggling company, without any legal documents to evidence such terms as whether the transaction is a loan or an investment, etc... When the business relationship falls apart, the parties meet to discuss how to end their relationship. After the meeting, a few e-mails are circulated to memorialize the terms discussed. Attorneys are asked to draft documents, but nothing is ever signed; and the parties disagree as to whether or not there was a final agreement.
The investors filed a lawsuit, asserting claims for enforcement of the purported settlement agreement, breach of loan, breach of a lease agreement, unjust enrichment and accounting. In response, the company and individual defendants asserted counterclaims for breach of contract, unjust enrichment, negligent misrepresentation, breach of fiduciary duty and fraud and false misrepresentation.
Decision
The decision in question arises from defendants’ Motion for Summary Judgment, where they maintain that the Colorado Statute of Frauds, which provides that any agreement not to be performed within one year must be in writing and subscribed by the party to be charged, renders the settlement agreement unenforceable. In response, the plaintiffs argued that the parties exchanged a writing that contained the material terms of the agreement sufficient to satisfy the Statute of Frauds. Specifically, the plaintiffs relied on an e-mail, containing a list of the purported agreed-upon settlement terms, sent from the e-mail account of one defendant (who was a principal of the corporate defendant) to another employee at the company, who in turn forwarded the e-mail to four or five other people (including one of the plaintiffs) with the message “thanks to everyone for participating today.”
The court’s basic framework for analyzing the issue seems correct:
• May an e-mail exchange satisfy the Colorado Statute of Frauds writing requirement?
• If so, does this particular e-mail constitute a “writing subscribed by the party to be charged” within the meaning of the Colorado Statute of Frauds?
• If so, does this e-mail adequately describe the terms of an enforceable contract?
The court embarked on a discussion as to whether the e-mail satisfied the Colorado Statute of Frauds. Initially, the court got the analysis right, and concluded that under Colorado law, an e-mail exchange may satisfy the “writing” requirement of the Statute of Frauds.
With respect to whether the e-mail constituted a writing “subscribed by the party to be charged” under the Colorado Statute of Frauds, here the court got off track, with the help of counsel for the parties. The plaintiffs argued that the e-mail contained an “electronic signature” under E-Sign. Section 106(5) of E-Sign defines an “electronic signature” as “an electronic sound, symbol or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” The defendants argued that E-Sign did not apply because the settlement agreement did not affect interstate or foreign commerce. The court concluded that E-Sign did apply, but that the e-mail was actually sent by an administrative employee who did not have authority to bind either the corporate defendant or its individual principal. As a result, the court concluded that the signature was not “executed or adopted by [the principal of the defendant] with the intent to sign the record,” so it was not a proper electronic signature under E-Sign. The court concluded that if there was no proper "electronic signature," then the e-mail was not “subscribed by the party to be charged” under the Colorado Statute of Frauds.
Analysis
Unfortunately, the court and the parties missed the fact that the case is governed by the Colorado Uniform Electronic Transactions Act (“UETA”), not the E-Sign Act. E-Sign has a peculiar “reverse preemption.” Those who have been around long enough recall that in the late 1990's states were adopting electronic transaction laws, but in a non-uniform manner. In 1999, the National Conference of Commissioners on Uniform State Laws issued its final draft of the UETA, but states continued to enact UETA in a non-uniform manner. These non-uniform enactments were in part responsible for Congress passing E-Sign in 2000. In effect, Congress forced states to adopt UETA in a uniform manner by providing that the state version of UETA would control over E-Sign if UETA were adopted without modification. In most cases, then, if a state has adopted UETA substantially in final form, the state’s version of UETA is controlling over E-Sign. (To date, 47 states, plus the DIstrict of Columbia, Puerto Rico and the U.S. Virgin islands, have adopted UETA).
Would the analysis have been any different under UETA? It might be, because UETA is more comprehensive than E-Sign, including areas not covered by E-Sign.
Under Section 24-71.3-107 of the Colorado UETA, a contract may not be denied legal enforceability solely because an electronic record was used in its formation. So the court was correct in concluding that an e-mail exchange may satisfy the Statute of Frauds “writing” requirement.
But what about the e-mail exchange in this case? The Colorado definition of “electronic signature” is the same as the E-Sign definition. But Section 109 of UETA also allows for signatures to be “attributable” to a person where the person may not have “signed” the record himself (for example, a human agent with authority signs the record). The court concluded that the e-mail was not signed by the indiividual principal of Investordigs, but by an administrative employee. Under Section 24-71.3-109 of the Colorado UETA, whether the e-mail sent by the administrative employee could be attributed to the defendant “may be shown in any manner”. Thus, there is room for the investor to argue that the e-mail was sent on behalf of the principal of the company or that the administrative employee was acting as an agent of the principal. Unless there are additional facts not appearing in the court’s opinion, this would seem to be a classic issue of material fact, sufficient to defeat summary judgment. It is not clear from the record why the plaintiffs did not make this argument.
If the case does not settle, then it is likely that this decision will be remanded on appeal for findings of further fact consistent with the application of UETA, not E-Sign. It may be that, in the end, the investors will not be able to enforce the settlement agreement if they cannot attribute the e-mails to the company itself or the principal, or if the terms are not sufficiently definite to warrant enforcement. But, for the sake of argument, what if the employee was charged with taking notes for the meeting or was otherwise instructed by the principal to send out the e-mails containing the terms? Then it may be that the plaintiffs will be able to resurrect their claims.
Posted by John Ottaviani at 08:32 AM | E-Commerce , Licensing/Contracts | TrackBack
July 23, 2010
Judge Denies Facebook’s Request for Judgment on the Pleadings and Strikes Power.com Counterclaims -- Facebook v. Power.com
[Post by Venkat, with additional comments by Eric]
Facebook v. Power Ventures, Inc., Case No. C 08-05780 (N.D. Cal. July 20, 2010)
Background: Facebook and Power Ventures (Power.com) have been locked in a battle over whether Power.com should be allowed to access Facebook on behalf of users outside Facebook’s developer channels. Facebook wants all developers to go through its channel. Power.com seemed to go down in path but decided at some point that it didn’t like Facebook’s developer channel. It accessed (on behalf of its users) Facebook’s network. Facebook sued, and Power.com became an unlikely poster child for why data portability is important.
There’s been a lot of motion practice in this case. Facebook brought the typical array of copyright/computer fraud and abuse act claims that survived a motion to dismiss from Power.com. Power.com brought antitrust counterclaims that the court knocked out (with leave to amend). Facebook focused on its attention on its claims under the California computer crime statute (section 502), and moved for judgment on the pleadings. EFF filed an amicus brief arguing for a narrow construction of the statute. (In the meantime, there was a recusal by the judge who initially drew the case and dealt with the preliminary motions.) The court now deals with Facebook’s request for summary judgment or judgment on the pleadings that Power.com violated section 502, as well as a few other motions.
The Court’s Treatment of the Claims:
Standing under section 502: Power.com argued that Facebook lacked standing under section 502. The court easily disposes of this argument by noting that Facebook was forced (or decided it was prudent) to implement technical measures following its discovery that Power.com accessed its network. The court notes that there’s no dollar amount threshold, and rejects Power.com’s attempt to rely on its declaration that Facebook would not have had to invest any substantial amounts to implement these new technical measures.
Power.com’s liability under section 502: Facebook argued that Power.com accessed Facebook’s network without authorization because it exceeded the scope of the authorization allowed by Facebook’s terms of service. The court looks to the legislative history behind section 502 and declines to give legislative statements the broad-reaching meaning that Facebook urges. Facebook argued that any access in excess of authorization constitutes a violation of section 502, and the court doesn’t seem to agree with this. EFF filed an amicus brief arguing for a narrow interpretation of section 502. EFF also argued that Power.com’s actions did not violate section 502. The court settles on an interpretation of section 502 that requires some sort of circumvention of :
Technical or code-based barriers that a computer network or website administrator erects to restrict the user’s privileges within the system, or to bar the user from the system altogether.
[The court also drops a footnote noting that even though the defendant may not be liable under section 502, the defendant may still be liable for breach of contract. The footnote does not mention claims under the Computer Fraud and Abuse Act.]
Ultimately, the court leaves Facebook room to still make out a claim but says that (under section 502 at least) it can’t merely be based on a terms of service violation:
the Court finds that Power did not act “without permission” within the meaning of Section 502 when Facebook account holders utilized the Power website to access and manipulate their user content on the Facebook website, even if such action violated Facebook’s Terms of Use. However, to the extent that Facebook can prove that in doing so, Power circumvented Facebook’s technical barriers, Power may be held liable for violation of Section 502.
Power.com’s counterclaims based on Facebook’s alleged anti-competitive conduct: Facebook moved to dismiss Power.com’s antitrust claims against Facebook. The court focuses on Power.com’s allegations about Facebook’s acquisition of monopoly power. According to Power.com, Facebook gained monopoly power through allowing users to invite their friends (and making it easy), allowing people to access other networks through Facebook, while at the same time not allowing people to access Facebook through other networks. Power.com also alleged that Facebook alleged baseless intellectual property claims to dissuage new entrants into the market.
The court rejects these arguments, finding that Facebook has no obligation to allow others to access its network and it can set the terms of access without running afoul of antitrust rules. The court also finds that taking steps to protect its rights does not mean that Facebook is engaging in anti-competitive behavior.
Power.com’s affirmative defenses: The court previously struck Power.com’s affirmative defenses of copyright misuse and fair use. Power.com amended their pleadings and the court lets these affirmative defenses stand. The court’s discussion is a little sparse on whether these defenses actually are viable, but the court declines to strike them on the basis that the allegations provide Facebook with enough facts to put Facebook on notice as to what is being claimed.
__
I’d say overall it was not a big loss for Facebook. It still has viable claims under the Computer Fraud and Abuse Act and potentially copyright (in addition to auxiliary spam and other) claims. It has a chance to prove a violation of section 502 by showing that Power.com engaged in circumvention of a technical measure (IP address blocking, or additional security measures which Facebook implemented).
This is somewhat of a win for EFF, which got a ruling with a narrow construction under section 502. I’m not sure how useful this ruling will be in the Computer Fraud and Abuse context. Also, the court’s willingness to use circumvention of any technical measure to find a violation of section 502 sets a low bar. Still, in the garden variety context where an individual accesses a network in violation of the terms of service, section 502 claims don’t seem as likely (under the court’s ruling).
Power.com continues to slog it out. I’m guessing it will see this litigation as fairly unprofitable sooner rather than later, particularly with its antitrust claims out the window (I can’t imagine they thought these were terribly viable to begin with, judging by their initial set of allegations). Of course, they can bring their affirmative defenses and engage in some discovery, but this is not likely to bend the will of a company such as Facebook.
Additional Coverage:
Wendy Davis: “Facebook Rebuffed In Case Against Social Aggregator Power.com”
ars technica: “Social network aggregator no crook for violating Facebook TOS”
________
Eric's comments: A very small number of rulings have interpreted California Penal Code Sec. 502, the state law analog to the Computer Fraud & Abuse Act and a partial statutory codification of common law trespass to chattels. Based strictly on the statutory wording, Penal Code 502 (which authorizes civil suits in addition to being a criminal sanction) is the most plaintiff-friendly of the three doctrines because it does not require the plaintiff to show any minimum quantity of loss or harm from the defendant's harm.
This ruling partially reinforces why Penal Code 502 remains the most plaintiff-friendly of the three doctrines. Effectively, Facebook made the requisite showing of harm from Power.com's conduct even though Facebook's only purported harms appear to be remediation efforts. As the court says:
Defendants’ admissions that Facebook attempted to block Power’s access and that Power provided users with tools that allowed them to access the Facebook website through Power.com demonstrates that Facebook expended resources to stop Power from committing acts that Facebook now contends constituted Section 502 violations.
This is a bootstrapped type of loss that will be true in almost every anti-server use case.
The court then takes a decidedly less favorable turn when it comes to the authorization/permission question. Many CFAA rulings have allowed user agreements to delimit the authorized use of the plaintiff's servers. The court rejects that approach here, saying, in effect, that because Penal Code 502 is a criminal statute, allowing the user agreement to establish the boundaries of permitted server use is improper. I agree with that statement (some of you may recall my posts about the Lori Drew prosecution, conviction and dismissal). However, I would note Facebook's lawsuit is a civil case, not a criminal case, so the court could have distinguished between the legal requirements of criminal and civil cases. In particular, it was odd to see the court discussing constitutional limits to criminal prosecutions in a case where neither litigant really cared directly about the scope of criminality.
Even if the contract does not provide adequate notice to defendants, the court allows plaintiffs to delimit the permitted/authorized use of their severs technologically, and transgressions of those technological limits appears to satisfy the Penal Code 502 requirements and the constitutional protections applicable to a criminal prosecution. The court says:
the Court finds that accessing or using a computer, computer network, or website in a manner that overcomes technical or code-based barriers is “without permission,” and may subject a user to liability under Section 502.
This is because defendants are adequately put on notice when they encounter a technical block and try to route around it; therefore, with the technical block requirement, the statute will satisfy even the more stringent notice requirements of criminal law. There remained a factual dispute about Facebook's technical blocking efforts in this case based on the procedural posture of the case, so that point remains open for now.
If this case ends up setting the precedent that a user agreement cannot set the boundaries of authorized uses of computer servers in the California Penal Code Sec. 502 context, then this is a pretty important ruling. However, I don't really believe that result will necessarily be reached in other cases, especially given that Judge Ware disagreed with Judge Fogel's ruling in Facebook v. ConnectU on the same question.
In Cyberlaw I teach that an anti-computer trespass civil claim satisfying the four elements will probably win:
* Third party system use
* Damage
* Actual notice that use unpermitted
* Technological self-help
If Facebook can show these four elements, it has a good chance at winning the Penal Code 502 case; indeed, this ruling indicates that under Penal Code 502, the damage element is easy to meet and the notice/self-help elements effectively merge together. If you are prepping an anti-trespass case, the more clearly you can show all four elements, the more likely the court will find a legal doctrine to help you.
Posted by Venkat at 12:29 AM | Content Regulation , Licensing/Contracts , Privacy/Security
July 15, 2010
eBay Venue Selection Clause Upheld in Texas
By Eric Goldman
In re eBay, Inc., 2010 WL 2695803 (Tex. App. Ct. July 8, 2010)
In Comb v. PayPal, 218 F. Supp. 2d 1165 (N.D. Cal. 2002), PayPal defended a putative class action by invoking the arbitration clause in its user agreement. Judge Fogel tossed the arbitration clause on unconscionability grounds, noting (among other defects) the cost/benefit problem facing plaintiffs: their case values individually were much smaller than the arbitration costs, and arbitration blocked class adjudication. This ruling was quite influential. Since then, online user agreements--and especially mandatory venue selection clauses--have become vulnerable to unconscionability challenges and other collateral challenges on their enforceability. At this point, a vendor's attempt to destroy class consolidation through a mandatory arbitration clause is virtually per se unconscionable.
The Comb case involved PayPal's venue selection clause, but eBay's user agreement had a basically identical clause. With this clear warning sign, eBay revised its venue selection clause. eBay now uses a bifurcated approach. The baseline is mandatory venue in a Santa Clara County, California court. However, if the dispute amount is less than $10,000, the plaintiff can select arbitration that does not involve in-person hearings. I personally think eBay's approach is pretty savvy, and I have modeled some clients' venue selection clauses on it. It responds to the Comb v. PayPal concerns about the arbitration costs for small disputes by creating a "fast lane" for small disputes, while still keeping the important disputes in eBay's home court.
This recent ruling shows the strength of eBay's current approach. Richards is the victim of a busted eBay Motors transaction, apparently incurring an $18,000 loss. eBay apparently takes the position that the transaction took place off-website and therefore outside the scope of eBay's Vehicle Protection Program. Richards sued eBay and the car seller in his home court. eBay responded with its mandatory venue selection clause. Apparently, the trial court rejected eBay's motion, but the appellate court easily reverses the trial court and orders the trial judge to enforce eBay's clause.
Richards attacked the venue selection clause per Comb. The court distinguishes Comb on several bases:
* PayPal had frozen small amounts of money; there is nothing like that at issue here.
* there was no issue about case consolidation. Instead, Richards chose to pursue his case individually.
* Richards didn't show that his unrecoverable costs to litigate in California were greater than litigating in Texas.
From my perspective, the key is that Richards' dispute value of $18,000 exceeds the threshold for efficient ADR option in the user agreement; but it's also a big enough case value for the court to accept that Richards could afford to litigate the case individually (as, in fact, he was doing in Texas).
Related blog posts:
* Terminated eBay Vendor Gets Day in Court Against eBay--Crawford v. Consumer Depot
* Note about Tricome v. eBay
* Note about Universal Grading Service v. eBay
* eBay User Agreement Upheld, Part II--Durick v. eBay
* eBay User Agreement Upheld--Nazaruk v. eBay (upheld on appeal)
Posted by Eric at 07:33 AM | E-Commerce , Internet History , Licensing/Contracts | TrackBack
July 09, 2010
Online Sports Ticketing Exchange Wins Dismissal Under Website User Agreement -- Duffy v. The Ticketreserve, Inc.
[Post by Venkat]
Duffy v. The Ticketreserve Inc. (FirstDIBZ.com), Case No. 09 C 1746 (N.D. Ill. July 6, 2010)
FirstDIBZ.com operates an online market place where end users can "buy, sell, and trade options to purchase tickets to sporting events." Plaintiffs who attempted to purchase tickets to the 2009 Super Bowl brought claims alleging fraud and breach of contract. FirstDIBZ scores a win. While plaintiffs get another chance, it's unlikely that they're going to be able to make out a complaint that survives a second motion to dismiss. The case overflows with interesting issues.
Background: FirstDIBZ essentially "operates as a futures market for tickets [for sporting events]." [This probably explains why I've never heard of it.] A "DIBZ" is an instrument which (i) gives the holder the right to purchase a ticket for an event, or a possible event and (ii) obligates the holder to purchase the ticket if the event occurs. As an example, the court notes that if you bought a DIBZ for Game 1 of the World Series at Wrigley Field,
in the event . . . the Cubs overcome their decades-long World Series Drought, the happy fan would then be guaranteed the right to purchase the ticket for Game 1 at face value. Should the Cubs disappoint, the DIBZ-holder would receive nothing and would lose the money she paid for the DIBZ.
[footnote referencing "DA CURSE OF THE BILLY GOAT: THE CHICAGO CUBS, PENANT RACES, AND CURSES" omitted]
FirstDIBZ operates two types of marketplaces. In the "FirstDIBZ-supplied" marketplace, FirstDIBZ guarantees the authenticity of the listings. In the "consumer-supplied" marketplace, FirstDIBZ only "acts as an exchange."
Plaintiffs brought tickets to Super Bowl 2009 in the consumer-supplied marketplace and their DIBZ turned out to be bogus - i.e., the sellers did not actually have the ability to procure Super Bowl 2009 tickets.
Plaintiffs agreed to a website user agreement that contained a description of the consumer-supplied marketplace which said that sellers "assume responsibility for . . . their listings." The agreement also contained a broad release pursuant to which users released FirstDIBZ and its affiliates "from claims, demands and damages . . . of every kind and nature . . . arising out of or in any way connected with [any disputes with Sellers]." The agreement also contained standard "as-is" and disclaimer language and contained a limitation of liability.
Discussion:
The release language: The court looks to the release and concludes that it applies to any breach of contract claims against FirstDIBZ. Plaintiffs tried to argue that their claims were not related to a dispute between plaintiffs and sellers, but rather were based on the acts or omissions of FirstDIBZ. The court rejects this argument, finding that plaintiffs' claims are "undoubtedly connected" to the underlying dispute between plaintiffs and sellers. The court notes that the claims relating to FirstDIBZ's failure to release certain funds from plaintiffs' online wallet accounts may not fall under the release, but cautions that if this is all that there is left, this probably presents a jurisdictional problem for plaintiffs (who alleged federal jurisdiction under the Class Action Fairness Act).
Warranty disclaimers and limitation of liability: The court finds the warranty disclaimers and the limitation of liability enforceable because they met the test under Illinois law that they could be reasonably construed with the remainder of the agreement and were "sufficiently conspicuous." The court did some fancy footwork around terms in the FirstDIBZ user guide which stated that "One DIBZ guarantees one face-value ticket," and that users could "sell [their] DIBZ to other fans . . . at any point during the season." The court finds that this only applies to holders of genuine DIBZ and does not amount to a warranty that any DIBZ would, in fact, be genuine.
Fraud and Illinois Consumer Fraud Act: Plaintiffs argued that they were misled regarding the authenticity of the DIBZ in statements made by FirstDIBZ in its marketing materials and in the media (which were posted on FirstDIBZ's website). The court finds that these arguments are precluded by the broad release. The court also dismisses the claims under the Illinois Consumer Fraud Act, finding that these claims are just dressed up versions of plaintiffs' contract claims.
Unjust enrichment: Finally, the court dismisses the claims for unjust enrichment, finding that this claim is quasi-contractual in nature and a party cannot circumvent a losing contract claim by bringing a claim for unjust enrichment.
__
Section 230: When I first read the case, I thought: what about Section 230? Courts have granted entities like eBay robust immunity against claims from purchasers who bought items that turned out to be not as advertised. (See, e.g., Gentry v. eBay (sale of fake sports memorabilia); Stoner v. eBay (sale of bootleg recordings).) However, this case in some ways reminded me of Mazur v. eBay, where eBay lost a section 230 defense in a case that revolved around live-bidding on eBay, which eBay supposedly screened. Here is Professor Goldman's post on the case: "eBay Denied 230 Defense for Its Marketing Representations--Mazur v. eBay." (Mazur was settled after the court denied class certification.) As his post notes, Mazur seemed to open up a website to a claim that would otherwise be covered by Section 230, by a plaintiff's allegation that "a website made a marketing representation somewhere that says or implies the tort wouldn't occur." (See also Barnes v. Yahoo, discussed in this post: "Ninth Circuit Helpfully Amends Barnes v. Yahoo Opinion".)
User Agreement/Release: Ultimately, the court bypasses the Section 230 discussion and looks to the user agreement, finding that the broad release precludes plaintiffs' claims. FirstDIBZ dodged a bullet for sure, and a big takeaway (which is nothing new) is that websites should keep close watch on their marketing representations, whether those representations are contained in a press release, sales materials, or off-the-cuff statements made by people at the company. I could see a court going the other way on this and finding that the FirstDIBZ marketing materials contained affirmative representations which modified and limited the effectiveness of the online terms and the release. The court's decision to rely on the release (which appeared to be cut and pasted from the eBay user agreement) instead of 230 is reminiscent of the Grace v. eBay appellate court decision, which the CA Sup Ct ultimately depublished. (The Citizen Media page provides background: "Grace v. Neeley.")
[Eric's comment: I've always been a big fan of contractual releases as a belt-and-suspenders risk management backstop to a 230 immunity. This case, combined with the lessons from the Grace v. eBay detritus, is a good reminder of the value of savvy contract risk management provisions as a complement/backstop to the statutory immunity. If you're drafting user agreements, you should consider the possible role of contractual releases from the user as part of the package. All too often, I see contracts where the drafters hope the warranty disclaimer and limits of liability achieve that result indirectly instead of just including an explicit release.]
The Scalping Problem: The court notes that neither party addresses whether FirstDIBZ's exchange runs afoul of laws prohibiting scalping. FirstDIBZ's exchange brings to mind the the hotly contested "Hollywood Futures" market, which is currently the subject of a few legislative skirmishes. (LA Times: "Watching a big bet on box-office futures go sour.") The FirstDIBZ market is a way that people can bet on teams. This raises an unclean hands problem. Except that everyone's hands are a bit dirty, so I'm not sure which way unclean hands would cut, and I suspect the parties weren't either, so they wisely left that issue to the side. (The plaintiffs could have attacked the legality of the whole scheme since FirstDIBZ didn't pay out due to capitalization issues, but the plaintiffs did not focus on this.) The scalping issue also has the potential to affect the Section 230 analysis. In a dispute between the New England Patriots and StubHub (where the Patriots were trying to prevent ticket resales through StubHub) the court recently ruled at summary judgment that a finding that StubHub contributed to a violation of anti-scalping laws by its users could result in a loss of Section 230 immunity. ("Two 47 USC 230 Defense Losses--StubHub and Alvi Armani Medical".)
Were Plaintiff's Acting Reasonably?: I go back and forth on whether the plaintiffs deserve sympathy here. I would think the whole point of an options exchange is to facilitate transactions where people actually have the right to sell what they are purporting to sell. I'm not familiar with options marketplaces, and I don't advocate looking to what a "reasonable online consumer" would perceive, but I would think customers would look at an options marketplace and think that the marketplace had some mechanism in place to verify what was at the selling end of the transaction. You would think the contingency would be in the sports team making it to the Super Bowl, not whether the seller turned out to actually have tickets. In a sophisticated financial marketplace, maybe things vary, but in the context of Super Bowl 2009 tickets, I can see where customers are coming from complaining that their DIBZ turned out to be bogus. That said, the terms clearly spelled out the differences between the two marketplaces and if the plaintiffs are using FirstDIBZ as a way to skirt the rules, I'm not sure how much sympathy they deserve.
Either way, an interesting case.
Posted by Venkat at 10:28 AM | E-Commerce , Licensing/Contracts , Marketing
July 07, 2010
Q2 2010 Quick Links Part 2
By Eric Goldman
Marketing and Advertising
* Good talk from FTC Chair Leibowitz: “we have great hopes for self-regulation….So long as self-regulation is making forward progress, the FTC is not interested in regulating” behavioral targeting.
* NYT on teaching middle schoolers how to interpret ads. We're going to need to teach kids how to consume information if we have any chance to survive infoglut.
* The LA Times and Chicago Tribune are integrating paid text links into story content.
* Search Engine Land: Google: Now Recommending Brands For Searches.
* Keeller v. Groupon Inc., No. 10 CH 8666 (Ill. Cir. Ct. Cook Cty. March 2, 2010). Groupon settles lawsuit over expired and unused coupons.
* NYT: Online coupons may not be as anonymous as people assume.
* An inside look at the MPAA's self-regulatory effort to police movie ads.
* Avi Goldfarb & Catherine Tucker, Privacy Regulation and Online Advertising.
* Microsoft sues for click laundering. Coverage at Search Engine Land and WSJ
* The FTC shut down Pricewert/3FN.net.
Contracts
* News.com: Second Life sued by its users for changing the terms of land “ownership.” Evans v. Linden Research complaint.
* Shell v. AFRA: website venue selection clause not binding just because web visitors viewed it.
* Omri Ben-Shahar & Carl E. Schneider, The Failure of Mandated Disclosure. This paper shows why mandatory disclosures fail in part because regulators think in terms of what consumers SHOULD want to know rather than what information consumers ACTUALLY want to know.
* WaPo: Reality TV secrets are hard to keep in the age of social media. My 2003 analysis of using contract law to keep reality TV secrets.
* Want to be on the TV show Survivor? Check out its contract first.
* Anderson v. Bell, No. 20100237 (Utah June 22, 2010): “electronic signatures may satisfy the Election Code’s requirements under section 20A-9-502 regarding unaffiliated candidates wishing to run for statewide office.” Tom O’Toole’s writeup.
Trademarks/Copyrights
* Jim Jansen: “Only 4% of sponsored ads were triggered by competitors’ trademarked terms. When it does happen, the results are pretty much what consumers are use to seeing, so there doesn't appear to be many negative consequences….Thus, competitive use of trademarked terms to trigger online ads does not appear to be a widespread phenomenon and is similar to the query suggestion feature that many search engines employ.”
* Michael Geist on the first Canadian keyword advertising ruling (a nice defense win).
* 2010 Joint Strategic Plan on Intellectual Property Enforcement.
* Qassas v. Daylight Donut Flour Company LLC, No. 09-663 (N.D. Okla. June 10, 2010). A company and its entrepreneur are liable for their web developer's infringements when creating the company's own website.
Miscellaneous
* Stephen Wu on Estate Planning for Online Assets
* Declan at News.com lauds Justice Stevens' Internet jurisprudence. We owe Justice Stevens many thanks for helping the Internet bloom.
* Anthony v. Yahoo!, Inc., 2010 WL 1552819 (9th Cir. April 20, 2010). Upholding Yahoo's settlement in a class action lawsuit over its online dating site. My original blog post on the case.
* Tom O'Toole reports on various stupid state efforts to regulate technology, inadvertently making the case that they are a terrible laboratory of experimentation.
* Vacation Club Services Inc. v. Rodriguez (M.D. Fla. April 22, 2010). No CFAA action against the buyer of data from a database the seller allegedly acquired in violation of the CFAA.
* Lawyers behaving badly on the Internet.
* 23 state AGs have contacted Topix about its takedown procedures, including its fee for expedited takedown review.
Posted by Eric at 03:18 PM | Copyright , E-Commerce , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Trademark , Virtual Worlds | TrackBack
June 11, 2010
Craigslist Loses 230 Defense to Promissory Estoppel Claim--Scott P. v. Craigslist
By Eric Goldman
Scott P. v. Craigslist, Inc., CGC-10-496687 (Cal. Superior Ct. June 2, 2010). The CMLP page with source materials.
In a situation not dissimilar to the venerable Zeran case, starting in March 2009, Scott P. was criminally victimized by a campaign of fake Craigslist posts, including ones falsely soliciting gay sex and offering to give away his possessions. Three times after such posts, he contacted Craigslist to request that they stop postings that contain his name, number or address, and each time Craigslist's CSRs allegedly replied that Craigslist "would take care of it." In the second exchange, Craigslist allegedly also said it would take steps to stop the fake posts. In the third exchange, Craigslist allegedly also said that it had already taken steps to stop the fake posts. I doubt the CSRs made any promise that fake posts would never occur again, but that's apparently what Scott heard (or wanted to hear).
All three Craigslist responses came just before the Ninth Circuit's ruling in Barnes v. Yahoo, which indicated that 47 USC 230 did not eliminate websites' liability for promissory estoppel if a website promises to fix user-supplied content. Post-Barnes, Craigslist probably no longer tells folks that it will "take care of it" or promise any remediation of any sort. Instead, I assume Craigslist is more equivocal in response to complaints about user activity, i.e., "We might or might not help you, but don't rely on anything we say." I'm not sure equivocal responses from sites like Craigslist are what society really wants, but that's the logical protocol following Barnes.
Unhappy that Craigslist didn't uphold the promises he thought it made, Scott sued Craigslist for promissory estoppel and CA B&P 17200 for unacceptably weak user verification procedures. Last week, the court partially granted and partially dismissed Craigslist's 230-based demurrer:
Defendant Craigslist, Inc's Demurrer to 1st Amended Complaint. Argued and the Court adopted its tentative ruling as follows: sustained without leave to amend as to cause of action 2 both because the claim is barred by Section 230 and because plaintiff lacks standing. Overruled as to cause of action 1 because plaintiff has sufficiently pleaded an agreement supported by promissory estoppel. 10 days to answer. Further, defendant Craigslist, Inc's oral request for a stay of discovery is granted for 2 weeks to permit defendant to seek a writ and give time to the court of appeal should it choose to accept that writ and extend a stay, should it choose to do so. Ms. McDougall to submit a proposed form of order.
So Craigslist successfully eliminated the 17200 claim per 230, but Scott's promissory estoppel claim survived the demurrer due to Barnes. I haven't yet seen too many 230 Barnes-style bypasses, but this is a fine example that the plaintiffs are paying close attention to any 230 workarounds. I'm skeptical that Scott can ultimately succeed with his promissory estoppel claim, though. What more could he have done that he chose not to do based on Craigslist's alleged promises? Meanwhile, my understanding is that Craigslist will seek an expedited writ from the appellate court, so this case could break more legal ground soon.
Overall, this case illustrates why 230 makes so much sense. The underlying problem involves a workplace harassment campaign that took place both online and off. Craigslist was just one of several tools used by the harasser(s) as part of the campaign. For example, the harasser(s) allegedly obtained a fake Hotmail account in the plaintiff's name, so why not sue Hotmail? The plaintiff didn't, even though the Hotmail account was an integral part of the scheme. Meanwhile, the people misusing the tools remain accountable for their choices. Most conspicuously, one harasser has already been criminally busted for his behavior in this matter. In light of the criminal bust, I don't understand why the plaintiffs think Craigslist should be part of the liability chain, and presumptively 230 reinforces its illogic by preventing the plaintiff from complaining about third party conduct. The Barnes promissory estoppel workaround will work for plaintiffs only so long as service providers actually respond to inquiries from victims like Scott. If this lawsuit shows any success, you can kiss those responses goodbye.
Posted by Eric at 07:02 AM | Derivative Liability , Licensing/Contracts | TrackBack
June 10, 2010
Google Can't Shake Cybersquatting Claim--Vulcan Golf v. Google
By Eric Goldman
Vulcan Golf, LLC v. Google Inc., 1:07-cv-03371 (N.D. Ill. June 9, 2010). My 2007 blog post when the complaint was filed. My 2008 blog post on the denial of a motion to dismiss. My 2008 blog post on denial of class certification.
A year ago I blogged about Solid Host v. NameCheap, a case that raised the specter of a "contributory cybersquatting" claim under the ACPA. This case also deals with a type of contributory cybersquatting. It might represent the vanguard of increased trademark owner efforts to proliferate ACPA cybersquatting claims against a wider range of defendants.
