* Deleted the Perfect 10 v. ccBill and Perfect 10 v. Visa cases. I have been struggling with how to teach the Ninth Circuit's Perfect 10 troika of cases for the last couple of years. The troika was over 100 pages of reading that nevertheless left students befuddled after all that work. But I felt constrained because the troika is the most definitive statement of Ninth Circuit law, and it is insightful to see the cases evolve. Nevertheless, I decided that the Amazon case was the most doctrinally significant, so I kept that and ditched the other 2.

* Added Io v. Veoh. To make up for taking out the Perfect 10 cases, I've added this case, which I think is a very clear exposition of a DMCA online safe harbor case.

* Added Parker v. Yahoo. I think this will be a good case to tie together some copyright doctrinal threads as well as provide a nice compare/contrast with the Ticketmaster v. RMG case.

Trespass to Chattels

* Replaced the Computer Fraud & Abuse Act statute with the most recently amended version.

* Included a slide that synthesizes the various trespass to chattel doctrines into a summary format.

Contracts

* Added the Harris v. Blockbuster case. It's a short case that efficiently makes several powerful pedagogical points--including perhaps most importantly, the perils of robo-drafting by copying language from other people's agreements.

Blogs and Social Networking Sites

* Replaced my old materials on blog law and social networking sites law with my most recent talk on both from February.

* Added my Third Wave of Internet Exceptionalism article

* Added the Moreno v. Hanford Sentinel case as an end-of-the-semester review case. As I said when I first blogged on the case, I think "this is one of the most interesting cases I've seen in a while," and I'm really excited about teaching it. I think it will be an excellent issue-spotting opportunity for students as well as a powerful reminder of the power of published words (and how those words can unintentionally affect the people we love).

Change to the Grading Options

My other big change this year is that I am giving students the option to write a wiki entry on a cyberlaw topic as part of their grade. This was inspired by my forthcoming paper on Wikipedia (which you'll hear more about soon). In connection with that paper, I was researching alternative labor sources that could power Wikipedia, and students working as part of a class assignment was one option I explore in the paper (with some reservations). As part of "eating my own dog food" (a terrible idiom that seems to be prevalent in the Silicon Valley), I figured I should give it a try myself. As you can see, the wiki-drafting is optional, not mandatory, so I'll be interested to see how many students choose the option. I'll also be interested to see what happens when the students actually try to submit their work to Wikipedia. I have a mental image of a massive buzzsaw, but perhaps I'm being too cynical.

Posted by Eric at 09:36 AM | Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Search Engines , Trademark | TrackBack

August 04, 2009

Wikipedia and Rules Proliferation

By Eric Goldman

I have previously mentioned how rule sets tend to expand over time. We've seen this with legislation; for example, consider how the Copyright Act has grown over time. Personally, I've seen code expansion over and over again in the context of negative behavioral restrictions in user-to-user communities. A 2008 article by Brian Butler, Elisabeth Joyce and Jacqueline Pike entitled "Don’t Look Now, But We’ve Created a Bureaucracy: The Nature and Roles of Policies and Rules in Wikipedia" provided yet another dramatic example of this phenomenon in the Wikipedia context. They write:
___________

One useful measure of increased complexity is the change in lengths in terms of word count alone of the policies from the first version to most current. All policies studied grew enormously.

• Copyrights: 341 words => 3200 words: 938%
• What Wikipedia is not: 541 words => 5031 words: 929%
• Civility: 1741 words => 2131 words: 124%
• Consensus: 132 words => 2054 words: 1557%
• Deletion: 405 words => 2349 words: 580%
• Ignore all rules: exceptional case

The first version of the Ignore all rules policy is only 23 words long, stating, “If rules make you nervous and depressed, and not desirous of participating in the Wiki, then ignore them and go about your business” [45]. The current version is actually shorter, only 16 words, and says, “If a rule prevents you from working with others to improve or maintain Wikipedia, ignore it” [45]. However, as suggested earlier in this paper, while the actual wording of this policy declined 69% and it appears on the surface to be the least bureaucratic of the policies, the supplemental page directly linked to this policy contains 579 words, indicating that the policy swelled over 3600% [45].
___________

There are some obvious detrimental consequences of this expansion. First, it facilitates wikilawyering. As the rules get more complicated, there are more ambiguities to debate and potentially more contradictory rules. Second, it becomes a bigger barrier to entry for newcomers or casual users; either they must try to master a greater and more complex rule set, or they are more likely to transgress and have their contributions reversed.

Posted by Eric at 10:35 AM | Internet History , Licensing/Contracts | TrackBack

August 03, 2009

Google Goes on Offensive in AdWords Trademark Lawsuit--Google v. John Beck Amazing Profits

By Eric Goldman

Google, Inc v. John Beck Amazing Profits, LLC, C09 03459 (N.D. Cal. complaint filed July 27, 2009). [Warning: 1.4MB file] The Justia page.

A couple of interesting developments in John Beck Amazing Profits v. Google, the putative nationwide trademark owner class action lawsuit against Google over AdWords.

First, as of last week, the plaintiff had not served the complaint on Google even though it's been on file for over 2 months. I'm not sure what's the hold-up, but in my limited experience, delays in serving an already-filed complaint are often a leading indicator of a troubled lawsuit.

Second, last week Google sued the individual named plaintiff in that case, John Beck Amazing Profits, for both a declaratory judgment that AdWords doesn't infringe plus a breach of contract claim that the lawsuit filing breached the AdWords contract provision requiring any AdWords-related lawsuit to be brought in California. Going on the offensive against a plaintiff is characteristic of Google's litigation strategy; Google often tries to turn the tables on its litigation opponents. In this case, a major goal for Google surely is to get the case out of the Eastern District of Texas, which has been a dangerous venue for patent defendants.

Although the declaratory judgment and counterclaim is consistent with Google’s standard practices, in this case Google is ripping a page out of Yahoo's playbook in its litigation with American Airlines. American Airlines sued Yahoo over selling trademarked keywords in a Texas federal court; Yahoo shot back with a in a California federal court to try to get the case in a more favorable venue. The “dueling lawsuits” have led to an ongoing jurisdictional tussle that has slowed down progress on the substantive merits of American Airlines' claim.

As I wrote in connection with Yahoo's efforts, it was not clear to me that a defendant can wrest jurisdictional control of a case through the declaratory judgment process. In Google's situation, it's even more complicated because John Beck Amazing Profits is just the named plaintiff in a class action lawsuit. The plaintiffs could easily replace John Beck Amazing Profits with another named plaintiff who isn't an AdWords advertiser and isn't subject to California jurisdiction. At that point, I'm not sure what happens to the class action. (And, even if Google succeeds in moving the nationwide case, it should have no bearing on the Firepond putative class action lawsuit, which only covers a class of Texas trademark owners). Moreover, even if Google wins the declaratory judgment, it would have no binding effect on other class members.

So other than a not-certain-to-work ploy to pull the nationwide class action out of a bad venue, the only other benefit I see from the litigation is to send a warning shot to any named plaintiff who might succeed John Beck Amazing Profits that Google will be coming after them too. Let's see how that message is received.

The current roster of pending AdWords cases:

* Ezzo v. Google
* Rescuecom v. Google
* FPX v. Google
* John Beck Amazing Profits v. Google and now Google v. John Beck Amazing Profits
* Stratton Faxon v. Google (not initially a trademark case)
* Soaring Helmet v. Bill Me
* Ascentive v. Google
* Jurin v. Google
* Rosetta Stone v. Google

Posted by Eric at 03:51 PM | Derivative Liability , Licensing/Contracts , Search Engines , Trademark | TrackBack

July 14, 2009

Republishing Third Party Ratings in Marketing Material Might Be Copyright/Trademark Infringement--Health Grades v. Robert Wood Johnson Univ. Hospital

By Eric Goldman

Health Grades, Inc. v. Robert Wood Johnson University Hospital, Inc., 06-CV-02351-JLK (D. Colo. June 19, 2009)

A Colorado judge has reached the remarkable conclusion that a hospital publicizing its star ratings and other recognition from a third party rating service in its marketing material might be committing copyright and trademark infringement. This is a little like saying that it could be copyright and trademark infringement for a law school to include its US News rankings in its marketing material or for a book publisher to issue a press release announcing its ranking on the New York Times bestseller list. CRAZY.

Although I suspect there are messier facts than were described in the opinion, the situation as described in the ruling is pretty straightforward. Health Grades [great TM, guys] publishes "objective" ratings of hospitals, doctors and other healthcare providers, including 1-3-5 star ratings and "provider awards." The ratings are published on Health Grades' website behind a clickthrough agreement. Health Grades earns revenues by licensing the ratings and awards to evaluated providers for their promotional use. This business model is rarely a recipe for credible ratings. RWJ University Hospital apparently liked its Health Grades' ratings and awards so much that it republished them in press releases and on its website without paying a licensing fee to Health Grades. Health Grades sued, and this ruling is a response to the hospital’s motion to dismiss.

(Note: In PACER, I saw Health Grades was a plaintiff in at least 5 other pending or closed lawsuits in Colorado federal court since 2004. I didn’t investigate these to see if they were IP enforcement claims like this lawsuit or something else altogether, but Health Grades is a more active plaintiff than I would have anticipated for a company I had never heard of).

Copyright

Let me start with a basic proposition. A single numerical value can never be copyrighted. Ever. I don't care what formula produced the value; I don't care how many digits the number has; I don't care what explanatory text is used to describe the value. I know cases occasionally have reached the absurd result that individual numerical values can be copyrighted, including one of my least favorite copyright cases of all time, the CDN v. Kapes Ninth Circuit case. They are wrong wrong WRONG.

Courts can reach this erroneous conclusion by treating a numerical output as a "compilation" of underlying data values. If you squint, you can almost see how this makes sense. The publisher chooses the underlying values to include, uses editorial judgment to build the algorithm crunching those values, and sometimes layers subjective judgments on top of the algorithm's output. However attractive this logic is, I think fundamentally misreads the copyright statute’s definition of "compile." Under the copyright act, a compilation must represent a "collection and assembling of preexisting materials or of data that are selected, coordinated, or arranged." When a single number distills but obscures the underlying numerical values, the single number cannot reflect a selection, coordination or arrangement of the underlying numbers. Thus, according to my argument, numerical values cannot be compiled unless the reader can see those underlying values directly.

In this case, the judge gets led astray by contemplating the idea/expression dichotomy as a spectrum with "discoveries" on one end and "expression" on the other. Because the ratings aren't discoveries, the court concludes they should qualify as expression. But the court’s dichotomy is fatally incomplete. Instead, the inquiry is whether a single numerical value can represent an original work of authorship because it expresses an idea. A single numerical value cannot express an idea any more than a single word ever could.

Even if one reaches the incredible conclusion that a single numerical value is an original work of authorship, then surely it is preempted from copyright coverage by the merger doctrine, which says that if there are a limited number of ways to express a fact or idea, then the idea and expression merge into a single uncopyrightable whole. It seems like the star ratings in a 1-3-5 star rating system would, by definition, be subject to merger. Sorry to state the obvious, but how many ways are there to express that someone is rated one star??? Nevertheless, this court distorts the merger doctrine by saying the idea being expressed here is the rankings of healthcare providers. This is too high a level of conceptual generality. If every judge used this level of abstraction, the merger doctrine always would be a null set.

The court doesn't rule on the fair use defense at this early stage of the lawsuit (this opinion just addresses the hospital's motion to dismiss), but any guess where this judge is going to come out on fair use?

Trademark

Having butchered copyright law, the judge then makes a mess of trademark law as well. The ratings provider claimed that referencing its name as the source of the ratings in the marketing material constitutes a trademark infringement. Again, the analogy is that saying "US News" when publicizing a US News rankings constitutes an infringement of US News' trademark.

There are many reasons why this argument should be clearly wrong, but on the motion to dismiss, the hospital emphasized the nominative use defense. That seems like as good a ground as any for the court to kick out the trademark claim. For example, in the Terri Welles case from 2002, the Ninth Circuit said that nominative use permitted Terri Welles to publicize that she was "Playboy Playmate of the Year 1981" when, in fact, Playboy had bestowed that title upon her.

Unfortunately for the hospital, it drew a judge who apparently HATES the Ninth Circuit's articulation of the nominative use defense. The court says that the "nominative fair use doctrine as stated and applied by the Ninth Circuit is…at odds with recent Supreme Court precedent" and that the "Ninth Circuit's 'nominative fair use' analysis has not been widely adopted. In fact, all of the circuit courts that have considered it to date have either rejected the Ninth Circuit's approach outright [cite to the 6th Circuit PACCAR decision]...or modified it in some fashion to allow likelihood of confusion to be determined based largely on the traditional multi-factor analysis of this element." Just to clarify the latter point, the nominative use defense doesn't really do anything useful if defendants already can show a lack of consumer confusion, nor does looping the nominative use defense back into the standard likelihood-of-consumer-confusion test help judges end unmeritorious cases quickly. But that's exactly what the court does here, reserving the nominative use inquiry as a question of fact to be evaluated in conjunction with the multi-factor test. As a small bone to the defendant, the judge says that the defendant has the burden to show likelihood of consumer confusion, which in turns means that the plaintiffs implicitly must overcome a nominative use claim.

However, I wouldn't be too excited about that the forthcoming review if I were the hospital. The court goes on to say "the very nature of Health Grades' product, its rankings of healthcare providers, carries with it at least the possibility that consumers will consider RWJ's use of the Health Grades' marks to communicate Health Grades' ratings and awards for RWJ an implied endorsement by Health Grades of RWJ and the services it provides." Well, yes. By definition every "objective" rating of third party goods and services communicate the rater's assessment of quality—that’s the whole point. But to assume an "endorsement" seems like a wholly different matter. That's kind of like saying that US News "endorses" law schools by ranking them. Thus, the judge made a major cognitive leap by equating a quantitative assessment with an endorsement, and this subtle shift seems to extend trademark law into places it should not go.

One more point. Some trademark wonks believe that we can rely on doctrines like nominative use to do a lot of the heavy doctrinal lifting of segregating meritorious from unmeritorious cases. To those folks, I say—read this opinion! After you see how this court mangles the nominative use doctrine to effectively eliminate it, let me know if you still think the nominative use doctrine is a reliable safety valve for socially beneficial speech.

Breach of Contract

After having laid waste to big chunks of copyright and trademark law, the judge still had one more doctrinal surprise up his sleeve. The court says that the rating service's contract, which restricted licensees' republication of ratings, was preempted by copyright law because it lacked an extra element from the copyright infringement claim. Now, I freely confess that copyright preemption befuddles me, and I think it befuddles a lot of other copyright geeks, so it's a little hard to say with confidence that any copyright preemption decision is clearly wrong. But this result certainly contravenes oodles of precedent that have held that copyright and breach of contract claims can co-exist harmoniously. In my opinion, the breach of contract claim seemed way more promising than either the copyright or trademark claims.

Conclusion

For those of you keeping score, you may have noticed that I think the results should have been exactly opposite to the judge's conclusions. The copyright and trademark claims should have been easy dismissals, and the breach of contract claim should have survived. Opinions like this make me question my knowledge sometimes.

Opinions like this also make my blood boil. At one level, the opinion is almost correct if you apply the most tendentious reading of legal doctrines at each and every decision-point. (Although, this opinion also expressly turned its nose up at significant amounts of adverse precedent). On the other hand, the opinion is so clearly incorrect if one steps back and looks at the problem from a holistic common sense standpoint. Asking the question as "Can IP law prevent a company from telling others how a third party service has rated it?," the answer should be clearly and unequivocally "no," and it shouldn't even be close.

Ironically, the court even tangentially acknowledges the value of product ratings as a tool to facilitate consumer decision-making. As the court says, "Health Grades' individual ratings and awards also advance learning by providing consumers with a more concise and accessible evaluation of these providers than the consumers could obtain by reviewing the underlying data sources themselves." Yet, somehow, the judge lost sight of the fact that regressive copyright and trademark protection for numerical ratings makes the ratings less accessible, thereby hindering their value to help consumers make good decisions in the marketplace. From that perspective, the judge really whiffed.

As a result, if other courts follow this judge's "logic," the potential for mischief from cases like this is enormous. Think of every reputational system that spits out a numerical assessment of the subjects it evaluates. Now, assume each and every one of those numbers is copyrighted. Individual eBay feedback scores? Individual FICO scores? Individual Billboard rankings of songs and albums? All possibly copyrighted and requiring the initial publisher's consent to republish. Add in potential trademark claims, and the crazy-o-meter goes off the charts.

UPDATE: Bill Patry has posted on this case as well.

Posted by Eric at 04:08 PM | Copyright , Licensing/Contracts , Trademark | TrackBack

July 13, 2009

Facebook Sued for Click Fraud--RootZoo v. Facebook

By Eric Goldman

RootZoo, Inc. v. Facebook, Inc., 5:09-cv-03043-HRL (N.D Cal. complaint filed July 7, 2009)

Facebook appears to have run into some trouble with click fraud recently. Last month, TechCrunch had a series of articles about Facebook click fraud. TechCrunch postulates the following story: competitors are clicking on each others' ads to reduce their ROI and drive each other off Facebook. To ensure that the click fraudders can see Facebook's microtargeted ads, the fraudsters are creating thousands of fake accounts with heterogeneous profile information. The fraudster's software eventually finds a target ad and clicks on it like crazy, so fast that the advertiser's page never loads. This is distorting the advertisers' server logs, causing a big discrepancy in reporting and making it impossible for advertisers to track down the click fraud. TechCrunch reports that it spoke with Facebook and Facebook claims the situation has been addressed. Of course, could Facebook say otherwise?

I'm not clear if it's related to the TechCrunch coverage or not, but last week a putative class action against Facebook was filed, alleging click fraud. The plaintiffs allege that they were charged for clicks that never occurred at alarming rates--in RootZoo's case, they claim they were charged for 804 clicks on a single day when their servers recorded about 300 clicks. Now, I'm never sure how much credit to assign to plaintiffs' allegations like this. First, advertisers always want more performance for less cash. Second, advertisers' tracking systems are not always reliable, so RootZoo's undercounting could be due to their system, not Facebook's. However, combined with the TechCrunch reports, it raises some concerns that something could have been amiss at Facebook (and maybe still is?).

That's not to say the plaintiffs will get a check out of Facebook. The plaintiffs face many hurdles, including potential difficulties establishing a class, the many challenges getting competent evidence, and Facebook's contract and all of the various protective provisions contained therein. So the plaintiffs have plenty of work ahead of them. Then again, so may Facebook.

Posted by Eric at 09:43 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack

July 07, 2009

June 2009 Quick Links, Part 2

By Eric Goldman

State Regulation of the Internet

* iAWFUL, the Internet Advocates Watchlist for Ugly Laws

* Texas HB 2003. Part of the anti-cyber-harassment mania. Very broad statute with lots of room for prosecutorial mischief.

* BNA (BNA subscription required): "State Legislatures Consider Criminal, Civil Restrictions on Ticket Purchasing Software": "At least six state legislative bodies are considering bills this session that would place restrictions on the use of “ticket bots.""

* Because states are embracing the Amazon affiliate tax, the online affiliate industry is shrinking as we speak (1, 2, 3). But in one of his rare good moves, Schwarzenegger has vetoed CA's attempt to impose the Amazon tax.

* Clive Thompson in Wired: "By severing the link between location and geography, the internet turned everything upside down. Now mobile phones are inverting everything again, in the other direction — because your location becomes most important thing about you. So how is the return of geography going to change our lives?" My previous commentary on geolocation and the law.

Blogs/Social Networking Sites

* Yath v. Fairview Clinic, 2009 WL 1751767 (Minn. App. Ct. June 23, 2009). Posting illegitimately obtained health information to a MySpace page qualified as “publicity” for purposes of an invasion of privacy claim. The court says: “Yath's private information was posted on a public MySpace.com webpage for anyone to view. This Internet communication is materially similar in nature to a newspaper publication or a radio broadcast because upon release it is available to the public at large.” As a result, the publication qualified as “publicity” even if the material was posted for less than 48 hours and the plaintiff could only prove that a small number of folks actually saw it. Compare the Moreno v. Hanford Sentinel case, where republication of information the plaintiff voluntarily published on her MySpace page could not support an invasion of privacy claim.

Nevertheless, the defendants were excused because they had not created the MySpace page, even though they had supplied the information republished on the MySpace page.

* Richerson v. Beckon. Ninth Circuit upheld reassignment of teacher-mentor based on negative blog comments. My blog post on the district court opinion.

* Kaufman v. Islamic Soc. of Arlington, -2009 WL 1815641 (Tex. App. Ct. June 25, 2009). An online-only journalist qualified as a "member of the electronic or print media" for purposes of an interlocutory appeal statute.

* After von Brunn committed his hate crime outside the US Holocaust Museum, a bunch of his digital trails went dark as websites newly realized his vitriol was posted there.

* If you're looking for a paper topic, here's one: the use of MySpace, Facebook and other social networking sites in family law disputes, especially over child custody. I'm seeing cases every week where social networking site postings are being introduced to corroborate or contradict testimony about a parent's fitness.

Security

* FTC v. Pricewert. The FTC takes down an allegedly rogue Internet access provider. To the extent that the IAP is engaged in criminal activities, no problem; but it's less clear to me if the FTC can get a civil injunction under its Sec. 5 authority to stop the IAP from serving its putatively illegal customers. Such an action could be preempted by 47 USC 230. The FTC, in its brief, says the IAP fits into a Roommates.com exception, an argument presumably bolstered by their 10th Circuit win in FTC v. Accusearch.

* Johnson v. Microsoft Corp., 2009 WL 1794400 (W.D. Wash. June 23, 2009). This is a putative class action over Microsoft’s use of Windows Genuine Advantage (WGA) to validate copies of Windows XP. In this ruling, Microsoft gets SJ on the claim alleging that the contract prevented Microsoft from doing WGA validation. Especially interesting is the court’s conclusion that IP addresses are not personally identifiable information.

* Microsoft v. Lam. Microsoft brings a lawsuit against alleged click fraudders who caused Microsoft to issue $1.5M in credits to advertisers. The NYT article.

* EFF on the most recent amendments to the Computer Fraud & Abuse Act.

Miscellaneous

* Expedia tagged for $184M in damages for improperly marking up its service fees.

* In re Jamster Mktg. Litig., 2009 U.S. Dist. LEXIS 43592 (S.D. Cal. May 22, 2009). Wireless carriers aren’t liable under RICO and false advertising laws for various deceptive practices by wireless content providers.

* New unmeritorious patent lawsuit trend: lawsuits over patent markings for expired patents.

* NYT: Investing in Lawsuits, for a Share of the Awards

* Oddee: 15 geekiest license plates:

Posted by Eric at 09:18 PM | Content Regulation , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Patents , Privacy/Security , Publicity/Privacy Rights , Search Engines | TrackBack

ABA Antitrust Section Consumer Protection Conference Recap

By Eric Goldman

Last month I attended the ABA Antitrust Section’s Consumer Protection Conference. This post recaps some highlights from the event.

A few overarching themes:

* in light of the country’s economic malaise, the FTC is focusing its enforcement on economic harms. This is both to combat those who prey on victims of the economic downturn as well as curbing some of the excesses that contributed to the economic downturn.

* there was significant confusion, and some apprehension, about the proposed new Financial Product Safety Commission and how it will affect other government agencies, including the FTC. If nothing else, the proposed new agency creates some turf wars and might send an implicit message that the FTC somehow wasn’t up to the job (a characterization I wouldn't necessarily agree with).

* not exactly news, but the FTC is itching to do something different about regulating online privacy.

* on a related theme, there is widespread hand-wringing about the failures of consumer notices to effectively educate consumers and improve their decision-making. I agree with this, and in fact I’ve noted before that we are experiencing a “crisis of contracts.” While some UI improvement can be made in how information is presented to consumers, we are also stuck with the bigger problem that some consumer decisions are more complicated than consumers are able to handle, no matter how effectively the complexity is disclosed. There is no clear regulatory solution to this problem.

David Vladek’s Opening Remarks

David Vladek, the new director of the Bureau of Consumer Protection, outlined some things to expect from the FTC going forward:

1) The FTC will keep up/step up its aggressive pace of litigation, education and policy-making. In particular, the FTC will have to do more on economic fraud.

2) He expects the FTC will look more at privacy regulation. He said he did not find the notice/consent and harm paradigms for regulating privacy convincing. Regarding the notice/consent paradigm, he said it is hard to know what a person is consenting to. Notices are unintelligible, and they don’t address secondary uses. The harm paradigm doesn't address harms we feel but can’t quantify. So he is wondering, how the FTC can rationalize privacy approach going forward?

3) He expects the FTC to take a hard look at Internet behavioral advertising and ads directed to vulnerable sub-populations.

4) Echoing proposals that have been floated before, he said that the FTC should be on equal footing as other government agencies, including better rule-making authority, civil penalty authority and independent civil litigation authority.

More on Vladek’s presentation from Arnold & Porter, Perkins Coie and Rebecca Tushnet. While there, make sure to look at Rebecca’s introductory remarks, which were excellent but came before I was ready to take notes!

Former Chairmen’s Panel

John Villafranco moderated a panel of Bob Pitofsky and Tim Muris, both former FTC chairmen. The panel’s overriding theme is how much Bob and Tim agree with each other, even though they come from opposite sides of the political spectrum.

Villafranco asked some questions about the FTC’s past. He noted that 40 years ago, the FTC was derided, and there were calls to shut it down. Bob explained that the FTC was viewed as the “Little Old Lady on Pennsylvania Avenue” because it was preoccupied with trivial cases, hired experienced lawyers who weren’t very accomplished, didn’t take advantage of its broad mandate, and was widely regarded as weakest agency in Washington. Bob and Tim also explained why there were deep divisions between commissioners and between commissioners and staff at that time.

Villafranco asked about the biggest misconception by outsiders. Bob said that staff runs the place; Tim said that antitrust lawyers can do consumer protection.

Villafranco also asked about the staff’s biggest misconception about companies they investigate. Tim said that staffers deal with pathologies, so sometimes they assume every business is bad actor. Bob said that the FTC’s rules are on the vague side, so good-intentioned companies can get into trouble because they didn’t understand the rules.

Rebecca’s recap of this panel.

Privacy/Behavioral Advertising Panel

Eileen Harrington of the FTC: Disseminating content online means that the sender surrenders control over that content, even when not wanted or intended. Categories of content dissemination:
* blogging/microblogging
* social networking sites
* first party collection/behavioral advertising (ex Amazon, NetFlix). In these contexts, data collection/use is intuitive, and the consumer can always leave if he/she doesn’t like the site’s practices.
* Gmail ads, which she distinguishes from first party collections. Google discloses its ad practice but buried in a big privacy policy. Also, consumers may expect greater privacy in email. [Eric’s note: I really didn’t understand how Gmail is different from Amazon in this regard, and I didn’t get a chance to push Eileen about this. Having used Gmail for a very long time, the value proposition and the ad presentation is unambiguously clear to me.]
* Third party collection practices. She further broke these down into:
- Third party ad networks. Websites are unrelated and no relationship between consumer and ad network. Consumer may not understand why they receive ads. Also, data sharing increases risks.
- Researchware. Improper disclosures that consumers won’t understand.
- Deep packet inspection. May be less transparent/voluntary. Consumers don’t know to look at their contracts with their connectivity suppliers. Deleting cookies won’t help.

In response to a question about whether there is there a different way to communicate privacy to different generations/subcommunities, Eileen expanded on David Vladek’s comments by saying that it’s time to look again at the commission’s privacy framework. For a time, the FTC followed Fair Information Practices. Then, the FTC moved to a framework focused on harm. The FTC still thinks notice-and-choice can work in some circumstances, but it fails in other circumstances. There is concern that notice hasn’t prevented harm. The FTC wants to develop a better framework, but business practices are constantly changing around the FTC.

I asked Eileen how companies can decide what is important enough to be disclosed. I pointed out that Sears’ privacy policy fully disclosed its researchware practices but only deep within its privacy policies. Eileen responded that Sears wasn’t a close call because their disclosures were completely inadequate and the pop-up ads offered consumers a different value proposition.

Perkins Coie’s recap of Eileen’s remarks.

Wendy Seltzer’s presentation did a nice job summarizing the privacy advocate’s view. What’s new online = more data + better data crunching. Most responses have been self-regulatory and focus on notice and choice. Self-regulation works only if there an effectively functioning market for privacy. Market failures:
* information costs of reading privacy policies.
* Behavioral economics/psychology. Consumers have difficulty evaluating near vs. distant events (i.e., hyperbolic discounting). Consumers are too optimistic that they won’t experience harm, even if disclosed to them. Technology moving too fast, so consumers can’t anticipate future developments (such as better deidentification).

In response, Leslie Harris of the CDT added that the latest generation of kids may value its privacy, they just may not have been faced with privacy challenges yet. We don’t know what we don’t know, and we shouldn’t assume people don’t care about privacy.

Leslie also lauded the FTC behavioral advertising principles because it discourages distinctions between PII and non-PII. Also, self-regulatory efforts have been shaped by FTC’s intervention. But she is not persuaded that self-regulation works.

Rebecca’s recap of this panel.

Research on Consumer Decision-Making

Alan Levy from the FDA. Regulators’ biggest mistake is thinking consumers read labels to learn more information about the product. Instead, consumers read labels when they have specific Qs that the label can answer. But framing the Q requires consumers to have lots of domain knowledge already, and consumers often don’t know enough to ask the Qs.

The function of label-based product claims is to ease consumers’ information search. Consumers want to make good decisions, but they satisfice. They look for products that can meet minimum adequacy standard and won’t embarrass them if asked to justify their decision. Most decisions aren’t life-and-death, and consumers usually can fix most bad decisions with their next purchase. Product claims work because they are convenient for consumers and help satisfice.

Consumers assume advertiser claims signal unique attributes of their products compared to their competitors. Consumers don’t generalize claims to the product class. Consumers want new and relevant information. The most effective marketing tells consumers something they do not already know. So claim effectiveness depends on heterogeneous consumer experience and knowledge.

Consumers need reliable information to satisfice. Consumers will accept information if it’s consistent with what they already know and legitimate on its face (i.e., not seemingly manipulative). Disclaimers about product claims can actually make claims more effective or are just ignored.