This long-running case involves Google's AdSense for Domains program, which the plaintiffs believe violates their trademark rights when the parked domains contain their trademarks or variations thereof. The case appears to be entering the home stretch. In late 2008, the plaintiffs were denied class certification, which substantially narrowed the scope of the lawsuit. All other defendants have now settled, leaving only Google's liability for resolution. This ruling addresses Google's unsuccessful attempt to knock out the ACPA claim on summary judgment. As a result, the ACPA claim is queued up for trial unless the parties settle.
Google's ACPA liability turns on whether it is an "authorized licensee" of the parked domains. If so, the ACPA is clear that a licensee of a cybersquat domain name can be on the hook. The court holds that if there is a license agreement that calls itself a license, then the ACPA applies to the agreement. However, the court will not infer a licensing agreement from some less explicit arrangement, i.e., presumably not from a parking arrangement where the ad provider (Google) does not expressly license the domain name. Therefore, it appears that where Google licensed the domain name from the parker (a seemingly unnecessary step for delivering ads to parked domains), Google put itself into the ACPA liability chain.
With the legal standard established, normally this should be an easy case to resolve on summary judgment. However, apparently Google and the plaintiffs can't agree on the accurate copy of the applicable agreements with domain parkers (specifically Dotster). If the parties can work out the confusion over documents, the ACPA claim is ripe for a settlement.
Posted by Eric at 07:05 AM | Derivative Liability , Domain Names , Licensing/Contracts , Search Engines , Trademark | TrackBack
June 06, 2010
Google Sued for Click Fraud for the First Time in Years--123 Lock and Key v. Google
By Eric Goldman
123 Lock and Key LLC v. Google, Inc. (Wash. Superior Ct. complaint filed May 21, 2010)
After Google and Yahoo settled their click fraud lawsuits in 2006, click fraud litigation has been fairly rare. There is a major battle brewing against Facebook (In re Facebook PPC Advertising Litigation) and only a smattering of other cases, such as the lawsuit against CitySearch (Menagerie v. CitySearch). Given the number of advertisers it has and the volume of business it does, it's remarkable that Google has gone so long--4 years--without a new click fraud lawsuit.
This new lawsuit isn't likely to be causing Google to be shaking in its boots. First, the lawsuit was filed in a Washington state court, so I anticipate Google will remove it to federal court and then transfer the case to the Northern District of California per its user agreement. Google has had great success invoking the mandatory venue clause in its AdWords contract recently. I'm not sure if the plaintiff actually expects to keep the case in Washington state courts, but that seems highly unrealistic.
Second, the alleged facts in the complaint didn't exactly cause me to reach for the hankies. As 123 Lock tells the story, it happily advertised on Google from October 2009 to March 2010, getting 15 clicks a day and having an 80% conversion rate (clicks/phone calls). Note: phone calls is an odd measure of conversion, and I wonder how the calls were tracked to the clicks (i.e., was there a unique phone number only clicking consumers saw?). Then, in March 2010, 123 Lock says it started getting 100-150 clicks/day, sometimes in a flurry, and none of these clicks converted to phone calls. 123 Lock then says it presented "this irrefutable evidence, in far more detail, with far more facts, and with substantiating evidence, to Google," who heartlessly rejected the evidence. I'd love to see the "irrefutable" evidence in its glorious detail, because there are so many explanations other than click fraud that could apply.
Third, even if 123 Lock was truly a click fraud victim and Google still charged it for those bogus clicks, it's hard to imagine any damages large enough to justify the lawsuit given the volume of clicks we're talking about. Google's AdWords contract poses a formidable threat to most theories that could result in any real money.
Finally, this could be another opportunity for Google to turn the table on a plaintiff and countersue it for various claims--such as Google's move of suing advertisers for breach of the mandatory venue clause by initially suing it in the wrong jurisdiction (see, e.g., the Flowbee counterclaim). It would not surprise me if 123 Lock ends up writing a check to Google when the litigation dust clears.
ClickZ presents a more sympathetic view of the lawsuit in its story entitled "Suit Against Google Highlights Surge in Click Fraud".
Posted by Eric at 01:33 PM | Licensing/Contracts , Search Engines | TrackBack
June 04, 2010
9th Circuit Affirms Rejection of Data Breach Claims Against Gap -- Ruiz v. Gap
[Post by Venkat with a few comments from Eric at the bottom]
Ruiz v. Gap, Inc. (9th Cir. May 28, 2010)
In a decision that does not bode well for plaintiffs bringing privacy-based claims against Facebook in California, the Ninth Circuit recently affirmed the trial court's rejection of data breach claims against Gap.
Facts: The case arose out of the theft of two laptop computers from a Gap vendor who processed job applications for gap. The stolen laptops contained personal information of applicants who applied for a job at Gap. Ruiz, one of those applicants, brought claims on behalf of a putative class under theories of negligence, breach of contract, unfair competition (17200), the California constitution, and California Civil Code section 1798.85 (which addresses when a social security number could be required to access a website).
The district court rejected Ruiz's claims largely on the basis that he failed to articulated any cognizable injury. Increased risk of future harm was not sufficient to state a negligence claim under California law, and risk of future harm and credit monitoring were not recognizable damages for a breach of contract claim. In any event, Gap had offered credit-monitoring services, which Ruiz failed to avail himself of. (See Tom O'Toole's coverage of the case here.)
The Ninth Circuit's Ruling: The Ninth Circuit agreed with Judge Conti.
Negligence: With respect to the negligence claim, the court held that nominal damages cannot vindicate a "technical right" in the absence of "actual loss." While in the toxic exposure context, the court recognized that damages for monitoring may be available, the court declines to decide whether that rule should be extended to this context, given the total evidence of any time or money spent on credit monitoring. (And the fact that Ruiz failed to take up Gap's offer of credit monitoring, or demonstrate why it was insufficient.)
Breach of Contract: With respect to the breach of contract claim, the court held that controlling 9th circuit authority holds that a breach of contract claim "requires a showing of appreciable and actual damage." This ruling is fairly consistent with the majority rule that breach of a privacy policy is not actionable absent a showing of economic loss, and increased monitoring generally doesn't qualify. In re JetBlue Airways Corp. Privacy Litigation is the seminal case, but many cases since have followed this route. In JetBlue, there was some discussion of whether a privacy policy even constitutes an enforceable contract in the first place, but ultimately, the court assumed that even if it constitutes a contract, a failure to allege damages is fatal. Cases since have included Pinero v. Jackson Hewitt, Bell v. Acxiom, and many many others.
17200 (UCL) Claim: The court ruled that recovery under California's unfair competition statute is limited to individuals who suffer "actual losses of money or property." Ruiz could not make a colorable argument that he was entitled to any restitution from Gap, so this claim was a loser.
California Constitution: There were two problems with Ruiz's claim under the California constitution. First, cases have found that the breach must be egregious, and have yet to extend a cause of action under this theory to negligent or accidental conduct. Second, the court says Ruiz only alleges a "risk of privacy invasion, rather than an actual privacy invasion." In the court's eyes, the actual invasion only occurs when someone actually misuses the data which they obtained from Gap's vendor.
Section 1798.85: Ruiz also brought a claim under California Civil Code 1798.85. The court ruled that, by its terms, this section only required a person or entity conditioning access to a website on the use of an individual's social security number to also require the use of a password, a unique personal identification number, or an authentication device. Here, the social security number was not used to access the website of Gap's vendor, so the section did not apply.
___
This is not a surprising result. The overwhelming majority of courts have rebuffed data breach claims brought by affected persons (particularly those that have been offered monitoring) on the basis that those individuals have not suffered any appreciable injury. While a few cases have taken a different legal route by holding that these plaintiffs lack Article III standing, the end result is always the same: No actual injury = no recovery (and risk of future identity theft does not equal cognizable injury).
This news is probably depressing to two groups of plaintiffs who recently sued Facebook: Robertson v. Facebook and Gould v. Facebook. Both of these lawsuits allege that Facebook improperly disclosed the user name and other information of Facebook users who accessed content on the web. Claims in both lawsuits are premised around Facebook's violation of its privacy policy. As this case makes clear, the plaintiffs in these cases are unlikely to be able to show actual damages, and their breach of contract, negligence, and unfair competition claims are likely dead on arrival.
___
Eric's comments: In the past few months, I've noticed a disturbing trend. Whenever Google or Facebook make a privacy gaffe, the plaintiffs' lawyers go into full-tilt litigation mode. There have been too many complaints filed to blog them all, although I've been posting many of the complaints to my Scribd account. Unfortunately, Google and Facebook have made their lives harder by making too many unnecessary mistakes, but many of these mistakes are obviously inconsequential in the grand scheme of things. But the most disturbing thing is that so many plaintiffs' lawyers seem completely uninterested in pleading how their clients suffered any consequence (negative or otherwise) from the gaffe at all. Their approach appears to be that the service provider broke a privacy promise, res ipsa loquitur, now write us a check containing a lot of zeros.
Although this case was designated non-published and therefore isn't binding on the 9th Circuit, this case nevertheless illustrates that most of these plaintiffs' lawyers are wasting their time and significant social resources with their poorly developed cases. Instead, if they truly believe the privacy gaffe is worth suing over, they should do the advance legwork to find at least one plaintiff representative who actually suffered some harm. If they can't even do that, society would be better off if the lawyers redirected their energies elsewhere.
Posted by Venkat at 10:27 AM | Licensing/Contracts , Privacy/Security
May 01, 2010
Facebook Gets Partial Win in Click Fraud Lawsuit
By Eric Goldman
In re Facebook PPC Advertising Litigation, C 09-3043 JF (HRL) (N.D. Cal. April 22, 2010). My blog post on the complaint filing.
This is an unexpectedly hard-to-parse ruling in a click fraud lawsuit against Facebook. Facebook sought a 12(b)(6) motion to dismiss on the basis of its Advertising Terms and Conditions, which included the following language:
I UNDERSTAND THAT THIRD PARTIES MAY GENERATE IMPRESSIONS, CLICKS OR OTHER ACTIONS AFFECTING THE COST OF THE ADVERTISING FOR FRAUDULENT OR IMPROPER PURPOSES, AND I ACCEPT THE RISK OF ANY SUCH IMPRESSIONS, CLICKS, OR OTHER ACTIONS. FACEBOOK SHALL HAVE NO RESPONSIBILITY OR LIABILITY TO ME IN CONNECTION WITH ANY THIRD PARTY CLICK FRAUD OR OTHER IMPROPER ACTIONS THAT MAY OCCUR
Judge Fogel says that the disclaimer clearly preempts any claims for third-party caused click fraud. However, he suggests that Facebook's contract does not preclude a claim based on Facebook's own malfeasance or error. For example, if Facebook's reporting system goes haywire and counts phantom clicks that never occurred, the disclaimer language doesn't help. Fair enough, but the boundary between first party and third party malfeasance is not completely clear. For example, if a user double-clicks, is that third party click fraud or an error in how Facebook counts clicks?
In any case, this ruling exposes a hole in Facebook's disclaimer language. Unfortunately, I'm not sure how fixable it is. Facebook could say that advertisers have to pay even if Facebook's reporting system is miscalibrated or goes rogue. See Go2Net, Inc. v. C.I. Host, Inc., 60 P.3d 1245 (Wash. Ct. App. 2003). However, many judges would not honor those statements at face value.
The plaintiffs also attack the contract by alleging that its integration clause opens up the door to other documents. The clause reads:
[T]hese terms and conditions, the Advertising Guidelines and other applicable Facebook policies, and the terms of any applicable advertising order submitted through the site constitute the entire and exclusive agreement between the parties with respect to any advertising order I place[.] (emphasis in the court's opinion)
Why is that italicized language in the integration clause? It opens up a debate about the scope of other incorporatable documents--exactly what you DON'T want an integration clause to do. Facebook escapes adverse consequences from that loose language; the court concludes that whatever that language means, it does not include the documents that the plaintiffs want to incorporate. But I expect Facebook will want to reconsider that catch-all going forward.
Judge Fogel gives the plaintiffs a chance to amend their complaint, but they will need to be smart in how they approach the amendment. I've seen numerous Fogel rulings where he generously gives the plaintiffs some leeway on the first motion to dismiss but then slams the door on sloppy plaintiffs on the second go-around.
Wendy Davis' writeup of this ruling.
Posted by Eric at 08:58 AM | Licensing/Contracts , Marketing | TrackBack
April 27, 2010
Interesting Database Scraping Case Survives Summary Judgment--Snap-On Business Solutions v. O'Neil
[Post by Venkat, with additional comments from Eric below]
Snap-on Business Solutions Inc. v. O'Neil & Assocs., Inc. (N.D. Ohio April 16, 2010) [scribd]
Snap-on is one of those cases that's great because the court canvasses the various claims that come into play in the increasingly common scenario when someone accesses a computer or network to extract data following termination of (or outside of) a contractual relationship. (The practice of extracting data from a website is commonly known as 'scraping'.) The court punts based on the existence of factual disputes, but the court's order is well worth a read just because it lays out the issues and theories.
The background facts are straightforward. Mitsubishi hired Snap-on to build a database of parts data which Mitsubishi dealers could then access online. Mitsubishi provided the underlying documents and images (parts information) to Snap-on, who converted them and built a "searchable database with linked data and images." At some point, Mitsubishi decided to move the parts database over to O'Neil, instead of Snap-on. When Mitsubishi asked for a copy of the database, Snap-on predictably declined. Snap-on told Mitsubishi that Mitsubishi could have the database, but would have to pay an extra fee. Meanwhile, O'Neil, Mitsubishi's new vendor suggested that it could extract the data from Snap-on's servers using O'Neil "scraper tool." O'Neil ran the scraping program, and used log-ins provided by Mitsubishi in the process of gathering the data. According to testimony from Snap-on, O'Neil's access of Snap-on's website caused Snap-on's website to "crash" in at least one instance.
Snap-on sued O'Neil (and interestingly not Mitsubishi) alleging Computer Fraud and Abuse Act, trespass to chattels, unjust enrichment, breach of contract, copyright infringement, and misappropriation of trade secrets.
Computer Fraud and Abuse Act: The key question on the Computer Fraud and Abuse Act claim was whether O'Neil's access of the website was "without authorization." The court held that the underlying agreement between Mitsubishi and Snap-on did not clearly resolve the question of whether Mitsubishi could authorize O'Neil to access Snap-on's website and servers and, whether even assuming Mitsubishi had this ability, Mitsubishi somehow lost it.
I think the court came to the correct conclusion on whether the access was without authorization. There's a split of authority in the employment context as to whether an employee's access to the employer's servers for the employee's own purposes constitutes "unauthorized access," but this case doesn't implicate that scenario. (Jeff Neuburger covers the 9th Circuit's recent ruling in LVRC Holdings, LLC v. Brekka, which acknowledges this split.) Here, the parties had an agreement, and the only viable argument by O'Neil on the unauthorized access issue was that Mitsubishi had authorized O'Neil to access Snap-on's computers and servers. (Since you had to log-in to access the website, O'Neil could not argue that Snap-on impliedly authorized everyone (including search engines) to access its site.) The terms of the agreement between the parties would resolve this issue and the agreement didn't provide a definitive answer, at least at the summary judgment stage.
Trespass to Chattels: Snap-on also asserted a trespass claim based on damage or temporary deprivation of the ability to use its servers. The court also declined to resolve this issue on summary judgment, finding that Snap-on presented sufficient evidence to find that O'Neil's unauthorized access caused Snap-on's servers to crash and "deprived Snap-on of their use for a substantial time.
O'Neil argued that copyright law preempts Snap-on's trespass claim. The court summarily (and in a conclusory fashion) rejects this argument, finding that Snap-on's argument seeks to protect the integrity of its computer servers, rather than its "possessory interest in the [software] or accompanying database."
Unjust Enrichment: The court finds that Snap-on's unjust enrichment claims were preempted by the Copyright Act since Snap-on failed to provide any evidence as to how the unjust infringement claims were based on rights distinct from Snap-on's rights as a copyright owner.
Breach of Contract: Snap-on also asserted a claim for a breach of its end user license agreement. The court declined to dismiss this claim based on the existence of factual dispute as to whether the parties entered the EULA and whether O'Neil breached it. Surprisingly, Snap-on's website required a log-in but only contained a statement that "[the] use of and access to the information on [Snap-on's] site is subject to the terms and conditions set out in [Snap-on's] legal statement." Snap-on did not users to check the box, acknowledging that they read and agreed to the end user terms.
Copyright Infringement: Snap-on knew it had an uphill battle on the copyright claim for a few reasons. First, much of the material (such as the images) is owned by Mitsubishi to begin with. Second, it's tough for anyone to argue that pricing and parts information is copyrightable. With this in mind, Snap-on argued that the "database structure" is entitled to copyright protection and Snap-on owned the copyrights in the structure.
The court went through the Feist analysis. In Feist, the court held that a "factual compilation is eligible for copyright if it features an original selection or arrangement of facts, but the copyright is limited to the particular selection or arrangement. In no event may copyright extend to the facts themselves." Lower courts have applied Feist and found that databases containing facts may be copyrightable. O'Neil argued that the "arrangement" or the database structure was obvious and was thus not entitled to copyright protection. The court again agrees with Snap-on that factual disputes preclude summary judgment on copyrightability and ownership.
The court's conclusion on the copyright issue seemed the most problematic. Even if Snap-on owned some part of the underlying arrangement or database structure, did O'Neil "copy" the structure, or otherwise exercise any rights exclusive to the copyright owner? This is a tough sell. Also, on the ownership issue, I would think Mitsubishi would have a colorable argument that even if it didn't own the copyright, it should be treated as a joint owner along with Snap-on?
Trade Secrets: Finally, the court also declines to grant summary judgment on Snap-on's trade secrets claims. I'm not sure what trade secrets Snap-on is using to support its claim, and I'm skeptical that any trade secrets exist here that O'Neil misappropriated. However, given that the court declined to grant summary judgment on the other claims, it wasn't the end of the world for the court to let this claim go to the jury as well.
__
Apart from canvassing the various legal theories that come into play in this type of a factual scenario, the case also offers a few practice pointers.
First, if someone is hosting or storing data for you, it makes sense to have a provision in the agreement that allows you to get access to the data at the termination of the relationship, regardless of any contractual dispute that may arise between the parties. The party with physical access to the data will have leverage as a practical matter, and this is the type of thing contractual language should address. As a last resort, the party who may be in a position to extract the data should have an unbridled ongoing right to extract the data during the course of the relationship. The agreement should also have a notice and breach provision that would prevent the summary denial or revocation of authorization.
Second, I'm surprised there wasn't a clear ownership clause in the agreement that said Mitsubishi owns the underlying data, the database structure, and any copyrightable elements in the database. A determination by the court that Snap-on owns some copyrights in the database structure could cause problems down the road for Mitsubishi. There are many reasons why it made sense for Mitsubishi to own the data, and Snap-on doesn't have much of a business justification for owning the data because it can't use it at the termination of the relationship. As a last resort, Mitsubishi should have had a broad license to the data.
Third, the agreement should contain terms allowing Mitsubishi to authorize third parties the right to access Snap-on's servers and any copyrighted material, at least for back-up and archiving purposes.
Fourth, if you are a website that is looking to prevent scraping, ownership of the underlying data and restrictions on access (such as a log-in) help significantly. Professor Goldman's comments below highlight that scraping is problematic from a legal standpoint. However, two things that bolstered Snap-on’s claims are its ownership of the data and the fact that O’Neil accessed the site through a log-in which it wasn’t clearly authorized to use. This, coupled with the fact that Snap-on was in physical possession of the data at the termination of the relationship, pretty much put it in the driver’s seat.
Finally, Snap-on's contract formation process could have been cleaner. Where you have a situation involving access of a website for a business purpose (where the person is accessing data that they need) there's much less risk of people declining to access your website based on additional hurdles in the form of click throughs or check the box. In the consumer setting, websites often weigh certainty of contract formation against customer conversion, but this isn't really present in Snap-on's case. I guess what I'm saying in a long-winded way was that Snap-on should have implemented a mandatory, non-leaky, clickthrough, as discussed in Professor Goldman's post covering Scherillo v. Dun & Bradstreet.
____________________________
Eric's comments:
This is such a rich and interesting case that both Venkat and I wanted to cover it. I am frequently asked if scraping is legal, and the short answer is that (a) possibly not, but (b) people regularly do it anyway. This case illustrates the difficulty of doing scraping legally, and I highly recommend reading this case to anyone who thinks scraping solves a business problem they are having. If anything, this case was unusually defense-favorable because the replacement vendor (O'Neil) was scraping the customer’s (Mitsubishi’s) data at the customer’s request. Yet, because that data resided on Snap-on's servers, O'Neil is still staring down the barrel of copyright, contract, CFAA and common law trespass to chattels claims. If I were on the defense team, I'd be whipping out my checkbook and angling for a settlement, because I expect this case will not play well in front of a jury.
This case is slightly similar to a case from earlier this year that I never got a chance to blog, Edgenet v. Home Depot. In both Edgenet and this case, a big company retained an outsourced vendor to maintain and enhance an obviously unwieldy product catalog, and legal tussles ensued when the customer and vendor divorced. According to this opinion, Mitsubishi thought it had procured the IP rights to Snap-on's enhanced database, but Snap-on thought otherwise and demanded extra money to get something Mitsubishi thought it had already bought. As Venkat indicates, this reinforces the practice pointer that customers always need to have a clear exit strategy nailed down upfront whenever they enter into an outsourcing relationship.
The case is a little less clear about Mitsubishi's ability to get interim deliveries of the database pre-termination. (The case suggests that Snap-on tried to charge for this as well). As Venkat also indicates, this violates another rule of outsourcing--without a copy of its database, Mitsubishi was never in control of its fate and continuously vulnerable to Snap-on deciding to play a hold-up game.
When Mitsubishi finally decided to go with Plan B and retain O'Neil as Snap-on's replacement vendor, a series of poor judgments followed. Mitsubishi decided it was too expensive to have O'Neil replicate the work Snap-on had done, and Mitsubishi apparently decided it was too expensive to pay Snap-on for the one-time delivery from its database. But what did Mitsubishi expect--that Snap-on expected to be paid for delivering the data but would acquiesce to free scraping? Snap-on seems to have made it clear that its business model included payment for getting Mitsubishi data out of Snap-on's database, so Mitsubishi had to know that any alternative courses of action were dicey.
Then O'Neil, presumably trying to be helpful, offered the scraping option. Any lawyer in the process should have kiboshed the idea on the spot. Instead, Mitsubishi gave O'Neil some login credentials in apparent violation of the Snap-on agreement. This reminded me of the Oracle v. SAP lawsuit, which is not going to end well for SAP.
The scraping process did not go well, either. It appears the scraping tool was misconfigured because it allegedly caused enormous traffic spikes that ultimately crashed the site at least once (and maybe twice). Even if the court follows the more restrictive Hamidi approach to common law trespass to chattels requiring damage to computer system resources, this qualifies. Snap-on blocked the scraper's IP address, so O'Neil offered to continue using a different IP address (a big no-no in my guide to "legitimate" scraping) but only if Mitsubishi signed an indemnity agreement...which Mitsubishi signed. What??? Are you kidding me??? It's hard to wave a bigger red flag of problems ahead than to have a vendor say that it will only continue if it gets an indemnity agreement. Fortunately for O'Neil, the indemnity agreement may mean that O'Neil won't be writing checks when the jury says nyet; unfortunately for O'Neil, the indemnity agreement won't help if the feds decide to bring a criminal CFAA prosecution. Snap-on blocked the second IP address, O'Neil stopped scraping, and Snap-on decided to sue.
Where were the lawyers in this process? I'm shocked that Mitsubishi's lawyer didn't shoot down the initial scraping proposal. Scraping was a classic engineer's solution to a legal problem. But even if the lawyer never got a chance to speak up then, surely lawyers got involved when O'Neil tendered the indemnity agreement to Mitsubishi. That they didn't put their foot down then blows my mind. Given Snap-on's delays, it appears that Snap-on might not have even sued if O'Neil hadn't reinitiated scraping via a second IP address, so the indemnity agreement should have given Mitsubishi and O'Neil enough time and warning to realize that the engineering solution had failed and it was time to seek a legal solution.
As Venkat recaps, the legal rulings are fairly straightforward given our standard understandings of scraping law. However, they illustrate that despite its ubiquity, scraping may not be legally defensible when challenged in court--even, in this case, when Mitsubishi was trying to retrieve "its own" data.
Finally, this case is a microcosm of the broader IP battles over product catalog and taxonomical data. See my notes from my 2007 talk about IP rights in taxonomies. I don't have a solution to these IP battles, but I continue to wonder about the social benefits we could obtain if a global product catalog existed that everyone could freely use.
Posted by Venkat at 09:50 AM | Copyright , E-Commerce , Licensing/Contracts , Trade Secrets
April 26, 2010
Amazon Wins Keyword Advertising Suit--Video Professor v. Amazon
By Eric Goldman
Video Professor, Inc. v . Amazon.com, Inc., 1:09-cv-00636-REB-KLM (D. Colo. April 21, 2010)
Video Professor has been involved in a few interesting legal scrapes. For example, you may recall that in 2007 they launched a major crackdown against the publishers of negative product reviews. See this recap.
In this lawsuit, Video Professor sued Amazon for bidding on the keyword "video professor" and then displaying competitive options on the linked landing page. This type of fact pattern--online retailers advertising on third party trademarks to promote competitive alternatives--has created significant confusion for trademark law. See the irresolute rulings in BabyAge v. Leachco (involving the alleged misuse of product reviews to redirect a retailer's consumers to a house product) and Hearts on Fire v. Blue Nile (a retailer buying keywords for a manufacturer's product it didn't sell).
In Amazon's case, this should be a laughably easy case. So long as Amazon has any legitimate Video Professor products in inventory--even if it or third party vendors are reselling used Video Professor goods via the First Sale doctrine--it should have the right to accurately advertise that fact. See Tiffany v. eBay. The fact that consumers might redirect to other offerings once they get into the retailer's premise is completely irrelevant. As I explain in gory detail in my Brand Spillovers paper, using third party trademarks to generate consumer interest and redirect them to other products is an essential part of offline retailing and virtually unchallenged by anyone. Yet, when the same behavior happens online, people freak out. My paper concludes that these freakouts are due to cyberspace exceptionalism, not any rational or doctrine-based concerns.
Amazon doesn't win this case on First Sale grounds (although it should have). Instead, Video Professor was an Amazon vendor for a while, and Amazon makes vendors enter into a "Vendor Manual" that contains a perpetual trademark license. Therefore, Amazon successfully defended its keyword purchases as being authorized by this perpetual trademark license. Summary judgment for Amazon. This is a neat legal trick by Amazon and almost assuredly a boilerplate "gotcha" for most Amazon vendors, who probably didn't fully understand the implications of the boilerplate language. Then again, I just argued that Amazon should have this right as a matter of default trademark law, so I don't think vendors agreeing to Amazon's Vendor Manual are giving up any legal rights they actually had.
This case illustrates the increasing importance of contracts in governing keyword advertising purchases, a point I mention in my latest keyword advertising legal recap slides. Here, Amazon was able to slip in a perpetual right to buy its vendors' trademarks as keywords into its vendor contract. In theory, if Video Professor objected, it should have rejected the Vendor Manual clause AND promulgated its own more restrictive contractual restrictions on Amazon's keyword purchases.
For those of you who rely on buying third party trademarks as keywords, this case might spur you to redouble efforts to get contractual permission (one way or another) from the third parties. That contractual consent may be highly effective at fending off future cyberspace exceptionalist freakouts by trademark owners.
Posted by Eric at 11:52 AM | Licensing/Contracts , Marketing , Trademark | TrackBack
March 31, 2010
March 2010 Quick Links
By Eric Goldman
Internet Exceptionalism
* Stern v. Sony Corp., CV 09-7710 PA (C.D. Cal. Feb. 8 2010) "to the extent Plaintiff is suing Sony as a manufacturer of video games, and the provider of online services, Sony is not a ‘place of public accommodation’ and is therefore not liable for violating Title III of the ADA" Nice complement to the Estavillo case. My prior post on Internet exceptionalism.
Online Competition
* Microsoft’s head algorithms guru says that Google's search engine beat Microsoft because Microsoft ignored the long tail of search queries. If Google and Microsoft made different product design choices and the marketplace liked Google's choices better, doesn’t this make it hard for Microsoft to complain about Google’s "anti-competitive" practices? I wonder if this talk was pre-cleared by Microsoft’s antitrust counsel.
* SJ Mercury News: Google's most recent 10-K lists some new self-identified competitors, including Yelp, Kayak & WebMD. By identifying some vertical players as competitors, such as Kayak and WebMD, does Google lend credence to the arguments by TradeComet and myTriggers that Google does compete with vertical search engines?
* In re eBay Seller Antitrust Litigation, 2010 WL 760433 (N.D. Cal. March 4, 2010). eBay wins summary judgment in an antitrust challenge: "Despite the voluminous briefing permitted in connection with both of the instant motions-which includes hundreds of pages of supporting documents-Plaintiffs have not drawn the Court's attention to any actual proof of antitrust injury caused by eBay's alleged anticompetive acts-on an individual or a classwide level."
Online Pornography
* U.S. v. Beckett, 2010 WL 776049 (11th Cir. March 9, 2010). A man posed as a 17 year old girl on MySpace and AOL, engaged boys in discussions, induced them to send nude photos, and then coerced them to have sex with him to prevent his dissemination of the photos.
* Miller v. Mitchell, No. 09-2144 (3rd Cir. March 17, 2010). This is the case where the government prosecutor threatened to bring felony charges against girls for "sexting." The court upholds a preliminary injunction against requiring the girls to go through an education program in lieu of felony prosecution.
* U.S. v. Durdley, 2010 WL 916107 (N.D. Fla. March 11, 2010). No privacy expectations in a flash drive left in a public computer.
Online Security
* Cormac Herley of Microsoft Research, "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users." In my observations, users are actually intensely rational when it comes to privacy and security issues, and privacy and security advocates who don't fully account for this user behavior do so at their peril.
* Reuters takes a deep look at Innovation Marketing, a Russian scareware operation.
User-Generated Content
* Josh King explains why Avvo supports the proposed federal anti-SLAPP law.
* T.V. ex rel. B.V. v. Smith-Green Community School Corp., 2010 WL 935574 (N.D. Ind. March 11, 2010). Denying class formation for a lawsuit in response to a ridiculously harsh school suspension for a MySpace photo of ribald off-campus activity.
* Melton v. Boustred, 2010 WL 881919 (Cal. App. Ct. Mar 12, 2010). Boustred throws a ragin' party and advertises it via a MySpace open invitation. The plaintiffs show up and were beaten and stabbed at the party by unknown assailants. The court concludes that Boustred isn't liable for the physical injuries. Note to self: stay away from parties advertised via MySpace.
* Yelp Litigation Mania!
- Cats & Dogs Animal Hospital v. Yelp first amended complaint
- LaPausky v. Yelp complaint. A write-up.
- Levitt v. Yelp complaint.
- ClickZ: Ex-Yelper Helps Law Firms Go After Yelp
Anonymity
* Park West Galleries, Inc. v. Global Fine Art Registry, LLC, 2010 WL 742580 (E.D. Mich. Feb. 26, 2010). Using an online pseudonym can lengthen the defamation statute of limitations.
* White v. Baker, 2010 WL 1009758 (N.D. Ga. March 3, 2010). Mandatory reporting of Internet usernames by registered sex offenders violates the First Amendment.
Advertising and Marketing
* ClickZ: New Facebook Policies Clamp Down on 'Loose' Ad Copy.
* Coyote Pub., Inc. v. Miller, 2010 WL 816936 (9th Cir. March 11, 2010). Upholding the constitutionality of Nevada's restrictions on advertising prostitution.
Trademark
* WSJ: It's a crowded namespace for bands.
* 1-800Contacts, Inc. v. Memorial Eye, P.A., 2010 WL 988524 (D. Utah March 15, 2010). It was not objectively baseless for 1-800 Contacts to bring a trademark enforcement action over competitive keyword advertising.
* Rhea Drysdale tells how she busted the trademark application for "SEO."
* The Utah governor has signed SB 26, which (among other things) creates a bastardized version of ACPA. My initial comments on the proposed bill.
Copyright
* James Grimmelmann on Reed Elsevier v. Muchnick.
* Ben Sheffner has some updates in the Scribd lawsuits. My initial post on Scott v. Scribd.
* Ars Technica on an experiment to block users who are using ad blocking software from accessing its site.
General
* Hudson v. University of Puerto Rico, 2010 WL 1131462 (D. Minn. March 23, 2010). Passive blog does not confer general jurisdiction.
* Doe 1 v. AOL LLC (N.D. Cal. Feb. 1, 2010). "Plaintiffs' claims for violation of the ECPA (Count I), unjust enrichment (Count VI) and for public disclosure of private facts (Count VII) are subject to the forum selection clause because none are California consumer law claims." Prior blog post.
* Commonwealth v. Interactive Media Ent’mt and Gaming Ass’n, Inc., No. 2009-SC-000043-MR (Ky. Mar. 18, 2010). Challenge to Kentucky's seizure of 141 gambling-related domain names tossed on standing grounds. Prior blog post.
Posted by Eric at 08:42 AM | Content Regulation , Copyright , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Trademark , Virtual Worlds | TrackBack
March 25, 2010
Craigslist Wins $1.3M Default Judgment Against Autoposting Facilitator -- craigslist v. Naturemarket
[Post by Venkat]
craigslist, Inc. v. Naturemarket, Inc., Case No. C 08-05065 PJH (MEJ) (N.D. Cal. March 5, 2010) [scribd] (report and recommendation adopted on February 5, 2010)
Craigslist obtained a 1.3 million dollar default judgment against defendants Naturemarket, Inc. and Igor Gasov.
Naturemarket (doing business as powerpostings.com [typical bad choice of name]) sold software which allowed its customers to automatically post listings to craigslist. As advertised by defendants, the software made "the difficult craigslist posting process child's play and [helped users] manage and multi-post . . . ads." Defendants also advertised "posting agent" services where defendants would post ads on behalf of customers. Finally, defendants sold software that scraped email addresses from the craigslist site.
Craigslist sued alleging claims under (1) copyright; (2) DMCA; (3) the Computer Fraud and Abuse Act; (4) trademark; (5) breach of contract/terms of use. Defendants failed to contest the suit. The court granted default judgment against defendants:
Copyright Infringement: Craigslist alleged it registered protectable elements of its site (the "post to classified, account registration and log-in features") and that defendants copied these elements of the craigslist site when developing, testing, and using their auto-posting software. The court accepted these allegations at face value, notwithstanding questions as to what parts of the craigslist site were copyrightable (minus the listings themselves, obviously), how the copying here was different from search engine copying under an implied license, and the fact that it's awkward to conclude that browsing in excess of the terms of use constitutes copyright infringement.
DMCA Violations: The court agreed with craigslist that defendants violated two provisions of the DMCA through making available, among other things, "pre-verified craigslist accounts and CAPTCHA credits." There's precedent that supports the proposition that at least some of these types of acts do not violate the DMCA. (See, for example Egilman v. Keller & Heckman, LLP, 401 F. Supp. 2d 105, 113-14 (D.D.C. 2005) ("using a username/password combination as intended--by entering a valid username and password, albeit without authorization--does not constitute circumvention under the DMCA.").) Real made a similar argument to the one defendants would have made here, but this argument was rejected. Either way, the trouble with the court's conclusion is that it's not clear that a violation should be based on use of an anti-circumvention mechanism in a way that's not authorized. This isn't the type of conduct that the DMCA is necessarily meant to address. Mike Masnick flags this aspect of the ruling here.
Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act claims were premised on access of craigslist computers in violation of the craigslist terms of service. This argument is often used in civil cases, but most recently received attention in the Lori Drew case, a criminal case. The Lori Drew case illustrated many of the problems with imposing Computer Fraud and Abuse Act liability based on violations of a terms of use. Professor Goldman's post when the case first started is a good read.
Trademark Infringement: Craigslist alleged that defendants used the craigslist mark "in the text and . . . the headings of sponsored links on internet search engines to advertise their auto-posting products and services." The court cites to American Blinds for the proposition that this will cause "initial customer confusion". (Here's one of Prof. Goldman's posts on American Blinds.) It's odd to see craigslist arguing initial interest confusion. These are the types of arguments one would expect to see against craigslist (for example by someone suing it for trademark infringement, not made by craigslist.
Breach of Contract/Terms of Service: Craigslist pointed to provisions in its terms of use which prohibited the use of automated means and posting agents to post listings. Craigslist argued that defendants violated these provisions and induced craigslist users (who were customers of defendants) to violate these provisions. The court awards $840,000 in liquidated damages based on the terms of use claims asserted by craigslist. Craigslist argued that defendants posted at least 18,200 ads or alternatively defendants posted 4,200 ads as a posting agent. The court assumes for purposes of calculating damages, that the lower number is correct and awards $840,000 based on this number. For each listing posted in violation of the terms of service, the court awarded $100 in liquidated damages (and an extra $100 for each item posted as a "posting agent"). [Note to self: be careful about posting items in violation of the craigslist terms of service!]
Attorney's fees: Craigslist sought $83,614.45 in fees, for the work performed by 5 lawyers and one paralegal. The court found the hours expended reasonable, but reduced the hourly rate slightly, ultimately awarding $65,038.20 in fees. (As a side note, what's up with the reduction in billing rates by one dollar in the April-June 2009 time period. The hourly rates for one partner went from $525 in 2009 to $550 in January-March 2009, to $549 in April-June 2009. Does the one dollar change in someone's hourly rate really matter?)
____
This case is similar in many ways to Ticketmaster v. RMG, where Ticketmaster sued RMG, a company that automated the ticket buying process on behalf of its customers. Following the issuance of an injunction, Professor Goldman noted that this case was "a troubling Cyberlaw development." The claims asserted by craigslist here suffered from some of the same weaknesses as those in Ticketmaster. On the other hand, this was in the context of a default judgment, where the good faith allegations in the complaint are taken as true, and craigslist knew it had to only make colorable arguments. It wants to keep out certain perceived bad actors. In the default judgment context, I'm not sure how much it can be faulted for not fine-tuning its legal arguments. That said, it's always tough to read through these types of rulings without cringing.
One of the more troubling things about the ruling is how the terms of use supports three separate claims: the copyright claims, the Computer Fraud and Abuse Act claim and, of course, the breach of contract claim. It's unsettling to see the website terms of service (which are typically tough to read and digest, rarely read by end users, and incredibly one sided) be given enough clout to support serious statutory violations. But this is nothing new, and courts always seem to be willing to accept these types of arguments.
Another issue for craigslist to consider is whether any of the arguments could come back to bite craigslist. I haven't thought through whether there was a good section 230 argument to be made here, I'm guessing not. Assuming there was, it doesn't seem like such a good idea for craigslist to knock down that argument. It's the classic section 230 beneficiary. At any rate, at a basic level, craigslist is ultimately suing Naturemarket based on harm caused by end users. This is exactly what state regulators did to craigslist. The initial interest confusion argument is also one that does not seem like it's in craigslist's interest to push.
Finally, I'm always curious as to what these damage awards accomplish. How often does the company chase down the defendant's assets? More likely, this is something that can be waved around to other potential defendants to get them to comply and/or settle.
Related: Mike Masnick discusses some of these issues in a post flagging an early round of lawsuits filed by craigslist against spammers: "Craigslist's Dumb Lawsuit Against Spam Tool Provider"
Posted by Venkat at 09:25 AM | Content Regulation , Copyright , Licensing/Contracts , Spam , Trademark
March 02, 2010
February 2010 Quick Links
By Eric Goldman
Copyright
* Mavericks Recording Co. v. Harper (5th Cir. Feb. 25, 2010). 17 USC 402(d) precludes an innocent infringement defense in P2P downloading case when the record companies place proper copyright notices on their works. This is consistent with language from BMG v. Gonzalez in the Seventh Circuit.
* Perfect 10 and Amazon settle on confidential terms; Perfect 10 v. Google will keep going. Previous blog coverage of this case (1, 2, 3, 4, 5).
* Veoh won in court (1, 2, 3) but still got knocked out of the marketplace.
* Project DoD, Inc. v. Federici, 2010 WL 559115 (D. Me. Feb. 11, 2010). In a 512(f) lawsuit I blogged about in December, the judge upheld the magistrate report dismissing for lack of personal jurisdiction because the plaintiff had moved and no longer had ties to Maine.
* MCS Music America, Inc. v. YAHOO Inc., 2010 WL 500430 (M.D. Tenn. Feb. 5, 2010). MCS sued Yahoo over infringement of its songs, and the court says that it can only get statutory damages for each song infringed. This means that if Yahoo performed 8 different covers of the song, MCS is only entitled to statutory damages for one infringed work.
Trademark
* Monex Deposit Co. v. Gilliam, 2010 WL 325570 (C.D. Cal. Jan, 25, 2010). The courts says a gripe site called "MonexFraud.com" may cause initial interest confusion of the Monex trademark. Are you kidding me?
* Typographically erroneous phone numbers always struck me as a much greater problem than "typosquatters."
Contracts
* Asch Webhosting, Inc. v. Adelphia Business Solutions Investment, LLC (3rd Cir. Jan. 25, 2010). 3rd Circuit upholds consequential damages waiver in B2B Internet connectivity contract. Prior blog discussion.
Blogging/Social Networking Sites
* Cats & Dogs Animal Hospital v. Yelp (C.D. Cal. complaint filed Feb. 24, 2010). The plaintiffs allege that Yelp violates California B&P 17200 by using a pay-for-play scheme.
* Rick Frenkel speaks about his Troll Tracker blogging days.
* In re Perry, 2010 WL 374770 (Bankr. S.D. Tex. Feb. 3, 2010). Emailing links to a third party's defamatory blog constituted "publication" of the blog for defamation purposes. The court doesn't discuss 47 USC 230 at all!
* Cunningham v. West Virginia, 2010 WL 415257 (S.D. W.Va. Jan. 26, 2010). MySpace does not impermissibly discriminate against sex offenders.
* Evans v. Bayer, 2010 WL 521119(S.D. Fla. Feb 12, 2010). A student's off-campus creation of a Facebook Group called "Ms. Sarah Phelps is the worst teacher I've ever met" may not be an appropriate grounds for school discipline.
* Snowball fight leads to a rampage at Macy's? Blame Facebook!
* Marshall v. City of Savannah, 2010 WL 537852 (11th Cir. Feb. 17, 2010). A probationary firefighter posted an official fire department photo on her MySpace page. After a reprimand, the employment relationship deteriorated and she was fired. The 11th Circuit affirms the dismissal of her discrimination and retaliation claims.
* BoingBoing gets an anti-SLAPP win--including its attorneys' fees--in a defamation lawsuit over one of its blog posts. The anti-SLAPP ruling.
* Berkery v. Estate of Stuart, 2010 WL 610631 (N.J. Super. A.D. Feb. 23, 2010). "The investigative function an author performs is not substantively different from an investigative journalist. The dispositive element is not the form of the investigative process. In an era marked by a diminution of the classic newsmedia and the print investigative journalist and the proliferation of investigative reporting in media such as cable television, documentary journalism-both televisions and movies-internet reporting and blogging, the need for protection remains the same. Whether Hornblum was writing a book, news article, a screenplay or a blog, the substance of his body of work remains the same."
Search Engines
* After some innuendo about Microsoft’s role in harassing Google on antitrust/competition issues, Microsoft effectively admits as much. Also see this Wall Street Journal article on the Microsoft-Google tussles.
* Search Engine Land: Google AdSense Using Search History In Contextual Matching
* Munger v. State, 2010 WL 537641(N.C. App. Feb. 16, 2010). Rejecting a taxpayer challenge against a NC law designed to provide financial incentives for Google to build a facility there.
* Lengthy Wired article on Google's algorithm.
* Nature: Chinese researchers don’t want to lose access to Google. My blog post on this topic.
* Business Insider: In Case You Had Any Doubts About Where Google's Revenue Comes From
Advertising
* Thomas O'Toole: Does "No Contract" Really Mean No Contract?
* MediaPost: Start-Up Links 65 Million IP Addresses To Users, Readies Targeting Platform. This is not going to end well.
* More troubling words for online advertisers from FTC BCP Director David Vladeck.
* Zelotes v. Rousseau (Conn. Grievance Committee). Attorneys participating in an Internet lead generation system that allocated leads geographically didn't violate the attorney Rules of Professional Conduct.
Online Crimes
* F.T.C. v. Pricewert LLC, 2010 WL 329913 (N.D. Cal. Jan. 20, 2010). FTC gets a default injunction against an Internet access provider that allegedly provided connectivity for activities such as child pornography, botnets, spyware, and viruses.
* US v. Little. The Eleventh Circuit disagrees with the Ninth Circuit regarding the appropriate geographic scope to measure the obscenity of Internet material.
* 3 Google executives were convicted in Italy of criminal privacy violations for a user-uploaded video to Google Video. NYT article. Google's response. A refresher on the Felix Somm conviction from 1998.
* Online ticket sellers are getting the smackdown. Criminal prosecutions of online ticket brokers who allegedly played dirty in jumping the queue. The FTC cracks down on Ticketmaster and warns other online ticket sellers.
Posted by Eric at 05:04 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack
February 22, 2010
Google AdWords Contract Upheld Again, Causing a Venue Transfer in Flowbee v. Google
By Eric Goldman
Flowbee International, Inc. v. Google, Inc., 4:10-cv-00668-LB (S.D. Tex. Feb. 8, 2010). My post on Flowbee’s initial complaint.
Google has successfully transferred Flowbee v. Google from Texas to California by invoking the venue selection clause in its AdWords contract. The result is noteworthy for three reasons.
First, it’s yet another case upholding Google’s AdWords contract. Similar precedents include the CLRB Hanson, Feldman and Person cases.
Second, the court said the scope of the venue selection clause covered Flowbee’s tort claim for trademark infringement. This was not a guaranteed conclusion. Clearly, the clause governs Flowbee’s AdWords purchases, but it does not automatically govern Flowbee’s beefs with other advertisers’ AdWords purchases under their independent contracts with Google. Compare Miller v. Facebook with Yahoo v. American Airlines. This court, bound by the Fifth Circuit ruling in the Yahoo case, nevertheless distinguished it because the Yahoo clause specified that business partners “submit” to exclusive jurisdiction, while the Google clause used the words “litigated exclusively.”
Third, Google surely is happy to have this case out of a lousy venue (Southern District of Texas) and into its home court. If only it could transfer the other AdWords cases too!
Having successfully transferred the case, Google then filed its answer and a counterclaim that Flowbee breached the mandatory venue clause by suing Google in Southern District of Texas. This is at least the second time Google has tried this type of contract breach claim (I blogged on the same tactic in the John Beck Amazing Profits case), so Google’s turn-the-tables move isn’t really news even though it prompted a TechCrunch post.
However, Google’s contract breach counterclaim highlights how Google got caught in flagrante delicto in its collections suit against myTriggers by bringing that suit in Ohio state court. In Flowbee, Google takes the position that bringing a suit in the wrong venue is an actionable contract breach. I’m not exactly sure how Google would respond if myTriggers countersued Google for breaching its AdWords contract by suing myTriggers in Ohio rather than California. I don’t think myTriggers could claim any damages from Google’s breach, nor do I expect myTriggers would complain about the breach because it’s probably thrilled to have trapped Google in an undesirable forum. However, Google is walking an arguably duplicitous line.
As TechCrunch post points out, Google’s answer contains some “whoops” references to Rosetta Stone instead of Flowbee. By inference, Google probably cloned-and-revised its Rosetta Stone answer for the Flowbee litigation. My tip for clean living: Whenever I clone-and-revise a document to use for a different party, the very first thing I do is a global search-and-replace to change party names.
The roster of pending AdWords cases (I most recently double-checked the status of these cases on February 20, 2010):
* Ezzo v. Google
* Rescuecom v. Google
* FPX v. Google
* John Beck Amazing Profits v. Google and the companion Google v. John Beck Amazing Profits
* Stratton Faxon v. Google (not initially a trademark case). Check the status.
* Soaring Helmet v. Bill Me
* Ascentive v. Google
* Jurin v. Google 1.0 (voluntarily dismissed), succeeded by Jurin v. Google 2.0
* Rosetta Stone v. Google
* Flowbee v. Google
* Parts Geek v. US Auto Parts
* Dazzlesmile v. Epic
Posted by Eric at 09:26 AM | Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack
February 19, 2010
Clickthrough Agreement With Acknowledgement Checkbox Enforced--Scherillo v. Dun & Bradstreet
By Eric Goldman
Scherillo v. Dun & Bradstreet, Inc., 2010 WL 537805 (E.D.N.Y. Feb. 17, 2010)
I teach my Cyberspace Law students that the most effective online contract formation process is a "mandatory non-leaky clickthrough agreement":
* mandatory = the user cannot proceed to the destination without going through a screen soliciting their consent to the user agreement.
* non-leaky = there are no alternative ways the user can reach the destination. I realize this is redundant with "mandatory," but I remind students that a seemingly mandatory process can have leaks. For example, if customer support representatives will manually set up user accounts occasionally, the mandatory online process has become leaky because now a few users reached the destination without consenting to the agreement.
* clickthrough = the user manifests assent to the contract by clicking, and the user is told that the click signifies assent.
There are other ways to form online contracts (e.g., email exchanges), but if executed properly, the mandatory non-leaky clickthrough process should do very well against contract formation challenges. But even this description leaves open a number of user interaction judgments. Does likelihood of contract formation vary if:
* the agreement terms are presented on the clickthrough page itself or are only available for review by hyperlink?
* the agreement terms are presented in a scrollbox? If a scrollbox is used, must the user be forced to scroll through the scrollbox?
* the user is asked to check an additional box, such as a certification that the user has read the agreement?
In all of these cases, I believe the contract should be properly formed whether the answer to these questions is yes or no. However, I'm now a fan of adding a bonus mandatory checkbox as part of the formation process after reading today's opinion. A user mounts a sophisticated challenge to a mandatory non-leaky clickthrough process, and the bonus mandatory checkbox helps squelch the challenge. I think the court would have enforced it without the checkbox, but it sure put the user in an awkward/untenable position.
Scherillo bought a financial report about a company from Dun & Bradstreet's Small Business Solutions website. Scherillo alleges that the report painted an overly rosy picture of the company, leading him to make bad investment decisions that cost him money when the company tanked. Scherillo wants D&B to cover his investment losses.
Scherillo is almost certain to lose on the merits. Indeed, this case brought to mind one of the earliest cyberlaw cases, Daniel v. Dow Jones, 520 N.Y.S. 2d 334 (N.Y.C. Civ. Ct. Spec. Term 1987). (This case is a fun read--see how the court discusses electronic networked communications almost a quarter-century ago). That case involved Dow Jones' publication of an ambiguous report via a dial-up online service that led the plaintiff to make a bad investment decision. The court said that any tort claim for publishing inaccurate information required the plaintiff to show that it had a "special relationship" (analogous to a fiduciary relationship) with the information vendor, and an ordinary customer-vendor relationship did not qualify as a special relationship.
Interestingly, D&B would rather hear the case in NJ rather than keep it in NY and hope to benefit from substantive NY law that surely would doom Scherillo's case. (Perhaps NJ has a similar law). To move the case to NJ, D&B invoked the venue selection clause in its user agreement. Let's look at the online contract formation process. The court says:
"since 2007, the SBS website has included a page that requires users to register before purchasing a Dun and Bradstreet product ("the registration page"). On the registration page, users input information, including their e-mail address and name. The bottom quarter to third of the page contains a scrollable text box with the title "Terms and Conditions" [which contained a mandatory venue selection clause designating NJ]. Directly below this text box there is more text that reads: "I have read and AGREE to the terms and conditions shown above." Immediately adjacent to this text is a much smaller, empty box ("the terms and conditions check box"). Also at the bottom of the page is another box containing the phrase "Complete Registration" ("the Complete Registration box"). Clicking on this box completes the user's registration. McDonald testified that if a user clicks on the Complete Registration box without checking the terms and conditions check box, the user is unable to complete registration and is returned to the registration page."
Check out the page yourself as I saw it in Google Chrome on Feb. 18 (with cropping). The formation process looks pretty standard to me.
Scherillo attacked the formation process by saying he never consented to the agreement because "it was possible for him to unknowingly and involuntarily 'check' the terms and conditions check box." Not only that, he lined up Sean Chumura, "a cyberwarfare and computer forensics expert" who is also [LINK NSFW] helping Perfect 10 in its lawsuit against Google, to testify that "it was possible for plaintiff, while 'tabbing' through the registration page, to inadvertently hit the space bar and thereby 'check' the terms and conditions box."
[Snarky paragraph alert] First, this may prove the adage that you can find an expert to testify about ANYTHING. Second, Scherillo alleged $75k of investment losses. For a low-value lawsuit like that, he needs a cyberwarfare expert??? Third, I believe Chumura has a MySpace page. Really...? I wonder if he uses an AOL.com email address too. The MySpace page also reveals that its author appeared to attend the Dan Quayle school of spelling.
OK, back to the case. The judge was no more tolerant of this nonsense than I am. He resolves the factual dispute by saying:
even under plaintiff's theory--that, while "tabbing" through the fields on the registration page, he accidentally hit the space bar key and thereby "checked" the terms and conditions box--plaintiff would have seen the check mark appear in the box and then still would have had to hit the "return" key (or clicked the "complete registration" box with the mouse) to complete the registration and advance to the next screen. Plaintiff would have had an opportunity to see that he checked the box inadvertently before he then hit the return key on the "complete registration" box. Thus, to accept plaintiff's theory, the Court would have to find that plaintiff hit two keys accidentally-the space bar and the return key-and that he was then involuntarily and unexpectedly sent to the next screen where he nonetheless proceeded to enter his credit card information and complete the purchase of the report. This alleged chain of events is simply not credible.
Therefore, Scherillo's click on the "Complete Registration" box manifested Scherillo's assent to the terms, even if Scherillo chose not to review them. The court says that the fact that the terms were in a scrollbox is immaterial, and the fact that some sites require the user to scroll through the scrollbox before proceeding doesn't affect the effectiveness of D&B's implementation.
I believe this court would have upheld the formation process even without the bonus checkbox, but you can see how the checkbox defused the withering assault of a cyberwarfare expert. Thus, you might consider implementing the bonus checkbox to discourage similar silly attacks against your contract formation process in the future.
Posted by Eric at 11:28 AM | Licensing/Contracts | TrackBack
February 18, 2010
Google Hit With Another Antitrust Lawsuit. Does It Have Microsoft Ties? Google v. myTriggers
By Eric Goldman
Google, Inc v. myTriggers.com, Inc., 09 CV 14836 (Franklin County Ct. of Common Pleas, Ohio). Google filed its first amended complaint on January 20, 2010. myTriggers filed an answer with counterclaims on February 2, 2010. See both pleadings here.
About a year ago, Google was sued by an obscure company called TradeComet for various antitrust violations. TradeComet’s lawsuit wasn’t the first private antitrust claim against Google; other scrappy claims had arisen over the years. However, none of them were serious challenges or went anywhere.
The TradeComet complaint looked equally low-merit, so I would have probably ignored it except that TradeComet’s counsel was the NYC-based Cadwalader Wickersham & Taft—which also does antitrust work for Microsoft. Those two facts could be completely unrelated, but it’s possible that they aren’t. First, I can’t imagine Cadwalader would jeopardize a lucrative relationship with a Fortune 50 company to take on a low-merit lawsuit for a no-name company. Therefore, either Cadwalader viewed the various antitrust issues as so unrelated that no legal or business conflicts were created—a risky judgment given Microsoft’s sensitivity about both Google and antitrust—or Microsoft approved/acquiesced to Cadwalader’s representation of TradeComet. Second, Microsoft has been engaged in a multi-year, multi-front effort to harass Google on antitrust issues, and Cadwalader’s involvement would be consistent with that campaign.
I checked PACER today, and the TradeComet lawsuit is going nowhere fast. Google filed a motion to dismiss in March 2009, prompting an exchange of memos in April, and the last (non-substantive) PACER entry was in August. It appears that everyone is waiting for the judge to rule on Google’s motion to dismiss from almost a year ago.
Meanwhile, an intriguing and unexpected new antitrust battlefront has opened up. myTriggers is run by NexTag alums and, IMO, has an even worse brand name than TradeComet. Do a search for “mytriggers” and see if you can avoid juvenile giggles. myTriggers’ properties include three shopbots/shopping comparison websites: mytriggers.com, comparisonsearches.com and shopbig.com. A quick review of these websites revealed no obvious reason why I would choose them over better-known shopbots.
As a result, I could see why these sites might have trouble generating organic traffic. Therefore, I wasn’t surprised to learn that myTriggers was a heavy AdWords advertiser. myTriggers said that Google had extended it a $250,000 line of credit, and it incurred $200k in AdWords charges for December 2007. Meanwhile, myTriggers clearly enjoyed its acquired traffic. It did three multi-million rounds of financing (the 2005 initial capitalization and rounds in 2006 and 2007) and leased a big datacenter in March 2008. But just as it was finalizing the lease, the bottom dropped out on myTriggers. Google implemented a change to myTriggers’ quality score, which (according to myTriggers) boosted its minimum bids 10-100X. It’s never good for margins when the price on a key input goes up 10X or more, and myTriggers subsequently fired almost all of its employees and effectively exited the market.
This left the pesky matter of Google’s unpaid bill—to the tune of about $335k, according to Google. I’m not sure how many of myTriggers’ millions haven’t been spent, but clearly Google thought it was worth chasing this money. It hired a (presumably cheap) local Ohio counsel and filed one of the shortest complaints I can recall seeing (2 sentences!) in myTriggers’ local state courthouse—even though the AdWords contract appears to say that contract-related litigation *must* be adjudicated in Google’s home court. Other than the risk that myTriggers didn’t have the money, Google appears to have treated this as a routine and unexciting collections matter.
This is where the story gets weird. Rather than plead poverty to Google or mount a generic but low-cost contract defense, myTriggers retained THREE law firms and also brought a counterclaim under Ohio’s state antitrust law, the Valentine Act. The three law firms are: (1) local Columbus counsel, presumably initially retained to handle the collections matter, (2) a Cincinnati firm that includes Stanley Chesley, Ohio bar #852 (!), a litigator of some renown who has enough gravitas to impress most judges; and (3) the same four-person DC-based antitrust team from Cadwalader that also represents TradeComet.
I am struggling to make sense of myTriggers’ litigation choices. Assuming myTriggers even has the money, writing a $335k check to Google (and I bet Google would have taken less!) is almost assuredly cheaper than paying three law firms to mount an antitrust assault on a $20B/year behemoth. Assuming that myTriggers wants to maximize profits, then either (1) myTriggers thinks its odds are good enough that it will win AND make enough money to pay the 7 lawyers on the counterclaim's signature page plus their teams, or (2) the law firms struck an unbelievably sweet deal on fees.
Either way, how did Columbus-based myTriggers connect with the DC-based Cadwalader team? Did myTriggers independently call up Cadwalader? The TradeComet lawsuit got some press, but that was a year ago. If myTriggers really thought it had a case, it might have preemptively sued Google rather than waiting for Google to sue it. Did myTriggers get connected to Chesley for some reason, who then recommended bringing in Cadwalader? Did Cadwalader reach out to myTriggers? If so, I would like to know more how this happened and how this matter pertains to Cadwalader’s relationship to Microsoft. I’m also confused about the relative roles of Chesley and Cadwalader. It’s not immediately obvious why myTriggers would need both Chesley and Cadwalader or be willing to fund both.
Whatever the case, I suspect the antitrust claims caught Google flat-footed. A simple and low-stakes collections matter has blown up into a potentially significant lawsuit in an undesirable forum. Google chose Ohio state court for the collections matter despite its AdWords contract, so now it will have a tough time extricating itself from that court. But I suspect it would rather have an antitrust case in federal court, not state court—often (but not always) federal judges are more sophisticated than state judges and less susceptible to hometown bias. And I’m sure Google would rather fight antitrust claims on one of the coasts than in the Rust Belt, especially if myTriggers argues that Google’s evilness cost Ohioans jobs. Google probably didn’t mean to offer battle in this venue, but someone did a really good job of seizing the opportunity and forcing Google to fight the battle in a suboptimal setting.
Although myTriggers’ counterclaim is noticeably less well-drafted than the TradeComet complaint, the substance of myTriggers’ antitrust counterclaim is similar to the TradeComet allegations. The basic argument is the same: myTriggers argues that it’s a competitor to Google and that Google raised ad prices on a competitor to squelch it. As a result, I think this counterclaim is about as meritorious as TradeComet’s—in other words, not so much.
That said, the counterclaim had a couple of interesting factual allegations. First, in paragraph 12 of the counterclaim, myTriggers alleges that Google cuts special deals with selected shopbots so that their ads are not subject to the same quality scores as other advertisers. (Compare paragraph 101 of the TradeComet complaint, which wasn’t as clear that Google made these adjustments by agreement). I would love to see one of the Google-shopbot agreements containing such a clause. Could this just reflect some aspect of Google’s standard algorithm that automatically preferences shopbots without any agreement? Or could the NexTag alums know something we don't?
Second, Paragraphs 14-16 allege that Google manually maintains a “whitelist” that means that “neither Google nor its ‘search partners’ will eliminate the company from the market,” and a shopbot not placed on the whitelist “is forever blacklisted by Google and its ‘search partners.’” The TradeComet complaint doesn’t have a directly analogous allegation, and I have no idea what this means. If you have any thoughts or theories, I would welcome them. These allegations should be subject to the Ohio equivalent to Rule 11, so myTriggers should have some evidence in its possession to back this up. I would love to see that evidence.
Posted by Eric at 01:23 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack
January 31, 2010
January 2010 Quick Links
By Eric Goldman
Copyright
* An English translation of Google's December loss in France on a Google Book Search lawsuit.
* Ed Felten reports on a survey of files available via BitTorrent. Acknowledging some methodological limits, he estimates ~99% were likely copyright infringing.
* Elsevier B.V. v. UnitedHealth Group, Inc., 2010 WL 150167 (S.D.N.Y. Jan 14, 2010). Denying copyright statutory damages and attorneys' fees to unregistered foreign works is constitutional because the Berne Convention (which Elsevier argued prohibits the statutory formalities) is not self-executing.
* Techdirt: Singapore Court Rules That Online DVR Is Infringing...While Noting How Copyright Law Isn't Really Set Up For This
* Techdirt: If Banning The Internet For Sex Offenders Is Unfair, Is Banning The Internet For Copyright Infringers Fair?
* The Copyright Office issued new regulations on the deposit of online-only works: “The regulation establishes that online–only works are exempt from mandatory deposit until a demand for deposit of copies or phonorecords of such works is issued by the Copyright Office.”
Trademark/Publicity Rights
* American Airlines v. Yahoo settled. Previous coverage:
- Yahoo Subpoenas Expedia in American Airlines Lawsuit
- Fifth Circuit Denies Yahoo's Jurisdictional Appeal in American Airlines Case
- American Airlines v. Yahoo Venue Transfer Denied
- Yahoo Countersues American Airlines for Declaratory Judgment
- American Airlines Sues Yahoo for Selling Keyword Advertising
* Duplicity alert! Rescuecom is in court defending its keyword ads triggered by competitor Best Buy's TMs.
* Bev Stayart sues Yahoo again over publicity rights. My September 2009 blog post on her prior loss against Yahoo.
Pornography
* Clark v. Commonwealth, 2009 WL 5125009 (Ky. App. Ct. Dec. 30, 2009). Upholding a conviction when "Clark knowingly used a computer for the purpose of getting a minor, or a peace officer whom Clark believed was a minor, to take a sexually explicit photograph of herself."
* Am. Booksellers Found. for Free Expression v. Cordray, Slip Opinion No. 2010-Ohio-149 (Jan. 27, 2010). Ohio's Supreme Court partially upholds its state law restricting Internet distribution of harmful to juveniles material to juveniles when the communications are to recipients known or believed to be juveniles.
Spam
* United States v. Zein (E.D. Mich. 2009). Posting an ad on Craigslist constituted a "mass marketing" activity sufficient to trigger a 2 level sentencing enhancement.
* Comcast and e360 settled their lawsuit. Previous blog coverage.
Blogs/Social Networking Sites
* Sieber v. Brownstone Publishing Company, 2007 CA 002549 B (D.C. Superior Ct. Dec. 23, 2009). A building contractor sued Angie's List and other people over consumer reviews. My prior mention of the case. After 2 years of litigation, a DC trial judge dismissed all defendants on summary judgment and awarded one defendant-counterclaimant $18k+. The entire text of the memo opinion:
MEMORANDUM OPINION AND ORDER GRANTING MOTIONS FOR SUMMARY JUDGMENT OF ALL DEFENDANTS, DENYING PLAINTIFFS' MOTIONS FOR SUMMARY JUDGMENT, and GRANTING POOLE'S MOTION FOR SUMMARY JUDGMENT ON HIS COUNTERCLAIM signed by Judge Long, efiled, eserved, and docketed in chambers on December 23, 2009. It is ORDERED that the Motions for Summary Judgment of Brownstone Publishing Co., the Washington Post Company, John Kelly, and John W. Poole are granted; and it is FURTHER ORDERED that the Motions for Summary Judgment filed on behalf of the plaintiffs are denied; and it is FURTHER ORDERED that judgment shall be entered in favor of all defendants against the plaintiffs as to all claims in the Second Amended Complaint; and it is FURTHER ORDERED that judgment shall be entered in favor of defendant Poole and against plaintiff SCS Contracting Group LP as to Poole's Counterclaim against plaintiff SCS Contracting Group for $18,300 plus 6% (six percent) per annum interest, and a separate money judgment for this sum shall be docketed. Court Jacket not in chambers.
* FINRA Regulatory Notice 10-06: Guidance on Blogs and Social Networking Web Sites.
* Duer v. Henderson, 2009-Ohio-6815 (Ohio App. Ct. Dec. 23, 2009). A web publication telling a ghost story and describing the location of purportedly paranormal phenomenon on private property is not liable for any resulting trespass to real property.
* The “moldy tweet” lawsuit was dismissed.
* Two lawsuits holding that bloggers aren't subject to jurisdiction in the plaintiff's home court:
- Silver v. Brown, 2009 WL 5220297 (D. N.M. Nov. 30, 2009).