Health claims on package label front truncates a consumer’s product search—when a claim is on front, consumers won’t read the back of the package label.

Policy-makers focus too much on trying to perfect claim language, and not enough on helping frame the decision for consumers. This is based on mistaken assumption that claims don’t work well enough at educating consumers, but the real risk is that claims work too well at motivating consumer decision-making.

Michael Mazis of American University. Lessons:

* disclosure medium matters. Disclosures are more effective in media that give consumers more time to review them.
* Consumer motivation matters to the efficacy of disclosures
* Marketing claims trump other disclosures/disclaimers

Broadcast ads: text disclosures don’t work.
Print ads: consumers aren’t in search mode, so disclosures aren’t relevant
Web ads: consumers are in product search mode, so disclosures are more likely to be effective

Ways to improve disclosure effectiveness: proximity, prominence, easy to find, comprehensible, no legalese (consumers discount these disclosures), no repetitive “throw away” disclosures.

Findings from a research study about testimonial ads:
* when consumers see testimonials in ads, they assume that results are typical
* general disclosures that “results aren’t typical” aren’t effective
* specific disclosures about lack of typicality are somewhat more effective than general disclosures, but still aren’t very effective

Rebecca’s recap of this panel.

Role of Consumer Surveys in Enforcement/Litigation

Chris Cole of Manatt Phelps said that in every false advertising case, parties disagree about whether claims are literal or implied. Courts vary widely about what constitutes a literal claim; much depends on advocacy quality and the judge’s intuition (results-oriented judgment). There is no uniform standards for survey admissibility. There is a trend towards accepting non-traditional evidence such as internal brand tracking surveys not specifically prepared for the litigation.

Chris also talked about the difficulty designing a defensive survey because it’s hard to prove a negative (i.e., the absence of consumer confusion). To do so requires lots of directed (but not leading) questions to present enough evidence to convince the judge. Further, the other side often tries to reinterpret survey results, which is another reason not to conduct a defensive survey in the first place.

He also said there is no reason to give FTC or State AGs’ interpretation of ad claims any extra deference. The government should have to prove its case.

Finally, Chris discussed problems with trying to do surveys over the Internet, which may be more representative of consumers in practice than mall intercept surveys—who goes to a mall any more? However, he noted that the screen display may not be the same (ex: TV ads shown on a computer monitor may be harder to read), and there may be questions about the motivation and representativeness of panelists who are incented to participate.

Lee Peeler, a long time FTC staffer, said that years ago, FTC was perceived as not using extrinsic evidence because surveys might prove defendant’s case or get tossed out. Now, FTC looks at extrinsic evidence, but non-exclusively.

Patricia Conners of the Florida AG’s office said that state AGs don’t like to do consumer surveys because (1) they are not statutorily required, (2) they are expensive and time-consuming, (3) they distract the case from substantive issues to focus on survey methodology, and (4) many cases are against really bad actors, so survey evidence isn’t necessary to prove the case. On the flip side, defendants often overclaim their extrinsic evidence when trying to avoid regulatory intervention, which makes the regulators skeptical.

Rebecca’s recap of this panel.

More on the Conference

* Rebecca on financial products safety
* Rebecca on green marketing and internet issues. Arnold & Porter on the green marketing panel.
* My post on my talk on 47 USC 230 and consumer protection law.

Posted by Eric at 08:24 AM | E-Commerce , Licensing/Contracts , Marketing , Privacy/Security | TrackBack

July 06, 2009

June 2009 Quick Links, Part 1

By Eric Goldman

Just a reminder that I post some items to Twitter that don’t make it into these monthly recaps. If you want even more, you can track a superset of my online activities at Friendfeed.

Search Engines

* All Things Digital had an interesting 3 part series on the role of humans in configuring Google's algorithms: Scott Huffman; Matt Cutts; Amit Singhal. My initial 2005 blog post on the topic.

* More evidence of the deleterious consequences of latency on users' enjoyment of search results pages.

* Google is stumping in favor of its book search settlement deal and putting on the "charm offensive."

* Wired on niche search engines competing around the edges of Google.

* Google has dropped its feature that allowed quoted sources to reply in Google News.

* First, kosher phones. Now, kosher search engines.

Trademark

* Wendy Davis on a trademark lawsuit against Craigslist for allegedly infringing ad copy supplied by one of its users.

* Rookie mistake: Tony LaRussa publicly announced a settlement deal in his trademark lawsuit against Twitter before the papers were signed. Guess what....NO DEAL! UPDATE: A deal was struck subsequently.

* Speaking of which...the WSJ on Twittersquatting.

* WSJ: Europe's High Court Tries On a Bunny Suit Made of Chocolate. The EU struggles with trademarkability of chocolate bunnies.

* Productive People, LLC v. Ives Design (D. Ariz. May 29, 2009). TRO against a domainer.

* Oddee: 10 of the Worst Restaurant Names ever.

Copyright

* Supreme Court declined certiorari in the Cartoon Network v. CSC case.

* Arista Records LLC v. Usenet.com, Inc., 2009 WL 1873589 (S.D.N.Y. June 30, 2009). Usenet service provider committed (1) direct copyright infringement (because it “actively engaged in the process so as to satisfy the “volitional-conduct” requirement for direct infringement”) as well as contributory infringement, vicarious infringement and inducement of infringement. This case was colored by defendants’ evidence spoliation and the lack of a viable 512 defense; in situations like this, courts smack down defendants hard. The court’s analysis would be troubling for many online service providers if this case isn’t an outlier. Mike Masnick has more on the import (or lack thereof) of this case.

* Brave New Films 501(C)(4) v. Weiner, 2009 WL 1622385 (N.D. Cal. Jun 10, 2009). BNF was denied summary judgment on its declaratory judgment request because (a) Savage never threatened BNF directly, and (b) ORTN, which did threaten BNF directly, isn't the copyright owner. My previous coverage of this case.

User Agreements

* In the Matter of Sears Holdings Management Corporation. The FTC busted Sears for installing tracking software/spyware, even though Sears (1) asked all users to expressly opt-in, (2) paid users $10 to install the software, and (3) made full disclosure of the thorough tracking function of the spyware in the user agreement, albeit late in the installation process and in a buried fashion.

* Universal Grading Service v. eBay Inc., No. 08-CV-3557 (E.D.N.Y. June 10, 2009). eBay venue selection clause upheld.

* McMillan v. Wells Fargo, 2009 WL 1686431 (N.D. Cal. June 12, 2009). Wells Fargo asks some customers to agree to four different documents with differing governing law/venue selection clauses, leading to massive judicial confusion about how to determine governing law and venue.

* I’m using EFF's new "TOSBack" tool to track changes to major online services' user agreements. For my commentary on an article by Becher/Zarsky predicting the development of tools like this, see my writeup.

Posted by Eric at 04:54 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack

July 01, 2009

Securities Fraud Case Premised on Click Fraud Allegations Dismissed--Brodsky v. Yahoo

By Eric Goldman

Brodsky v. Yahoo, Inc., 2009 WL 1766002 (N.D. Cal. June 18, 2009).

The legal battles over click fraud are pretty much played out, but some legacy cases are still working through the system. This lawsuit was a securities fraud action alleging that Yahoo inflated its stock price by, among other things, deliberately ignoring some click fraud activity to grab quick revenue. The lawsuit was dismissed in October of last year with leave to amend. Having tried again, the plaintiffs still didn't satisfy the judge, so the judge booted the case permanently. However, given the plaintiffs’ investments in this case, it would not surprise me if the plaintiffs appeal.

The actual opinion isn't all that remarkable. For the click fraud allegations, the plaintiffs rely principally on confidential witnesses who are former Yahoo employees. The cloak-and-dagger Deep Throat stuff is mildly interesting, but the court still wasn't convinced that these insiders had enough personal knowledge about Yahoo's revenue recognition practices (except for one witness, who didn't allege malfeasance). As I wrote in October, "it will be interesting to see if the plaintiffs can produce any witnesses who can testify about the rate of Yahoo's click fraud overcharging sufficient to satisfy legal standards." This ruling seems to answer that with a big "negative."

Posted by Eric at 09:53 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack

June 10, 2009

Stop Saying "We Can Amend This Agreement Whenever We Want"!--Harris v. Blockbuster

By Eric Goldman

Harris v. Blockbuster Inc., 2009 WL 1011732 (N.D. Tex. April 15, 2009). The Justia page.

[I've been sitting on this case for a couple of months, but it's such an important case that it still deserves a write-up even at this comparatively late date.]

This case is part of the legal detritus from the Facebook Beacon program. As you recall, Facebook Beacon included purchases from third party e-commerce sites into the buyer's Facebook status reports. This required the e-commerce sites to report Facebook users' purchases back to Facebook. A Blockbuster user claimed that Blockbuster's reports to Facebook violated the Video Privacy Protection Act, which prevents disclosures of PII about video customers without their consent. (Beacon did have an opt-out of debatable efficacy). Blockbuster moved to compel arbitration of this lawsuit based on the mandatory arbitration clause in Blockbuster's user agreement.

Blockbuster used an industry-standard and entirely typical introductory clause to its user agreement, which said:

Blockbuster may at any time, and at its sole discretion, modify these Terms and Conditions of Use, including without limitation the Privacy Policy, with or without notice. Such modifications will be effective immediately upon posting. You agree to review these Terms and Conditions of Use periodically and your continued use of this Site following such modifications will indicate your acceptance of these modified Terms and Conditions of Use. If you do not agree to any modification of these Terms and Conditions of Use, you must immediately stop using this Site.

This industry-standard and entirely typical clause does not fare well in this courtroom. Among other defects, the judge notes that "there is nothing in the Terms and Conditions that prevents Blockbuster from unilaterally changing any part of the contract other than providing that such changes will not take effect until posted on the website." As a result, the court deems the arbitration clause "illusory," an odd Texas law descriptor that appears to be a cousin of lack of consideration.

I could wax philosophic about the ontological meaning of a "contract" that one party can amend unilaterally at any time without notice. However, I'd rather focus on the simple practical implication from this ruling. I've never been a fan of the language Blockbuster used, and I had hoped many websites would reconsider the language after the Ninth Circuit trashed such provisions in 2007 in Douglas v. Talk America (also see my follow-up post). Yet, these clauses are still ubiquitous, even at big websites that "should know better," so let me boil it down for you into a single all-caps mantra:

STOP PUTTING CLAUSES INTO YOUR CONTRACTS THAT SAY YOU CAN AMEND THE CONTRACT AT ANY TIME IN YOUR SOLE DISCRETION BY POSTING THE REVISED TERMS TO THE WEBSITE

This language has a significant risk of killing the entire contract, which would strip away a lot of very important provisions that should be/need to be in the contract. So far Blockbuster has only lost its mandatory arbitration clause, but it's possible other important risk management clauses (warranty disclaimer, liability limits, dollar caps, etc.) will similarly fall. If those clauses fail, let the plaintiff feasting begin!

I recognize that weaning ourselves from very flexible amendment language leaves us as drafters with few good options to modify online user agreements over time. I discussed this dilemma in my post on the Douglas case. I haven't found any better solutions in the past 2 years, but I can say with confidence--DON"T DO WHAT BLOCKBUSTER DID.

UPDATE: I got the following email from a reader proposing a good alternative to current amendment notification processes: "To avoid the spam-filter problem, the provider could give notice via an RSS feed as well, and then disclaim like crazy about the problems with the email option (which would indeed simply be an option -- a link to a page where users can sign up to receive notices)." I love this idea! RSS is a true opt-in with few of the challenges of email.

Also, this brought to mind the EFF's new TOSBack service, which I'll mention more in a future blog post, that effectively provides a third party service to track amendments of various user agreements into an RSS feed. I LOVE IT! I have subscribed to TOSBack and plan to blog on interesting user agreement amendments it reveals--and I suspect I'm not the only one queued up to do so. TOSBack is a game-changer for public scrutiny of agreement amendments--sites being monitored in TOSBack are now on notice that their user agreement amendments are being watched!

Posted by Eric at 10:26 AM | Licensing/Contracts , Privacy/Security | TrackBack

June 08, 2009

May 2009 Quick Links Part 1

By Eric Goldman

Just a reminder that I'm posting some quick links exclusively to my Twitter account.

Trademarks

* Texas International Property Associates v. Hoerbiger Holding AG, 2009 U.S. Dist. LEXIS 40409 (N.D. Tex. May 12, 2009). Domainer loses ACPA claim over typosquatted domain name. The PPC advertising constituted bad faith intent to profit. Ryan Gile recaps the action.

* GunBroker.com LLC v. Heckler & Koch Inc., No. 09-cv-00051 (M.D. Ga. complaint filed May 14, 2009). Interesting lawsuit by an online auction site for guns seeking a declaratory relief action against a trademark owner who deployed an enforcement agency, Continental Enterprises, to send a driftnet takedown letter that apparently targeted used gun resales or compatible goods. Ryan Gile has more.

* Miranda v. Guerroro, 2009 WL 1381250 (S.D. Fla. May 14, 2009). Miranda is “Paola Morena,” a Latin singer. Her former manager convinced her to do some nude photo shoots in an effort to get a Playboy gig. The Playboy gig didn't materialize, and the manager stopped representing Miranda/Morena. After Morena's career took off, the manager then allegedly threatened to publicly post the photos unless she paid him $70k. Morena rebuffed the request, so the manager allegedly followed through with his threats by launching a website paolamorena.com [I got a nasty Google malware warning when I tried to visit the site], calling it her “official” site and posting some of the photos. The court enjoined the manager under trademark law. I'm a little confused how Morena had protectable trademark rights in her name. Did she make any use in commerce in the United States? Did her name achieve secondary meaning? This could be another case where trademark law is being stretched to stop bad behavior.

* Eric Menhart, the self-purported owner of a trademark in the term Cyberlaw, has gotten his very own personal gripe site.

Advertising and Marketing

* How much can Behavioral Targeting Help Online Advertising? HT Greg Linden

* Yingling v. eBay, 5:2009cv01733 (N.D. Cal. complaint filed April 21, 2009). A class action lawsuit alleging that eBay Motors overcharged merchants.

* IAB has issued its Click Measurement Guidelines designed to answer the Q “What is a Click?” See if their 28 page report actually answers the Q.

* A confusingly written LA Times article reports that 4 South Korean dissident bloggers are being criminally prosecuted for artificially inflating impression counts in order to game rankings of most popular pages.

* Perennially funny: unfortunate product names.

Copyright

* Solicitor General recommends against granting cert in Cartoon Network v. CSC.

* AV v. iParadigms, April 16, 2009. The Fourth Circuit says that the Turnitin system is fair use. My initial blog post on the district court ruling.

Security

* News.com: Interview with FBI cybercrime agent working undercover.

* Oddee: problematic CAPTCHAs. Funny.

Google

* Everyone wants to talk about whether Google is a monopolist
- In early May, I heard Susan Athey, Microsoft's Chief Economist, give a lunchtime attack speech on Google at a George Mason event
- Google is circulating a document explaining why it's good for competition
- Google is blanketing DC with lobbyists too.
- And Google says it's actually small potatoes.
- Wired: Will Wolfram Alpha forestall antitrust inquiry into Google? As I've argued before, we continue to see new entrants into the search business all the time—it’s just too big a market to ignore.
- NYT weighs in too. And the Washington Post discusses how Microsoft and others are complaining about how many Google folks are going into the Obama administration.