- Workman Sec. Corp. v. Phillip Roy Financial Services, LLC, 2010 WL 155525 (D. Minn. Jan 11, 2010)
* BBC: France ponders a right-to-forget law.
E-commerce
* Appliance Zone, LLC v. NexTag Inc., No:4-09-cv-0089-SEB-WGH (S.D. Indiana Dec. 22, 2009). Upholding NextTag's clickthrough-formed advertiser agreement. Mehmet Munur’s comments.
* Edward A. Zelinsky, “New York’s 'Amazon Law': Constitutional But Unwise.”
* Largo Cargo v. Google, a new complaint over allegedly mismanaged AdWord bids. This is the latest incarnation of the Almeida case. I think Largo Cargo’s complaint is still a no go.
* The NYT catalogs an impressive roster of futility for US dot coms trying to compete in China.
Miscellaneous
* Gmail will consult the user's prior emails to pick an ad if a particular email doesn't lend itself to a good ad.
* Illustrating the divergence between the open source community and the Wikipedia community, APC reports that 75% of Linux code is now written by paid developers.
* Oddee: 15 Funny Facebook Fails.
* I expect to be in the Netherlands May 23-30. Let me know if you would like to meet up there.
Posted by Eric at 01:19 PM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
January 23, 2010
Facebook User Agreement Upheld in Copyright Infringement Lawsuit Over Third Party App--Miller v. Facebook
By Eric Goldman
Miller v. Facebook, Inc., 1:2009cv02810 (N.D. Ga. Jan. 15, 2010). Miller's complaint filed in October 2009.
Miller makes the Adobe Flash videogame "Boomshine." He alleges that defendant Yeo published a Facebook app, ChainRxn, that violates Miller's "look and feel" copyright in Boomshine. In addition to suing Yeo, Miller sued Facebook for its role in providing access to the app. See Wendy Davis' initial story on the lawsuit from October. Facebook defended on jurisdictional grounds, asserting that Facebook's user agreement requires that the lawsuit should be heard in California, not Miller's preferred venue of Georgia.
The court grants the transfer request. Miller had a Facebook account that he used to promote his games, and he consented to the Facebook user agreement--and its mandatory venue clause--when he created his account. Miller argued that Facebook's user agreement was vague, a contract of adhesion, and inapplicable to Miller's copyright complaint. The court efficiently rejects these attacks, noting its concerns about Facebook having 350 million potentially litigious users:
striking the forum selection clause could wreak havoc on the entire social-networking internet industry. If this court were to determine that the forum selection clause contained in Facebook's TOU was unenforceable, the company could face litigation in every state in this country and in nations around the globe which would have potential adverse consequences for the users of Facebook's social-networking site and for other internet companies.
It's hard to argue with this, but the Court's next move is trickier. It says that Miller's copyright infringement allegations are covered by the forum selection clause, which purports to govern "any dispute about or involving the Web site and/or the Service." A complaint about an infringing app clearly satisfies this broad language, but consider the implications. Miller, like 350 million other people, has a Facebook account. He's complaining about activity that isn't related to his use of his account; rather, he's complaining about wholly unrelated activity. Read literally, this court seems to be saying that all 350M Facebook users are required to sue Facebook in Facebook's home court for any claim they may have that relates to Facebook.com.
Just like this sweeping outcome has not occurred for other Internet companies like eBay, I don't expect that Facebook will be so lucky either. However, it would have been nice if the court had been more careful explaining why a copyright infringement lawsuit brought by a copyright owner who happens to be a Facebook member is governed by the user agreement.
If the case gets that far, I wonder if Facebook can claim the 512 safe harbor for hosting a user-supplied allegedly infringing app. In general, I think third party apps fits the 512 paradigm neatly--either 512(c) if Facebook hosts the app or 512(d) if Facebook links to the app. However, Miller alleged that he sent a C&D notice to Facebook and Facebook ignored it, which putatively disqualifies Facebook from 512(c) or 512(d) coverage if the C&D satisfied the 512(c)(3) requirements. Even if Facebook can't claim 512 protection, Miller faces a potential uphill battle proving his allegations that the ChainRxn game infringes Boomshine's "look and feel," which are tricky to enforce, especially in the gaming context.
I wouldn't read too much into this case, but it does seem partially responsive to the legions of unhappy Facebook users who believe that Facebook's user agreement should be struck down for one reason or another. It's harder to trump properly formed online user agreements than most people wish, and this case is a small example of that. Facebook users who are unhappy with Facebook's user agreement can find recourse in a variety of ways, but assuming the contract is going to fail in court is one of the least preferred methods.
Posted by Eric at 11:29 AM | Licensing/Contracts | TrackBack
January 11, 2010
Top Cyberlaw Developments of 2009 (Eric's List)
By Eric Goldman
Guest blogger John Ottaviani recently dropped by to offer his perspectives on 2009’s top Cyberlaw developments. While I like his list a lot, I independently developed my own top 10 list that has a different emphasis. You might enjoy the contrasts. My list:
#10: Louis Vuitton v. Akanoc. After the judge ordered a web host to stand trial, a jury awarded the trademark owner $32 million due to the web host’s contributions to trademark infringement by its customers. This case stands out for the big damages award and as a rare example where an online provider was held liable under a contributory trademark liability theory. Many trademark practitioners are scratching their heads trying to figure out the import of this case, however. Does this case represent a dangerous new frontier of online liability? Was this a bad jury verdict fueled by poor defense lawyering? Or was this an appropriate outcome because the web host actually engaged in bad behavior that distinguishes it from most “legitimate” web hosts? 2010 may help us understand if this case is part of a new trend or an aberration.
#9: Gordon v. Virtumundo. We’ve seen a lot of silly anti-spam litigation, including the emergence of an entirely new group of entrepreneurs called “spam litigation entrepreneurs” who try to make a living on anti-spam lawsuits. These folks have a true love-hate relationship with spam; they hate it so much that they devote their lives to fighting it, but they love getting spam because each one is a potential revenue source. In general, judges hate spam a lot too, so over the years we have seen a number of doctrinally unsupportable results where judges bent the law to make sure spammers lost.
However, the judicial pendulum has swung in the opposite direction, and in Gordon v. Virtumundo, the Ninth Circuit destroyed a serial anti-spam plaintiff’s entrepreneurial business in a doctrinally questionable but strongly worded opinion. In short order, a number of other spam litigation entrepreneurs have seen their lawsuits shut down with emphasis. Due to this ruling, the era of anti-spammers partying in courts may be on the wane.
#8: Zango v. Kaspersky. The question raised in this issue is simple to state but hard to answer: who should decide what constitutes spam, spyware or a virus? Vendors of software designed to curb these threats would like unfettered discretion to make their classifications; businesses who are classified as a threat would like judges to overturn adverse decisions. As it turns out, in a relatively obscure provision (47 USC 230(c)(2)), in 1996 Congress said that software vendors get to make classifications decisions and unhappy businesses can’t complain about them. In June, the Ninth Circuit upheld Kaspersky’s decision to classify Zango’s software as a threat and rejected Zango’s efforts to take the classification decision out of Kaspersky’s hands. This ruling gives enormous freedom to vendors of anti-spam/anti-spyware/anti-virus software to do their best to keep us safe.
#7: Columbia Pictures v. Fung. This case came out just before the Christmas holiday, so it got lost in the holiday hoopla a bit, but it’s a case of potentially significant import. First, it held that the specific torrent sites at issue induced copyright infringement. Second, the court denied the torrent sites’ eligibility for the DMCA online safe harbors. In part, the court said that an inducing website was categorically disqualified from the DMCA online safe harbors. Like the Akanoc case, it’s not entirely clear if this result was a legal aberration or an appropriate reaction to the defendants’ poor choices. Either way, it is possible that more “legitimate” websites may change their behavior to minimize their exposure based on the legal precedents in this case. If they do, this case could have a major impact on UGC websites.
#6: Lori Drew’s acquittal. Megan Maier’s suicide remains a heartbreaking tragedy, but unfortunately, overzealous prosecutors compounded the tragedy by prosecuting Lori Drew using bogus legal doctrines. The tragic facts got a jury to convict Drew of some misdemeanor crimes. Fortunately, the judge recognized the legal errors of the prosecution’s theory and the jury’s conclusions and granted Drew an acquittal despite the jury findings. The judge finally got to the right result as a matter of Cyberlaw, but the case remains a chilling testament to prosecutorial power.
#5: Harris v. Blockbuster. The rule is really clear. Service providers can't amend online user agreements in the provider’s sole discretion without notice. As the Ninth Circuit informed us in 2007, those contracts don’t fare well in court. So although these provisions are in just about every online user agreement, they don’t work--as Blockbuster found out the hard way.
As part of the litigation detritus from the Facebook Beacon experiment, users sued Blockbuster for sharing their rental transactions with Facebook and all of their friends, allegedly in violation of the Video Privacy Protection Act. Blockbuster tried to bust the class action by invoking the contract’s arbitration clause. Instead, because Blockbuster had the impermissible amendment provision in its user agreement, the court said the contract was illusory and refused to send the case to arbitration.
This case should signal the end of the ridiculous amendment clauses. We’ll see how long it takes the lawyers to give the provisions up.
#4: Battles Over the First Sale Doctrine. We have seen numerous legal battles this year over the First Sale defenses in both copyright and trademark law.
Copyright owners try to engage in price discrimination by carving up the world into geographic territories with different prices for the same product. If they can use copyright law to keep the cheap products from entering the other geographic market, this keeps the product from effectively price-competing with itself.
This year, two cases involved European textbooks which were functionally equivalent to the textbooks being sold in the United States at higher prices. Entrepreneurs were buying the cheap European texts, shipping them to the US and then selling them online. The entrepreneurs invoked the First Sale doctrine, which says that copyright law can’t prohibit the legitimate purchaser of a tangible copyrighted item from reselling the item to whomever they want at whatever price they want.
However, copyright law has another provision that allows copyright owners to block the importation of copyrighted works into the United States. In the 1998 Quality King case, the US Supreme Court said that the First Sale doctrine trumped the importation right when the goods were manufactured in the US, sold overseas, and then imported back to the US. However, in Pearson v. Liu and John Wiley & Sons v. Kirtsaeng, the judges said that the importation right trumps the First Sale doctrine when the goods were initially manufactured overseas. This issue is ripe for further adjudication, though. A similar importation case, Costco v. Omega, is pending before the US Supreme Court, which is deciding whether or not it wants to hear the case. If it does, we may get clearer instructions about the interplay between the First Sale doctrine and the copyright importation right.
Copyright’s First Sale doctrine was also at issue in Vernor v. Autodesk, where the purchaser of a software disk wanted to resell the disk on eBay despite restrictions in the software licensing agreement barring such resales. The court held that the First Sale doctrine applied and allowed the resale. There are other cases percolating through the court system involving the resale of tangible media contained copyrighted material despite contractual restrictions on resale, so this issue remains a hot one.
Trademark owners also try to prevent competition with their products that leak out of their official channels of distribution. eBay has been the site of a couple battles over the First Sale doctrine in trademark law. In Mary Kay v. Weber, the court held that the trademark First Sale doctrine may not permit the eBay resale of expired cosmetics by a Mary Kay independent beauty consultant. In Beltronics v. Midwest, a trademark owner shut down the eBay resale of radar detectors that had leaked out of the manufacturer’s channel and were being sold (at a cheaper price) without the manufacturer’s warranty.
Clearly, the First Sale doctrine matters a lot to eBay and other consumer-to-consumer e-commerce websites. With a possible pending Supreme Court case and lots of IP owners looking to stifle competition from goods they have already profited from, expect the First Sale doctrines to get lots of attention in 2010.
#3: 47 USC 230. In my opinion, 47 USC 230 is the most important Cyberlaw statute, so new 230 developments will make my top 10 list for the foreseeable future. This year, there were three federal appellate court rulings interpreting 47 USC 230(c)(1):
* in Barnes v. Yahoo, the Ninth Circuit held that 230 protected a website’s negligent delay in removing user content. However, if the website had promised removal to the user, the user could have a viable claim for promissory estoppel that would not be preempted by 230.
* in FTC v. Accusearch, the Tenth Circuit held that a website’s resale of pretexted phone records—even if those records were supplied by third party suppliers—did not qualify for 47 USC 230 protection because of their illegality.
* in Nemet Chevrolet v. ConsumerAffairs.com, the Fourth Circuit held that a consumer review website was not liable for user-supplied reviews, even when the website worked with the user to submit the review, and despite the plaintiff’s unsubstantiated claims that the website had fabricated the reviews itself.
Really, the big 47 USC 230 news in 2009 is the absence of big news. Specifically, 2009 reinforced that the Ninth Circuit’s 2008 Roommates.com decision—one of the most significant defense losses under 47 USC 230—did not rip open a major hole in the statutory protection of websites. Of the 13 cases that I have seen that have cited the Roommates.com en banc opinion, eleven have cited the case in favor of the defense. (See the list here). The two exceptions are the Accusearch case, mentioned above, and the New England Patriots’ lawsuit against StubHub over season ticket resales, an odd opinion that may not have much influence. Therefore, despite our fears about Roommates.com, the 47 USC 230 immunity remained healthy and vibrant in 2009. For more on this topic, see my special recap of 47 USC 230's year-in-review for 2009.
#2: Keyword Advertising Battles. Keyword advertising battles are another perennial topic on these year-in-review lists. A multi-billion dollar a year industry has sprung up around the sale of keyword-triggered advertising, including some keywords that may be third party trademarks, and trademark owners don’t like it at all. This has led to a multi-front battle between trademark owners, keyword advertising sellers (such as Google), and keyword advertising buyers.
One of the biggest Cyberlaw cases of the year was the Second Circuit’s ruling in Rescuecom v. Google. In the district court in 2006, Google won an easy victory against a trademark owner because the court said that Google did not make the requisite “use in commerce” of the trademark. The Second Circuit reversed the district court, sending the case back for further proceedings. The reversal does not ensure Google’s defeat; Google will now litigate other legal doctrines and might very well win on one of those. However, the Second Circuit’s opinion largely spells the end of any “use in commerce” defense by either keyword advertising sellers or buyers.
Because of the “use in commerce” defense’s demise, keyword advertising cases will now likely turn on whether the advertisements create a likelihood of consumer confusion. One case, Hearts on Fire v. Blue Nile, offered up a new and complicated test for gauging consumer confusion. If other courts adopt this test, keyword advertising cases will get even more expensive and complicated—highlighting how important it was that the Rescuecom case eliminated an easy way to end these lawsuits early.
Meanwhile, despite the fact that keyword advertising battles have been taking place for at least a decade, we have not heard what a jury thinks about the practice—until the November jury ruling in Fair Isaac v. Experian. In that case, the jury found for the defense that the keyword-triggered ads did not create the requisite likelihood of consumer confusion. It remains to be seen if other juries reach the same conclusion. If they do, keyword advertising lawsuits should slowly fade away over time because the trademark owners can’t win in the end.
As for now, keyword litigation is going strong and hardly fading away. In Spring, Google made two changes to its trademark policies where it voluntarily agrees to take down certain types of ads at the trademark owner’s request. In May, Google extended its more liberal US-based policy to nearly 200 other countries, replacing the more restrictive policies it had in place there. Shortly thereafter, Google modified its US policy to do less for trademark owners in situations involving product resales, review websites and sales of complementary/replacement parts. Trademark owners were none too pleased with these changes. In response to these changes and the door opened by the Second Circuit Rescuecom decision, Google got hit with about a dozen new lawsuits, including some class action lawsuits, of which I believe 10 are currently still active.
Finally, all of the wrangling in court and over voluntary trademark policies could be mooted by legislative action, and for the third time, the Utah state legislature considered resolving the keyword advertising issue itself. A law regulating keyword advertising passed the Utah house but died in the Utah senate. Expect the pro-regulatory forces to round up the troops for a fourth try in 2010.
#1: FTC Endorsement Guidelines for Bloggers. The Obama administration has breathed new life into a pro-regulatory FTC, and the FTC sure is interested in all things Internet. The FTC has been nosing around Internet privacy and Internet marketing practices pretty carefully, and I expect 2010 to bring more FTC pronouncements designed to tackle the Internet.
But nothing stirred up a hornet’s nest of confusion and anger in 2009 like the FTC’s Endorsement and Testimonials Guidelines. I think it’s fair to say that the FTC’s guidelines rollout was a complete failure. As usual, the FTC’s guidelines were mealy-mouthed and filled with conditional statements (the FTC hates to lay out bright line rules that might constrain their future discretion). However, the FTC’s general gist was clear: bloggers should disclose when they receive financial or other consideration for their blog posts.
Unfortunately, this general principle leaves open some fairly fundamental questions, like when is disclosure required in situations less clear than straight cash-for-posting, and where should disclosure be made, especially in space-constrained media like Twitter. Needless to say, unhappy bloggers can be very noisy, so blogger response to the FTC’s announcement was loud and vituperative. The FTC tried to backpedal a little by saying that it did not intend to pursue individual bloggers, but this announcement only reinforced that bloggers do not understand what the FTC wants from them.
Meanwhile, the FTC’s proposed guidelines also took an interesting position about an advertiser’s liability for rogue blogger’s posts. This position is generally consistent with government enforcement agencies’ views that commercial players can be legally responsible for content they endorse or link to (see, e.g., my comments on the SEC’s liability-for-linking policy), but this position runs directly contrary to 47 USC 230’s provisions that say A isn’t liable for B’s online content. As a result, I believe that part of the FTC’s proposed guidelines violate 47 USC 230 and would not survive a court challenge.
Overall, the firestorm over the FTC’s Endorsement and Testimonials guidelines is a small part of a larger effort to regulatorily separate advertising from content. The Internet has collapsed those distinctions, perhaps irreparably, so regulators may be trying to accomplish the impossible. Nevertheless, the FTC seems determined to prop up the distinction, and I expect 2010 will bring more FTC efforts on this front.
* * * * *
While that concludes my top 10 list, there were a number of other interesting developments in 2009 that are worth a brief note:
* Moreno v. Hanford Sentinel. A woman trashed her hometown in an obscure but public MySpace posting and learned there is no “do-over” for Internet content publication. My vote for the most factually interesting Cyberlaw case of 2009.
* Google’s keyword metatag announcement. Courts generally treat the inclusion of third party trademarks in keyword metatags as per se trademark infringement. But Google has confirmed that it ignores keyword metatags. Will courts get the message?
* Google Book Search settlement. If the Google Book Search settlement ever gets approved, it may reshape the book industry, redefine libraries, and make all kinds of other socially significant changes. But the list of opponents to the settlement is long and growing. Professor James Grimmelmann of New York Law School is our community’s maven for all things “GBS.”
* Kindle book deletion. The Kindle store sold e-books it didn’t have the right to sell, so it took them back. Users learned of a key factual difference between physical books and e-books—the vendor can remotely make e-books go poof.
* States’ efforts to impose sales tax efforts based on marketing affiliates. For years, states have been looking for ways to make online retailers collect sales tax for them. They are generally stopped by Supreme Court precedent, but in 2008 New York finally figured out a workaround. The New York statute said that marketing affiliates were like traveling salespeople and thus created the physical nexus required for a state to impose sales tax collection obligations. The New York statute survived its first legal challenge, which opened the floodgates of other states passing similar laws hoping to get their piece of the action. Meanwhile, online retailers aren’t just rolling over; instead, they are threatening to cut off (or actually cutting off) marketing affiliates in states that enact these laws—thus potentially costing the states income tax from the marketing affiliates’ revenue, and creating the potential for the entire affiliate industry to be torn apart.
* Maine kids privacy law. Maine thought it could pass a law banning marketing to kids. It was wrong. The state had to withdraw the law and go back to the drawing board.
* UMG v. Veoh. Veoh won another nice DMCA online safe harbor victory.
* US v. Kilbride. The Ninth Circuit says that online obscenity prosecutions need to evaluate national attitudes towards obscene content, not local community standards.
* Kentucky domain name seizure. Kentucky tried to grab 141 domain names that enabled Kentucky residents to engage in illegal gambling. But those domain names also serviced customers for whom the gambling was completely legal, so the Kentucky courts are rethinking the grab.
* FTC v. Sears. As another example of the new pro-regulatory winds blowing through the FTC, the FTC cracked down on Sears for installing spyware on users’ computers that looked at the users’ hard drives, even though Sears paid the users for the installation and disclosed the spyware’s snooping in the user agreement (though in an inconspicuous manner). This case has made a lot of lawyers concerned that adverse disclosures in user agreements won’t satisfy the FTC.
* Facebook the Drama Queen. Ah, Facebook. Love it. Hate it. Facebook is a pretty nifty site and part of my daily routine, but boy, they sure do have a knack for stirring up trouble.
- In February, they made a relatively modest change to their user agreement that caused people to freak out.
- In response to this, Facebook took the provocative step towards user self-governance. Facebook let users vote on some choices and promised to be bound by the results, but with an asterisk: Facebook decided what options users could vote on, and Facebook would honor those choices only if a prohibitively large number of users exercised their franchise. Still, it was a nice gesture towards cyberspace community self-governance.
- In summer, they tried to settle their Beacon litigation, but that also reminded folks of how much Beacon irritated them in the first place.
- Summer also brought allegations of click fraud on Facebook, and lawsuits followed.
- Finally, in Thanksgiving, Facebook rolled out some changes to its privacy options that it pitched as giving users more choices, but it also took away some choices and defaulted users into some options that surprised them.
Given this track record, is it unrealistic to expect more Facebook drama in 2010?
* Estavillo v. Sony. Speaking of self-governance, virtual world enthusiasts would love to establish the legal proposition that virtual worlds are legally equivalent to governments and therefore obligated to restrain their actions just like governments are. One virtual world enthusiast sued Sony for kicking him off the network, claiming that Sony was legally governed as a “company town” and therefore lacked the discretion to kick him off. WRONG (and it wasn’t even close).
* Wikipedia's policy change. In August, the English-language Wikipedia announced that it was going to tighten up its editorial policies, and people Freaked Out. (In fact, I have predicted that Wikipedia cannot avoid increased editorial restrictions over time, so this change should not have been surprising). However, it turns out that everyone got it wrong, and Wikipedia’s editorial changes are far less dramatic (and consequential) than initially reported. I will post a separate recap on Wikipedia shortly.
If you would like a stroll down memory lane, you can see my previous top 10 lists from 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 10:46 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark , Virtual Worlds | TrackBack
January 04, 2010
Terminated eBay Vendor Gets Day in Court Against eBay--Crawford v. Consumer Depot
By Eric Goldman
Crawford v. Consumer Depot, Inc., 05-3242 (Tenn. County Ct. Dec. 9, 2009)
Essex and Consumer Depot are competitors in the eBay consignment business. According to the court, prior to 2005 Essex used to allow its employees to bid on its auctions, and in 2004 one of its executives was personally suspended for shill bidding. Consumer Depot allegedly accused Essex of shill bidding, sparking a lengthy multi-front battle between the two companies (dating back to summer 2005).
In 2005, eBay suspended Essex for alleged shill bidding. eBay says it made an independent assessment (easily supported because of Essex's past practices) and didn't rely on reports from Consumer Depot. While Essex was negotiating with eBay over possible reinstatement, Essex tried to unload its warehouse by hiring independent contractors who worked very closely with Essex. eBay decided that this end-run was uncool and terminated Essex. Essex eventually sued eBay for the termination.
eBay defended in part on its user agreement. Essex attacked the user agreement in a number of ways, including:
* it never agreed to the user agreement and the company wasn't bound by it. The court says that no one is allowed to sell on eBay without registering for an account, and the registration process requires acceptance of the user agreement. Any employees registering the Essex account automatically bound the corporation. (Cite to the Motise case, briefly discussed here).
* the contract was unconscionable and a contract of adhesion. The court says that although eBay is an important marketplace, people are free to go elsewhere, eBay is free to decline to business with anyone, and in this case Essex was a sophisticated business with experienced principals.
* the contract is illusory because eBay may modify it (see, e.g., the uncited Harris v. Blockbuster). The court rejects this argument because the changes require notice.
* the contract is illusory because eBay can terminate the relationship if it believes that Essex posed a threat to the site's integrity. The court says this provision is sufficiently definite, but only if the court reads into it a "good faith reasonableness" standard for eBay's belief. Further, Essex's multi-year relationship with eBay creates a course of dealing that overlays the agreement. The court’s discussion is a little garbled, but it is clear that the court added a provision to the contract that eBay may exercise its termination right only reasonably and in good faith.
The courts says eBay had an ambiguous anti-shill bidding policy at the time, and Essex alleges that eBay was looking for a big player to use as an example to other vendors. Thus, Essex may be able to prove that eBay "falsely and as a pretext stated that it found Essex guilty of shill bidding."
Based on the modified contract and eBay’s alleged pretextual justifications, the court denies summary judgment to eBay on the contract and state consumer protection claims. Further, the court says that eBay's liability limit clause applies to the contract but not the consumer protection tort claim. With the open damages on the tort claim, this has become a very dangerous lawsuit for eBay. A jury isn’t going to like a shill bidder, but a Tennessee jury isn’t going to like a Silicon Valley bully beating up on a hometown employer either.
My question is: could eBay have successfully defended all claims based on 47 USC 230(c)(2), the statutory protection for filtering decisions? (Not 230(c)(1), which protects against liability for third party content). Policing against shill bidding seems consistent with the spirit of 230(c)(2)--it's something we want service providers to do, and (c)(2) seems to immunize the steps a service provider takes to do so. Perhaps the real core of this dispute is that eBay publicly called out Essex as an example of a shill bidder. This would bring to mind the National Numismatics case where eBay was denied 230(c)(2) for sloppily worded public announcements intimating that some coins were fake when those coins merely didn't satisfy eBay's certification process. If this case is really about eBay’s public callout of Essex for engaging in behavior that violated eBay’s ambiguously worded anti-shill bidding process, then perhaps 230(c)(2) wouldn’t help here either.
Posted by Eric at 04:32 PM | Derivative Liability , E-Commerce , Licensing/Contracts | TrackBack
December 26, 2009
November-December 2009 Quick Links, Part 1
By Eric Goldman
Trademarks/Domain Names
* Yahoo and Mary Kay settled Mary Kay's trademark lawsuit over Yahoo's email shortcuts.
* uBID Inc. v. The GoDaddy Group Inc., No. 09-cv-2123 (N.D. Ill. Nov. 5, 2009). uBid’s anti-domain name parking lawsuit failed on jurisdictional grounds. Tom O'Toole explains why this is an unusual jurisdictional ruling.
* Trademark Blog: “Sellify, operator of ONEQUALITY.COM, sues Amazon over Amazon affiliates' alleged misuse of ONEQUALITY.COM as Google keywords.”
* In an unenlightening memo opinion, Second Circuit affirms the Cintas v. Unite Here opinion involving union activists’ web activities using a target company’s trademark. My initial blog post on the case.
* Bloomberg: Buyers of counterfeit luxury goods understand they are getting counterfeits, and many of them upgrade to the real thing eventually.
* Transamerica v. Moniker Online Services, 2009 WL 4715853 (S.D. Fla. Dec. 4, 2009). Domain name registrar does not qualify for ACPA's registrar safe harbor when: "Transamerica alleges that Oversee and the Moniker Defendants, together with the ostensible registrants-the John Doe Defendants-are the de facto registrants of the domain names in question. Transamerica claims that Moniker was not merely acting as a registrant in providing registration services to the John Doe Defendants for the infringing domain names, but instead was part of a scheme to profit from the use of the infringing names. As Transamerica points out, Moniker receives a fee each time an internet user clicks on one of the links attached to the infringing domain sites; such payment establishes at least partial ownership in the domain name." Troubling ruling.
* SafeWorks, LLC v. Spydercrane.com, LLC (W.D. Wash. Dec. 7, 2009). A trademark owner's preemptive registration of domain names containing typographical errors of the registrant's trademarks does not infringe a third party trademarks.
Marketing and Advertising
* In re Gemtronics (FTC ALJ decision Sept 16, 2009). A dietary supplement seller wasn't liable for comments on a website that it didn't own or control but (among other things) it had linked to. While this is great, I still believe the FTC needs to rethink its entire liability scheme of online content endorsement or adoption due to 47 USC 230. See 1, 2.
* Avvo settles Florida bar lawsuit and gets Florida to admit that client testimonials on Avvo aren't lawyer advertising. Rebecca explains why an analogous South Carolina regulation violates 47 USC 230.
* After the FDA spooked pharmaceutical companies to stop engaging in search advertising, the FDA held hearings on Internet pharmaceutical marketing. The Arnold & Porter recap. Ironically, BusinessWeek ran a story wondering if pharmaceutical ads reduce consumer demand.
* The FTC cracks down on online negative option/"continuity plan" offerings.
* In re Miva Inc. Securities Litigation, 2009 WL 3821146 (M.D. Fla. Nov. 16, 2009). The court dismissed a securities class action lawsuit over Miva's/FindWhat's investor disclosures relating to click fraud and spyware. My initial blog post on the case.
* NYT: False advertising litigation is a growth industry.
Search Engines
* A Milwaukee lawyer has alleged that another lawyer buying keyword advertising triggered by his name violates his publicity rights. I’ve posted the complaint to Scribd.
* Google is now personalizing search results for everyone, not just logged-in users. In 2006, I wrote about how universal personalization would affect SEO and concerns about search engine bias. Danny Sullivan believes Google’s change deserves "extraordinary attention."
* Google took out an ad from itself to explain why its image search results for Michelle Obama contained an offensive result. This is after it first tried to remove the image on the pretext that the website was hosting malware.
* Danny Sullivan asks some good questions about Google's integration of Twitter into its search database.
* BusinessWeek: Matt Cutts, Google’s search engine anti-spam superstar, talks about his job. He doesn't sound like the most fun person to travel with
* Rose Hagan, Google's chief trademark counsel, is retiring after 7 years at Google. She leaves behind big shoes to fill.
Posted by Eric at 02:59 PM | Adware/Spyware , Derivative Liability , Domain Names , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack
December 18, 2009
Top Cyberlaw Developments of 2009
(Thanks to Eric for letting me post this list here!)
[Eric's note: some of you may recall John, a regular blog guest contributor from 2005-07. It's great to have another contribution from him.]
Eric will post his own list later, but I thought we could start off the holiday season with one person’s view of the top Cyberlaw developments of 2009. It was an interesting year. While intellectual property issues continue to dominate, and we continue to see plaintiffs and their attorneys running smack into Section 230 of the Communications Decency Act, we’ve also seen developments in the areas of Constitutional law, criminal law, and state and federal regulation. So, let’s recap 2009. Unlike David Letterman’s lists, this list is in no particular order of importance.
1. File Sharing Decisions.
After years of lawsuits against file sharers, we finally have two trial decisions. Both held against the peer-to-peer file sharers. Jammie Thomas managed to turn a 2007 verdict of $222,000 (which was later thrown out due to a mistrial) into a 2009 verdict of $1.29 Million. Her motion to reduce the award is pending.
Joel Tenenbaum received more favorable treatment and was subjected to only a $675,000 jury verdict after he admitted liability and his fair use defense was rejected by Judge Gertner. His motion to appeal/reduce the award is due to be filed in early January. Judge Gertner wrote a compelling decision urging Congress to modify the strict liability consequences of new technologies such as peer-to -peer file sharing. In her decision rejecting the fair use defense, Judge Gertner implored Congress “to amend the [Copyright Act] to reflect the realities of file sharing. There is something wrong with a law that routinely threatens teenagers and students with astronomical penalties for an activity whose implications they may not have fully understood. The injury to the copyright holder may be real, and even substantial, but, under the statute, the record companies do not even have to prove actual damages.” We’ll see if Congress listens.
2. Rise of Copyright First Sale Doctrine.
There were several decisions that turned on applications of the copyright “first sale” doctrine to new online situations. Section 209(a) of the Copyright Act permits the owner of a lawfully made copy of a work to sell or dispose of that copy without the consent of the copyright owner.
We also had two cases (John Wiley & Sons; Pearson Education v. Liu) dealing with the importation of copyrighted works (mostly textbooks) printed abroad and then imported into the United States for sale. Two courts said these transactions are not protected by the first sale doctrine because of the importation provision in Section 602. The courts so far have been following dicta in the Supreme Court’s 1998 Quality King case that goods manufactured overseas and then imported are not protected by the first sale right, despite their reluctance to do so. We may get a resolution of this issue in 2010. The U.S. Supreme Court has invited the Solicitor General to file a brief in the Costco Wholesale Corporation v. Omega, which is on a petition for certiorari to the Ninth Circuit Court of Appeals.
A third entry is Apple v. Psystar. Psystar specialized in creating copies of Apple’s Macintosh OS-X operating System and loading them onto Mac “clones.” The court rejected the first-sale doctrine defense because Psystar’s copies of the Macintosh OS-X operating system were not “lawfully made” within the meaning of Section 109. The parties subsequently settled all claims except for copyright infringement, and Apple obtained a permanent injunction against Psystar.
3. Demise of “Use in Commerce” Defense in Keyword Cases.
In Rescuecom v. Google, the Second Circuit reversed the district court and said that Google’s sale of trademarked keywords as ad triggers constitute a “use in commerce.” This probably is the end of the “use in commerce” defense in keyword advertising cases, which will now turn more on likelihood of confusion (or initial interest confusion) factors.
4. Internet Gambling.
Internet gambling continues to be regulated by a tangle of federal laws ill-adapted for the purpose. Some of the laws date back to the 1961 adoption of the federal Wire Act. This is an areas where Congress should really clean things up, especially with criminal liability sometimes at stake.
Proponents of online gambling took a couple of hits in 2009. In Interactive Media Entertainment and Gaming Association v. Holder, the Third Circuit upheld challenges to the Unlawful Intent Gambling Enforcement Act (UIGEA) on Constitutional grounds. The UIGEA does not prohibit Internet gambling, but does prohibit gambling businesses from accepting financial payments in connection with bets that are illegal under any federal or state law. (This Act has effectively forced legitimate offshore gambling sites to stop taking bets from the United States). The Third Circuit held that the phrase “unlawful Internet gambling” is not vague, and that there is no Constitutionally protected privacy right to gamble in one’s home.
Earlier in the year, the Department of Justice ordered four banks to freeze over $34 million in payments owed to about 27,000 poker players. Although the legality of online poker in the United States is a gray area, the DOJ takes the position that online poker games are prohibited by the federal Wire Act. The DOJ position runs counter to several court decisions that have refused to apply the Wire Act to non-sports related Internet gambling. After the funds were seized, the affected poker sites reportedly reimbursed the players the money that was seized.
5. State Attempts to Regulate the Internet.
This trend, a favorite target of Eric’s ire, continued in 2009. Some more notable attempts include Maine’s passage of a little COPPA Act, banning the use of personal information about minors for marketing purposes (which the Maine Attorney General then refused to enforce), Kentucky’s seizing of domain names associated with alleged gambling websites (the legality of which is pending before the Kentucky Supreme Court), and Utah and other state’s attempts to put sex offender information online or require sex offenders to register websites to which they belong and their passwords.
6. Attempts to Criminalize Breaches of Terms of Use.
Lori Drew created a fake MySpace profile to humiliate a 13-year-old neighbor girl and was subsequently blamed for the girl’s suicide death. Drew was convicted of three misdemeanor counts of unauthorized access to computers under the federal Computer Fraud and Abuse Act for violating MySpace’s terms of service. In United States v. Drew, the court dismissed Lori Drew’s conviction, concluding that MySpace’s terms of service were Constitutionally vague. The result is not surprising, because terms of service are not generally written with criminal prosecution in mind. The MySpace terms at issue prohibited a wide variety of conduct but did not explain what activities would make a user’s access “unauthorized”. The user’s conduct was reprehensible, but not criminal.
7. Online Endorsements.
In October, for the first time since 1980, the Federal Trade commission updated its guidelines for advertisers on how to keep their endorsements and testimonial advertisements in line with the FTC laws. The new guidelines explicitly target online endorsements by bloggers and others who receive cash or in-kind payments to review a product. Bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service. While the new guidelines caused a stir among bloggers, they seem to be a reasonable extension of the FTC’s disclosure guidelines in other contexts
8. DMCA Take-Down Notices.
In UMG Recordings v. Veoh Networks, we received some further guidance on what constitutes a proper take-down notice. Here, the court said the copyright owner has the burden of identifying “potentially infringing materials.” A letter merely listing recording artists whose works were allegedly infringing did not give the Internet Service Provider actual knowledge of infringement because the letter does not comply with the DMCA requirements. The court also said that the ISP was not on general notice of copyright infringement just because the website allows users to post music files, which are frequently infringing content.
9. Section 230 of the Communications Decency Act.
There are too many cases to list here, and I am sure Eric has done (or will do) his own exhaustive compilation. The courts clearly expanded the scope of the Section 230 defense in various Craigslist cases (no liability for advertisements for guns or prostitution).
Barnes v. Yahoo showed us that service providers should not make statements and then not follow though. In that case, the plaintiff’s ex-boyfirend created fake personal ads for her on Yahoo and impersonated her in various online forums. She asked Yahoo to take the information down,. A Yahoo employee told her that Yahoo would take the profile down, but Yahoo did not do so until after the complaint was filed.. The Ninth Circuit upheld Yahoo’s Section 230 defenses for claims that Yahoo had an obligation to take the fake profiles down, and that Yahoo did not try to remove some objectionable material. But the court did permit the plaintiff’s claim to go forward that Yahoo had breached its oral contract with her to take the material down, which the Court held amounted to a modification of the “baseline” Section 230 rule.
10. Right to Privacy.
When someone publishes something on a MySpace website without her full name, and then deletes the post, does she have an expectation of privacy? In Moreno v. Hanford Sentinel, Inc., the California Court of Appeals said no. Here, the plaintiff posted an essay that was derogatory of her home town on her MySpace page and then deleted it six days later. In the meantime, the principal at the local high school saw the posting and submitted the poem to a local paper, where the editor (a friend of the principal) published the poem in the Letters to the Editor column and signed the plaintiff’s full name to it. The author and her family received death threats and her father had to close a 20-year old family business. However, the California Court of Appeals ruled that the principal did not invade the author’s privacy by handing the posting to the editor, and further held that the editor did not violate the author’s rights when it published her full name. (The case was remanded in order to address a claim of intentional infliction of emotional stress.)
Let’s hope 2010 brings even more exciting Cyberlaw developments. We have the potential for two Supreme Court rulings, in the Costco case (discussed above) and the Bilski case, which may address the validity of business method patents.
Posted by John Ottaviani at 07:04 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Licensing/Contracts , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack
December 17, 2009
Barnes v. Yahoo Survives Dismissal Motion on Remand
By Eric Goldman
Barnes v. Yahoo!, Inc., 2009 WL 4823840 (D. Or. Dec. 11, 2009)
You recall Barnes v. Yahoo, the case where Yahoo promised to promptly take down a fake profile created by a third party but didn't do so. The district court initially dismissed the case on 47 USC 230 grounds, but the Ninth Circuit reversed in an opinion that stirred up some trouble due to its sloppy 230 discussion. The Ninth Circuit subsequently fixed its worst excesses in an amended opinion and sent the case back to the district court with a revived promissory estoppel claim. Following that ruling, Barnes amended her complaint and Yahoo sought to dismiss it.
The district court opinion addresses three points:
1) The Ninth Circuit had not validated Barnes' promissory estoppel claim but only concluded that a 230(c)(1) defense wasn't available.
2) Barnes sufficiently alleged reliance when she diffused the media coverage of her story based on Yahoo's takedown promise.
3) Barnes sufficiently alleged that she detrimentally changed her position due to Yahoo's promise because the fake profiles were online longer.
I am a little surprised to see Yahoo even try the motion to dismiss. I think this case is a great candidate for settlement.
The case library:
* Amended Ninth Circuit Opinion
* Barnes' petition for rehearing
* Public Citizen et al amicus brief in support of rehearing
* Yahoo's petition for rehearing
* Ninth Circuit opinion and my blog post on it
* Ninth Circuit oral arguments
* District court opinion and my blog post on it
* Barnes' response to Yahoo's motion to dismiss
* Yahoo's brief in support of its motion to dismiss
* Yahoo's motion to dismiss
* Yahoo's notice of removal to federal court (which contains Barnes' initial complaint)
The Justia page has even more materials from the district court proceedings.
Posted by Eric at 09:19 AM | Derivative Liability , Licensing/Contracts | TrackBack
November 27, 2009
Web Host Can Terminate Customer for Abusive Call to Customer Support--Mehmet v. Add2Net
By Eric Goldman
[This is a relatively minor pro se case, which is why I've let it sit this long, but it has a couple of interesting facets that make the case worth blogging even at this late date.]
Mehmet v. Add2Net, Inc., 2009 WL 3199876 (N.Y.A.D. Oct. 8, 2009). The opinion (starting on page 39).
This case is a nice example of online providers' broad discretion to terminate their users. The dispute involves a web host and its customer. The customer stopped payment, so the host (apparently legitimately) turned off his site. In response, the customer left a nasty voicemail containing an "obscene word." The provider then wrote back to say the relationship was finis. In support of this, the provider cited a user agreement provision banning customers from "abusing" any of the web host's employees. The host took the position that the customer's voicemail breached this clause, justifying the final termination.
The user agreement's exact clause says that customers agree "not to abuse whether verbally or physically or whether in person, via email or telephone or otherwise ... any employee or contractor." Have you ever seen a clause like this? I haven't, nor would I choose to include such an amorphous clause in any contract I drafted. I do appreciate the provision's spirit, especially with all of the mania about anti-cyberbullying and providing safe employment environments, but I have a hard time imagining a covenant that would be enforced more inconsistently or arbitrarily. As a result, a clause like this is virtually tantamount to saying that the vendor can turn off customers whenever it wants.
So, should online service providers add these provisions to their online user agreements? In the wake of the Lori Drew prosecutions where the courts and prosecutors have been overinterpreting user agreements, I have argued against laundry lists of negative covenants in user agreements, but here the clause proved useful. Then again, the customer's initial failure to pay might have given the web host all of the recourse it actually needed.
For virtual world enthusiasts, I would connect the dots between this case and the recent Estavillo v. Sony case, which said that virtual worlds are not company towns. In this case, relying on the ridiculously overbroad negative covenant, the web host wiped out all of the customer's data files in the final termination. Thus, this ruling would seem to support that a virtual world provider similarly could include overbroad negative covenants in its user agreement, arbitrarily enforce a breach against a customer, wipe out the customer's online presence (and all of the digital assets stored in the virtual world), and face no recourse for the loss of those digital assets. I trust this reinforces the uneasiness of virtual world enthusiasts.
More perspectives on the lawsuit from Mehmet himself. It appears he is a serial plaintiff. That may have been material to the court's consideration.
HT: Evan Brown
Posted by Eric at 01:37 PM | Licensing/Contracts , Virtual Worlds | TrackBack
November 18, 2009
Citysearch Click Fraud Class Certified--Menagerie v. Citysearch
By Eric Goldman
Menagerie Productions v. Citysearch, 2009 WL 3770668 (C.D. Cal. Nov. 9, 2009)
While we don't hear much about click fraud litigation any more, there are still some click fraud lawsuits percolating through the courts, including this one against Citysearch. I initially blogged on the case under a different name, Lambotte v. IAC/InterActiveCorp.. Lambotte is out as a named plaintiff and Menagerie Productions now gets the honor.
The big news is that earlier this month, the judge certified claims for breach of contract and fraud under California’s unfair competition law for the following class:
All persons or entities in the United States who entered into form contracts for pay-per-click advertising through Citysearch.com, paid money for this advertising service, and experienced click fraud by reason of double clicks or Citysearch's failure to apply automatic filters to traffic from its syndication partners up through March 23, 2007
In light of the Vulcan Golf court's refusal to certify a class against Google's AdSense for Domains program, the class certification here is a mild surprise. However, that case involved trademarks, which are inherently more amorphous than even click-counting. Certainly, the plaintiffs' lawyers have to be happy about this development. Although Citysearch still has some powerful defenses, I'd be surprised if the plaintiffs walk away from this case empty-handed.
Posted by Eric at 07:04 AM | Licensing/Contracts , Marketing | TrackBack
November 02, 2009
October 2009 Quick Links
By Eric Goldman
Just a reminder that I am posting most of these types of links exclusively to my Twitter feed.
* Tricome v. eBay, Inc., 2009 WL 3365873 (E.D.Pa. Oct 19, 2009). Court upholds eBay user agreement's venue selection clause. Evan Brown covers the case.
* The AutoAdmit case is over. Above the Law and the Yale newspaper.
* Google doesn't want to hear your complaints about your reputation management.
* Moneygram settles with the FTC (to the tune of $18M) that its money wiring service was used to perpetrate fraud.
* The FTC scores a rare COPPA settlement, this time with Iconix for $250,000.
* John Wiley & Sons, Inc. v. Kirtsaeng, 2009 U.S. Dist. LEXIS 96520 (SDNY Oct. 19, 2009). Another federal court holds that the purchase of foreign-manufactured textbooks and resale in the US via the Internet is blocked by the importation right and not excused by the First Sale doctrine. My coverage of the analogous Pearson v. Liu ruling.
* Utah's "Don't Spam the Kids" registry survived a constitutional challenge. That doesn't make it good policy!
* Saadi v. Maroun. Blogger hit with $90k judgment for defamation. MLRC coverage. My initial blog post on the case.
* Erik Estavillo, the gamer who sued for being kicked off the PlayStation Network, is appealing his district court loss to the Ninth Circuit. I guess he wants to lock in the adverse ruling as the binding law of the Western United States. My blog post on the district court ruling.
* Rep. Paul Kanjorski wants to end 47 USC 230 with respect to bogus stock investing info? This legislation needs careful monitoring due to its potential perniciousness.
* Venkat has his own version of Quick Links on his site.
Posted by Eric at 05:08 PM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Privacy/Security , Spam | TrackBack
October 21, 2009
Domain Names as Property Subject to Creditor Claims--Bosh v. Zavala
[Post by Venkat]
Most people take it for granted that domain names are property. As such, there shouldn't be much dispute that domain names are subject to the claims of judgment creditors. But I've seen enough resistance to this position that I thought a recent case was worth a quick mention. This recent case (Bosh v. Zavala (08-CV-04851-FMC-MANx) (C.D. Cal. Sept. 24, 2009)) also raises some interesting questions about the mechanics of trying to use a domain name to satisfy a judgment. For more perspectives, see Marc Randazza's post on this case here; see also NYT; Domain Name News; Deadspin.
Background: One of the early and often-cited cases for the proposition that a judgment creditor cannot get a domain name is Network Solutions, Inc. v. Umbro Int’l, Inc., 259 Va. 759, 770 (Va. 2000). In Umbro, the Virginia Supreme Court held that "a domain name registrant acquires the contractual right to use a unique domain name for a specified period of time...[but this] contractual right is inextricably bound to the domain name services that [Network Solutions] provides." Umbro concluded that the domain name registration agreement was a "contract for services" (which was not subject to "garnishment") rather than property. (Umbro was preceded by the Eastern District of Virginia's decision in Dorel v. Arel where the court punted on the "issue of whether a domain name is personal property subject to [a lien]" because the judgment creditor could take advantage of an easier, practical solution: "the registrar's policies.")
Kremen v. Cohen: Enter Kremen v. Cohen, decided by the Ninth Circuit in 2003. Kremen cast a shadow over Umbro. Kremen involved an action for conversion where the underlying property was a domain name. One of the big questions in front of the court was whether a domain name was property which could support a claim for conversion. The court pretty definitively answered that a domain name was property and therefore could support a claim for conversion. Following Kremen, courts started to realize that since domain names are property, they should be subject to the claims of judgment creditors. (See Office Depot, Inc. v. Zuccarini, 621 F. Supp. 2d 773 (N.D. Cal. 2007).) More recently, in Bosh, Judge Florence Marie-Cooper of the Central District of California allowed Toronto Raptors basketball player Christopher Bosh to seize a slew of domain names held by Luis Zavala, based on a cybersquatting judgment obtained by Bosh.
The key conceptual question to resolve is whether domain names are freely transferable, or whether domain name registration services are contracts personal to the registrant. Given the emergence of the flourishing secondary domain name market, you would think there would be no dispute as a practical matter as to whether domain names are freely transferrable. But it's not as hard you may think to encounter people who argue that domain names are just personal contract rights. For example, in 2009, Network Solutions took this position in the Kentucky domain name case where the Kentucky AG tried to seize numerous domain names based on the fact that they were "gambling devices" used in contravention of Kentucky law. (See pages 7 through 11 of their amicus brief filed in Kentucky: [pdf].) The Kentucky AG's decision was on questionable legal grounds for a variety of reasons, but I was surprised to see Network Solutions' reliance in its amicus brief on Umbro.
From a practical standpoint, the big question is whether a judgment debtor has assets that can be sold to satisfy a judgment. If there are such assets (whether in the form of domain names or otherwise), most courts are going to find a way to let the judgment creditor get at them. There may be tweaks around whether the particular statute in question covers a certain type of property (see, e.g., Palacio Del Mar Homeowner's Association, Inc. v. McMahon, 174 Cal. App. 4th 1386 (2009) (domain names are not subject to "turnover order," coincidentally, the same type of order Bosh obtained)), but it's a mistake to see these cases as somehow rejecting the theory domain names are properly subject to the claims of creditors. One caveat: even if domain name registration services are not contracts personal to the registrant, not every domain name can be easily bought and sold. As discussed in a moment, certain types of domain names - including potentially those involved in Bosh - are tougher to monetize without stepping on the toes of third parties.
Process Questions: In Bosh, the domain names all related to the names of famous athletes and celebrities and were ordered "turned over" to Bosh. Bosh plans on distributing them to other athletes whose names the defendant was squatting on. (Bosh plays for the Toronto Raptors and the defendant squatted on the names of Bosh and many other athletes.) Bosh is somewhat atypical since Bosh didn't really care about satisfying the judgment he obtained and probably will not undertake further efforts to collect. But one of the problems with Bosh is that it doesn't set any sort of process to value the domain names. Is the defendant's judgment satisfied based on the turnover? Who is to say? A turnover to Bosh is sort of an awkward result, and seemingly precluded by the statute (see McMahon), but Zavala was not around to contest the issues, so it is what it is.
A related problem is that Bosh would have a tough time selling the domain names, given that there would be little guarantee that any purchaser would steer clear of engaging in the same conduct that the defendant did in Bosh. The court in Zuccarini alludes to this. (See Zuccarini, 621 F. Supp. 2d at 778, fn. 7.) It's unlikely a court would ever conclude this, but if Bosh decided to auction off the names that were turned over, would he be treading close to the cybersquatting line?
Back to the typical case. Some would argue there's some sort of non-infringing use for all domain names, and that it's up to the purchaser to figure out non-infringing uses. There are plenty of established auction houses that regularly deal in domain names (e.g., Moniker; Sedo). The best bet is to sell a domain name through a court-blessed third party auction. Theoretically, the market price at an auction will accurately reflect the assessment of purchasers as to how the domain name can be used. I guess a very rough analogy is that real property is freely exchangeable, but you can only use it without injuring the rights of your neighbors. No one argues based on the hypothetical nuisance claims of neighbors that real property is not freely exchangeable and therefore not subject to the rights of creditors.
At the end of the day, there are plenty of issues around the fringes, but domain names are likely not off limits for judgment debtors based on the theory that domain names are not "property". Most courts will find a way to let judgment creditors get at domain names. That's not to say that the process of seizing the names and disposing of them does not raise thorny issues.
Posted by Venkat at 10:02 AM | Domain Names , Licensing/Contracts , Publicity/Privacy Rights , Trademark
October 18, 2009
Q3 2009 Quick Links, Part 4
By Eric Goldman
Spam
* Ars Technica: "a disturbing number of e-mail users respond to spam, and not just because they're dumb—some of them did so because they were actually interested in the product or service." I collected some empirical research establishing this point in 2004.
* SpamFighter: Software Creator Admits to Aiding & Abetting Spam
Fraud
* Reuters: A virtual bank rips off depositors in EVE Online.
* Click fraud concerns at Facebook: TechCrunch; Unified ECM v. Facebook complaint (one of at least three pending).
* There can be legitimate circumstances where it makes sense for a vendor to automatically pass a user's credit card number to another vendor, but the practice seems ripe for regulation.
Contracts
* BNA: End of the Notice Paradigm?: FTC's Proposed Sears Settlement Casts Doubt On the Sufficiency of Disclosures in Privacy Policies and User Agreements (BNA Subscription required)
* In August, the NYT interviewed David Vladeck, who suggests that the FTC v. Sears settlement could signal a changing of the guard at the FTC.
* Jonathan Ezor on common drafting mistakes in privacy policies.
* Hines v. Overstock.com, Inc., 2009 U.S. Dist. LEXIS 81204 (E.D.N.Y. Sept. 4, 2009). Browsewrap terms aren’t enforceable “because the website did not prompt her to review the Terms and Conditions and because the link to the Terms and Conditions was not prominently displayed so as to provide reasonable notice of the Terms and conditions.”
* Timothy D. Cedrone, Morals? Who Cares About Morals? An Examination of Morals Clauses in Talent Contracts and What Talent Needs to Know, Seton Hall Journal of Sports & Entertainment Law. I have given my first year contracts students an exercise involving morals clauses that I think worked pretty well (see the links on this page under the "endorsement contract" bullet).
Miscellaneous
* The USPTO has not renewed the peer-to-patent program.
* ABA Journal: E-Discovery is $4B/yr industry but is experiencing consolidation.
* Paul Ohm's paper on re-identification of putatively anonymous databases. This may be one of the more important privacy law papers in some time, as it indicates that we cannot meaningfully distinguish between personally identifiable and non-personally identifiable information.
Posted by Eric at 02:43 PM | E-Commerce , Licensing/Contracts , Patents , Privacy/Security , Spam , Virtual Worlds | TrackBack
October 07, 2009
Vernor v. Autodesk--Does the Right to Possession Distinguish Between Sales and Licenses?
[A big thanks to Professor Goldman for the guest blogging opportunity. I jokingly mentioned that asking me whether I was interested in guest blogging was the law blog industry equivalent of Oprah calling one of her viewers and asking if the viewer was interested in guest hosting the show. Seriously, it's exciting for me as a blogger and practitioner. From my standpoint, Professor Goldman's blog is probably one that I've come to view as indispensable.]
The Western District of Washington (Judge Jones) ruled last week that Autodesk could not prevent the resale of copies of its "AutoCAD packages" based on the theory that the sale was an unauthorized transfer under the terms of the AutoCAD license. (Vernor v. Autodesk, Inc., Case No. C07-1189RAJ (Sept. 30, 2009).) Congrats to Public Citizen for the win. Access the Public Citizen page which contains case documents here.
Background: Autodesk makes design software [link] which it licenses (or at least so it thought) to third parties. Autodesk licensed copies of its AutoCAD software to a Seattle architectural firm, Cardwell/Thomas Associates (CTA). Vernor acquired several copies of AutoCAD from CTA in an “office sale." Vernor then attempted to sell the software on eBay – the actual versions Vernor acquired from CTA. Vernor did not use the software or even install it on his computer. He just acquired physical copies from CTA and tried to sell these copies, along with the jewel box, license key, etc.
Autodesk went down the eBay takedown route, issuing the eBay equivalent of DMCA takedown notices (VeRO notices, also called NOCIs). Autodesk's takedown efforts delayed Vernor's sales and resulted in a temporary suspension of Vernor's eBay account. Vernor brought suit in the Western District of Washington alleging Autodesk wrongfully initiated the takedowns, that the takedowns constituted an unfair trade practice, and for declaratory relief that he had the right under the first sale doctrine to sell the copies of AutoCAD which he acquired from CTA.
In May 2008, the court rejected Autodesk's Motion to Dismiss, largely agreeing with Vernor's position. After oral argument last week on cross motions for summary judgment, the court issued an order granting in relevant part the relief sought by Vernor, and closing the case.
Discussion: The critical question for the court centered on the nature of the original Autodesk/CTA transaction: “whether Autodesk transferred ownership of the AutoCAD packages to CTA"?
What did the license agreements say?: The court first looked to the underlying documentation between Autodesk and CTA. Although the agreement(s) were styled as “licenses," prohibited transfers to third parties, and contained numerous other restrictions, none of this was determinative. In the court's view, the key fact was that CTA was entitled to perpetual possession of the AutoCAD copies. CTA was required to return or destroy these copies if CTA upgraded, but the fact that CTA could choose to upgrade rendered the return/destruction entirely optional from CTA's standpoint. The court beats up on the Autodesk licensing agreements, calling them a “hodgepodge of terms that, standing alone, support both a transfer of ownership and a mere license."
Autodesk sought to put forth evidence that CTA was not permitted to sell the copies of AutoCAD in the first place to Vernor because CTA was required to destroy the software, but the court was less than impressed with this evidence. The fact that the court references CTA's obligation to destroy certain version of AutoCAD upon upgrade as "evidence" (in quotes) is telling. Autodesk was involved in a proceeding with CTA in the Northern District of California in 2009 and CTA agreed to a consent judgment. Autodesk pointed to the provisions of the 2009 consent judgment, provisions of an earlier settlement between Autodesk and CTA, and a 2002 license agreement to support its theory that CTA was obligated to destroy the copies of AutoCAD which it transferred to Vernor, but none of these documents carried the day. Let's just say the documentation around CTA's receipt of AutoCAD seemed murky.
9th Circuit cases: As far as applicable Ninth Circuit precedent, the court found an answer favorable to Vernor in United States v. Wise, a case from the seventies. Wise was a criminal case where Wise was accused of “willfully and for profit vending copyright feature-length motion pictures” which he had purchased from certain licensees. The Ninth Circuit looked to the underlying agreements between the film studios and the licensees, and focused (somewhat erratically it seemed to me) on a variety of different factors in determining whether a particular transaction constituted a sale or license. While the court in Vernor conceded that Wise didn't really provide clear guidance on determining whether a transaction constituted a license or a sale, Vernor looked to Wise and focused on the right to perpetual physical possession as a key determining characteristic of a non-license transaction.
Later Ninth Circuit precedent takes a more copyright owner-favorable view, rejecting attempts by licensees to rely on certain rights as "owners" in defense to claims of unauthorized copying. These cases, starting with MAI and Triad, were decided under section 117, which allows the owner of a copy to make archival and back-up copies, and to reproduce the program, if reproduction is an “essential step in the utilization of the...program.” The court acknowledges the conflict between Wise and this line of cases and concludes that the court is required to follow the earlier precedent on point. Autodesk made a valiant but unsuccessful attempt to point out salient differences between these sets of cases and why MAI was more analogous than Wise.
Autodesk also relied on the expert testimony of Nimmer. Predictably, the court noted it wasn't bound by Nimmer's opinion on the core legal question. Along the way, the court pointed out that Nimmer's views have "proven malleable" over time. Ouch.
I wonder if Autodesk will appeal this one. On the one hand, it would be nice to clear up the confusion among the various cases discussed in the opinion. On the other hand, it seems like the record isn't the cleanest from the standpoint of the details of the Autodesk/CTA transactions. One thing is for certain: Wise is far from a model of clarity.
***
I typically fall on the consumer side in these cases, but I have to admit the decision struck a chord with me. There's obviously a spectrum of transactions that range from license to sale, with a big fuzzy line dividing the two. You buy a CD at the store and that's clearly a sale. No reasonable consumer expects to not be able to freely transfer the particular copy of the CD acquired at the store. Autodesk offers – relatively speaking – expensive software used by professionals and businesses. An Autodesk customer may or may not have the opportunity to negotiate the agreement, but we're certainly not talking about software you decide to pick up at Office Depot while you are out for lunch. (On a related note, check out the EFF's page collecting documents in UMG v. Augusto, a case which is currently on appeal, where the Central District of California found that UMG can't bar sale of “promotional copies" of CDs.)
The court's focus on perpetual possession as opposed to restrictions on transfer also seemed arbitrary, although this obviously has some support in Ninth Circuit precedent. At the end of the day, if you draft in a restriction on transfer or assignment in a license agreement, most users probably expect these restrictions to be enforceable. Drafters of these agreements certainly do. The dispute is really about whether a piece of software acquired by one person can be freely used by another person or entity. In the eyes of most reasonably sophisticated consumers I think the answer is "only if it's not barred by the license." Courts at the other end of the spectrum from Vernor are willing to hold that a licensee violated a no-transfer clause in a license as a result of undergoing a series of mergers and corporate restructuring. (See [pdf] Cincom Systems, Inc. v. Novelis Corp., Case No. 07-4142 (6th Cir. Sept. 25, 2009).) This result seems particularly draconian in light of Vernor. Along these lines, it seems like possession is becoming much less important in the context of software. The court almost seemed to chastise Autodesk for not having a mechanism by which it could assure destruction of the copies which it shipped to CTA. Obviously, these types of attempts raise another set of issues.
Ultimately, the court's opinion seemed like a pretty serious incursion into the contractual relationship between the parties. Granted, Autodesk's documentation was less than clear on the issue of whether CTA was required to destroy CTA's copies of AutoCAD, but the decision seemed to set a pretty high bar for when a transaction will be considered a license.
[A sidenote: about that copy of 1984 you just picked up on your Kindle. Is that a sale or a license? Since Amazon retains the right to zap it under limited circumstances, it's probably a license.]
Other coverage:
Cyberlaw cases: “Court Rules (Again) That Vernor Can Sell Autodesk Software"
Bill Patry: “First Sale Victory in Vernor" (discussing the 2008 order on motion to dismiss, with an interesting note from Peter Brantley on ownership of books)
EFF: “It's Still A Duck: Court Re-Affirms That First Sale Doctrine Can Apply to 'Licensed' Software"
Posted by Venkat at 10:18 AM | Copyright , Licensing/Contracts
August 31, 2009
Lori Drew Criminal Case Ends With a Whimper
By Eric Goldman
United States v. Drew, 2009 WL 2872855 (C.D. Cal. Aug. 28, 2009)
Almost 2 months ago, the judge presiding over the Lori Drew trial orally announced that he intended to rule in favor of Drew, but it was a little hard to decipher his statements without a written ruling. On Friday, the judge issued his written ruling, which indicates that he granted Drew's FRCP 29(c) motion for a post-verdict acquittal. I haven't seen any announcement of the prosecution's response and whether they plan to appeal. This ruling also has no direct bearing on any civil claims against Drew. Nevertheless, for now, Lori Drew has been fully acquitted of the criminal charges brought against her.
The Holding
While the written opinion clears up the judge's exact disposition of Drew's status, it is hardly a clear précis on the legal issues. The judge ultimately grants the acquittal because a Computer Fraud & Abuse Act (CFAA) prosecution based on negative behavioral restrictions in an online user agreement is void-for-vagueness. I think this makes a lot of sense because the negative behavioral restrictions are effectively incorporated into the criminal statute but lack the degree of drafting precision we require from criminal prohibitions. The judge gives a good example of such an imprecise restriction by citing a MySpace user agreement prohibition against posting in “band and filmmaker profiles...sexually suggestive imagery or any other unfair...[c]ontent intended to draw traffic to the profile.” The judge rightly asks what the terms "sexually suggestive imagery" and "unfair content" mean when incorporated into a criminal CFAA prosecution. If we aren't sure, that sounds like a valid basis for a void-for-vagueness dismissal.
Having said that, given this ruling, I still can't understand why the judge let this case go to the jury in the first place. I believe the judge's ruling was independent of the jury verdict and does not rely on any of the jury findings, so why did he wait until after the jury verdict to make a ruling that he could have made pre-trial? His delay was not costless. The jury verdict against Drew remains a public rebuke of Drew even though it's been wiped away, and the judge could have saved everyone a lot of time and money by cutting to the chase earlier.
The Dicta
The judge's actual void-for-vagueness discussion of Drew's situation starts on page 25 of a 32 page opinion. What's going on in the previous 25 pages? The remainder of the opinion apparently explains how the government may have successfully proven the elements of its case, but I found the discussion gratuitous, meandering and confusing. Some of it could also be pernicious. For example, consider this oh-no quote from FN 22:
As a “visitor” to the MySpace website and being initially limited to the public areas of the site, one is bound by MySpace’s browsewrap agreement. If one wishes further access into the site for purposes of creating a profile and contacting MySpace members (as Drew and the co-conspirators did), one would have to affirmatively acknowledge and assent to the terms of service by checking the designated box, thereby triggering the clickwrap agreement.
Read that first sentence again. WHAT??? Did the court just say that every visitor is bound to MySpace's browsewrap just by visiting the website? Uh, I don't think so, or at least I hope not. Whoa.
Another oddity: on page 9, the opinion says "According to Sung, MySpace owns the data contained in the profiles and the other content on the website." (Sung is MySpace's VP of Customer Care). The court slyly quotes the applicable provision in the user agreement which clearly points out that MySpace only takes a non-exclusive license to user data, not ownership. So what could this reference to ownership possibly mean?
Implications of the Ruling
Although I wish the judge had been more careful and laconic in his drafting, this opinion is still a good jurisprudential development. This opinion erects a significant hurdle for future CFAA criminal prosecutions for breaches of user agreements because they will face the same void-for-vagueness challenge that was dispositive here.
I'm less clear how this opinion might affect civil CFAA lawsuits for using third party servers in excess of a user agreement. As the case recounts, a number of cases already accept those claims, and I think this judge's dicta simply adds to those cases. So, for example, if MySpace wanted to sue Drew civilly under a CFAA theory for the behavior at issue with her criminal prosecution, I don't think this opinion would stand in the way. In fact, I think MySpace would cite it favorably. Then again, I doubt MySpace will be suing Drew; MySpace has been conspicuously low-profile about a crime purportedly committed against it.
I do not expect this ruling will defuse any debates over cyberbullying and how to deter it using legal means. If anything, the fact that Lori Drew walks is more likely to pour gasoline on the fire of state legislators who think they can solve the problem through their brilliant statutory drafting. They are wrong, of course, and they can do plenty of harm by trying (see, e.g., the broad and dangerous law that Texas just passed). Unfortunately, I expect more anti-cyberbullying legislative efforts, for better or (mostly) for worse.
Even though the judge corrected a judicial system error, I continue to believe that we as cyberlawyers need to mitigate the problems we create by putting extensive and ambiguous negative behavioral restrictions into our online user agreements. As I've explained before, I think best practices now move most negative behavioral restrictions into a non-binding statement of community norms and expectations.