* Danny Sullivan: State Of Search: Google Will Stay Strong Despite Bing & Yahoo

* Wired: Secret of Googlenomics: Data-Fueled Recipe Brews Profitability

Posted by Eric at 04:03 PM | Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Trademark | TrackBack

June 02, 2009

Web Developer Didn't "Convert" Website--Conwell v. Gray Loon

By Eric Goldman

Conwell v. Gray Loon Outdoor Marketing Group, Inc., 82S04-0806-CV-00309 (Ind. Sup. Ct. May 19, 2009)

This is a classic cautionary tale about interactions between a web developer/host and a customer. The customer retained the web developer to develop a website. The paperwork between the parties was not a model of clarity. Later, the customer orally asked the developer to modify the site; this time, there is only garbled conversations and no paperwork. The developer modified the site but the customer changed its mind and asked the developer to roll back to the earlier version. But the developer could not do so because it didn't keep a copy of the earlier version (what???), The customer stiffed the developer and the developer took the website offline. The developer sued for non-payment; the customer cross-sued for conversion on the theory that it had paid for the site and had been deprived of its property.

The Indiana Supreme Court wrestles with several questions, concluding that:

1) The relationship was governed by common law principles applicable to services, not the UCC Article 2 applicable to goods. This is a tricky area of the law, but I think this may be the more logical result for a combination web developer/host, especially one who never actually delivers any code to the customer.

2) Was there an enforceable agreement to amend? The trial court said yes, and the Supreme Court saw no reason to override that factual finding.

3) Did the developer convert the code/website by erasing the old version? The application of ancient doctrines of "conversion" to intangible bits always makes me queasy, and it's led to some confused jurisprudence. In this case, the court sidesteps all of that doctrinal messiness for the simple reason that the customer never obtained ownership of the code. This is really basic copyright law. Customers who want ownership of the work done by vendors need to spell that out in a written agreement. No written agreement specifying customer ownership, no customer ownership--it's that simple. The court says the customer didn't properly obtain ownership in the written customer-vendor agreement, so the vendor had retained copyright title to its developed code all along, and the customer never had title to be converted.

As usual, so many problems are completely avoidable through proper communication through written agreements and amendments between customers and vendors. Some other obvious observations here:

* it's hard to imagine many web development disputes that are worth taking to a state supreme court, especially one where the outstanding bill was about $5k.
* if you are a web developer's customer and you want to own the developed code, you have to say so in a written agreement
* and, if you want a copy of your website's code, make sure you say so in the contract AND actually get a copy!
* if you are a web developer, you might keep customers happier if you keep every version of their website's code instead of tossing old versions.
* this dispute would have be governed by UCC 2B or UCITA if either were the law of Indiana. I wonder to what extent the new ALI Principles on the Law of Software Contracts (acknowledged in the opinion) will help resolve future disputes like this.

This case reminded me a little of the New Mexico v. Kirby case from a couple years ago, where a customer's failure to pay its website developer while keeping the developed code led to an unexpected jail sentence. I offer more lessons about web developer-customer relationships in that blog post.

While the customer lost the battle here, the issue of when electronic records are subject to conversion doctrines is hardly going away. This court reaches the sensible result that a putative owner gets no protection from conversion unless he/she actually has title to the asset. Read literally, though, I wonder if this ruling could undercut claims over conversion of virtual world assets? After all, a virtual world asset holder may rarely have clear title to the asset; certainly the holder won't be the copyright owner of the asset. Perhaps the analysis will be different in situations where a third party (the virtual world operator) allocates "title" within its own titling system to users--it might still be possible to deprive an asset holder of "title" within that asset system even if the asset holder would have no conversion claim against the virtual world operator if the operator takes the exact same steps to deprive the asset holder.

Other comments about this case:
* Juliet Moringiello
* Eugene Volokh

Posted by Eric at 11:19 AM | Copyright , Licensing/Contracts , Virtual Worlds | TrackBack

May 03, 2009

April 2009 Quick Links

By Eric Goldman

[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]

Marketing/Spam

* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.

* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.

* NYT: "Never Mind What It Costs. Can I Get 70% Off?"

* Tsan Abrahamson on social media and marketing law.

* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.

* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).

Defamation

* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.

* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.

* CMLP has a page organizing all of its 47 USC 230 material.

Intellectual Property

* Publicly republishing a private email leads to a default judgment of copyright infringement.

* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."

* Octomom is seeking trademark registrations.

Miscellaneous

* GeoCities is shutting down.

* eBay will referee customer disputes.

* Wilson Sonsini's VC financing term sheet generator.

* Oddee: 10 Most Bizarre [Online] Gaming Incidents

Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack

April 12, 2009

Q1 2009 Quick Links, Part 4

By Eric Goldman

Security

* Massachusetts Data Security regulations were amended.

* In Facebook v. Power.com, Facebook brought another lawsuit to block extraction of user data from the site (similar to the Facebook v. ConnectU lawsuit). Venkat, Masnick, News.com, NYT, Justia. In this case, I wonder if Facebook has adequately distinguished between Power.com's behavior and the operation of its own "Find a Friend" service that taps into third party email servers to extract email addresses. Power.com’s response.

* Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. Jan. 7, 2009). IP infringement isn't a cognizable harm under the Computer Fraud & Abuse Act.

Adware/Spyware

* Who says Valentine's Day is just a Hallmark holiday? Sales of spyware and other tools to track cheating SOs also increase around Valentine's Day.

* Susan Brenner on the Cybercrimes Treaty and the US's decision not to criminalize possession of malware as required by the treaty.

Venture Capital

* BusinessWeek: Silicon Valley innovation is being stifled by VCs who only want to make small bets, not big bets. But VC investing is faddish, so the wind might change tomorrow.

* $600M of VC investments in virtual worlds.

Contracts

* Burcham v. Expedia, Inc., 2009 U.S. Dist. LEXIS 17104 (E.D. Mo. Mar. 6, 2009). Buyer was bound to user agreement even though he argued (without any evidence) that someone else established the account he used. This dovetails nicely with the broad reading of who is bound by an online user agreement; see my discussion in the Lori Drew case. Jeff Neuburger's writeup. Aside: I wonder if Expedia will be insulated by 47 USC 230 for the allegedly wrong description of amenities if they got the description of the hotel from third parties. For an analogous result involving the binding of users who didn't agree to the initial contract, see CoStar Realty Information, Inc. v. Field, 2009 WL 841132 (D. Md. March 31, 2009).

* Fractional Villas Inc. v. Tahoe Clubhouse, No. 08cv1396 (S.D. Cal. Feb. 25, 2009). Citing the RMG case, the court says that merely visiting a site may be sufficient to bind visitors to a browsewrap. However, in this case, there was insufficient evidence that the defendant had ever visited the site.

* Cherny v. Emigrant Bank, 2009 U.S. Dist. Lexis 2486 (March 12, 2009). Latest case that breach of privacy policy isn’t actionable unless there are actual damages. Venkat’s writeup.

* A stat I fully believe: "studies have shown that more than half of all companies cannot even locate signed copies of 10% or more of their contracts." The Zen Master asks: if both parties think they have entered a contract but neither can find a copy, do they have a contract? (this has really happened to me before).

Taxes

* Amazon v. New York and Overstock v. New York (N.Y. Sup. Ct. Jan. 12, 2009). Kudos to New York for finally figuring out a way to break the Internet and defeat the Internet Tax Freedom Act by treating Amazon Associates as traveling salespeople for sales tax collection purposes. I imagine every state in the country will jump on this bandwagon, at which point some e-tailers will kill their affiliate program and others will end up imposing sales tax collection nationwide.

* Pitt County v. Hotels.com, L.P. (4th Cir. Jan. 14, 2009), Online travel aggregators aren't "retailers" (as referenced in the statute) for purposes of collecting local hotel occupancy taxes.

General

* Some interesting cyberspace exceptionalism developments involving cases where paper presentation may be different from electronic presentation of the exact same content. In Smith v. Under Armour, Inc., 2008 WL 5486764, web payment confirmations displayed on-screen are not "printed" within the meaning of the Fair and Accurate Credit Transactions Act. Accord Smith v. Zazzle.com, Inc., 2008 U.S. Dist. LEXIS 101050. See generally this Proskauer recap. In Saulic v. Symantec Corp., a California law prohibiting data collection with credit card sales was held inapplicable online.

* Sudduth v. Donnelly, 2009 WL 918090 (N.D. Ill. April 1, 2009). Plaintiff got stiffed on his eBay transaction and sued eBay for 1983 equal protection and conspiracy claims as well as a Title VI civil rights claim. Because eBay isn't a state actor, however, the court dismissed eBay.

* My colleague Steve Diamond is blogging every detail of the battle for SAG's soul over at his new blog, King Harvest. For example, he summarizes the travails of the Screen Actor's Guild.

* Oddee: 10 Geekiest T-Shirts. I own a t-shirt that says "I'm Blogging This" (a gift from a former student) and a mug that says "Vegetarian Blogger" (gift from a colleague).

* Oddee: 15 Most Unfortunate Town Names. I think Licking County should have been a contender.

* Is there any better sign of Cyberlaw's maturity than the publication of Internet Law in a Nutshell? [Amazon Affiliates link]

* Oddee: 12 Most Ridiculous Lawsuits. I welcome your nominations for the most ridiculous Internet lawsuits of all time. I hope to write that up some day.

* Happy birthday, Gmail! Best email software I've ever used. The battles over Gmail privacy seem so...2004!

Free Stuff

* The Ninth Circuit recently updated its website...with RSS feeds!

* Nolo Press' "NDAs for Free." Potentially useful site.

* I have one extra copy of my Fall 2008 Cyberspace Law course reader. First person to send an email with their mailing address gets it. [CLAIMED]

Posted by Eric at 12:03 PM | Adware/Spyware , E-Commerce , Licensing/Contracts , Privacy/Security , Trade Secrets , Virtual Worlds | TrackBack

March 30, 2009

CLRB Hanson v. Google Preliminarily Settles for $20M

By Eric Goldman

CLRB Hanson Industries v. Google, 5:05-cv-03649-JW (settlement papers filed March 26, 2009). The new case filings:
* The settlement motion
* The settlement agreement
* The proposed court order granting the settlement

My previous blog coverage of the case:
* my initial post from August 2005
* the August 2007 determination that advertisers were bound by the AdWords contract
* the May 2008 initial refusal to grant summary judgment to Google
* the December 2008 second refusal to grant summary judgment to Google

The long-running CLRB Hanson v. Google case (also referred to as the Howard Stern case because he is a named plaintiff), over Google's alleged mishandling of budget caps set by its advertisers, has reached a proposed settlement. The settlement needs court approval, but I would be surprised if that didn't occur in due course. Individual advertisers could choose to opt out of the settlement and pursue individual claims, but I expect few will find it economically rational to do so. In the extreme case, the deal could unravel if more than 5% of advertisers opt out of the class, but I would be shocked if this happened. As a result, I expect this development to substantially resolve the case.

The stated settlement price tag is $20M of cash. Plaintiffs' counsel are likely to get $5.25M, the named plaintiffs are likely to get $20k each, and the $14.7M balance will go into a bank account. Google will provide AdWord credits for affected advertisers who are still advertising and have a balance due to Google, and Google will get cash back from the pot for any actual credits given to advertisers. It is unclear how much of the $14.7M Google will recoup this way. Or, advertisers can opt to receive cash instead for their putative harms. If less than $200k is left over after all this, the money will go to charity. If more than $200k is left over, the parties will go back to the judge to propose how to reallocate the remaining money to the class.

in my previous post on the case from December 2008, I wrote:

I suspect the case is still around because the parties can't work out a deal on the attorney's fees--which, if this situation is anything like the click fraud cases, almost certainly will dwarf any actual monetary relief received by the putatively injured advertisers. If the parties can work out the plaintiff attorneys' cut of the spoils, I'm confident this lawsuit will settle before trial

Seeing the size of this settlement, I'm not sure I called it right. Given the fairly narrow advertiser harms left open by the judge's prior rulings, I expected the advertiser relief to be nominal (certainly less than $15M). Furthermore, unlike prior advertiser v. search engine lawsuits where advertiser credits were use-it-or-lose-it, Google could be out much of the $20M no matter what. In the end, Google probably will pay a lot more cash than I expected it would have to.

While Google can easily afford the dough, the settlement is a big enough sum to potentially attract further class action lawyers seeking their piece of the Google fortune. Contrast this with Google's stance on patent lawsuits, where it has taken a hard line on settlements with the hope that its refusal to buy out lawsuits will discourage future weak patent claims from being asserted against it. However, the plaintiffs in this case had to work pretty hard--Google fought them for nearly 4 years--so it's possible that the actual economic return for the plaintiffs' lawyers for their four years of labor wasn't especially lucrative.

I have lost track of the many lawsuits against Google, but I believe this settlement ends the 2005-era advertiser v. Google class actions. There may still be some individual click fraud claims, and there are other advertising-related lawsuits still pending (such as the Vulcan Golf and related/copycat lawsuits). Let's hope this means that Google has improved its ability to keep advertisers happy.

Posted by Eric at 06:46 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack

February 20, 2009

Facebook User Agreement Imbroglio Recap (and Some Comments of My Own)

By Eric Goldman

I didn't have a chance to blog on the Facebook user agreement amendment flap in real-time, but now that Facebook has rolled back its amendments and everyone is catching their breath, the Monday morning quarterbacking is proceeding in full earnest. Some of the articles that caught my attention:

* CNET News.com: "Facebook's about-face: Change we can believe in?"

* InternetNews: "Experts: Facebook Must Rethink TOS Stance"

* EFF: "Facebook's reaction is a tremendous victory for its users." I guess that's true, in the way that getting back to zero at a casino sometimes can be considered a win.

* Bill McGeveran powerfully (and with irony) demonstrates that Facebook's terms weren't all that unusual. Et tu, Consumerist?

Some of my own observations:

* When you're a high-profile company living in the media fishbowl like Facebook, there is no such thing as a minor amendment to your user agreement.

* Facebook's amendments--and the news reports about them--were confusing for two independent but often correlated problems. First, lay readers often misread user agreements, especially broad license grants that users mistakenly read as statements of ownership. This is a well-known and long-standing phenomenon; see, e.g., the flap over GeoCities' user agreement from a decade ago. So initial news reports on Facebook's amendments were garbled and perhaps overly dramatic.

Second, Internet lawyers often draft user agreements using legalese in ways that make the agreements indecipherable to lay readers...and, not infrequently, to other lawyers. Having drafted a lot of them in my life, I'm a pretty sophisticated reader of user agreements, yet it took me a fair amount of time to parse Facebook's license terms to figure out what they were saying--and, even then, I wasn't quite sure. In particular, the "perpetual" and "irrevocable" terms in the license agreement were in seeming conflict with Facebook's promise in the same license grant to honor a user's privacy settings. In other words, if a user can set the configurations to remove content from Facebook's purview and Facebook will honor those instructions, then how is Facebook's license grant irrevocable? Unless I'm missing something big, this looked to me like a drafting error by Facebook. (And check out Nancy Kim's op-ed identifying this exact issue--in March 2008).