Posted by Eric at 10:16 AM | Content Regulation , Licensing/Contracts | TrackBack
August 12, 2009
2009 Cyberspace Law Syllabus and Some Comments
By Eric Goldman
I have posted my syllabus for this semester's Cyberspace Law course. This blog post describes the changes from my 2008 course reader. For more on my pedagogical approaches to the course, see my Teaching Cyberlaw article.
Trademark
* Deleted the Tiffany v. eBay case. This is a really rich and fascinating case, but it is really long and I ran out of time to cover it last year. Also, it will be mooted in the not-too-distant future by a Second Circuit opinion.
* Replaced the Playboy v. Netscape and FragranceNet keyword advertising cases with Hearts on Fire v. Blue Nile. The Hearts on Fire case isn't a perfect teaching case, but it discusses use in commerce, likelihood of consumer confusion/initial interest confusion, and a bit of the policy issues. I suspect a number of my Cyberlaw colleagues are teaching the Rescuecom case, but I chose not to. First, it is doctrinally narrow. Second, it is a confusing opinion. Third, I tried to teach it as a last-minute substitution in my IP survey course last semester and was not satisfied with the results. Finally, it involves the less common fact pattern of keyword sales rather than keyword purchases. So I decided that this year the Hearts on Fire case could cover all the necessary issues adequately.
An interesting note: this is the first time in 15 years that I am not teaching a Playboy case in Cyberlaw. Frankly, I had expected to teach at least one Playboy case in Cyberlaw forevermore!
* Added Google's trademark policy. I'm a little surprised it never occurred to me before to include this in my reader.
* Updated my all-new keyword advertising slides from my May presentation.
Copyright
* Deleted the Perfect 10 v. ccBill and Perfect 10 v. Visa cases. I have been struggling with how to teach the Ninth Circuit's Perfect 10 troika of cases for the last couple of years. The troika was over 100 pages of reading that nevertheless left students befuddled after all that work. But I felt constrained because the troika is the most definitive statement of Ninth Circuit law, and it is insightful to see the cases evolve. Nevertheless, I decided that the Amazon case was the most doctrinally significant, so I kept that and ditched the other 2.
* Added Io v. Veoh. To make up for taking out the Perfect 10 cases, I've added this case, which I think is a very clear exposition of a DMCA online safe harbor case.
* Added Parker v. Yahoo. I think this will be a good case to tie together some copyright doctrinal threads as well as provide a nice compare/contrast with the Ticketmaster v. RMG case.
Trespass to Chattels
* Replaced the Computer Fraud & Abuse Act statute with the most recently amended version.
* Included a slide that synthesizes the various trespass to chattel doctrines into a summary format.
Contracts
* Added the Harris v. Blockbuster case. It's a short case that efficiently makes several powerful pedagogical points--including perhaps most importantly, the perils of robo-drafting by copying language from other people's agreements.
Blogs and Social Networking Sites
* Replaced my old materials on blog law and social networking sites law with my most recent talk on both from February.
* Added my Third Wave of Internet Exceptionalism article
* Added the Moreno v. Hanford Sentinel case as an end-of-the-semester review case. As I said when I first blogged on the case, I think "this is one of the most interesting cases I've seen in a while," and I'm really excited about teaching it. I think it will be an excellent issue-spotting opportunity for students as well as a powerful reminder of the power of published words (and how those words can unintentionally affect the people we love).
Change to the Grading Options
My other big change this year is that I am giving students the option to write a wiki entry on a cyberlaw topic as part of their grade. This was inspired by my forthcoming paper on Wikipedia (which you'll hear more about soon). In connection with that paper, I was researching alternative labor sources that could power Wikipedia, and students working as part of a class assignment was one option I explore in the paper (with some reservations). As part of "eating my own dog food" (a terrible idiom that seems to be prevalent in the Silicon Valley), I figured I should give it a try myself. As you can see, the wiki-drafting is optional, not mandatory, so I'll be interested to see how many students choose the option. I'll also be interested to see what happens when the students actually try to submit their work to Wikipedia. I have a mental image of a massive buzzsaw, but perhaps I'm being too cynical.
Posted by Eric at 09:36 AM | Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Search Engines , Trademark | TrackBack
August 04, 2009
Wikipedia and Rules Proliferation
By Eric Goldman
I have previously mentioned how rule sets tend to expand over time. We've seen this with legislation; for example, consider how the Copyright Act has grown over time. Personally, I've seen code expansion over and over again in the context of negative behavioral restrictions in user-to-user communities. A 2008 article by Brian Butler, Elisabeth Joyce and Jacqueline Pike entitled "Don’t Look Now, But We’ve Created a Bureaucracy: The Nature and Roles of Policies and Rules in Wikipedia" provided yet another dramatic example of this phenomenon in the Wikipedia context. They write:
___________
One useful measure of increased complexity is the change in lengths in terms of word count alone of the policies from the first version to most current. All policies studied grew enormously.
• Copyrights: 341 words => 3200 words: 938%
• What Wikipedia is not: 541 words => 5031 words: 929%
• Civility: 1741 words => 2131 words: 124%
• Consensus: 132 words => 2054 words: 1557%
• Deletion: 405 words => 2349 words: 580%
• Ignore all rules: exceptional case
The first version of the Ignore all rules policy is only 23 words long, stating, “If rules make you nervous and depressed, and not desirous of participating in the Wiki, then ignore them and go about your business” [45]. The current version is actually shorter, only 16 words, and says, “If a rule prevents you from working with others to improve or maintain Wikipedia, ignore it” [45]. However, as suggested earlier in this paper, while the actual wording of this policy declined 69% and it appears on the surface to be the least bureaucratic of the policies, the supplemental page directly linked to this policy contains 579 words, indicating that the policy swelled over 3600% [45].
___________
There are some obvious detrimental consequences of this expansion. First, it facilitates wikilawyering. As the rules get more complicated, there are more ambiguities to debate and potentially more contradictory rules. Second, it becomes a bigger barrier to entry for newcomers or casual users; either they must try to master a greater and more complex rule set, or they are more likely to transgress and have their contributions reversed.
Posted by Eric at 10:35 AM | Internet History , Licensing/Contracts | TrackBack
August 03, 2009
Google Goes on Offensive in AdWords Trademark Lawsuit--Google v. John Beck Amazing Profits
By Eric Goldman
Google, Inc v. John Beck Amazing Profits, LLC, C09 03459 (N.D. Cal. complaint filed July 27, 2009). [Warning: 1.4MB file] The Justia page.
A couple of interesting developments in John Beck Amazing Profits v. Google, the putative nationwide trademark owner class action lawsuit against Google over AdWords.
First, as of last week, the plaintiff had not served the complaint on Google even though it's been on file for over 2 months. I'm not sure what's the hold-up, but in my limited experience, delays in serving an already-filed complaint are often a leading indicator of a troubled lawsuit.
Second, last week Google sued the individual named plaintiff in that case, John Beck Amazing Profits, for both a declaratory judgment that AdWords doesn't infringe plus a breach of contract claim that the lawsuit filing breached the AdWords contract provision requiring any AdWords-related lawsuit to be brought in California. Going on the offensive against a plaintiff is characteristic of Google's litigation strategy; Google often tries to turn the tables on its litigation opponents. In this case, a major goal for Google surely is to get the case out of the Eastern District of Texas, which has been a dangerous venue for patent defendants.
Although the declaratory judgment and counterclaim is consistent with Google’s standard practices, in this case Google is ripping a page out of Yahoo's playbook in its litigation with American Airlines. American Airlines sued Yahoo over selling trademarked keywords in a Texas federal court; Yahoo shot back with a in a California federal court to try to get the case in a more favorable venue. The “dueling lawsuits” have led to an ongoing jurisdictional tussle that has slowed down progress on the substantive merits of American Airlines' claim.
As I wrote in connection with Yahoo's efforts, it was not clear to me that a defendant can wrest jurisdictional control of a case through the declaratory judgment process. In Google's situation, it's even more complicated because John Beck Amazing Profits is just the named plaintiff in a class action lawsuit. The plaintiffs could easily replace John Beck Amazing Profits with another named plaintiff who isn't an AdWords advertiser and isn't subject to California jurisdiction. At that point, I'm not sure what happens to the class action. (And, even if Google succeeds in moving the nationwide case, it should have no bearing on the Firepond putative class action lawsuit, which only covers a class of Texas trademark owners). Moreover, even if Google wins the declaratory judgment, it would have no binding effect on other class members.
So other than a not-certain-to-work ploy to pull the nationwide class action out of a bad venue, the only other benefit I see from the litigation is to send a warning shot to any named plaintiff who might succeed John Beck Amazing Profits that Google will be coming after them too. Let's see how that message is received.
The current roster of pending AdWords cases:
* Ezzo v. Google
* Rescuecom v. Google
* FPX v. Google
* John Beck Amazing Profits v. Google and now Google v. John Beck Amazing Profits
* Stratton Faxon v. Google (not initially a trademark case)
* Soaring Helmet v. Bill Me
* Ascentive v. Google
* Jurin v. Google
* Rosetta Stone v. Google
Posted by Eric at 03:51 PM | Derivative Liability , Licensing/Contracts , Search Engines , Trademark | TrackBack
July 14, 2009
Republishing Third Party Ratings in Marketing Material Might Be Copyright/Trademark Infringement--Health Grades v. Robert Wood Johnson Univ. Hospital
By Eric Goldman
Health Grades, Inc. v. Robert Wood Johnson University Hospital, Inc., 06-CV-02351-JLK (D. Colo. June 19, 2009)
A Colorado judge has reached the remarkable conclusion that a hospital publicizing its star ratings and other recognition from a third party rating service in its marketing material might be committing copyright and trademark infringement. This is a little like saying that it could be copyright and trademark infringement for a law school to include its US News rankings in its marketing material or for a book publisher to issue a press release announcing its ranking on the New York Times bestseller list. CRAZY.
Although I suspect there are messier facts than were described in the opinion, the situation as described in the ruling is pretty straightforward. Health Grades [great TM, guys] publishes "objective" ratings of hospitals, doctors and other healthcare providers, including 1-3-5 star ratings and "provider awards." The ratings are published on Health Grades' website behind a clickthrough agreement. Health Grades earns revenues by licensing the ratings and awards to evaluated providers for their promotional use. This business model is rarely a recipe for credible ratings. RWJ University Hospital apparently liked its Health Grades' ratings and awards so much that it republished them in press releases and on its website without paying a licensing fee to Health Grades. Health Grades sued, and this ruling is a response to the hospital’s motion to dismiss.
(Note: In PACER, I saw Health Grades was a plaintiff in at least 5 other pending or closed lawsuits in Colorado federal court since 2004. I didn’t investigate these to see if they were IP enforcement claims like this lawsuit or something else altogether, but Health Grades is a more active plaintiff than I would have anticipated for a company I had never heard of).
Copyright
Let me start with a basic proposition. A single numerical value can never be copyrighted. Ever. I don't care what formula produced the value; I don't care how many digits the number has; I don't care what explanatory text is used to describe the value. I know cases occasionally have reached the absurd result that individual numerical values can be copyrighted, including one of my least favorite copyright cases of all time, the CDN v. Kapes Ninth Circuit case. They are wrong wrong WRONG.
Courts can reach this erroneous conclusion by treating a numerical output as a "compilation" of underlying data values. If you squint, you can almost see how this makes sense. The publisher chooses the underlying values to include, uses editorial judgment to build the algorithm crunching those values, and sometimes layers subjective judgments on top of the algorithm's output. However attractive this logic is, I think fundamentally misreads the copyright statute’s definition of "compile." Under the copyright act, a compilation must represent a "collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged." When a single number distills but obscures the underlying numerical values, the single number cannot reflect a selection, coordination or arrangement of the underlying numbers. Thus, according to my argument, numerical values cannot be compiled unless the reader can see those underlying values directly.
In this case, the judge gets led astray by contemplating the idea/expression dichotomy as a spectrum with "discoveries" on one end and "expression" on the other. Because the ratings aren't discoveries, the court concludes they should qualify as expression. But the court’s dichotomy is fatally incomplete. Instead, the inquiry is whether a single numerical value can represent an original work of authorship because it expresses an idea. A single numerical value cannot express an idea any more than a single word ever could.
Even if one reaches the incredible conclusion that a single numerical value is an original work of authorship, then surely it is preempted from copyright coverage by the merger doctrine, which says that if there are a limited number of ways to express a fact or idea, then the idea and expression merge into a single uncopyrightable whole. It seems like the star ratings in a 1-3-5 star rating system would, by definition, be subject to merger. Sorry to state the obvious, but how many ways are there to express that someone is rated one star??? Nevertheless, this court distorts the merger doctrine by saying the idea being expressed here is the rankings of healthcare providers. This is too high a level of conceptual generality. If every judge used this level of abstraction, the merger doctrine always would be a null set.
The court doesn't rule on the fair use defense at this early stage of the lawsuit (this opinion just addresses the hospital's motion to dismiss), but any guess where this judge is going to come out on fair use?
Trademark
Having butchered copyright law, the judge then makes a mess of trademark law as well. The ratings provider claimed that referencing its name as the source of the ratings in the marketing material constitutes a trademark infringement. Again, the analogy is that saying "US News" when publicizing a US News rankings constitutes an infringement of US News' trademark.
There are many reasons why this argument should be clearly wrong, but on the motion to dismiss, the hospital emphasized the nominative use defense. That seems like as good a ground as any for the court to kick out the trademark claim. For example, in the Terri Welles case from 2002, the Ninth Circuit said that nominative use permitted Terri Welles to publicize that she was "Playboy Playmate of the Year 1981" when, in fact, Playboy had bestowed that title upon her.
Unfortunately for the hospital, it drew a judge who apparently HATES the Ninth Circuit's articulation of the nominative use defense. The court says that the "nominative fair use doctrine as stated and applied by the Ninth Circuit is…at odds with recent Supreme Court precedent" and that the "Ninth Circuit's 'nominative fair use' analysis has not been widely adopted. In fact, all of the circuit courts that have considered it to date have either rejected the Ninth Circuit's approach outright [cite to the 6th Circuit PACCAR decision]...or modified it in some fashion to allow likelihood of confusion to be determined based largely on the traditional multi-factor analysis of this element." Just to clarify the latter point, the nominative use defense doesn't really do anything useful if defendants already can show a lack of consumer confusion, nor does looping the nominative use defense back into the standard likelihood-of-consumer-confusion test help judges end unmeritorious cases quickly. But that's exactly what the court does here, reserving the nominative use inquiry as a question of fact to be evaluated in conjunction with the multi-factor test. As a small bone to the defendant, the judge says that the defendant has the burden to show likelihood of consumer confusion, which in turns means that the plaintiffs implicitly must overcome a nominative use claim.
However, I wouldn't be too excited about that the forthcoming review if I were the hospital. The court goes on to say "the very nature of Health Grades' product, its rankings of healthcare providers, carries with it at least the possibility that consumers will consider RWJ's use of the Health Grades' marks to communicate Health Grades' ratings and awards for RWJ an implied endorsement by Health Grades of RWJ and the services it provides." Well, yes. By definition every "objective" rating of third party goods and services communicate the rater's assessment of quality—that’s the whole point. But to assume an "endorsement" seems like a wholly different matter. That's kind of like saying that US News "endorses" law schools by ranking them. Thus, the judge made a major cognitive leap by equating a quantitative assessment with an endorsement, and this subtle shift seems to extend trademark law into places it should not go.
One more point. Some trademark wonks believe that we can rely on doctrines like nominative use to do a lot of the heavy doctrinal lifting of segregating meritorious from unmeritorious cases. To those folks, I say—read this opinion! After you see how this court mangles the nominative use doctrine to effectively eliminate it, let me know if you still think the nominative use doctrine is a reliable safety valve for socially beneficial speech.
Breach of Contract
After having laid waste to big chunks of copyright and trademark law, the judge still had one more doctrinal surprise up his sleeve. The court says that the rating service's contract, which restricted licensees' republication of ratings, was preempted by copyright law because it lacked an extra element from the copyright infringement claim. Now, I freely confess that copyright preemption befuddles me, and I think it befuddles a lot of other copyright geeks, so it's a little hard to say with confidence that any copyright preemption decision is clearly wrong. But this result certainly contravenes oodles of precedent that have held that copyright and breach of contract claims can co-exist harmoniously. In my opinion, the breach of contract claim seemed way more promising than either the copyright or trademark claims.
Conclusion
For those of you keeping score, you may have noticed that I think the results should have been exactly opposite to the judge's conclusions. The copyright and trademark claims should have been easy dismissals, and the breach of contract claim should have survived. Opinions like this make me question my knowledge sometimes.
Opinions like this also make my blood boil. At one level, the opinion is almost correct if you apply the most tendentious reading of legal doctrines at each and every decision-point. (Although, this opinion also expressly turned its nose up at significant amounts of adverse precedent). On the other hand, the opinion is so clearly incorrect if one steps back and looks at the problem from a holistic common sense standpoint. Asking the question as "Can IP law prevent a company from telling others how a third party service has rated it?," the answer should be clearly and unequivocally "no," and it shouldn't even be close.
Ironically, the court even tangentially acknowledges the value of product ratings as a tool to facilitate consumer decision-making. As the court says, "Health Grades' individual ratings and awards also advance learning by providing consumers with a more concise and accessible evaluation of these providers than the consumers could obtain by reviewing the underlying data sources themselves." Yet, somehow, the judge lost sight of the fact that regressive copyright and trademark protection for numerical ratings makes the ratings less accessible, thereby hindering their value to help consumers make good decisions in the marketplace. From that perspective, the judge really whiffed.
As a result, if other courts follow this judge's "logic," the potential for mischief from cases like this is enormous. Think of every reputational system that spits out a numerical assessment of the subjects it evaluates. Now, assume each and every one of those numbers is copyrighted. Individual eBay feedback scores? Individual FICO scores? Individual Billboard rankings of songs and albums? All possibly copyrighted and requiring the initial publisher's consent to republish. Add in potential trademark claims, and the crazy-o-meter goes off the charts.
UPDATE: Bill Patry has posted on this case as well.
Posted by Eric at 04:08 PM | Copyright , Licensing/Contracts , Trademark | TrackBack
July 13, 2009
Facebook Sued for Click Fraud--RootZoo v. Facebook
By Eric Goldman
RootZoo, Inc. v. Facebook, Inc., 5:09-cv-03043-HRL (N.D Cal. complaint filed July 7, 2009)
Facebook appears to have run into some trouble with click fraud recently. Last month, TechCrunch had a series of articles about Facebook click fraud. TechCrunch postulates the following story: competitors are clicking on each others' ads to reduce their ROI and drive each other off Facebook. To ensure that the click fraudders can see Facebook's microtargeted ads, the fraudsters are creating thousands of fake accounts with heterogeneous profile information. The fraudster's software eventually finds a target ad and clicks on it like crazy, so fast that the advertiser's page never loads. This is distorting the advertisers' server logs, causing a big discrepancy in reporting and making it impossible for advertisers to track down the click fraud. TechCrunch reports that it spoke with Facebook and Facebook claims the situation has been addressed. Of course, could Facebook say otherwise?
I'm not clear if it's related to the TechCrunch coverage or not, but last week a putative class action against Facebook was filed, alleging click fraud. The plaintiffs allege that they were charged for clicks that never occurred at alarming rates--in RootZoo's case, they claim they were charged for 804 clicks on a single day when their servers recorded about 300 clicks. Now, I'm never sure how much credit to assign to plaintiffs' allegations like this. First, advertisers always want more performance for less cash. Second, advertisers' tracking systems are not always reliable, so RootZoo's undercounting could be due to their system, not Facebook's. However, combined with the TechCrunch reports, it raises some concerns that something could have been amiss at Facebook (and maybe still is?).
That's not to say the plaintiffs will get a check out of Facebook. The plaintiffs face many hurdles, including potential difficulties establishing a class, the many challenges getting competent evidence, and Facebook's contract and all of the various protective provisions contained therein. So the plaintiffs have plenty of work ahead of them. Then again, so may Facebook.
Posted by Eric at 09:43 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack
July 07, 2009
June 2009 Quick Links, Part 2
By Eric Goldman
State Regulation of the Internet
* iAWFUL, the Internet Advocates Watchlist for Ugly Laws
* Texas HB 2003. Part of the anti-cyber-harassment mania. Very broad statute with lots of room for prosecutorial mischief.
* BNA (BNA subscription required): "State Legislatures Consider Criminal, Civil Restrictions on Ticket Purchasing Software": "At least six state legislative bodies are considering bills this session that would place restrictions on the use of “ticket bots.""
* Because states are embracing the Amazon affiliate tax, the online affiliate industry is shrinking as we speak (1, 2, 3). But in one of his rare good moves, Schwarzenegger has vetoed CA's attempt to impose the Amazon tax.
* Clive Thompson in Wired: "By severing the link between location and geography, the internet turned everything upside down. Now mobile phones are inverting everything again, in the other direction — because your location becomes most important thing about you. So how is the return of geography going to change our lives?" My previous commentary on geolocation and the law.
Blogs/Social Networking Sites
* Yath v. Fairview Clinic, 2009 WL 1751767 (Minn. App. Ct. June 23, 2009). Posting illegitimately obtained health information to a MySpace page qualified as “publicity” for purposes of an invasion of privacy claim. The court says: “Yath's private information was posted on a public MySpace.com webpage for anyone to view. This Internet communication is materially similar in nature to a newspaper publication or a radio broadcast because upon release it is available to the public at large.” As a result, the publication qualified as “publicity” even if the material was posted for less than 48 hours and the plaintiff could only prove that a small number of folks actually saw it. Compare the Moreno v. Hanford Sentinel case, where republication of information the plaintiff voluntarily published on her MySpace page could not support an invasion of privacy claim.
Nevertheless, the defendants were excused because they had not created the MySpace page, even though they had supplied the information republished on the MySpace page.
* Richerson v. Beckon. Ninth Circuit upheld reassignment of teacher-mentor based on negative blog comments. My blog post on the district court opinion.
* Kaufman v. Islamic Soc. of Arlington, -2009 WL 1815641 (Tex. App. Ct. June 25, 2009). An online-only journalist qualified as a "member of the electronic or print media" for purposes of an interlocutory appeal statute.
* After von Brunn committed his hate crime outside the US Holocaust Museum, a bunch of his digital trails went dark as websites newly realized his vitriol was posted there.
* If you're looking for a paper topic, here's one: the use of MySpace, Facebook and other social networking sites in family law disputes, especially over child custody. I'm seeing cases every week where social networking site postings are being introduced to corroborate or contradict testimony about a parent's fitness.
Security
* FTC v. Pricewert. The FTC takes down an allegedly rogue Internet access provider. To the extent that the IAP is engaged in criminal activities, no problem; but it's less clear to me if the FTC can get a civil injunction under its Sec. 5 authority to stop the IAP from serving its putatively illegal customers. Such an action could be preempted by 47 USC 230. The FTC, in its brief, says the IAP fits into a Roommates.com exception, an argument presumably bolstered by their 10th Circuit win in FTC v. Accusearch.
* Johnson v. Microsoft Corp., 2009 WL 1794400 (W.D. Wash. June 23, 2009). This is a putative class action over Microsoft’s use of Windows Genuine Advantage (WGA) to validate copies of Windows XP. In this ruling, Microsoft gets SJ on the claim alleging that the contract prevented Microsoft from doing WGA validation. Especially interesting is the court’s conclusion that IP addresses are not personally identifiable information.
* Microsoft v. Lam. Microsoft brings a lawsuit against alleged click fraudders who caused Microsoft to issue $1.5M in credits to advertisers. The NYT article.
* EFF on the most recent amendments to the Computer Fraud & Abuse Act.
Miscellaneous
* Expedia tagged for $184M in damages for improperly marking up its service fees.
* In re Jamster Mktg. Litig., 2009 U.S. Dist. LEXIS 43592 (S.D. Cal. May 22, 2009). Wireless carriers aren’t liable under RICO and false advertising laws for various deceptive practices by wireless content providers.
* New unmeritorious patent lawsuit trend: lawsuits over patent markings for expired patents.
* NYT: Investing in Lawsuits, for a Share of the Awards
* Oddee: 15 geekiest license plates:
Posted by Eric at 09:18 PM | Content Regulation , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Patents , Privacy/Security , Publicity/Privacy Rights , Search Engines | TrackBack
ABA Antitrust Section Consumer Protection Conference Recap
By Eric Goldman
Last month I attended the ABA Antitrust Section’s Consumer Protection Conference. This post recaps some highlights from the event.
A few overarching themes:
* in light of the country’s economic malaise, the FTC is focusing its enforcement on economic harms. This is both to combat those who prey on victims of the economic downturn as well as curbing some of the excesses that contributed to the economic downturn.
* there was significant confusion, and some apprehension, about the proposed new Financial Product Safety Commission and how it will affect other government agencies, including the FTC. If nothing else, the proposed new agency creates some turf wars and might send an implicit message that the FTC somehow wasn’t up to the job (a characterization I wouldn't necessarily agree with).
* not exactly news, but the FTC is itching to do something different about regulating online privacy.
* on a related theme, there is widespread hand-wringing about the failures of consumer notices to effectively educate consumers and improve their decision-making. I agree with this, and in fact I’ve noted before that we are experiencing a “crisis of contracts.” While some UI improvement can be made in how information is presented to consumers, we are also stuck with the bigger problem that some consumer decisions are more complicated than consumers are able to handle, no matter how effectively the complexity is disclosed. There is no clear regulatory solution to this problem.
David Vladek’s Opening Remarks
David Vladek, the new director of the Bureau of Consumer Protection, outlined some things to expect from the FTC going forward:
1) The FTC will keep up/step up its aggressive pace of litigation, education and policy-making. In particular, the FTC will have to do more on economic fraud.
2) He expects the FTC will look more at privacy regulation. He said he did not find the notice/consent and harm paradigms for regulating privacy convincing. Regarding the notice/consent paradigm, he said it is hard to know what a person is consenting to. Notices are unintelligible, and they don’t address secondary uses. The harm paradigm doesn't address harms we feel but can’t quantify. So he is wondering, how the FTC can rationalize privacy approach going forward?
3) He expects the FTC to take a hard look at Internet behavioral advertising and ads directed to vulnerable sub-populations.
4) Echoing proposals that have been floated before, he said that the FTC should be on equal footing as other government agencies, including better rule-making authority, civil penalty authority and independent civil litigation authority.
More on Vladek’s presentation from Arnold & Porter, Perkins Coie and Rebecca Tushnet. While there, make sure to look at Rebecca’s introductory remarks, which were excellent but came before I was ready to take notes!
Former Chairmen’s Panel
John Villafranco moderated a panel of Bob Pitofsky and Tim Muris, both former FTC chairmen. The panel’s overriding theme is how much Bob and Tim agree with each other, even though they come from opposite sides of the political spectrum.
Villafranco asked some questions about the FTC’s past. He noted that 40 years ago, the FTC was derided, and there were calls to shut it down. Bob explained that the FTC was viewed as the “Little Old Lady on Pennsylvania Avenue” because it was preoccupied with trivial cases, hired experienced lawyers who weren’t very accomplished, didn’t take advantage of its broad mandate, and was widely regarded as weakest agency in Washington. Bob and Tim also explained why there were deep divisions between commissioners and between commissioners and staff at that time.
Villafranco asked about the biggest misconception by outsiders. Bob said that staff runs the place; Tim said that antitrust lawyers can do consumer protection.
Villafranco also asked about the staff’s biggest misconception about companies they investigate. Tim said that staffers deal with pathologies, so sometimes they assume every business is bad actor. Bob said that the FTC’s rules are on the vague side, so good-intentioned companies can get into trouble because they didn’t understand the rules.
Rebecca’s recap of this panel.
Privacy/Behavioral Advertising Panel
Eileen Harrington of the FTC: Disseminating content online means that the sender surrenders control over that content, even when not wanted or intended. Categories of content dissemination:
* blogging/microblogging
* social networking sites
* first party collection/behavioral advertising (ex Amazon, NetFlix). In these contexts, data collection/use is intuitive, and the consumer can always leave if he/she doesn’t like the site’s practices.
* Gmail ads, which she distinguishes from first party collections. Google discloses its ad practice but buried in a big privacy policy. Also, consumers may expect greater privacy in email. [Eric’s note: I really didn’t understand how Gmail is different from Amazon in this regard, and I didn’t get a chance to push Eileen about this. Having used Gmail for a very long time, the value proposition and the ad presentation is unambiguously clear to me.]
* Third party collection practices. She further broke these down into:
- Third party ad networks. Websites are unrelated and no relationship between consumer and ad network. Consumer may not understand why they receive ads. Also, data sharing increases risks.
- Researchware. Improper disclosures that consumers won’t understand.
- Deep packet inspection. May be less transparent/voluntary. Consumers don’t know to look at their contracts with their connectivity suppliers. Deleting cookies won’t help.
In response to a question about whether there is there a different way to communicate privacy to different generations/subcommunities, Eileen expanded on David Vladek’s comments by saying that it’s time to look again at the commission’s privacy framework. For a time, the FTC followed Fair Information Practices. Then, the FTC moved to a framework focused on harm. The FTC still thinks notice-and-choice can work in some circumstances, but it fails in other circumstances. There is concern that notice hasn’t prevented harm. The FTC wants to develop a better framework, but business practices are constantly changing around the FTC.
I asked Eileen how companies can decide what is important enough to be disclosed. I pointed out that Sears’ privacy policy fully disclosed its researchware practices but only deep within its privacy policies. Eileen responded that Sears wasn’t a close call because their disclosures were completely inadequate and the pop-up ads offered consumers a different value proposition.
Perkins Coie’s recap of Eileen’s remarks.
Wendy Seltzer’s presentation did a nice job summarizing the privacy advocate’s view. What’s new online = more data + better data crunching. Most responses have been self-regulatory and focus on notice and choice. Self-regulation works only if there an effectively functioning market for privacy. Market failures:
* information costs of reading privacy policies.
* Behavioral economics/psychology. Consumers have difficulty evaluating near vs. distant events (i.e., hyperbolic discounting). Consumers are too optimistic that they won’t experience harm, even if disclosed to them. Technology moving too fast, so consumers can’t anticipate future developments (such as better deidentification).
In response, Leslie Harris of the CDT added that the latest generation of kids may value its privacy, they just may not have been faced with privacy challenges yet. We don’t know what we don’t know, and we shouldn’t assume people don’t care about privacy.
Leslie also lauded the FTC behavioral advertising principles because it discourages distinctions between PII and non-PII. Also, self-regulatory efforts have been shaped by FTC’s intervention. But she is not persuaded that self-regulation works.
Rebecca’s recap of this panel.
Research on Consumer Decision-Making
Alan Levy from the FDA. Regulators’ biggest mistake is thinking consumers read labels to learn more information about the product. Instead, consumers read labels when they have specific Qs that the label can answer. But framing the Q requires consumers to have lots of domain knowledge already, and consumers often don’t know enough to ask the Qs.
The function of label-based product claims is to ease consumers’ information search. Consumers want to make good decisions, but they satisfice. They look for products that can meet minimum adequacy standard and won’t embarrass them if asked to justify their decision. Most decisions aren’t life-and-death, and consumers usually can fix most bad decisions with their next purchase. Product claims work because they are convenient for consumers and help satisfice.
Consumers assume advertiser claims signal unique attributes of their products compared to their competitors. Consumers don’t generalize claims to the product class. Consumers want new and relevant information. The most effective marketing tells consumers something they do not already know. So claim effectiveness depends on heterogeneous consumer experience and knowledge.
Consumers need reliable information to satisfice. Consumers will accept information if it’s consistent with what they already know and legitimate on its face (i.e., not seemingly manipulative). Disclaimers about product claims can actually make claims more effective or are just ignored.
Health claims on package label front truncates a consumer’s product search—when a claim is on front, consumers won’t read the back of the package label.
Policy-makers focus too much on trying to perfect claim language, and not enough on helping frame the decision for consumers. This is based on mistaken assumption that claims don’t work well enough at educating consumers, but the real risk is that claims work too well at motivating consumer decision-making.
Michael Mazis of American University. Lessons:
* disclosure medium matters. Disclosures are more effective in media that give consumers more time to review them.
* Consumer motivation matters to the efficacy of disclosures
* Marketing claims trump other disclosures/disclaimers
Broadcast ads: text disclosures don’t work.
Print ads: consumers aren’t in search mode, so disclosures aren’t relevant
Web ads: consumers are in product search mode, so disclosures are more likely to be effective
Ways to improve disclosure effectiveness: proximity, prominence, easy to find, comprehensible, no legalese (consumers discount these disclosures), no repetitive “throw away” disclosures.
Findings from a research study about testimonial ads:
* when consumers see testimonials in ads, they assume that results are typical
* general disclosures that “results aren’t typical” aren’t effective
* specific disclosures about lack of typicality are somewhat more effective than general disclosures, but still aren’t very effective
Rebecca’s recap of this panel.
Role of Consumer Surveys in Enforcement/Litigation
Chris Cole of Manatt Phelps said that in every false advertising case, parties disagree about whether claims are literal or implied. Courts vary widely about what constitutes a literal claim; much depends on advocacy quality and the judge’s intuition (results-oriented judgment). There is no uniform standards for survey admissibility. There is a trend towards accepting non-traditional evidence such as internal brand tracking surveys not specifically prepared for the litigation.
Chris also talked about the difficulty designing a defensive survey because it’s hard to prove a negative (i.e., the absence of consumer confusion). To do so requires lots of directed (but not leading) questions to present enough evidence to convince the judge. Further, the other side often tries to reinterpret survey results, which is another reason not to conduct a defensive survey in the first place.
He also said there is no reason to give FTC or State AGs’ interpretation of ad claims any extra deference. The government should have to prove its case.
Finally, Chris discussed problems with trying to do surveys over the Internet, which may be more representative of consumers in practice than mall intercept surveys—who goes to a mall any more? However, he noted that the screen display may not be the same (ex: TV ads shown on a computer monitor may be harder to read), and there may be questions about the motivation and representativeness of panelists who are incented to participate.
Lee Peeler, a long time FTC staffer, said that years ago, FTC was perceived as not using extrinsic evidence because surveys might prove defendant’s case or get tossed out. Now, FTC looks at extrinsic evidence, but non-exclusively.
Patricia Conners of the Florida AG’s office said that state AGs don’t like to do consumer surveys because (1) they are not statutorily required, (2) they are expensive and time-consuming, (3) they distract the case from substantive issues to focus on survey methodology, and (4) many cases are against really bad actors, so survey evidence isn’t necessary to prove the case. On the flip side, defendants often overclaim their extrinsic evidence when trying to avoid regulatory intervention, which makes the regulators skeptical.
Rebecca’s recap of this panel.
More on the Conference
* Rebecca on financial products safety
* Rebecca on green marketing and internet issues. Arnold & Porter on the green marketing panel.
* My post on my talk on 47 USC 230 and consumer protection law.
Posted by Eric at 08:24 AM | E-Commerce , Licensing/Contracts , Marketing , Privacy/Security | TrackBack
July 06, 2009
June 2009 Quick Links, Part 1
By Eric Goldman
Just a reminder that I post some items to Twitter that don’t make it into these monthly recaps. If you want even more, you can track a superset of my online activities at Friendfeed.
Search Engines
* All Things Digital had an interesting 3 part series on the role of humans in configuring Google's algorithms: Scott Huffman; Matt Cutts; Amit Singhal. My initial 2005 blog post on the topic.
* More evidence of the deleterious consequences of latency on users' enjoyment of search results pages.
* Google is stumping in favor of its book search settlement deal and putting on the "charm offensive."
* Wired on niche search engines competing around the edges of Google.
* Google has dropped its feature that allowed quoted sources to reply in Google News.
* First, kosher phones. Now, kosher search engines.
Trademark
* Wendy Davis on a trademark lawsuit against Craigslist for allegedly infringing ad copy supplied by one of its users.
* Rookie mistake: Tony LaRussa publicly announced a settlement deal in his trademark lawsuit against Twitter before the papers were signed. Guess what....NO DEAL! UPDATE: A deal was struck subsequently.
* Speaking of which...the WSJ on Twittersquatting.
* WSJ: Europe's High Court Tries On a Bunny Suit Made of Chocolate. The EU struggles with trademarkability of chocolate bunnies.
* Productive People, LLC v. Ives Design (D. Ariz. May 29, 2009). TRO against a domainer.
* Oddee: 10 of the Worst Restaurant Names ever.
Copyright
* Supreme Court declined certiorari in the Cartoon Network v. CSC case.
* Arista Records LLC v. Usenet.com, Inc., 2009 WL 1873589 (S.D.N.Y. June 30, 2009). Usenet service provider committed (1) direct copyright infringement (because it “actively engaged in the process so as to satisfy the “volitional-conduct” requirement for direct infringement”) as well as contributory infringement, vicarious infringement and inducement of infringement. This case was colored by defendants’ evidence spoliation and the lack of a viable 512 defense; in situations like this, courts smack down defendants hard. The court’s analysis would be troubling for many online service providers if this case isn’t an outlier. Mike Masnick has more on the import (or lack thereof) of this case.
* Brave New Films 501(C)(4) v. Weiner, 2009 WL 1622385 (N.D. Cal. Jun 10, 2009). BNF was denied summary judgment on its declaratory judgment request because (a) Savage never threatened BNF directly, and (b) ORTN, which did threaten BNF directly, isn't the copyright owner. My previous coverage of this case.
User Agreements
* In the Matter of Sears Holdings Management Corporation. The FTC busted Sears for installing tracking software/spyware, even though Sears (1) asked all users to expressly opt-in, (2) paid users $10 to install the software, and (3) made full disclosure of the thorough tracking function of the spyware in the user agreement, albeit late in the installation process and in a buried fashion.
* Universal Grading Service v. eBay Inc., No. 08-CV-3557 (E.D.N.Y. June 10, 2009). eBay venue selection clause upheld.
* McMillan v. Wells Fargo, 2009 WL 1686431 (N.D. Cal. June 12, 2009). Wells Fargo asks some customers to agree to four different documents with differing governing law/venue selection clauses, leading to massive judicial confusion about how to determine governing law and venue.
* I’m using EFF's new "TOSBack" tool to track changes to major online services' user agreements. For my commentary on an article by Becher/Zarsky predicting the development of tools like this, see my writeup.
Posted by Eric at 04:54 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack
July 01, 2009
Securities Fraud Case Premised on Click Fraud Allegations Dismissed--Brodsky v. Yahoo
By Eric Goldman
Brodsky v. Yahoo, Inc., 2009 WL 1766002 (N.D. Cal. June 18, 2009).
The legal battles over click fraud are pretty much played out, but some legacy cases are still working through the system. This lawsuit was a securities fraud action alleging that Yahoo inflated its stock price by, among other things, deliberately ignoring some click fraud activity to grab quick revenue. The lawsuit was dismissed in October of last year with leave to amend. Having tried again, the plaintiffs still didn't satisfy the judge, so the judge booted the case permanently. However, given the plaintiffs’ investments in this case, it would not surprise me if the plaintiffs appeal.
The actual opinion isn't all that remarkable. For the click fraud allegations, the plaintiffs rely principally on confidential witnesses who are former Yahoo employees. The cloak-and-dagger Deep Throat stuff is mildly interesting, but the court still wasn't convinced that these insiders had enough personal knowledge about Yahoo's revenue recognition practices (except for one witness, who didn't allege malfeasance). As I wrote in October, "it will be interesting to see if the plaintiffs can produce any witnesses who can testify about the rate of Yahoo's click fraud overcharging sufficient to satisfy legal standards." This ruling seems to answer that with a big "negative."
Posted by Eric at 09:53 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack
June 10, 2009
Stop Saying "We Can Amend This Agreement Whenever We Want"!--Harris v. Blockbuster
By Eric Goldman
Harris v. Blockbuster Inc., 2009 WL 1011732 (N.D. Tex. April 15, 2009). The Justia page.
[I've been sitting on this case for a couple of months, but it's such an important case that it still deserves a write-up even at this comparatively late date.]
This case is part of the legal detritus from the Facebook Beacon program. As you recall, Facebook Beacon included purchases from third party e-commerce sites into the buyer's Facebook status reports. This required the e-commerce sites to report Facebook users' purchases back to Facebook. A Blockbuster user claimed that Blockbuster's reports to Facebook violated the Video Privacy Protection Act, which prevents disclosures of PII about video customers without their consent. (Beacon did have an opt-out of debatable efficacy). Blockbuster moved to compel arbitration of this lawsuit based on the mandatory arbitration clause in Blockbuster's user agreement.
Blockbuster used an industry-standard and entirely typical introductory clause to its user agreement, which said:
Blockbuster may at any time, and at its sole discretion, modify these Terms and Conditions of Use, including without limitation the Privacy Policy, with or without notice. Such modifications will be effective immediately upon posting. You agree to review these Terms and Conditions of Use periodically and your continued use of this Site following such modifications will indicate your acceptance of these modified Terms and Conditions of Use. If you do not agree to any modification of these Terms and Conditions of Use, you must immediately stop using this Site.
This industry-standard and entirely typical clause does not fare well in this courtroom. Among other defects, the judge notes that "there is nothing in the Terms and Conditions that prevents Blockbuster from unilaterally changing any part of the contract other than providing that such changes will not take effect until posted on the website." As a result, the court deems the arbitration clause "illusory," an odd Texas law descriptor that appears to be a cousin of lack of consideration.
I could wax philosophic about the ontological meaning of a "contract" that one party can amend unilaterally at any time without notice. However, I'd rather focus on the simple practical implication from this ruling. I've never been a fan of the language Blockbuster used, and I had hoped many websites would reconsider the language after the Ninth Circuit trashed such provisions in 2007 in Douglas v. Talk America (also see my follow-up post). Yet, these clauses are still ubiquitous, even at big websites that "should know better," so let me boil it down for you into a single all-caps mantra:
STOP PUTTING CLAUSES INTO YOUR CONTRACTS THAT SAY YOU CAN AMEND THE CONTRACT AT ANY TIME IN YOUR SOLE DISCRETION BY POSTING THE REVISED TERMS TO THE WEBSITE
This language has a significant risk of killing the entire contract, which would strip away a lot of very important provisions that should be/need to be in the contract. So far Blockbuster has only lost its mandatory arbitration clause, but it's possible other important risk management clauses (warranty disclaimer, liability limits, dollar caps, etc.) will similarly fall. If those clauses fail, let the plaintiff feasting begin!
I recognize that weaning ourselves from very flexible amendment language leaves us as drafters with few good options to modify online user agreements over time. I discussed this dilemma in my post on the Douglas case. I haven't found any better solutions in the past 2 years, but I can say with confidence--DON"T DO WHAT BLOCKBUSTER DID.
UPDATE: I got the following email from a reader proposing a good alternative to current amendment notification processes: "To avoid the spam-filter problem, the provider could give notice via an RSS feed as well, and then disclaim like crazy about the problems with the email option (which would indeed simply be an option -- a link to a page where users can sign up to receive notices)." I love this idea! RSS is a true opt-in with few of the challenges of email.
Also, this brought to mind the EFF's new TOSBack service, which I'll mention more in a future blog post, that effectively provides a third party service to track amendments of various user agreements into an RSS feed. I LOVE IT! I have subscribed to TOSBack and plan to blog on interesting user agreement amendments it reveals--and I suspect I'm not the only one queued up to do so. TOSBack is a game-changer for public scrutiny of agreement amendments--sites being monitored in TOSBack are now on notice that their user agreement amendments are being watched!
Posted by Eric at 10:26 AM | Licensing/Contracts , Privacy/Security | TrackBack
June 08, 2009
May 2009 Quick Links Part 1
By Eric Goldman
Just a reminder that I'm posting some quick links exclusively to my Twitter account.
Trademarks
* Texas International Property Associates v. Hoerbiger Holding AG, 2009 U.S. Dist. LEXIS 40409 (N.D. Tex. May 12, 2009). Domainer loses ACPA claim over typosquatted domain name. The PPC advertising constituted bad faith intent to profit. Ryan Gile recaps the action.
* GunBroker.com LLC v. Heckler & Koch Inc., No. 09-cv-00051 (M.D. Ga. complaint filed May 14, 2009). Interesting lawsuit by an online auction site for guns seeking a declaratory relief action against a trademark owner who deployed an enforcement agency, Continental Enterprises, to send a driftnet takedown letter that apparently targeted used gun resales or compatible goods. Ryan Gile has more.
* Miranda v. Guerroro, 2009 WL 1381250 (S.D. Fla. May 14, 2009). Miranda is “Paola Morena,” a Latin singer. Her former manager convinced her to do some nude photo shoots in an effort to get a Playboy gig. The Playboy gig didn't materialize, and the manager stopped representing Miranda/Morena. After Morena's career took off, the manager then allegedly threatened to publicly post the photos unless she paid him $70k. Morena rebuffed the request, so the manager allegedly followed through with his threats by launching a website paolamorena.com [I got a nasty Google malware warning when I tried to visit the site], calling it her “official” site and posting some of the photos. The court enjoined the manager under trademark law. I'm a little confused how Morena had protectable trademark rights in her name. Did she make any use in commerce in the United States? Did her name achieve secondary meaning? This could be another case where trademark law is being stretched to stop bad behavior.
* Eric Menhart, the self-purported owner of a trademark in the term Cyberlaw, has gotten his very own personal gripe site.
Advertising and Marketing
* How much can Behavioral Targeting Help Online Advertising? HT Greg Linden
* Yingling v. eBay, 5:2009cv01733 (N.D. Cal. complaint filed April 21, 2009). A class action lawsuit alleging that eBay Motors overcharged merchants.
* IAB has issued its Click Measurement Guidelines designed to answer the Q “What is a Click?” See if their 28 page report actually answers the Q.
* A confusingly written LA Times article reports that 4 South Korean dissident bloggers are being criminally prosecuted for artificially inflating impression counts in order to game rankings of most popular pages.
* Perennially funny: unfortunate product names.
Copyright
* Solicitor General recommends against granting cert in Cartoon Network v. CSC.
* AV v. iParadigms, April 16, 2009. The Fourth Circuit says that the Turnitin system is fair use. My initial blog post on the district court ruling.
Security
* News.com: Interview with FBI cybercrime agent working undercover.
* Oddee: problematic CAPTCHAs. Funny.
* Everyone wants to talk about whether Google is a monopolist
- In early May, I heard Susan Athey, Microsoft's Chief Economist, give a lunchtime attack speech on Google at a George Mason event
- Google is circulating a document explaining why it's good for competition
- Google is blanketing DC with lobbyists too.
- And Google says it's actually small potatoes.
- Wired: Will Wolfram Alpha forestall antitrust inquiry into Google? As I've argued before, we continue to see new entrants into the search business all the time—it’s just too big a market to ignore.
- NYT weighs in too. And the Washington Post discusses how Microsoft and others are complaining about how many Google folks are going into the Obama administration.
* Danny Sullivan: State Of Search: Google Will Stay Strong Despite Bing & Yahoo
* Wired: Secret of Googlenomics: Data-Fueled Recipe Brews Profitability
Posted by Eric at 04:03 PM | Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Trademark | TrackBack
June 02, 2009
Web Developer Didn't "Convert" Website--Conwell v. Gray Loon
By Eric Goldman
Conwell v. Gray Loon Outdoor Marketing Group, Inc., 82S04-0806-CV-00309 (Ind. Sup. Ct. May 19, 2009)
This is a classic cautionary tale about interactions between a web developer/host and a customer. The customer retained the web developer to develop a website. The paperwork between the parties was not a model of clarity. Later, the customer orally asked the developer to modify the site; this time, there is only garbled conversations and no paperwork. The developer modified the site but the customer changed its mind and asked the developer to roll back to the earlier version. But the developer could not do so because it didn't keep a copy of the earlier version (what???), The customer stiffed the developer and the developer took the website offline. The developer sued for non-payment; the customer cross-sued for conversion on the theory that it had paid for the site and had been deprived of its property.
The Indiana Supreme Court wrestles with several questions, concluding that:
1) The relationship was governed by common law principles applicable to services, not the UCC Article 2 applicable to goods. This is a tricky area of the law, but I think this may be the more logical result for a combination web developer/host, especially one who never actually delivers any code to the customer.
2) Was there an enforceable agreement to amend? The trial court said yes, and the Supreme Court saw no reason to override that factual finding.
3) Did the developer convert the code/website by erasing the old version? The application of ancient doctrines of "conversion" to intangible bits always makes me queasy, and it's led to some confused jurisprudence. In this case, the court sidesteps all of that doctrinal messiness for the simple reason that the customer never obtained ownership of the code. This is really basic copyright law. Customers who want ownership of the work done by vendors need to spell that out in a written agreement. No written agreement specifying customer ownership, no customer ownership--it's that simple. The court says the customer didn't properly obtain ownership in the written customer-vendor agreement, so the vendor had retained copyright title to its developed code all along, and the customer never had title to be converted.
As usual, so many problems are completely avoidable through proper communication through written agreements and amendments between customers and vendors. Some other obvious observations here:
* it's hard to imagine many web development disputes that are worth taking to a state supreme court, especially one where the outstanding bill was about $5k.
* if you are a web developer's customer and you want to own the developed code, you have to say so in a written agreement
* and, if you want a copy of your website's code, make sure you say so in the contract AND actually get a copy!
* if you are a web developer, you might keep customers happier if you keep every version of their website's code instead of tossing old versions.
* this dispute would have be governed by UCC 2B or UCITA if either were the law of Indiana. I wonder to what extent the new ALI Principles on the Law of Software Contracts (acknowledged in the opinion) will help resolve future disputes like this.
This case reminded me a little of the New Mexico v. Kirby case from a couple years ago, where a customer's failure to pay its website developer while keeping the developed code led to an unexpected jail sentence. I offer more lessons about web developer-customer relationships in that blog post.
While the customer lost the battle here, the issue of when electronic records are subject to conversion doctrines is hardly going away. This court reaches the sensible result that a putative owner gets no protection from conversion unless he/she actually has title to the asset. Read literally, though, I wonder if this ruling could undercut claims over conversion of virtual world assets? After all, a virtual world asset holder may rarely have clear title to the asset; certainly the holder won't be the copyright owner of the asset. Perhaps the analysis will be different in situations where a third party (the virtual world operator) allocates "title" within its own titling system to users--it might still be possible to deprive an asset holder of "title" within that asset system even if the asset holder would have no conversion claim against the virtual world operator if the operator takes the exact same steps to deprive the asset holder.
Other comments about this case:
* Juliet Moringiello
* Eugene Volokh
Posted by Eric at 11:19 AM | Copyright , Licensing/Contracts , Virtual Worlds | TrackBack
May 03, 2009
April 2009 Quick Links
By Eric Goldman
[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]
Marketing/Spam
* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.
* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.
* NYT: "Never Mind What It Costs. Can I Get 70% Off?"
* Tsan Abrahamson on social media and marketing law.
* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.
* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).
Defamation
* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.
* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.
* CMLP has a page organizing all of its 47 USC 230 material.
Intellectual Property
* Publicly republishing a private email leads to a default judgment of copyright infringement.
* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."
* Octomom is seeking trademark registrations.
Miscellaneous
* GeoCities is shutting down.
* eBay will referee customer disputes.
* Wilson Sonsini's VC financing term sheet generator.
* Oddee: 10 Most Bizarre [Online] Gaming Incidents
Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack
April 12, 2009
Q1 2009 Quick Links, Part 4
By Eric Goldman
Security
* Massachusetts Data Security regulations were amended.
* In Facebook v. Power.com, Facebook brought another lawsuit to block extraction of user data from the site (similar to the Facebook v. ConnectU lawsuit). Venkat, Masnick, News.com, NYT, Justia. In this case, I wonder if Facebook has adequately distinguished between Power.com's behavior and the operation of its own "Find a Friend" service that taps into third party email servers to extract email addresses. Power.com’s response.
* Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. Jan. 7, 2009). IP infringement isn't a cognizable harm under the Computer Fraud & Abuse Act.
Adware/Spyware
* Who says Valentine's Day is just a Hallmark holiday? Sales of spyware and other tools to track cheating SOs also increase around Valentine's Day.
* Susan Brenner on the Cybercrimes Treaty and the US's decision not to criminalize possession of malware as required by the treaty.
Venture Capital
* BusinessWeek: Silicon Valley innovation is being stifled by VCs who only want to make small bets, not big bets. But VC investing is faddish, so the wind might change tomorrow.
* $600M of VC investments in virtual worlds.
Contracts
* Burcham v. Expedia, Inc., 2009 U.S. Dist. LEXIS 17104 (E.D. Mo. Mar. 6, 2009). Buyer was bound to user agreement even though he argued (without any evidence) that someone else established the account he used. This dovetails nicely with the broad reading of who is bound by an online user agreement; see my discussion in the Lori Drew case. Jeff Neuburger's writeup. Aside: I wonder if Expedia will be insulated by 47 USC 230 for the allegedly wrong description of amenities if they got the description of the hotel from third parties. For an analogous result involving the binding of users who didn't agree to the initial contract, see CoStar Realty Information, Inc. v. Field, 2009 WL 841132 (D. Md. March 31, 2009).
* Fractional Villas Inc. v. Tahoe Clubhouse, No. 08cv1396 (S.D. Cal. Feb. 25, 2009). Citing the RMG case, the court says that merely visiting a site may be sufficient to bind visitors to a browsewrap. However, in this case, there was insufficient evidence that the defendant had ever visited the site.
* Cherny v. Emigrant Bank, 2009 U.S. Dist. Lexis 2486 (March 12, 2009). Latest case that breach of privacy policy isn’t actionable unless there are actual damages. Venkat’s writeup.
* A stat I fully believe: "studies have shown that more than half of all companies cannot even locate signed copies of 10% or more of their contracts." The Zen Master asks: if both parties think they have entered a contract but neither can find a copy, do they have a contract? (this has really happened to me before).
Taxes
* Amazon v. New York and Overstock v. New York (N.Y. Sup. Ct. Jan. 12, 2009). Kudos to New York for finally figuring out a way to break the Internet and defeat the Internet Tax Freedom Act by treating Amazon Associates as traveling salespeople for sales tax collection purposes. I imagine every state in the country will jump on this bandwagon, at which point some e-tailers will kill their affiliate program and others will end up imposing sales tax collection nationwide.
* Pitt County v. Hotels.com, L.P. (4th Cir. Jan. 14, 2009), Online travel aggregators aren't "retailers" (as referenced in the statute) for purposes of collecting local hotel occupancy taxes.
General
* Some interesting cyberspace exceptionalism developments involving cases where paper presentation may be different from electronic presentation of the exact same content. In Smith v. Under Armour, Inc., 2008 WL 5486764, web payment confirmations displayed on-screen are not "printed" within the meaning of the Fair and Accurate Credit Transactions Act. Accord Smith v. Zazzle.com, Inc., 2008 U.S. Dist. LEXIS 101050. See generally this Proskauer recap. In Saulic v. Symantec Corp., a California law prohibiting data collection with credit card sales was held inapplicable online.
* Sudduth v. Donnelly, 2009 WL 918090 (N.D. Ill. April 1, 2009). Plaintiff got stiffed on his eBay transaction and sued eBay for 1983 equal protection and conspiracy claims as well as a Title VI civil rights claim. Because eBay isn't a state actor, however, the court dismissed eBay.
* My colleague Steve Diamond is blogging every detail of the battle for SAG's soul over at his new blog, King Harvest. For example, he summarizes the travails of the Screen Actor's Guild.
* Oddee: 10 Geekiest T-Shirts. I own a t-shirt that says "I'm Blogging This" (a gift from a former student) and a mug that says "Vegetarian Blogger" (gift from a colleague).
* Oddee: 15 Most Unfortunate Town Names. I think Licking County should have been a contender.
* Is there any better sign of Cyberlaw's maturity than the publication of Internet Law in a Nutshell
* Oddee: 12 Most Ridiculous Lawsuits. I welcome your nominations for the most ridiculous Internet lawsuits of all time. I hope to write that up some day.
* Happy birthday, Gmail! Best email software I've ever used. The battles over Gmail privacy seem so...2004!
Free Stuff
* The Ninth Circuit recently updated its website...with RSS feeds!
* Nolo Press' "NDAs for Free." Potentially useful site.
* I have one extra copy of my Fall 2008 Cyberspace Law course reader. First person to send an email with their mailing address gets it. [CLAIMED]
Posted by Eric at 12:03 PM | Adware/Spyware , E-Commerce , Licensing/Contracts , Privacy/Security , Trade Secrets , Virtual Worlds | TrackBack
March 30, 2009
CLRB Hanson v. Google Preliminarily Settles for $20M
By Eric Goldman
CLRB Hanson Industries v. Google, 5:05-cv-03649-JW (settlement papers filed March 26, 2009). The new case filings:
* The settlement motion
* The settlement agreement
* The proposed court order granting the settlement
My previous blog coverage of the case:
* my initial post from August 2005
* the August 2007 determination that advertisers were bound by the AdWords contract
* the May 2008 initial refusal to grant summary judgment to Google
* the December 2008 second refusal to grant summary judgment to Google
The long-running CLRB Hanson v. Google case (also referred to as the Howard Stern case because he is a named plaintiff), over Google's alleged mishandling of budget caps set by its advertisers, has reached a proposed settlement. The settlement needs court approval, but I would be surprised if that didn't occur in due course. Individual advertisers could choose to opt out of the settlement and pursue individual claims, but I expect few will find it economically rational to do so. In the extreme case, the deal could unravel if more than 5% of advertisers opt out of the class, but I would be shocked if this happened. As a result, I expect this development to substantially resolve the case.
The stated settlement price tag is $20M of cash. Plaintiffs' counsel are likely to get $5.25M, the named plaintiffs are likely to get $20k each, and the $14.7M balance will go into a bank account. Google will provide AdWord credits for affected advertisers who are still advertising and have a balance due to Google, and Google will get cash back from the pot for any actual credits given to advertisers. It is unclear how much of the $14.7M Google will recoup this way. Or, advertisers can opt to receive cash instead for their putative harms. If less than $200k is left over after all this, the money will go to charity. If more than $200k is left over, the parties will go back to the judge to propose how to reallocate the remaining money to the class.
in my previous post on the case from December 2008, I wrote:
I suspect the case is still around because the parties can't work out a deal on the attorney's fees--which, if this situation is anything like the click fraud cases, almost certainly will dwarf any actual monetary relief received by the putatively injured advertisers. If the parties can work out the plaintiff attorneys' cut of the spoils, I'm confident this lawsuit will settle before trial
Seeing the size of this settlement, I'm not sure I called it right. Given the fairly narrow advertiser harms left open by the judge's prior rulings, I expected the advertiser relief to be nominal (certainly less than $15M). Furthermore, unlike prior advertiser v. search engine lawsuits where advertiser credits were use-it-or-lose-it, Google could be out much of the $20M no matter what. In the end, Google probably will pay a lot more cash than I expected it would have to.
While Google can easily afford the dough, the settlement is a big enough sum to potentially attract further class action lawyers seeking their piece of the Google fortune. Contrast this with Google's stance on patent lawsuits, where it has taken a hard line on settlements with the hope that its refusal to buy out lawsuits will discourage future weak patent claims from being asserted against it. However, the plaintiffs in this case had to work pretty hard--Google fought them for nearly 4 years--so it's possible that the actual economic return for the plaintiffs' lawyers for their four years of labor wasn't especially lucrative.
I have lost track of the many lawsuits against Google, but I believe this settlement ends the 2005-era advertiser v. Google class actions. There may still be some individual click fraud claims, and there are other advertising-related lawsuits still pending (such as the Vulcan Golf and related/copycat lawsuits). Let's hope this means that Google has improved its ability to keep advertisers happy.
Posted by Eric at 06:46 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack
February 20, 2009
Facebook User Agreement Imbroglio Recap (and Some Comments of My Own)
By Eric Goldman
I didn't have a chance to blog on the Facebook user agreement amendment flap in real-time, but now that Facebook has rolled back its amendments and everyone is catching their breath, the Monday morning quarterbacking is proceeding in full earnest. Some of the articles that caught my attention:
* CNET News.com: "Facebook's about-face: Change we can believe in?"
* InternetNews: "Experts: Facebook Must Rethink TOS Stance"
* EFF: "Facebook's reaction is a tremendous victory for its users." I guess that's true, in the way that getting back to zero at a casino sometimes can be considered a win.
* Bill McGeveran powerfully (and with irony) demonstrates that Facebook's terms weren't all that unusual. Et tu, Consumerist?
Some of my own observations:
* When you're a high-profile company living in the media fishbowl like Facebook, there is no such thing as a minor amendment to your user agreement.
* Facebook's amendments--and the news reports about them--were confusing for two independent but often correlated problems. First, lay readers often misread user agreements, especially broad license grants that users mistakenly read as statements of ownership. This is a well-known and long-standing phenomenon; see, e.g., the flap over GeoCities' user agreement from a decade ago. So initial news reports on Facebook's amendments were garbled and perhaps overly dramatic.
Second, Internet lawyers often draft user agreements using legalese in ways that make the agreements indecipherable to lay readers...and, not infrequently, to other lawyers. Having drafted a lot of them in my life, I'm a pretty sophisticated reader of user agreements, yet it took me a fair amount of time to parse Facebook's license terms to figure out what they were saying--and, even then, I wasn't quite sure. In particular, the "perpetual" and "irrevocable" terms in the license agreement were in seeming conflict with Facebook's promise in the same license grant to honor a user's privacy settings. In other words, if a user can set the configurations to remove content from Facebook's purview and Facebook will honor those instructions, then how is Facebook's license grant irrevocable? Unless I'm missing something big, this looked to me like a drafting error by Facebook. (And check out Nancy Kim's op-ed identifying this exact issue--in March 2008).
This suggests a drafting lesson we might internalize from Facebook's hassles (Jonathan Zittrain makes a complementary point). We as Cyberlawyers are used to parroting the exact words from the applicable statutes and caselaw because it seemingly increases the precision of the agreement, but frankly I think Facebook and other Internet companies would do a whole lot better--both legally and in the court of public opinion--if it junked the legalese and actually tried to write license grants in real English.
* Partially obscured in the haze is the lurking question of whether Facebook can unilaterally amend its user agreement without providing any notice to users. I don't even see this as a close question. From my reading of the precedents, I think the answer is pretty emphatically NO, both as a matter of contract law (and see more; but compare MySpace v. theglobe.com) and FTC law (see, e.g., the Gateway Learning case). Without a doubt, I wouldn't want to be Facebook trying to defend the new incremental changes in court.
* I got a few inquiries about whether a lawsuit against Facebook would have been successful. As Ethan explained recently, there may be unexpected hurdles to any such lawsuits.
* Now that Facebook has stirred the hornet's nest, it's not clear that they can simply roll back to the prior version of the user agreement and put everyone back in the happy apple. Instead, having called attention to its licensing policies, Facebook will be lucky if the pre-amendment terms survive as those undergo critical and jaundiced scrutiny from users. David Kirkpatrick touches on this.
* No matter how Facebook resolves its agreement, this episode has been damaging to its trust relationship with its users. It gives users yet another reason to question whether Facebook is a site we can trust. For users who lived through the Newsfeed and Beacon episodes, this may be a three-strike situation. For others, the fracas is yet another wedge in the users' relationship with Facebook. Trust is hard to earn and easy to lose.
Having said that, in the past couple of quarters, Facebook has been riding a strong network effects bull and seeing remarkable growth DESPITE Beacon. So Beacon clearly did not destroy users' trust in Facebook. At the same time, if users fall out of love of Facebook due to loss of trust, they will scale back their involvement with Facebook, which ultimately could negate the network effects benefits they are currently experiencing. IMO, this is the real risk created by Facebook's highly publicized problems.
Posted by Eric at 08:57 AM | Internet History , Licensing/Contracts , Privacy/Security | TrackBack
February 06, 2009
2008 Cyberlaw Year-in-Review
By Eric Goldman
It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.
Broad Themes
A few broad themes emerged last year:
* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.
* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.
* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.
* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.
* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.
Top 11 Cyberlaw Developments of 2008
#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.
# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.
#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.
#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.
#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.
#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.
#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.
#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.
#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).
#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.
Other Developments of Special Note
47 USC 230
* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”
* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.
* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.
Affiliate Liability
* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.
* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.
Trademarks/Domain Names
* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.
* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?
* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."
* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.
* New gTLDs. Maybe I should reserve this development for 2009...if it happens.
Others
* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?
* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.
* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.
Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
February 05, 2009
Publisher Promising "Visitors" Owes "Visitors," Not "Unique Visitors"--WebMD v. RDA
By Eric Goldman
WebMD, LLC v. RDA Intern., Inc., 2009 WL 175036 (N.Y. Sup. Ct. Jan. 6, 2009)
It's been a while since I've blogged about a lawsuit between an Internet publisher and advertiser, so you may enjoy this one. RDA placed a series of advertising orders with WebMD, including one order where WebMD promised "36,000 visitors" to an RDA website. RDA eventually stiffed WebMD to the tune of $350k, which is enough outstanding cash to get WebMD into court for a collections action. Once there, RDA argued that WebMD failed to perform the contract because the contract required 36,000 unique visitors and WebMD only delivered 70-80% of this number.
Most of us in the Internet advertising business immediately scoff at RDA's argument. Everyone in our industry knows that "visitors" and "unique visitors" are two very different things, and that if the parties actually meant "unique visitors," they would have said so. The court efficiently reaches this conclusion as well, saying that the term "visitors" is unambiguous and "If defendant wished to be guaranteed “unique visitors” to the site, it should have specified such in the agreement." Even if the term were ambiguous, the court still isn't sympathetic, in part because the advertiser never complained about the invoices while the parties were still in a relationship. (And, as we know, advertisers will complain if they think the deal isn't performing to their expectations!!!)
Two practice pointers from the case. First, it's critical to precisely define the metric for computing payment in advertising contracts. Often, when I'm asked to look at Internet ad contracts, I'm sent the T&Cs but not the actual IO where the payment metric for the particular ad deal is specified. That's one of the most important aspects of an ad contract, so as a lawyer, we really need to get our hands on the IO business terms in addition to the T&Cs. Second, the opinion doesn't mention any clause in the WebMD contract that WebMD's numbers control for calculation purposes. (The clause might have been in the contract, but it wasn't referenced in the opinion). Even if the court won't enforce those clauses verbatim, they can still be extraordinarily helpful in tipping any ambiguities in favor of the publisher and against the advertiser when the parties dispute the numbers.