This suggests a drafting lesson we might internalize from Facebook's hassles (Jonathan Zittrain makes a complementary point). We as Cyberlawyers are used to parroting the exact words from the applicable statutes and caselaw because it seemingly increases the precision of the agreement, but frankly I think Facebook and other Internet companies would do a whole lot better--both legally and in the court of public opinion--if it junked the legalese and actually tried to write license grants in real English.

* Partially obscured in the haze is the lurking question of whether Facebook can unilaterally amend its user agreement without providing any notice to users. I don't even see this as a close question. From my reading of the precedents, I think the answer is pretty emphatically NO, both as a matter of contract law (and see more; but compare MySpace v. theglobe.com) and FTC law (see, e.g., the Gateway Learning case). Without a doubt, I wouldn't want to be Facebook trying to defend the new incremental changes in court.

* I got a few inquiries about whether a lawsuit against Facebook would have been successful. As Ethan explained recently, there may be unexpected hurdles to any such lawsuits.

* Now that Facebook has stirred the hornet's nest, it's not clear that they can simply roll back to the prior version of the user agreement and put everyone back in the happy apple. Instead, having called attention to its licensing policies, Facebook will be lucky if the pre-amendment terms survive as those undergo critical and jaundiced scrutiny from users. David Kirkpatrick touches on this.

* No matter how Facebook resolves its agreement, this episode has been damaging to its trust relationship with its users. It gives users yet another reason to question whether Facebook is a site we can trust. For users who lived through the Newsfeed and Beacon episodes, this may be a three-strike situation. For others, the fracas is yet another wedge in the users' relationship with Facebook. Trust is hard to earn and easy to lose.

Having said that, in the past couple of quarters, Facebook has been riding a strong network effects bull and seeing remarkable growth DESPITE Beacon. So Beacon clearly did not destroy users' trust in Facebook. At the same time, if users fall out of love of Facebook due to loss of trust, they will scale back their involvement with Facebook, which ultimately could negate the network effects benefits they are currently experiencing. IMO, this is the real risk created by Facebook's highly publicized problems.

Posted by Eric at 08:57 AM | Internet History , Licensing/Contracts , Privacy/Security | TrackBack

February 06, 2009

2008 Cyberlaw Year-in-Review

By Eric Goldman

It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.

Broad Themes

A few broad themes emerged last year:

* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.

* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.

* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.

* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.

* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.

Top 11 Cyberlaw Developments of 2008

#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.

# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.

#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.

#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.

#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.

#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.

#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.

#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.

#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).

#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.

Other Developments of Special Note

47 USC 230

* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”

* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.

* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.

Affiliate Liability

* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.

* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.

Trademarks/Domain Names

* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.

* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?

* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."

* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.

* New gTLDs. Maybe I should reserve this development for 2009...if it happens.

Others

* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?

* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.

* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.

Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack

February 05, 2009

Publisher Promising "Visitors" Owes "Visitors," Not "Unique Visitors"--WebMD v. RDA

By Eric Goldman

WebMD, LLC v. RDA Intern., Inc., 2009 WL 175036 (N.Y. Sup. Ct. Jan. 6, 2009)

It's been a while since I've blogged about a lawsuit between an Internet publisher and advertiser, so you may enjoy this one. RDA placed a series of advertising orders with WebMD, including one order where WebMD promised "36,000 visitors" to an RDA website. RDA eventually stiffed WebMD to the tune of $350k, which is enough outstanding cash to get WebMD into court for a collections action. Once there, RDA argued that WebMD failed to perform the contract because the contract required 36,000 unique visitors and WebMD only delivered 70-80% of this number.

Most of us in the Internet advertising business immediately scoff at RDA's argument. Everyone in our industry knows that "visitors" and "unique visitors" are two very different things, and that if the parties actually meant "unique visitors," they would have said so. The court efficiently reaches this conclusion as well, saying that the term "visitors" is unambiguous and "If defendant wished to be guaranteed “unique visitors” to the site, it should have specified such in the agreement." Even if the term were ambiguous, the court still isn't sympathetic, in part because the advertiser never complained about the invoices while the parties were still in a relationship. (And, as we know, advertisers will complain if they think the deal isn't performing to their expectations!!!)

Two practice pointers from the case. First, it's critical to precisely define the metric for computing payment in advertising contracts. Often, when I'm asked to look at Internet ad contracts, I'm sent the T&Cs but not the actual IO where the payment metric for the particular ad deal is specified. That's one of the most important aspects of an ad contract, so as a lawyer, we really need to get our hands on the IO business terms in addition to the T&Cs. Second, the opinion doesn't mention any clause in the WebMD contract that WebMD's numbers control for calculation purposes. (The clause might have been in the contract, but it wasn't referenced in the opinion). Even if the court won't enforce those clauses verbatim, they can still be extraordinarily helpful in tipping any ambiguities in favor of the publisher and against the advertiser when the parties dispute the numbers.

HT: Ken Adams, who thinks that "visitors" is ambiguous. His example shows how it could be in some contexts, but it's not ambiguous in this context. Ken, in turn, links to the ContractsProf post.

Posted by Eric at 05:55 PM | Licensing/Contracts , Marketing | TrackBack

January 23, 2009

The [Non]enforceability of Privacy Promises--Pinero v. Jackson Hewitt

A recent court case reiterates that privacy policies aren't the be-all, end-all panacea for protecting online privacy.

By Ethan Ackerman

One of the main arguments against a federal online privacy law has been that website privacy policies were a self-regulatory solution that was more than sufficient, permitted more flexibility, and bound parties as surely as any federal law. Real-life court cases continue to suggest the contrary.

From mid-90s FTC staff decisions to "encourage self-regulation" to the 1998 formalization of a Clinton administration e-commerce policy framework to the extension of this policy through both terms of the G.W. Bush Administration, "self-regulation" of online privacy has been the policy of the executive branch of the federal government. Similarly, "self-regulation" has been the primary card played (the 10 of spades?) against Congressional attempts to pass federal online privacy regulation, successful in stalling any legislation on the issue since at least the 106th Congress. Online industry lobby groups still emphasize that "self-regulation" is the only needed enforcement, and online privacy advocates cite self-regulation's failures for the 'decade of disappointment' in internet privacy.

Meanwhile, outside of the policy debates, online activity has exploded, along with the collection and use of personal information online. Putting aside the real challenge of discovering unacceptable uses, sometimes that collection and use (or misuse) is egregious enough that someone sues over it. As the recent case of Pinero v. Jackson Hewitt Tax Service shows yet again, actual monetary damages matter more than egregiousness.

Ms. Pinero discovered that a Jackson Hewitt Tax Service licensee that prepared her taxes had breached its privacy policy when a local news station contacted her and provided her with her prior year tax returns, discovered in a public dumpster along with the returns of more than 100 other Jackson Hewitt clients.

Mindful of the increasing body of cases that have refused to find damages in the mere breach of protective statutes, violations of privacy policies or unlawful disclosures of personal records, Ms. Pinero's attorneys alleged specific factual emotional, physical, and economic damages in their suit. Those damages weren't good enough under the applicable state law, according to U.S. District Judge Sarah Vance. Specifically, the judge found that the plaintiff suffered no direct pecuniary damage from the breach - a heightened risk of future loss or steps taken to mitigate that loss weren't enough under Louisiana law for a negligence or breach of contract claim.

Above and beyond my brief summary, the opinion is worth a read in greater detail. The judge's detailed discussion of the pleadings reveals much work on this case. The pleading drafters clearly went to great effort to avoid precisely this outcome, claiming damages of several types with a great deal of specificity and carefully formulating claims under a variety of different statutes and causes of action, including a Consumer Protection Act and database breach statute claim. Judge Vance addresses each claim and the surrounding caselaw in good detail as well, providing scant room for a reversal on appeal by leaving every issue addressed.

The takeaway? As Eric has worried in the past, there may be no effective customer legal recourse against companies that breach their privacy policies.

[Eric's comment: we've seen a long list of situations where plaintiffs suffered some privacy invasion but were unable to obtain any legal recourse. Ethan links to the JetBlue case (which remains remarkable to me to this day), and we've blogged on others as well (see, e.g., the Acxiom and Key cases). In general, I think these opinions have often reached a sensible and pragmatic result that a privacy invasion may lead to no tangible losses, so damage awards may overcompensate the victim or overdeter the defendant. However, providing no damages awards--especially when a company breaches its self-selected promises--may under-deter and reward companies for overpromising and underdelivering. This case seems especially odd because the complaint contained allegations of specific tangible harm. Maybe we don't believe the allegations, but normally they ought to be heard.

At the same time, I fear the policy-makers may overreact to this situation by creating statutory damages. Those solve one problem (the courts' balking at plaintiffs that have no obvious damage) but create another, (IMO) much bigger problem of motivating plaintiffs and their lawyers engage in litigation frenzies with low-merit lawsuits. We've seen a lot of wasted motion in the spam context from people chasing statutory damages, and I shudder to think about the tax on our economy if we ever created a statutory damage for generalized privacy violations.]

Posted by Ethan Ackerman at 09:47 AM | Licensing/Contracts , Privacy/Security | TrackBack

January 16, 2009

AOL Loses Venue Selection Dispute in Ninth Circuit Due to an Unfortunate "Of"--Doe 1 v. AOL

By Eric Goldman

Doe 1 v. AOL LLC, 2009 WL 103657 (9th Cir. Jan. 16, 2009)

This is one of several lawsuits against AOL over AOL's 2006 posting of a database of improperly anonymized search queries. This particular lawsuit was brought by AOL members in California and alleges a variety of federal and state law claims against AOL.

AOL defended based on its venue selection clause in its member agreement, arguing that the contract required the lawsuit to be brought in Virginia. AOL has had a lot of success with its venue selection clause over the years, but it has had some prominent failures as well. One of those is America Online v. Superior Court (ex rel Mendoza) from 2001, in which a California appellate court struck down AOL's venue selection clause on public policy grounds because Virginia law did not provide adequate relief to California consumers--because, among other things, Virginia state courts do not permit class action lawsuits.

The Mendoza case was part of a broader judicial trend against online user agreements over the past decade. We've seen them fail for unconscionability, public policy and other reasons, making the successful drafting of such clauses tricky. Collectively, I think these cases have established pretty clearly that a venue selection clause designed to suppress class action lawsuits has a high risk of failure and, in California, is presumptively unenforceable.

What isn't clear to me is what, if anything, AOL did to modify its member agreement's venue selection clause in response to its Mendoza defeat. As a result, I can't tell if this court is interpreting the same contract language as was presented to the Mendoza court. But in all other respects this case is extremely similar to Mendoza: the plaintiff initiated a class action lawsuit in California, AOL defended on its venue selection clause to force the case back to Virginia, and the court is confronted with the public policy implications. Thus, if AOL did change its contract post-Mendoza, it didn't get the desired results, because it suffers another defeat here.

It appears that if the case could be heard in Virginia federal court, the class could form and the clause would not necessarily fail; but if the clause only permits Virginia state court, this is Mendoza redux and AOL loses. As a result, the court tries to figure out which venue the member agreement language specifies. AOL's agreement designates the exclusive venue as "the courts of Virginia." The court parses the grammar of the word "of" and looks at other precedent analyzing "the courts of [state]" and concludes that this language selects only Virginia state court. Because a California appellate court (the Mendoza court) had already said that Virginia state court isn't an acceptable choice for a putative class action of California consumers, the Ninth Circuit has no choice but to toss the venue selection clause.

This raises an obvious drafting point: courts are reading venue clauses specifying the venue as "state of X" to mean only state courts in the designated state, so don't use that grammar unless that's what you intend. I'm sure that most drafters using "state of X" language instead mean the parties can litigate in either federal or state court in that venue, but that's not the way courts are reading it. Accordingly, I think it would be prudent to avoid the "courts of X" grammar altogether, which isn't hard to do. Personally, I normally say "courts in X" (as opposed to "courts of X"). I would have to research the precedent interpreting that grammar (this case has made me a little nervous), but the "in" grammar should pretty clearly avoid the analysis in this Ninth Circuit opinion. Another alternative would be to expressly reference both federal and state courts as options; I've seen this language frequently, although I've previously thought that was unnecessarily wordy. Maybe it isn't.

Posted by Eric at 01:29 PM | Licensing/Contracts , Privacy/Security | TrackBack

January 06, 2009

Oracle v. SAP Updates--Third Amended Complaint, Motion to Dismiss Ruling, SAP's Latest Answer

By Eric Goldman

There have been some recent developments in the high-stakes and complicated Oracle v. SAP lawsuit.

In October, Oracle filed its third amended complaint whereby it expanded its efforts to show that SAP America and SAP Germany were both responsible for the actions of SAP America’s TomorrowNow subsidiary, which SAP has already admitted engaged in impermissible practices. The third amended complaint is supported by lots of facts that only millions of dollars of discovery can buy. The complaint a long read and still has too much PR hyperbole about how Oracle is so much better than SAP, but I thought the complaint did a good job arguing that the parent companies were more involved with the rogue subsidiary than mere stockholdership. At the same time, Oracle does look like it will have a damper on some of its copyright claims—it acknowledged that it lacks copyright registrations for many of the copied files, and it made some copyright filings as part of the lawsuit that probably will be too late to create eligibility for statutory damages. This probably means that Oracle won’t get to inflate the final damages calculation as much as it would like.

On Dec. 15, the judge ruled on SAP’s partial motion to dismiss. The ruling cleans up the case a bit but doesn’t really affect the substance of the case. Personally, I was a little confused about the ruling on copyright preemption of the breach of contract claim. The court denied the motion to dismiss the contract claim “except as to the extent that the state law claims are based on the alleged copyright infringement – in which case the parties agree they are preempted by the Copyright Act. SAP does not dispute plaintiffs’ assertion that the TAC alleges other actions (fraud, unauthorized use, and harm to private contractual rights and expectations) that form the basis of the state law claims, and which are not preempted by the Copyright Act.” Did the court say that a breach of contract can’t be based on acts that would constitute a copyright infringement? We know that would be wrong.

On Dec. 30, SAP filed its answer to the third amended complaint. Just like it did with its first answer, which it released so that the news would effectively break on the obscure newsday of the July 4 holiday, SAP once again tried to bury its news by releasing it so that the news would break on a holiday (this time, New Years). Oh please! You’re not fooling anyone with your bogus PR shenanigans, SAP.

Not surprisingly, SAP is blaming its TomorrowNow subsidiary for all misconduct--which is convenient, because SAP has already shuttered TomorrowNow, so it has nothing more to lose if it can contain the lawsuit to the subsidiary.

I must say that the overall picture doesn't look good for SAP. I am skeptical that they will emerge unscathed from this lawsuit. However, I’m still not clear what Oracle wants from SAP. It’s in the driver’s seat, so it should be able to dictate terms. What would it take for Oracle to move on? It may be that keeping the case open is hurting SAP in the marketplace, such as by spooking SAP's potential customers, so Oracle may be happy to let the case linger. Otherwise, it seems like Oracle should have enough information to state a price, and I’d like to think SAP would be prepared to write a reasonable check.