HT: Ken Adams, who thinks that "visitors" is ambiguous. His example shows how it could be in some contexts, but it's not ambiguous in this context. Ken, in turn, links to the ContractsProf post.
Posted by Eric at 05:55 PM | Licensing/Contracts , Marketing | TrackBack
January 23, 2009
The [Non]enforceability of Privacy Promises--Pinero v. Jackson Hewitt
A recent court case reiterates that privacy policies aren't the be-all, end-all panacea for protecting online privacy.
By Ethan Ackerman
One of the main arguments against a federal online privacy law has been that website privacy policies were a self-regulatory solution that was more than sufficient, permitted more flexibility, and bound parties as surely as any federal law. Real-life court cases continue to suggest the contrary.
From mid-90s FTC staff decisions to "encourage self-regulation" to the 1998 formalization of a Clinton administration e-commerce policy framework to the extension of this policy through both terms of the G.W. Bush Administration, "self-regulation" of online privacy has been the policy of the executive branch of the federal government. Similarly, "self-regulation" has been the primary card played (the 10 of spades?) against Congressional attempts to pass federal online privacy regulation, successful in stalling any legislation on the issue since at least the 106th Congress. Online industry lobby groups still emphasize that "self-regulation" is the only needed enforcement, and online privacy advocates cite self-regulation's failures for the 'decade of disappointment' in internet privacy.
Meanwhile, outside of the policy debates, online activity has exploded, along with the collection and use of personal information online. Putting aside the real challenge of discovering unacceptable uses, sometimes that collection and use (or misuse) is egregious enough that someone sues over it. As the recent case of Pinero v. Jackson Hewitt Tax Service shows yet again, actual monetary damages matter more than egregiousness.
Ms. Pinero discovered that a Jackson Hewitt Tax Service licensee that prepared her taxes had breached its privacy policy when a local news station contacted her and provided her with her prior year tax returns, discovered in a public dumpster along with the returns of more than 100 other Jackson Hewitt clients.
Mindful of the increasing body of cases that have refused to find damages in the mere breach of protective statutes, violations of privacy policies or unlawful disclosures of personal records, Ms. Pinero's attorneys alleged specific factual emotional, physical, and economic damages in their suit. Those damages weren't good enough under the applicable state law, according to U.S. District Judge Sarah Vance. Specifically, the judge found that the plaintiff suffered no direct pecuniary damage from the breach - a heightened risk of future loss or steps taken to mitigate that loss weren't enough under Louisiana law for a negligence or breach of contract claim.
Above and beyond my brief summary, the opinion is worth a read in greater detail. The judge's detailed discussion of the pleadings reveals much work on this case. The pleading drafters clearly went to great effort to avoid precisely this outcome, claiming damages of several types with a great deal of specificity and carefully formulating claims under a variety of different statutes and causes of action, including a Consumer Protection Act and database breach statute claim. Judge Vance addresses each claim and the surrounding caselaw in good detail as well, providing scant room for a reversal on appeal by leaving every issue addressed.
The takeaway? As Eric has worried in the past, there may be no effective customer legal recourse against companies that breach their privacy policies.
[Eric's comment: we've seen a long list of situations where plaintiffs suffered some privacy invasion but were unable to obtain any legal recourse. Ethan links to the JetBlue case (which remains remarkable to me to this day), and we've blogged on others as well (see, e.g., the Acxiom and Key cases). In general, I think these opinions have often reached a sensible and pragmatic result that a privacy invasion may lead to no tangible losses, so damage awards may overcompensate the victim or overdeter the defendant. However, providing no damages awards--especially when a company breaches its self-selected promises--may under-deter and reward companies for overpromising and underdelivering. This case seems especially odd because the complaint contained allegations of specific tangible harm. Maybe we don't believe the allegations, but normally they ought to be heard.
At the same time, I fear the policy-makers may overreact to this situation by creating statutory damages. Those solve one problem (the courts' balking at plaintiffs that have no obvious damage) but create another, (IMO) much bigger problem of motivating plaintiffs and their lawyers engage in litigation frenzies with low-merit lawsuits. We've seen a lot of wasted motion in the spam context from people chasing statutory damages, and I shudder to think about the tax on our economy if we ever created a statutory damage for generalized privacy violations.]
Posted by Ethan Ackerman at 09:47 AM | Licensing/Contracts , Privacy/Security | TrackBack
January 16, 2009
AOL Loses Venue Selection Dispute in Ninth Circuit Due to an Unfortunate "Of"--Doe 1 v. AOL
By Eric Goldman
Doe 1 v. AOL LLC, 2009 WL 103657 (9th Cir. Jan. 16, 2009)
This is one of several lawsuits against AOL over AOL's 2006 posting of a database of improperly anonymized search queries. This particular lawsuit was brought by AOL members in California and alleges a variety of federal and state law claims against AOL.
AOL defended based on its venue selection clause in its member agreement, arguing that the contract required the lawsuit to be brought in Virginia. AOL has had a lot of success with its venue selection clause over the years, but it has had some prominent failures as well. One of those is America Online v. Superior Court (ex rel Mendoza) from 2001, in which a California appellate court struck down AOL's venue selection clause on public policy grounds because Virginia law did not provide adequate relief to California consumers--because, among other things, Virginia state courts do not permit class action lawsuits.
The Mendoza case was part of a broader judicial trend against online user agreements over the past decade. We've seen them fail for unconscionability, public policy and other reasons, making the successful drafting of such clauses tricky. Collectively, I think these cases have established pretty clearly that a venue selection clause designed to suppress class action lawsuits has a high risk of failure and, in California, is presumptively unenforceable.
What isn't clear to me is what, if anything, AOL did to modify its member agreement's venue selection clause in response to its Mendoza defeat. As a result, I can't tell if this court is interpreting the same contract language as was presented to the Mendoza court. But in all other respects this case is extremely similar to Mendoza: the plaintiff initiated a class action lawsuit in California, AOL defended on its venue selection clause to force the case back to Virginia, and the court is confronted with the public policy implications. Thus, if AOL did change its contract post-Mendoza, it didn't get the desired results, because it suffers another defeat here.
It appears that if the case could be heard in Virginia federal court, the class could form and the clause would not necessarily fail; but if the clause only permits Virginia state court, this is Mendoza redux and AOL loses. As a result, the court tries to figure out which venue the member agreement language specifies. AOL's agreement designates the exclusive venue as "the courts of Virginia." The court parses the grammar of the word "of" and looks at other precedent analyzing "the courts of [state]" and concludes that this language selects only Virginia state court. Because a California appellate court (the Mendoza court) had already said that Virginia state court isn't an acceptable choice for a putative class action of California consumers, the Ninth Circuit has no choice but to toss the venue selection clause.
This raises an obvious drafting point: courts are reading venue clauses specifying the venue as "state of X" to mean only state courts in the designated state, so don't use that grammar unless that's what you intend. I'm sure that most drafters using "state of X" language instead mean the parties can litigate in either federal or state court in that venue, but that's not the way courts are reading it. Accordingly, I think it would be prudent to avoid the "courts of X" grammar altogether, which isn't hard to do. Personally, I normally say "courts in X" (as opposed to "courts of X"). I would have to research the precedent interpreting that grammar (this case has made me a little nervous), but the "in" grammar should pretty clearly avoid the analysis in this Ninth Circuit opinion. Another alternative would be to expressly reference both federal and state courts as options; I've seen this language frequently, although I've previously thought that was unnecessarily wordy. Maybe it isn't.
Posted by Eric at 01:29 PM | Licensing/Contracts , Privacy/Security | TrackBack
January 06, 2009
Oracle v. SAP Updates--Third Amended Complaint, Motion to Dismiss Ruling, SAP's Latest Answer
By Eric Goldman
There have been some recent developments in the high-stakes and complicated Oracle v. SAP lawsuit.
In October, Oracle filed its third amended complaint whereby it expanded its efforts to show that SAP America and SAP Germany were both responsible for the actions of SAP America’s TomorrowNow subsidiary, which SAP has already admitted engaged in impermissible practices. The third amended complaint is supported by lots of facts that only millions of dollars of discovery can buy. The complaint a long read and still has too much PR hyperbole about how Oracle is so much better than SAP, but I thought the complaint did a good job arguing that the parent companies were more involved with the rogue subsidiary than mere stockholdership. At the same time, Oracle does look like it will have a damper on some of its copyright claims—it acknowledged that it lacks copyright registrations for many of the copied files, and it made some copyright filings as part of the lawsuit that probably will be too late to create eligibility for statutory damages. This probably means that Oracle won’t get to inflate the final damages calculation as much as it would like.
On Dec. 15, the judge ruled on SAP’s partial motion to dismiss. The ruling cleans up the case a bit but doesn’t really affect the substance of the case. Personally, I was a little confused about the ruling on copyright preemption of the breach of contract claim. The court denied the motion to dismiss the contract claim “except as to the extent that the state law claims are based on the alleged copyright infringement – in which case the parties agree they are preempted by the Copyright Act. SAP does not dispute plaintiffs’ assertion that the TAC alleges other actions (fraud, unauthorized use, and harm to private contractual rights and expectations) that form the basis of the state law claims, and which are not preempted by the Copyright Act.” Did the court say that a breach of contract can’t be based on acts that would constitute a copyright infringement? We know that would be wrong.
On Dec. 30, SAP filed its answer to the third amended complaint. Just like it did with its first answer, which it released so that the news would effectively break on the obscure newsday of the July 4 holiday, SAP once again tried to bury its news by releasing it so that the news would break on a holiday (this time, New Years). Oh please! You’re not fooling anyone with your bogus PR shenanigans, SAP.
Not surprisingly, SAP is blaming its TomorrowNow subsidiary for all misconduct--which is convenient, because SAP has already shuttered TomorrowNow, so it has nothing more to lose if it can contain the lawsuit to the subsidiary.
I must say that the overall picture doesn't look good for SAP. I am skeptical that they will emerge unscathed from this lawsuit. However, I’m still not clear what Oracle wants from SAP. It’s in the driver’s seat, so it should be able to dictate terms. What would it take for Oracle to move on? It may be that keeping the case open is hurting SAP in the marketplace, such as by spooking SAP's potential customers, so Oracle may be happy to let the case linger. Otherwise, it seems like Oracle should have enough information to state a price, and I’d like to think SAP would be prepared to write a reasonable check.
Posted by Eric at 10:12 AM | Copyright , Licensing/Contracts | TrackBack
December 30, 2008
Doe v. SexSearch Affirmed by 6th Circuit, But Not on 230 Grounds
By Eric Goldman
Doe v. SexSearch.com, 2008 WL 5396830 (6th Cir. Dec. 30, 2008)
I previously summarized this case as follows:
Defendants operate a website that helps people hook up to have sex. Roe posted a profile saying that she was 18 and wanted sex. After Doe connected with Roe via the profile, they met offline at Roe's home and had "consensual" sex. But Roe was actually 14, and Doe was busted for felony statutory rape. Doe turned around and sued the website on 14 counts, which the court summarizes as claims that "(a) Defendants failed to discover Jane Roe lied about her age to join the website, or (b) the contract terms are unconscionable."
In August 2007, the district court dismissed the case. Frankly, I always thought this should be an easy case for the reason articulated by the district court judge: "Plaintiff clearly had the ability to confirm Jane Roe’s age when he met with her in person, before they had sex, yet failed to do so." But fitting the claim into legal doctrines is trickier, and the district court relied on both 47 USC 230 and substantive contract/marketing law to dismiss the case.
On appeal, the defendant fared no better, and the Sixth Circuit has little trouble dismissing the case. However, the Sixth Circuit disavows the district court's 47 USC 230 discussion:
we do not reach the question of whether the Communications Decency Act provides SexSearch with immunity from suit. We do not adopt the district court’s discussion of the Act, which would read § 230 more broadly than any previous Court of Appeals decision has read it, potentially abrogating all state- or common-law causes of action brought against interactive Internet services.
The court instead dissects the substantive contract and marketing law claims one-by-one (all 14 of them) to show why none of them were valid. The opinion is a pithy read, so if you're interested in seeing how an online contract survives a multi-front attack, check it out. I did get a chuckle out of the part when the court explains why the contract's dollar cap wasn't unconscionable: "Given the nature of the service, which encourages members to meet in person for sexual encounters, SexSearch’s potential liability is nearly limitless. For example, arrest, diseases of various sorts, and injuries caused by irate family members or others may be the result of such hedonistic sex. When selling such services, then, it is commercially reasonable for SexSearch to limit its liability to the price of the contract."
It's easy to see why the Sixth Circuit was troubled by the 230 issues in this case. This case involves a knotty question that has become a blog perennial: when is a website liable for its marketing representations that are rendered false by user content or actions? In this case, the website said in a variety of ways that users were over 18, but it never authenticated users' ages, and Roe affirmatively lied about her age. As I've mentioned before, this creates a legal conundrum--on the one hand, websites should be responsible for the marketing representations that they choose to make; but on the other hand, this can open up a bypass to 230 as plaintiffs use the marketing representations as a proxy to hold websites liable for third party content. I'm disappointed the Sixth Circuit didn't decide to tackle this issue head-on, but I understand why they chose to sidestep the issue and make clear that they weren't ratifying the district court's rationale.
I noticed that the court also doesn't mention Doe v. MySpace, the recent Fifth Circuit 230 opinion also involving online hook-ups leading to offline statutory rapes. That case turned on a negligence-style "premises liability" theory rather than a breach of contract/false marketing representation theory, but the Sixth Circuit could have tried to equate the two if it wanted (especially in its discussion about "failure to warn").
So, where does this ruling leave us? This ruling, along with the Goddard opinion from earlier this month, reinforces that plaintiffs trying the breach of contract/false marketing representations workaround to 47 USC 230 still have to establish their prima facie substantive case or they will be dismissed (in this case, on a 12b6 motion). Plus, numerous district court cases still hold that 47 USC 230 applies to false marketing representations, including the Mazur and Friendfinder cases from earlier this year. So I think the news remains very, very good for defendants. Nevertheless, I remain confused about the precise boundaries between 47 USC 230 and breach of contract/false marketing representations, and clarity will have to wait until 2009 (or beyond).
Unless something really big happens in the next 36 hours, I'll see you in 2009. Happy new year!
Posted by Eric at 09:53 AM | Derivative Liability , Licensing/Contracts , Marketing | TrackBack
December 17, 2008
Google's Latest Attempt to Kill the CLRB Hanson Lawsuit Fails
By Eric Goldman
CLRB Hanson Industries, LLC v. Google, Inc., NO. C 05-03649 JW (N.D. Cal. Dec. 16, 2008)
CLRB v. Google is the long-running lawsuit (3 1/2 years and counting) over Google's adherence to advertising limits that advertisers set in Google AdWords. I have blogged on the case several times, including:
* my initial post from August 2005
* the August 2007 determination that advertisers were bound by the AdWords contract
* the May 2008 initial refusal to grant summary judgment to Google
Over the course of the litigation, the court has substantially narrowed the scope of claimants who have a potentially viable claim against Google to just three groups: advertisers of less than 1 month, advertisers who ended their campaign in a partial month, and advertisers who paused their campaign. Seemingly undaunted by the May 2008 ruling denying summary judgment to squash these three groups, Google again sought summary judgment on narrower grounds. Maybe Google thought it had a real chance of winning this second attempt at summary judgment, but it smelled a little "hail mary" to me. Thus, perhaps not surprisingly, Judge Ware rejected the motion and reiterated that summary judgment isn't appropriate (at one point saying, with a hint of frustration, "Defendant appears to be attempting to re-litigate an issue decided in the May 14 Order").
As a result, it appears that at least some aspects of the case appear destined for a trial--which, as far as I can recall, would be the first US trial on Google's AdWords practices. Fortunately for Google, the class is so limited that Google's damages exposure should not break the bank even if it loses badly at trial. Normally cases with light damages would settle, but I suspect the case is still around because the parties can't work out a deal on the attorney's fees--which, if this situation is anything like the click fraud cases, almost certainly will dwarf any actual monetary relief received by the putatively injured advertisers. If the parties can work out the plaintiff attorneys' cut of the spoils, I'm confident this lawsuit will settle before trial.
Posted by Eric at 05:38 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack
December 16, 2008
Lori Drew Conviction Reflections, Part 3 of 3: Lessons for Cyberlawyers Drafting User Agreements
By Eric Goldman
[Note: this is Part 3 of a special 3-part series on the Lori Drew conviction. Part 1 discussed why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 2 discussed some problems with holding Lori Drew responsible for a contract she never clicked through. This post concludes the series.]
Last week, I went to my first CLE conference for Cyberlawyers since Drew’s conviction, and the conference included panels about online contract drafting. Given that Drew’s conviction was based on MySpace’s user agreement and contract formation process, I expected some discussion about the case’s implications. Instead, I was very surprised that the panels had no discussion about the lawyer’s role in drafting MySpace’s contract or any lessons we as Cyberlawyers should take from her conviction for drafting future contracts. The materials were identical to the discussion we would have had before the conviction.
Personally, I think this is a huge oversight. We as Cyberlawyers cannot lose sight of the social responsibilities that complement our client responsibilities. And as this case illustrates, when we draft overly expansive contract restrictions in online user agreements, we may be unwittingly turning many or all of our clients’ users into criminals. Not only is criminalizing our clients’ customers users potentially bad for their businesses, but it is irresponsible—and unnecessary.
The problem is particularly acute for user behavior restrictions that the service provider never plans to enforce. As has been pointed out elsewhere, a contract restriction saying that "kids under 18 cannot use the website" has no legal meaning (it’s designed to deal with the voidability of contracts with minors, although this might be less of an issue than we thought), but it potentially criminalizes any minors who ignore the language. Similarly, a restriction on creating accounts using false registration information might be handy in those rare cases when the service provider is chasing spammers who create bogus accounts, but it also potentially criminalizes many users who legitimately might not want to tell the complete truth to the website during registration. Thus, while there might be some limited circumstances where these clauses are appropriate, for the most part we need to dump these overly expansive behavioral restrictions from our toolkits.
Based on the Lori Drew conviction and other recent developments, such as the JuicyCampus enforcement action, I have two recommendations for how Cyberlawyers should draft user agreements in the post-Lori Drew conviction era.
Use Generalized, Not Specific, Behavioral Restrictions
First, user agreements should rely more heavily on generalized permissive statements like “the website may terminate users at any time in its sole discretion” instead of laundry lists of prohibited user behaviors. Historically, unrestricted termination clauses were considered troublesome because they were cited against Napster as satisfying the “right and ability to supervise” prong of vicarious copyright infringement. However, we have since learned that Napster was an aberrational case and it would be foolish to try to change our in-the-field practices based on the case. At this point, I see no clear legal downside to using a generalized termination right, and it obviates the need for long, ambiguous, thesaurus-driven behavioral codes.
Alternatively, liquidated damages provisions can deter unwanted behavior without establishing negative covenants. For example, MySpace’s anti-spamming liquidated damages clause paid off big for MySpace in its lawsuit against theglobe.com.
Move Behavioral Restrictions to a Separate Community Norms Document
Second, behavioral restrictions that do not need to be specifically barred in the user agreement can be moved into a separate statement of community norms/standards. This way, users are told what they can do and not do, but the statement does not have the force of law. Ideally, other users can be given tools to help them enforce the community norms. Even better, the norms can be posted on a wiki so that the site’s users can help update them as the site’s community evolves.
This community norms approach has at least three benefits. First, because the norms aren’t part of the agreement, overzealous prosecutors can’t use them as a basis of prosecution, so the site avoids unwittingly criminalizing its users. Second, if the norms are phrased right, overzealous plaintiffs cannot argue that the negative restrictions are implicit marketing representations that such user conduct will not take place on the site. This will squelch analytically corrupt claims like the ones advanced by the New Jersey’s attorney general office against JuicyCampus. Third, a separate non-legal document may be a more effective tool to communicate site expectations than embedding those rules in a user agreement that no one will read (all statistics I’ve seen indicate that well less than 1% of users read user agreements).
I realize it’s unlikely Cyberlawyers will enthusiastically change their drafting techniques in response to the Lori Drew conviction. If nothing else, I find contract drafting attorneys tend to ossify their techniques; plus a number of forces conspire to push drafting attorneys to make longer and meaner user agreements. But at the same time, I think it would further compound the tragedies of Meier’s suicide if we don’t internalize the message that our user agreements are being used to try to send people to jail, whether we intend that or not.
Posted by Eric at 09:26 AM | Licensing/Contracts | TrackBack
December 15, 2008
Lori Drew Conviction Reflections, Part 2 of 3: Who is Bound by Clickthrough Agreements?
By Eric Goldman
[Note: this is Part 2 of a special 3-part series on the Lori Drew conviction. Part 1 discussed why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 3 will discuss some lessons for Cyberlawyers who draft online user agreements.]
From everything I’ve seen, Lori Drew apparently never affirmatively manifested assent to the MySpace user agreement. My understanding is that Drew’s babysitter, Ashley Grills, testified that she, not Drew, created the MySpace account and clicked through the MySpace user agreement. (I understand that the jury disbelieved Grills, although I am not aware of any contrary testimony on this point). Furthermore, I am not aware of any testimony that Grills informed Drew that Grills was accepting the MySpace user agreement on Drew’s behalf or that Grills provided any other form of notification to let Drew know that a contract was being formed--let alone educating Drew about the terms of that contract.
If this is true, then how can Drew be legally connected to the contractual restrictions that she was convicted of violating? Principal-agency doctrines would be one way. If Grills was Drew’s agent, then Grills would have actual or implied authority to bind Drew contractually. However, I am skeptical that Grills was Drew’s agent for contract formation purposes. First, I am not clear about whether Grills was Drew’s employee or was an independent contractor. The latter status would cut off most forms of agency liability for Drew. Second, even if Grills was an employee, it is difficult to argue that entering the MySpace user agreement was within the scope of Grills’ employment, even if it was putatively done at Drew's request.
As a result, I think the only way Grills could bind Drew to the MySpace user agreement was via the apparent authority doctrine. This argument is not completely untenable. For example, in the 2005 Abramson v. AOL case, the plaintiff’s son bound his mother to the AOL user agreement based on his apparent authority to act on her behalf. (The court also said that mom ratified the contract by continuing to use the service knowing of the contract terms). Similarly, an earlier 2004 case, Motise v. AOL (briefly discussed here), held that a stepfather bound his stepson, who shared use of the same computer, to the AOL user agreement.
It should be obvious why the courts have reached these conclusions. After all, if a click on the clickthrough agreement binds only the clicker, but the vendor cannot authenticate the identity of the person who clicked, then online user agreements could be easily defeated by anyone who simply claims someone else using their computer did the clicking. Consider an analogy (I’ve been holding this one as a possible future contracts exam question, but oh well): is a contract formed when a retailer cashier presses the “OK” button on the credit card swiping pad on behalf of a befuddled/distracted customer who is holding up the line? I’ve seen this happen dozens of times, but could the customer renege on the contract because he/she wasn’t the one literally pressing the button?
At the same time, the Abramson and Motise cases both involved family relationships. Although family members don’t automatically have agency authority to bind other family members, judges seeking equitable results would have little discomfort holding family members accountable for their online clicks. In contrast, the Grills-Drew relationship wasn’t familial and therefore not as susceptible to equitable readings.
More importantly, it’s one thing to use apparent authority to uphold a venue selection clause in a civil lawsuit (the only stakes at issue in the Abramson and Motise cases), but it’s quite another to apply that doctrine, or something similar, in the criminal context with the consequences of depriving liberties based on a user agreement the defendant never saw and didn’t affirmatively agree to. Indeed, I am not aware of any evidence that Drew ever learned of any applicable restrictions in the MySpace user agreement or otherwise “ratified” the agreement.
Therefore, based on everything I’ve seen, Grills would have been an appropriate target for criminal enforcement predicated on the MySpace user agreement because she actually clicked through. In contrast, holding someone else legally responsible for that click, especially if they never learned of the contract terms, makes no sense. Convicting them of a crime based on these contract terms is unconscionable.
More generally, the issue of who is bound by a click (other than the clicker, of course) seems like a recurring issue for the future. I’m not sure if we can draw too many insights from Drew’s conviction on this question, but this case—combined with Abramson and Motise—does suggest that courts and juries may take an expansive view of the circle of responsibility for clicks. While this is fantastic news for the sites trying to form these user agreements, in the criminal context, it can be tragic.
Posted by Eric at 11:39 AM | Derivative Liability , Licensing/Contracts | TrackBack
December 12, 2008
Lori Drew Conviction Reflections, Part 1 of 3: Why MySpace Might Regret the Conviction
By Eric Goldman
[As I’ve mentioned before, I think Lori Drew’s conviction is a tragic denouement to an already tragic situation. After thinking more about the conviction, I initially planned to blog some brief additional commentary to my initial post. However, that post grew so long that I decided to split it into a special three-part series. This post, Part 1, explains why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 2 will address some problems with holding Lori Drew responsible for a contract she never clicked through. Part 3 will discuss some lessons for Cyberlawyers who draft online user agreements.]
On this year’s Cyberlaw exam, I tested students on the federal crimes exception to 47 USC 230. As I’ve thought more about that, I realized that once Lori Drew was convicted of a federal crime, everyone else associated with Drew lacks 47 USC 230 protection if the government decides to prosecute them as well.
As a result, if overzealous prosecutors decided to prosecute any of Lori Drew’s online support vendors—such as, say, her Internet access provider—these additional defendants cannot defend using 47 USC 230. Of course, prosecutors may not be able to establish a prima facie claim against these third parties, but the point remains that companies that normally expect to rely on 47 USC 230 for user behavior now face a new exposure risk.
The most obvious potential defendant who might fear this consequence is MySpace, which facilitated the fateful conversation between Drew/Grills and Meier. However, Drew was convicted of violating the Computer Fraud & Abuse Act, which protects against harms to computer servers. This means that, as a matter of criminal law, MySpace was the victim of Drew’s crime in this case.
It’s easy to forget that MySpace is the victim. First, for a victim of such a high profile case, MySpace has been surprisingly quiet in this matter. I believe MySpace provided some support to the prosecution and made a few public remarks critical of Drew, but overall my impression is that they have tried to avoid public scrutiny of their role in this tragedy. Second, it stretches credibility to believe that Drew harmed MySpace. MySpace is hardly a sympathetic victim; and if anything, given the serious problems taking place on MySpace (1, 2, 3, 4, 5), many Americans probably view MySpace as part of the problem, not a victim.
Ironically, then, MySpace could go from victim in this case to defendant in the next. For example, if any of its users use the MySpace network to commit a similarly de minimis Computer Fraud & Abuse violation against a third party website, MySpace may not be able to invoke the 47 USC 230 shield that it normally depends upon. As a result, MySpace may have to rely on prosecutorial discretion to avoid a high-risk and expensive criminal prosecution. As highlighted by Drew’s prosecution, we all know how comforting that is.
More generally, I realize that the federal crimes exception to 47 USC 230 is underexplored (making it another good paper topic if you’re looking for one). I’ve only blogged on it a few times, including my comments to the SEC anti-linking proposal, the Google and Yahoo settlement regarding gambling ads and civil plaintiffs’ (failed) arguments that civil claims deriving from federal criminal laws are not preempted (they are) (1, 2). I could see why this dearth of material might change: the angst about 47 USC 230’s broad immunization inevitably will put more pressure the immunity’s few exclusions.
(Parts 2 and 3 will follow next week).
Posted by Eric at 02:45 PM | Derivative Liability , Licensing/Contracts | TrackBack
November 26, 2008
Lori Drew Guilty of 3 Misdemeanor Violations of the Computer Fraud & Abuse Act
By Eric Goldman
According to news reports (WSJ Law Blog, LA Times, AP), the jury has declared Lori Drew guilty of "three misdemeanor counts of accessing a computer without authorization." I would like to parse the actual jury verdict form to make sure we understand what the jury actually said. For now, some preliminary observations.
First, the jury verdict is not the last step in the process. For example, the judge could still dismiss the case notwithstanding the jury verdict. Personally, I think it was a mistake for the judge to let this case go to the jury; overturning a jury ruling is always a dangerous move for a trial judge, and it would be especially awkward here for the judge to kick the case out now given the high emotions and heavy press coverage for this case. There could be a retrial (especially on the fourth charge, which resulted in a hung jury). It is also possible the jury verdict could be reversed on appeal. Finally, if none of those occur, a sentence that didn't include jail time would still be a travesty but would still have let the people have their vengeance while reducing the injustice to Drew. So it's hard to assess the meaning of the jury verdict because it's only 1 chapter in a longer story.
Second, I am even more convinced that it was a travesty of justice for the government to bring this case at all. The facts elicited at trial demonstrated the illogic of the government's argument that Lori Drew made unauthorized uses of MySpace's servers, including the facts that:
* Lori Drew did not create the MySpace account at issue (Grills, the babysitter, did--but she got government immunity for testifying against Drew)
* Lori Drew did not click OK to the MySpace user agreement (Grills did)
* Lori Drew did not send the final fateful message (Grills did)
* some of the messages at issue were not even sent through the MySpace network (they were sent through AOL)
These facts severely undercut the government's theories about the Computer Fraud & Abuse Act. They should also frighten each of us who may have broken an online user agreement, intentionally or not, at some point in our lives, by showing how easy it could be to violate the CFAA. The tenuousness of the law's application to the facts reinforced that the real trial was over Lori Drew's moral culpability for Meier's death...though that wasn't supposed to be on trial.
Third, regardless of how this case turns out, I remain frustrated by how pro-regulatory forces are using Meier's death--a tragic but highly anomalous situation--as grist for their pro-regulatory agendas. In particular, the push to legally prohibit "cyberbullying" baffles me. I don't even understand the term, but I do know that we cannot legislate people being nice to each other, online or off, and we don't even try in most offline circumstances. Further, as the expansive interpretation of the CFAA highlights, restrictions against "cyberbullying" could chill many socially beneficial and protected activities. So, I hope we can resist the pro-regulatory temptations. Ironically, a guilty verdict for Lori Drew might have that salutary effect by showing that existing laws can punish "bad" actors, even if legal justice is being denied to Lori Drew in the process.
UPDATES: More coverage: NYT; NYT #2 (news analysis), Christopher Soghoian (pointing out examples of egregious user agreements that convert many site users into criminals).
Private investigators are stressing about this ruling.
Posted by Eric at 01:44 PM | Licensing/Contracts | TrackBack
November 18, 2008
October 2008 Quick Links, Part 2
By Eric Goldman
Spam
* Kramer v. Perez. An Iowa court awards $236M in damages in a spam case. Venkat's comments.
* After the government lost its jury trial against Impulse Media, the court denied Impulse Media attorneys fees.
Contracts
* AT&T put its own emailed notice of amended contract terms into its spam folder. Whoops! Due to spam filters and other automated blocks, it is becoming almost impossible for websites to communicate with their users by email.
* An estimate of the massive "tax" imposed on consumers by reading privacy policies. Of course the financial drain is overstated because many people make a rational decision not to read every privacy policy, plus not every person has to read a privacy policy for marketplace responses to be effective.
* The Blizzard v. MDY WOWGlider case has reached a stipulated damages amount of $6M.
* Pulaski & Middleman, LLC v. Google Inc., 5:2008cv03888 (N.D. Cal. complaint filed August 14, 2008). The Justia page. Yet another me-too lawsuit against Google over serving ads to parked domains and error pages.
* An Israeli GPL enforcement action settled.
Trademarks/Domain Names
* Kentucky v. 141 Domain Names. Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name. More recently, the seizure was stayed.
* Speaking of inappropriate seizures, the Feds are trying to seize the trademarks of the Mongols motorcycle group. DOJ press release. LA Times article.
* Best Western Intern., Inc. v. Doe, 2008 WL 4630313 (D. Ariz. Oct. 20, 2008). Prior blog post in this case. The judge is losing patience: "These filings are wasteful in the extreme. The Court is not a forum for the parties to expend every possible dollar seeking to litigate every conceivable issue, no matter how insubstantial. The Court will no longer tolerate the excesses of this case."
* The Verizon v. Navigation Catalyst Systems domainer lawsuit settled.
* 50 Cent brings yet another questionable lawsuit. (1, 2).
Advertising
* Goddard v. Google Inc., 2008 WL 4542792 (N.D. Cal. Oct. 10, 2008). The case against Google for deceptive mobile phone ads will stay in federal court.
* Eyeblaster, Inc. v. Federal Insurance Co., 2008 WL 4539497 (D. Minn. Oct. 7, 2008). This is a collateral lawsuit to Sefton v. Eyeblaster alleging that Eyeblaster distributed spyware. Eyeblaster tendered the claim to its insurer. This court holds that the CGL policy doesn't apply because the claim relates to software problems, not physical damage to the users' computers. Further the E&O policy doesn't apply because Sefton alleges that Eyeblaster intentionally installed the spyware, bumping Eyeblaster into one of the policy's exclusions.
* Are consumers becoming more tolerant of pop-up ads? For more on consumer acceptance of new advertising formats, see here.
* A big damages award in NetQuote v. Byrd.
Posted by Eric at 06:42 AM | Adware/Spyware , Domain Names , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
November 11, 2008
Lambotte's Click Fraud Lawsuit Against IAC Survives Motion to Dismiss
By Eric Goldman
Lambotte v. IAC/InterActiveCorp, 2008 WL 48298