Posted by Eric at 10:12 AM | Copyright , Licensing/Contracts | TrackBack

December 30, 2008

Doe v. SexSearch Affirmed by 6th Circuit, But Not on 230 Grounds

By Eric Goldman

Doe v. SexSearch.com, 2008 WL 5396830 (6th Cir. Dec. 30, 2008)

I previously summarized this case as follows:

Defendants operate a website that helps people hook up to have sex. Roe posted a profile saying that she was 18 and wanted sex. After Doe connected with Roe via the profile, they met offline at Roe's home and had "consensual" sex. But Roe was actually 14, and Doe was busted for felony statutory rape. Doe turned around and sued the website on 14 counts, which the court summarizes as claims that "(a) Defendants failed to discover Jane Roe lied about her age to join the website, or (b) the contract terms are unconscionable."

In August 2007, the district court dismissed the case. Frankly, I always thought this should be an easy case for the reason articulated by the district court judge: "Plaintiff clearly had the ability to confirm Jane Roe’s age when he met with her in person, before they had sex, yet failed to do so." But fitting the claim into legal doctrines is trickier, and the district court relied on both 47 USC 230 and substantive contract/marketing law to dismiss the case.

On appeal, the defendant fared no better, and the Sixth Circuit has little trouble dismissing the case. However, the Sixth Circuit disavows the district court's 47 USC 230 discussion:

we do not reach the question of whether the Communications Decency Act provides SexSearch with immunity from suit. We do not adopt the district court’s discussion of the Act, which would read § 230 more broadly than any previous Court of Appeals decision has read it, potentially abrogating all state- or common-law causes of action brought against interactive Internet services.

The court instead dissects the substantive contract and marketing law claims one-by-one (all 14 of them) to show why none of them were valid. The opinion is a pithy read, so if you're interested in seeing how an online contract survives a multi-front attack, check it out. I did get a chuckle out of the part when the court explains why the contract's dollar cap wasn't unconscionable: "Given the nature of the service, which encourages members to meet in person for sexual encounters, SexSearch’s potential liability is nearly limitless. For example, arrest, diseases of various sorts, and injuries caused by irate family members or others may be the result of such hedonistic sex. When selling such services, then, it is commercially reasonable for SexSearch to limit its liability to the price of the contract."

It's easy to see why the Sixth Circuit was troubled by the 230 issues in this case. This case involves a knotty question that has become a blog perennial: when is a website liable for its marketing representations that are rendered false by user content or actions? In this case, the website said in a variety of ways that users were over 18, but it never authenticated users' ages, and Roe affirmatively lied about her age. As I've mentioned before, this creates a legal conundrum--on the one hand, websites should be responsible for the marketing representations that they choose to make; but on the other hand, this can open up a bypass to 230 as plaintiffs use the marketing representations as a proxy to hold websites liable for third party content. I'm disappointed the Sixth Circuit didn't decide to tackle this issue head-on, but I understand why they chose to sidestep the issue and make clear that they weren't ratifying the district court's rationale.

I noticed that the court also doesn't mention Doe v. MySpace, the recent Fifth Circuit 230 opinion also involving online hook-ups leading to offline statutory rapes. That case turned on a negligence-style "premises liability" theory rather than a breach of contract/false marketing representation theory, but the Sixth Circuit could have tried to equate the two if it wanted (especially in its discussion about "failure to warn").

So, where does this ruling leave us? This ruling, along with the Goddard opinion from earlier this month, reinforces that plaintiffs trying the breach of contract/false marketing representations workaround to 47 USC 230 still have to establish their prima facie substantive case or they will be dismissed (in this case, on a 12b6 motion). Plus, numerous district court cases still hold that 47 USC 230 applies to false marketing representations, including the Mazur and Friendfinder cases from earlier this year. So I think the news remains very, very good for defendants. Nevertheless, I remain confused about the precise boundaries between 47 USC 230 and breach of contract/false marketing representations, and clarity will have to wait until 2009 (or beyond).

Unless something really big happens in the next 36 hours, I'll see you in 2009. Happy new year!

Posted by Eric at 09:53 AM | Derivative Liability , Licensing/Contracts , Marketing | TrackBack

December 17, 2008

Google's Latest Attempt to Kill the CLRB Hanson Lawsuit Fails

By Eric Goldman

CLRB Hanson Industries, LLC v. Google, Inc., NO. C 05-03649 JW (N.D. Cal. Dec. 16, 2008)

CLRB v. Google is the long-running lawsuit (3 1/2 years and counting) over Google's adherence to advertising limits that advertisers set in Google AdWords. I have blogged on the case several times, including:

* my initial post from August 2005
* the August 2007 determination that advertisers were bound by the AdWords contract
* the May 2008 initial refusal to grant summary judgment to Google

Over the course of the litigation, the court has substantially narrowed the scope of claimants who have a potentially viable claim against Google to just three groups: advertisers of less than 1 month, advertisers who ended their campaign in a partial month, and advertisers who paused their campaign. Seemingly undaunted by the May 2008 ruling denying summary judgment to squash these three groups, Google again sought summary judgment on narrower grounds. Maybe Google thought it had a real chance of winning this second attempt at summary judgment, but it smelled a little "hail mary" to me. Thus, perhaps not surprisingly, Judge Ware rejected the motion and reiterated that summary judgment isn't appropriate (at one point saying, with a hint of frustration, "Defendant appears to be attempting to re-litigate an issue decided in the May 14 Order").

As a result, it appears that at least some aspects of the case appear destined for a trial--which, as far as I can recall, would be the first US trial on Google's AdWords practices. Fortunately for Google, the class is so limited that Google's damages exposure should not break the bank even if it loses badly at trial. Normally cases with light damages would settle, but I suspect the case is still around because the parties can't work out a deal on the attorney's fees--which, if this situation is anything like the click fraud cases, almost certainly will dwarf any actual monetary relief received by the putatively injured advertisers. If the parties can work out the plaintiff attorneys' cut of the spoils, I'm confident this lawsuit will settle before trial.

Posted by Eric at 05:38 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack

December 16, 2008

Lori Drew Conviction Reflections, Part 3 of 3: Lessons for Cyberlawyers Drafting User Agreements

By Eric Goldman

[Note: this is Part 3 of a special 3-part series on the Lori Drew conviction. Part 1 discussed why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 2 discussed some problems with holding Lori Drew responsible for a contract she never clicked through. This post concludes the series.]

Last week, I went to my first CLE conference for Cyberlawyers since Drew’s conviction, and the conference included panels about online contract drafting. Given that Drew’s conviction was based on MySpace’s user agreement and contract formation process, I expected some discussion about the case’s implications. Instead, I was very surprised that the panels had no discussion about the lawyer’s role in drafting MySpace’s contract or any lessons we as Cyberlawyers should take from her conviction for drafting future contracts. The materials were identical to the discussion we would have had before the conviction.

Personally, I think this is a huge oversight. We as Cyberlawyers cannot lose sight of the social responsibilities that complement our client responsibilities. And as this case illustrates, when we draft overly expansive contract restrictions in online user agreements, we may be unwittingly turning many or all of our clients’ users into criminals. Not only is criminalizing our clients’ customers users potentially bad for their businesses, but it is irresponsible—and unnecessary.

The problem is particularly acute for user behavior restrictions that the service provider never plans to enforce. As has been pointed out elsewhere, a contract restriction saying that "kids under 18 cannot use the website" has no legal meaning (it’s designed to deal with the voidability of contracts with minors, although this might be less of an issue than we thought), but it potentially criminalizes any minors who ignore the language. Similarly, a restriction on creating accounts using false registration information might be handy in those rare cases when the service provider is chasing spammers who create bogus accounts, but it also potentially criminalizes many users who legitimately might not want to tell the complete truth to the website during registration. Thus, while there might be some limited circumstances where these clauses are appropriate, for the most part we need to dump these overly expansive behavioral restrictions from our toolkits.

Based on the Lori Drew conviction and other recent developments, such as the JuicyCampus enforcement action, I have two recommendations for how Cyberlawyers should draft user agreements in the post-Lori Drew conviction era.

Use Generalized, Not Specific, Behavioral Restrictions

First, user agreements should rely more heavily on generalized permissive statements like “the website may terminate users at any time in its sole discretion” instead of laundry lists of prohibited user behaviors. Historically, unrestricted termination clauses were considered troublesome because they were cited against Napster as satisfying the “right and ability to supervise” prong of vicarious copyright infringement. However, we have since learned that Napster was an aberrational case and it would be foolish to try to change our in-the-field practices based on the case. At this point, I see no clear legal downside to using a generalized termination right, and it obviates the need for long, ambiguous, thesaurus-driven behavioral codes.

Alternatively, liquidated damages provisions can deter unwanted behavior without establishing negative covenants. For example, MySpace’s anti-spamming liquidated damages clause paid off big for MySpace in its lawsuit against theglobe.com.

Move Behavioral Restrictions to a Separate Community Norms Document

Second, behavioral restrictions that do not need to be specifically barred in the user agreement can be moved into a separate statement of community norms/standards. This way, users are told what they can do and not do, but the statement does not have the force of law. Ideally, other users can be given tools to help them enforce the community norms. Even better, the norms can be posted on a wiki so that the site’s users can help update them as the site’s community evolves.

This community norms approach has at least three benefits. First, because the norms aren’t part of the agreement, overzealous prosecutors can’t use them as a basis of prosecution, so the site avoids unwittingly criminalizing its users. Second, if the norms are phrased right, overzealous plaintiffs cannot argue that the negative restrictions are implicit marketing representations that such user conduct will not take place on the site. This will squelch analytically corrupt claims like the ones advanced by the New Jersey’s attorney general office against JuicyCampus. Third, a separate non-legal document may be a more effective tool to communicate site expectations than embedding those rules in a user agreement that no one will read (all statistics I’ve seen indicate that well less than 1% of users read user agreements).

I realize it’s unlikely Cyberlawyers will enthusiastically change their drafting techniques in response to the Lori Drew conviction. If nothing else, I find contract drafting attorneys tend to ossify their techniques; plus a number of forces conspire to push drafting attorneys to make longer and meaner user agreements. But at the same time, I think it would further compound the tragedies of Meier’s suicide if we don’t internalize the message that our user agreements are being used to try to send people to jail, whether we intend that or not.

Posted by Eric at 09:26 AM | Licensing/Contracts | TrackBack

December 15, 2008

Lori Drew Conviction Reflections, Part 2 of 3: Who is Bound by Clickthrough Agreements?

By Eric Goldman

[Note: this is Part 2 of a special 3-part series on the Lori Drew conviction. Part 1 discussed why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 3 will discuss some lessons for Cyberlawyers who draft online user agreements.]

From everything I’ve seen, Lori Drew apparently never affirmatively manifested assent to the MySpace user agreement. My understanding is that Drew’s babysitter, Ashley Grills, testified that she, not Drew, created the MySpace account and clicked through the MySpace user agreement. (I understand that the jury disbelieved Grills, although I am not aware of any contrary testimony on this point). Furthermore, I am not aware of any testimony that Grills informed Drew that Grills was accepting the MySpace user agreement on Drew’s behalf or that Grills provided any other form of notification to let Drew know that a contract was being formed--let alone educating Drew about the terms of that contract.

If this is true, then how can Drew be legally connected to the contractual restrictions that she was convicted of violating? Principal-agency doctrines would be one way. If Grills was Drew’s agent, then Grills would have actual or implied authority to bind Drew contractually. However, I am skeptical that Grills was Drew’s agent for contract formation purposes. First, I am not clear about whether Grills was Drew’s employee or was an independent contractor. The latter status would cut off most forms of agency liability for Drew. Second, even if Grills was an employee, it is difficult to argue that entering the MySpace user agreement was within the scope of Grills’ employment, even if it was putatively done at Drew's request.

As a result, I think the only way Grills could bind Drew to the MySpace user agreement was via the apparent authority doctrine. This argument is not completely untenable. For example, in the 2005 Abramson v. AOL case, the plaintiff’s son bound his mother to the AOL user agreement based on his apparent authority to act on her behalf. (The court also said that mom ratified the contract by continuing to use the service knowing of the contract terms). Similarly, an earlier 2004 case, Motise v. AOL (briefly discussed here), held that a stepfather bound his stepson, who shared use of the same computer, to the AOL user agreement.

It should be obvious why the courts have reached these conclusions. After all, if a click on the clickthrough agreement binds only the clicker, but the vendor cannot authenticate the identity of the person who clicked, then online user agreements could be easily defeated by anyone who simply claims someone else using their computer did the clicking. Consider an analogy (I’ve been holding this one as a possible future contracts exam question, but oh well): is a contract formed when a retailer cashier presses the “OK” button on the credit card swiping pad on behalf of a befuddled/distracted customer who is holding up the line? I’ve seen this happen dozens of times, but could the customer renege on the contract because he/she wasn’t the one literally pressing the button?

At the same time, the Abramson and Motise cases both involved family relationships. Although family members don’t automatically have agency authority to bind other family members, judges seeking equitable results would have little discomfort holding family members accountable for their online clicks. In contrast, the Grills-Drew relationship wasn’t familial and therefore not as susceptible to equitable readings.

More importantly, it’s one thing to use apparent authority to uphold a venue selection clause in a civil lawsuit (the only stakes at issue in the Abramson and Motise cases), but it’s quite another to apply that doctrine, or something similar, in the criminal context with the consequences of depriving liberties based on a user agreement the defendant never saw and didn’t affirmatively agree to. Indeed, I am not aware of any evidence that Drew ever learned of any applicable restrictions in the MySpace user agreement or otherwise “ratified” the agreement.

Therefore, based on everything I’ve seen, Grills would have been an appropriate target for criminal enforcement predicated on the MySpace user agreement because she actually clicked through. In contrast, holding someone else legally responsible for that click, especially if they never learned of the contract terms, makes no sense. Convicting them of a crime based on these contract terms is unconscionable.

More generally, the issue of who is bound by a click (other than the clicker, of course) seems like a recurring issue for the future. I’m not sure if we can draw too many insights from Drew’s conviction on this question, but this case—combined with Abramson and Motise—does suggest that courts and juries may take an expansive view of the circle of responsibility for clicks. While this is fantastic news for the sites trying to form these user agreements, in the criminal context, it can be tragic.

Posted by Eric at 11:39 AM | Derivative Liability , Licensing/Contracts | TrackBack

December 12, 2008

Lori Drew Conviction Reflections, Part 1 of 3: Why MySpace Might Regret the Conviction

By Eric Goldman

[As I’ve mentioned before, I think Lori Drew’s conviction is a tragic denouement to an already tragic situation. After thinking more about the conviction, I initially planned to blog some brief additional commentary to my initial post. However, that post grew so long that I decided to split it into a special three-part series. This post, Part 1, explains why MySpace, the putative victim of Lori Drew’s crime, might end up regretting the conviction. Part 2 will address some problems with holding Lori Drew responsible for a contract she never clicked through. Part 3 will discuss some lessons for Cyberlawyers who draft online user agreements.]

On this year’s Cyberlaw exam, I tested students on the federal crimes exception to 47 USC 230. As I’ve thought more about that, I realized that once Lori Drew was convicted of a federal crime, everyone else associated with Drew lacks 47 USC 230 protection if the government decides to prosecute them as well.

As a result, if overzealous prosecutors decided to prosecute any of Lori Drew’s online support vendors—such as, say, her Internet access provider—these additional defendants cannot defend using 47 USC 230. Of course, prosecutors may not be able to establish a prima facie claim against these third parties, but the point remains that companies that normally expect to rely on 47 USC 230 for user behavior now face a new exposure risk.

The most obvious potential defendant who might fear this consequence is MySpace, which facilitated the fateful conversation between Drew/Grills and Meier. However, Drew was convicted of violating the Computer Fraud & Abuse Act, which protects against harms to computer servers. This means that, as a matter of criminal law, MySpace was the victim of Drew’s crime in this case.

It’s easy to forget that MySpace is the victim. First, for a victim of such a high profile case, MySpace has been surprisingly quiet in this matter. I believe MySpace provided some support to the prosecution and made a few public remarks critical of Drew, but overall my impression is that they have tried to avoid public scrutiny of their role in this tragedy. Second, it stretches credibility to believe that Drew harmed MySpace. MySpace is hardly a sympathetic victim; and if anything, given the serious problems taking place on MySpace (1, 2, 3, 4, 5), many Americans probably view MySpace as part of the problem, not a victim.

Ironically, then, MySpace could go from victim in this case to defendant in the next. For example, if any of its users use the MySpace network to commit a similarly de minimis Computer Fraud & Abuse violation against a third party website, MySpace may not be able to invoke the 47 USC 230 shield that it normally depends upon. As a result, MySpace may have to rely on prosecutorial discretion to avoid a high-risk and expensive criminal prosecution. As highlighted by Drew’s prosecution, we all know how comforting that is.

More generally, I realize that the federal crimes exception to 47 USC 230 is underexplored (making it another good paper topic if you’re looking for one). I’ve only blogged on it a few times, including my comments to the SEC anti-linking proposal, the Google and Yahoo settlement regarding gambling ads and civil plaintiffs’ (failed) arguments that civil claims deriving from federal criminal laws are not preempted (they are) (1, 2). I could see why this dearth of material might change: the angst about 47 USC 230’s broad immunization inevitably will put more pressure the immunity’s few exclusions.

(Parts 2 and 3 will follow next week).

Posted by Eric at 02:45 PM | Derivative Liability , Licensing/Contracts | TrackBack

November 26, 2008

Lori Drew Guilty of 3 Misdemeanor Violations of the Computer Fraud & Abuse Act

By Eric Goldman

According to news reports (WSJ Law Blog, LA Times, AP), the jury has declared Lori Drew guilty of "three misdemeanor counts of accessing a computer without authorization." I would like to parse the actual jury verdict form to make sure we understand what the jury actually said. For now, some preliminary observations.

First, the jury verdict is not the last step in the process. For example, the judge could still dismiss the case notwithstanding the jury verdict. Personally, I think it was a mistake for the judge to let this case go to the jury; overturning a jury ruling is always a dangerous move for a trial judge, and it would be especially awkward here for the judge to kick the case out now given the high emotions and heavy press coverage for this case. There could be a retrial (especially on the fourth charge, which resulted in a hung jury). It is also possible the jury verdict could be reversed on appeal. Finally, if none of those occur, a sentence that didn't include jail time would still be a travesty but would still have let the people have their vengeance while reducing the injustice to Drew. So it's hard to assess the meaning of the jury verdict because it's only 1 chapter in a longer story.

Second, I am even more convinced that it was a travesty of justice for the government to bring this case at all. The facts elicited at trial demonstrated the illogic of the government's argument that Lori Drew made unauthorized uses of MySpace's servers, including the facts that:

* Lori Drew did not create the MySpace account at issue (Grills, the babysitter, did--but she got government immunity for testifying against Drew)
* Lori Drew did not click OK to the MySpace user agreement (Grills did)
* Lori Drew did not send the final fateful message (Grills did)
* some of the messages at issue were not even sent through the MySpace network (they were sent through AOL)

These facts severely undercut the government's theories about the Computer Fraud & Abuse Act. They should also frighten each of us who may have broken an online user agreement, intentionally or not, at some point in our lives, by showing how easy it could be to violate the CFAA. The tenuousness of the law's application to the facts reinforced that the real trial was over Lori Drew's moral culpability for Meier's death...though that wasn't supposed to be on trial.

Third, regardless of how this case turns out, I remain frustrated by how pro-regulatory forces are using Meier's death--a tragic but highly anomalous situation--as grist for their pro-regulatory agendas. In particular, the push to legally prohibit "cyberbullying" baffles me. I don't even understand the term, but I do know that we cannot legislate people being nice to each other, online or off, and we don't even try in most offline circumstances. Further, as the expansive interpretation of the CFAA highlights, restrictions against "cyberbullying" could chill many socially beneficial and protected activities. So, I hope we can resist the pro-regulatory temptations. Ironically, a guilty verdict for Lori Drew might have that salutary effect by showing that existing laws can punish "bad" actors, even if legal justice is being denied to Lori Drew in the process.

UPDATES: More coverage: NYT; NYT #2 (news analysis), Christopher Soghoian (pointing out examples of egregious user agreements that convert many site users into criminals).

Private investigators are stressing about this ruling.

Posted by Eric at 01:44 PM | Licensing/Contracts | TrackBack

November 18, 2008

October 2008 Quick Links, Part 2

By Eric Goldman

Spam

* Kramer v. Perez. An Iowa court awards $236M in damages in a spam case. Venkat's comments.

* After the government lost its jury trial against Impulse Media, the court denied Impulse Media attorneys fees.

Contracts

* AT&T put its own emailed notice of amended contract terms into its spam folder. Whoops! Due to spam filters and other automated blocks, it is becoming almost impossible for websites to communicate with their users by email.

* An estimate of the massive "tax" imposed on consumers by reading privacy policies. Of course the financial drain is overstated because many people make a rational decision not to read every privacy policy, plus not every person has to read a privacy policy for marketplace responses to be effective.

* The Blizzard v. MDY WOWGlider case has reached a stipulated damages amount of $6M.

* Pulaski & Middleman, LLC v. Google Inc., 5:2008cv03888 (N.D. Cal. complaint filed August 14, 2008). The Justia page. Yet another me-too lawsuit against Google over serving ads to parked domains and error pages.

* An Israeli GPL enforcement action settled.

Trademarks/Domain Names

* Kentucky v. 141 Domain Names. Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name. More recently, the seizure was stayed.

* Speaking of inappropriate seizures, the Feds are trying to seize the trademarks of the Mongols motorcycle group. DOJ press release. LA Times article.

* Best Western Intern., Inc. v. Doe, 2008 WL 4630313 (D. Ariz. Oct. 20, 2008). Prior blog post in this case. The judge is losing patience: "These filings are wasteful in the extreme. The Court is not a forum for the parties to expend every possible dollar seeking to litigate every conceivable issue, no matter how insubstantial. The Court will no longer tolerate the excesses of this case."

* The Verizon v. Navigation Catalyst Systems domainer lawsuit settled.

* 50 Cent brings yet another questionable lawsuit. (1, 2).

Advertising

* Goddard v. Google Inc., 2008 WL 4542792 (N.D. Cal. Oct. 10, 2008). The case against Google for deceptive mobile phone ads will stay in federal court.

* Eyeblaster, Inc. v. Federal Insurance Co., 2008 WL 4539497 (D. Minn. Oct. 7, 2008). This is a collateral lawsuit to Sefton v. Eyeblaster alleging that Eyeblaster distributed spyware. Eyeblaster tendered the claim to its insurer. This court holds that the CGL policy doesn't apply because the claim relates to software problems, not physical damage to the users' computers. Further the E&O policy doesn't apply because Sefton alleges that Eyeblaster intentionally installed the spyware, bumping Eyeblaster into one of the policy's exclusions.

* Are consumers becoming more tolerant of pop-up ads? For more on consumer acceptance of new advertising formats, see here.

* A big damages award in NetQuote v. Byrd.

Posted by Eric at 06:42 AM | Adware/Spyware , Domain Names , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam , Trademark | TrackBack

November 11, 2008

Lambotte's Click Fraud Lawsuit Against IAC Survives Motion to Dismiss

By Eric Goldman

Lambotte v. IAC/InterActiveCorp, 2008 WL 4829882 (C.D. Cal. Nov. 4, 2008). Initial blog post on the filing of the first complaint.

Lambotte filed this putative class action lawsuit against IAC in May based on alleged click fraud. In July, the court granted summary judgment to dismiss portions of the lawsuit. Lambotte and two new named plaintiffs then filed an amended complaint in September. IAC moved to dismiss. This ruling largely rejects that motion.

The plaintiffs argued that the contract says that IAC would charge for clicks by "users," and reasonable advertisers would assume that "users" are "potential clients" for the advertiser, not bogus clickers. The judge is rightly skeptical of this argument, saying that the plaintiffs' definitions "may not be the most reasonable interpretations." At the same time, California law has a liberal parol evidence rule, so the judge gives the plaintiffs a chance to introduce evidence to support their aggressive definitions. I would be surprised if this claim ultimately prevails, but the plaintiffs can try.

The plaintiffs also argue that the implied covenant of good faith and fair dealing effectively requires IAC to prevent click fraud, and thus IAC breached that obligation. The court, citing In re Yahoo, says that this allegation survives a motion to dismiss.

As with In re Yahoo, this ruling is a win for the plaintiffs because they get to keep litigating the case. However, there remains some basic problems with the plaintiffs' allegations that should ultimately doom the lawsuit. If in fact the plaintiffs do lose the lawsuit, it's unfortunate that everyone had to incur the extra adjudication costs. More likely, if the lawsuit can survive another few rounds, IAC probably cuts a check to end the threat regardless of substantive legal merit.

Posted by Eric at 02:24 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack

October 23, 2008

Stockholder Derivative Action Against Yahoo Based on Click Fraud Rebuffed--Brodsky v. Yahoo

By Eric Goldman

Brodsky v. Yahoo! Inc., 2008 WL 4531815 (N.D. Cal. Oct. 7, 2008). The Justia page. Previous blog coverage.

You may recall this stockholder derivative lawsuit against Yahoo alleging that Yahoo hyped its stock prices by overstating its ad business' progress and by inflating revenues through artifices like relaxed anti-click fraud standards. The court has dismissed the complaint with leave to amend, principally on the basis that the plaintiffs have not been specific enough with their allegations. Most of the opinion is rather technical legalese, but I thought the discussion about the click fraud allegations were interesting enough that I've quoted them in their entirety:

Plaintiffs also assert that Defendants made false statements about Yahoo!'s revenues over the Class Period. Plaintiffs allege that Defendants manipulated their click fraud filters and delayed refunds fraudulently to boost revenues. As a result, Defendants' financial statements were overstated by $387 million over the Class Period.

Plaintiffs arrive at the $387 million figure by citing three magazine articles and two press releases. CAC ¶¶ 204-208. Some of these sources estimate that click fraud accounted for ten percent of all pay-per-click revenue in the search industry while other sources estimate the fraud rate as high as thirty-five percent. Plaintiffs adopt the ten percent rate and allege that $387 million of Yahoo!'s $3.878 billion in sponsored search revenue was attributable to click fraud.

Plaintiffs point to the statements by CW 3, CW 6, CW 8, CW 9, CW 10, CW 11 and CW 12 to support the click fraud allegations. For the complaint to survive the pleadings stage, Plaintiffs must describe these CWs' roles in Yahoo!'s revenue recognition process, or whether these CWs had any first-hand knowledge of Defendants' accounting decisions. See In re U.S. Aggregates, Inc. Sec. Litig., 235 F.Supp.2d 1063, 1074 (N.D.Cal.2002) (accounting fraud claim not corroborated by CW statements where “none of the confidential witnesses have any first-hand knowledge of [defendant's] accounting decisions”).

CW 3 worked as an Engineering Manager for Overture until Yahoo! acquired Overture in 2003. After the acquisition, CW 3 worked in the Business Information Systems group at the Overture facility until October, 2004. CAC ¶ 22. CW 3 claims that “Yahoo! decided in late 2004 to ‘relax’ the business rules and filters in the click-fraud detection system.” CAC ¶ 22(d). “CW 3 estimates revenues generated from the relaxation in rules represented approximately 25% of Overture's operating revenue.” CAC ¶ 22(f). CW 3 learned of this rule relaxation from Yahoo!'s Loss Prevention manager. CAC ¶ 22(d). CW 6 was a sales representative for Yahoo! and had regular communication with customers who complained about click fraud. Id. CW 6 noted that “15% of the revenues generated in his/her group was created via click fraud and irrelevant clicks from poor content match.” CAC ¶ 25.

The Court has no basis to determine whether CW 5's or 6's estimates of Yahoo!' s revenues satisfy the pleading requirement under the PSLRA. For CW 5's or 6's statements to carry any weight at the pleadings stage in this action, Plaintiffs must describe their roles in Yahoo!'s revenue recognition process, or whether they had any first-hand knowledge of Defendants' accounting decisions. Also, because CW 3 was not a Yahoo! employee for most of the Class Period, the Court cannot rely on his statements to support claims of false revenue reporting for the entire Class Period.

CW 8 was a Manager of the Overture Loss Prevention organization until February, 2006. CW 8 noted that “there was an effort inside Yahoo! to relax the click-fraud detection standards.” CAC ¶ 27. CW 8 met with Defendant Decker some time after Yahoo! was sued in 2005 for click fraud, and the two discussed click fraud. Id. Through CW 8's statement, Plaintiffs successfully allege that Defendant Decker had general knowledge of the click fraud problem, but Plaintiffs have not shown how CW 8 knows about an effort to relax Yahoo!'s click fraud detection standards, or how CW 8 knows that this effort translated into misstated revenues. Similarly, Plaintiffs have not shown whether CW 8 had any firsthand knowledge of Defendants' accounting decisions. Therefore, CW 8's statements do not support Plaintiffs' allegations of revenue fraud.

*8 CW 9 worked for Yahoo! in the Customer Solutions group from December, 2003 to February, 2007. CAC ¶ 28. Defendant Decker fired CW 9 in 2007, after the Class Period, for mishandling a customer complaint that might have been related to click fraud. Id. CW 10, Engineering Director for Yahoo! until January, 2005, gave Defendant Decker access to the revenue reporting system at the Overture Pasadena facility. CAC ¶ 29. CW 10 observed that Yahoo!'s ability to filter out non-billable clicks was impacted by not having adequate resources, such as enough computer servers. Id . CW 11 worked for Overture and then Yahoo! as an advertising account manager until December, 2004. CAC ¶ 30. CW 11 described “click tsunamis” at Yahoo!, when a search brought up results that led to thousands of unwanted clicks. Id. Advertisers were charged for these clicks, but rarely realized sales from them. Id . Plaintiffs have not shown whether CW 9, CW 10 or CW 11 had a role in Yahoo!'s revenue recognition process, or whether they had any first-hand knowledge of Defendants' accounting decisions. Therefore, their statements do not support revenue fraud allegations either.

CW 12 worked for Yahoo! as an Operations Sales Manager until October, 2006. CAC ¶ 31. At weekly customer service meetings, CW 12 learned that “Yahoo!'s revenues began to decline ‘month by month’ beginning in 4Q 05.” CAC ¶ 31(g). CW 12 attended weekly Customer Service meetings where she learned that “because Yahoo! was not meeting its traffic forecasts, the Company was not attaining its revenue forecasts associated with those clicks in 4Q 05.” Id . CW 12 also recounted that the “running joke at Yahoo! Search Marketing was that there was a ‘dial’ on the click-fraud detection system which Yahoo! turned down at the end of the quarter to allow more billable click activity to be passed on to customers.” CAC ¶ 31(l). Hearing at a meeting that revenue forecasts will not be reached is not equivalent to knowing that Yahoo! misstated its revenues. Similarly, recounting jokes about altering the click fraud dial does not satisfy PSLRA's pleading requirements. See Limantour v. Cray, Inc., 432 F.Supp.3d 1129, 1141 (W.D.Wash.2006) (rejecting confidential witness statements based on “gossip and innuendo”). Therefore, CW 12's statements do not meet the PSLRA's heightened standards to prove revenue fraud either. In sum, Plaintiffs fail to plead with particularity their allegations that Yahoo! issued false financial statements.

It's nice to see the judge recognized there's a difference between click fraud rates in the abstract (whatever those mean) and the rate of actual overcharging experienced by advertisers, which is almost certainly lower. It's also good to see that the judge isn't blindly accepting the scuttlebutt from former employees, many of whom probably have worthless options or a down stock portfolio. In any case, it will be interesting to see if the plaintiffs can produce any witnesses who can testify about the rate of Yahoo's click fraud overcharging sufficient to satisfy legal standards.

Posted by Eric at 11:30 AM | Licensing/Contracts , Search Engines | TrackBack

October 14, 2008

September 2008 Quick Links, Part 3

By Eric Goldman

eBay

* Universal Grading Service v. eBay, Inc. More fallout from the National Numismatic v. eBay case--another lawsuit alleging antitrust and defamation because eBay designated some coin rating services as preferred and impliedly devalued others.

* Windsor Auctions v. eBay has been refiled in a new jurisdiction.

* Mehmet v. Paypal, Inc., 2008 WL 3495541 (N.D. Cal. Aug. 12, 2008). Upholding the consequential damages waiver in PayPal’s user agreement.

* A company's failure in the marketplace can drive up the value of its collectibles on eBay.

Google

* Stelor Productions, Inc. v. Google, Inc., 2008 WL 4218107 (S.D. Fla. Sept. 15, 2008). In the lawsuit alleging that Google causes reverse confusion of Googles.com [warning: annoying music ahead], the plaintiff doesn't get to depose Sergey or Larry yet. Rose Hagan, Google’s long-time chief trademark counsel, is the lucky substitute.

* Lots of rhetoric in the Google/Yahoo ad syndication deal. Google’s advocacy website. Google Chief Economist Hal Varian explains why the deal won’t raise ad prices in the auction. Randall Stross weighs in.

* Google has changed course and now allows religious groups to advertise on the keyword “abortion.”

* Kubit v. Google Groups, 2:2008cv00738 (M.D. Fla. complaint filed Sept. 29, 2008):

I then would like to sue Google Groups for not removing the posts when I repeatedly asked them to for 2 years. I believe I am entitled to at least a small amount of compensation for the emotional distress and lost business income that has resulted from them allowing these posts to remain on their Google Groups, even though I offered them VERY solid proof that I do not have HIV. If they had stopped the posts when they first occurred, they would not have proliferated to hundreds of websites. I became suicidal for a period of time after the posts started. I incurred a lot of emotional pain and fear because of the posts and had to seek psychiatric and psychological help to get my life back together. I still suffer from fears of dating, living a public business life and trusting others.

Yes, this is a pro se complaint. Yes, it is preempted by 47 USC 230.

Marketing/Advertising

* NebuAd is dead (1, 2). Even so, the lure of intermediaries aggregating deep data about consumers for commercial purposes will never die.

* Is Gator/Claria dead?

* The EU passed a non-binding resolution against sexual stereotypes in advertising.

* Celebrity branded merchandise run amok.

Miscellaneous

* Valleywag: "The 5 most laughable terms of service on the Net." For more laughs, see Mark Lemley’s Terms of Use paper.

* Murakowski v. University of Delaware, 2008 WL 4104087 (D. Del. Sept. 4, 2008). This reminded me a lot of the Jake Baker case from the mid-1990s.

* The Virginia Supreme Court reversed itself on the Jaynes anti-spam prosecution, and Jaynes walks. Does Virginia routinely pass unconstitutional laws?

* Becker v. Toca, 2008 WL 4443050 (E.D. La. Sept. 26, 2008). Ex-wife's alleged delivery of "Infostealer" program to grab passwords from ex-husband could violate the ECPA, SCA and CFAA.

* Interesting article on ESPN’s exclusive distribution and bundling agreements with Internet access providers.

* Funniest law firm names.

* Silly? Horrifying? A sign of the apocalypse?

Posted by Eric at 06:17 PM | Adware/Spyware , Content Regulation , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam | TrackBack

September 30, 2008

Licensing a Work, and When Licensing Doesn't Work--Reuters v. GMU

A timely Exhibit A in the argument that contract law is being used as a back-door wedge in expanding copyright.

By Ethan Ackerman

Just as Bruce Boyden seriously asks, "is the case for contracts somehow expanding copyright rights vastly overstated?" along comes a fairly conclusive 'No' in the form of Reuters v. GMU.

James Grimmelmann has an excellent summary of the Virginia-filed breach-of-contract case, noting that a George Mason University History professor developed an open-source Firefox extension called Zotero that worked with Thompson/Reuters' EndNote software. Apparently the development involved some reverse-engineering of the EndNote files or software structure. It's this act that leads to the suit, as reverse-engineering is prohibited by the EndNote site license that GMU held.

Mike Madison also notes the case and parses out the timing of the suit, filed in anticipation of a significant interoperability feature coming in an update to the Zotero software. He also sees much potential for mischief in Reuters' demands for an injunction that would apply to other Zotero users who imported data files from EndNote. Professor Madison's spot-on conclusion: "Reuters is transparent in its effort to use a software license to suppress a competitor in a product market."

Professor Michael Froomkin sees some interesting lawyering and one actual non-trivial legal question in the choice of filing a suit against a university over actions by its professors. To what extent can a state university bind its employee professors? Professor Froomkin points out that the professor in question is probably not a party to the site license agreement, and likely agreed to no such terms, so any privity comes from the fact that the professor is an employee of the university. My own brief searching on the web leads me to suspect the same thing. An academic site license end-user likely clicks on, at most, a much-reduced terms-of-service along the lines of this U.Georgia page before installing the software.

Further developing the 'privity-of-contract-through-employment-status' theory, does it matter that the development of this software by the professor was most likely outside the scope of his employment? I ask, only partially tongue-in-cheek, will this complex 'copyright-or-not, enforceable-terms-or-not, enforceable-license-or-not, injunction-or-not' case turn on the professorial field of the Zotero developer? Would it have been different if this were a computer science professor? A grad student?

So if this is a state law contract case, why all the Copyright Act talk anyway? Reverse engineering can be a fair use of a copyrighted work, something even the Federal Circuit will admit. Bringing an infringement suit against a reverse engineering that focused on something (the data file formatting) with such a thin copyright seems like a quick way to an adverse ruling. Professor Grimmelman, noting the utter inadequacy of the possible trademark claim pleading as well, suspects incompetence. Professor Madison, however, suspects an intentional end-run around reverse engineering fair use law by intentionally asserting only state-law contract claims, copying the proceedings in Bowers v. Baystate Technologies. Both see problems with the injunctive relief sought.

My only gloss on this case, otherwise excellently dissected by Profs. Grimmelmann, Froomkin and Madison, is to point out this is a great answer to Prof. Boyden's initial question about contract law being used as an expanding wedge for rights holders. This case is not even the only recent case tackling the issue, and several other recent cases would have had to face it if courts hadn't mooted the issue by finding a sale rather than a work made available subject to license.

So in summary, yes, there's an open, ongoing and unsettled problem with parties attempting to reverse, by contract clause, an issue that is addressed and settled by federal copyright law.

Posted by Ethan Ackerman at 12:05 PM | Copyright , Licensing/Contracts | TrackBack

September 09, 2008

August 2008 Quick Links, Part 2

By Eric Goldman

Net Neutrality

* The FCC gets on Comcast’s case for deceptively blocking BitTorrent connections without disclosure. While I don’t know anyone who has defended Comcast’s behavior here, at the same time there is an undercurrent of concern about the FCC’s authority to regulate Internet activities. Could this be the FCC camel's nose in the Internet's tent? We will learn more about the FCC's authority because Comcast has appealed the FCC's decision.

* A topic I haven't seen discussed very much: how the doctrine of trespass to chattels intersects with net neutrality principles. The only article I found in a 60 second search on the topic was a couple of paragraphs in J. Gregory Sidak, A Consumer-Welfare Approach to Network Neutrality Regulation of the Internet, 2 J. Competition L. & Econ. 349 (2006).

Contracts

* Jacobsen v. Katzer (Fed. Cir. Aug. 13, 2008). This ruling has been hailed as a validation of open source licenses, but I’m not sure what to make of this opinion. If the opinion merely says that breach of a copyright license can support copyright infringement, that’s no big deal. However, among other conspicuous omissions, the court does not discuss how the licensor formed a contract in this case. Thus, if the court’s conclusion is that copyright owners can impose conditions on licensees’ enjoyment of their copyright without properly forming a contract, then this opinion could undo the entire scheme of online contract formation. For example, it could support a conclusion that browsewrap-style “contracts”/terms of use should be enforceable as conditions on the accessing of copyrighted web pages. See, e.g., Ticketmaster v. RMG.

* Interactive Retail Management, Inc. v. Microsoft Online, L.P., 2008 WL 3851691 (Fla. App. Ct. Aug. 20, 2008). This is a click fraud case I hadn't heard about previously. Microsoft won at the trial court on jurisdiction grounds. This court revives the lawsuit for more jurisdictional investigation.

* Jeff Neuburger on a Wisconsin case saying that the UCC governs contract formation via email instead of UETA.

* Request for your guidance. Wikipedia has some photos that simultaneously say they are released under both a Creative Commons license and the GFDL. See, e.g., this photo. The license terms are irreconcilably inconsistent. If someone wants to use such a photo, now what?

Competition Restrictions

* Edwards v. Arthur Andersen (CA Sup. Ct. Aug. 6, 2008). The Ninth Circuit was wrong to create a narrow restraint exception to B&P 16600, the California statute voiding non-compete clauses.

* XPEL Technologies Corp. v. American Filter Film Distributors, 2008 WL 3540345 (W.D. Tex. Aug. 11, 2008). Rebecca on an odd case involving (once again) the DMCA anti-circumvention provisions as an anti-competition tool.

Miscellaneous

* Two interesting studies recently about people’s response to spam. Despite the animosity, a quarter of consumers have responded to cellphone spam and 30% say they have made purchases in response to spam. For more complementary statistics and my attempt to explain this seeming dichotomy, see here.

* The First Circuit issued an interesting DMCA 1201 case that I haven’t seen discussed. The BNA summary: “District court properly granted summary judgment to plaintiff cable television service provider on claim that defendants violated Digital Millennium Copyright Act by selling low-frequency signal filters, within plaintiff's service area, that were capable of bypassing plaintiff's pay-per-view billing mechanism, since plaintiff's pay-per-view delivery and billing system is technological measure that effectively controls access to copyrighted works, and digital cable filter allows subscribers to "avoid" or "bypass" that technological measure (CoxCom Inc. v. Chaffee, 1st Cir., 8/4/08)”

* AP v. Moreover settles. My initial post on the lawsuit.

* Funny YouTube video: "Here Comes Another Bubble," set to the tune of Billy Joel's "We Didn't Start the Fire"

Posted by Eric at 08:49 AM | Content Regulation , Copyright , Licensing/Contracts , Marketing , Search Engines , Spam | TrackBack

September 08, 2008

August 2008 Quick Links, Part 1

By Eric Goldman

eBay

* Mazur v. eBay Inc., 2008 WL 2951351 (N.D. Cal. July 25, 2008). See my previous blog post on the case. Some commentators are excited about this ruling because it rejects eBay's motion to dismiss a RICO claim.

* Missing Link, Inc. v. eBay, Inc., 2008 WL 3496865 (N.D. Cal. Aug. 12, 2008). This is a lawsuit by eBay sellers complaining that eBay didn’t immediately index their listings in its search engine and eBay raised the price on “Good Until Cancelled” listings. This is the second time the court has dismissed some claims, but even so some claims have also survived the motion to dismiss process.

* As expected, Tiffany appealed the eBay ruling. My initial post.

Google

* Vulcan Golf, LLC v. Google Inc., 2008 WL 2959951 (N.D. Ill. July 31, 2008). The court dismisses a few claims made in the plaintiff's third amended complaint. My post on the initial complaint.

* JIT Packaging v. Google (E.D. Ill. complaint filed Aug. 11, 2008) A third lawsuit against Google over the placement of AdWords ads on parked domains and other putatively undesirable pages.

* A heavily redacted version of the Google/Yahoo agreement. The SEC examiner who let the agreement go through with this many redactions was asleep at the wheel!

47 USC 230

* Bauer v. Glatzer (N.J Superior Ct. July 21, 2008). Wikimedia easily wins a lawsuit against it alleging that a Wikipedia entry was defamatory.

* Capital Corp. Merchant Banking, Inc. v. Corporate Colocation, Inc., 2008 WL 4058014 (M.D. Fla. Aug 27, 2008). 47 USC 230 defense denied against allegations that "Leonard Norwich posted defamatory statements about [the plaintiff] on three websites and Francesca Norwich allowed Leonard to use “a computer registered in her name” to make the defamatory statements." The denial makes sense for Leonard but seems clearly erroneous with respect to Francesca.

* Vanginderen v. Cornell (S.D. Cal. June 3, 2008). CMLP page. This isn't specifically a 230 case but it's still relevant. Interesting lawsuit against Cornell and related entities for electronically posting a school newspaper story from 1983 that was allegedly defamatory. The court dismisses the lawsuit on an anti-SLAPP motion.

Blogging

* A Las Vegas nightclub loses its cool and sues a blogger for, among other things, including its logo in the blog post.

* As part of the fallout from the Troll Tracker blog, Dennis Crouch, of PatentlyO fame, has received a subpoena for communications related to his blog. Dennis' comments and LegalWatch. In a related lawsuit, Frenkel (a/k/a Mr. Troll Tracker) was dismissed from a lawsuit again. Ward v. Cisco Systems, Inc., 2008 WL 4079286 (W.D. Ark. Aug 28, 2008)

Content Restrictions

* Kings English, Inc. v. Shurtleff, 2008 WL 3285898 (D. Utah Aug. 8, 2008). The judge denied the plaintiffs’ motion to reconsider its highly unfavorable prior ruling. My initial post on the lawsuit.

* Reisinger v. Perez (E.D. Wis. complaint filed Aug. 18, 2008), First amendment lawsuit against the City of Sheboygan for intimidating a woman into removing a website link to the city's police department.

* National Federation for the Blind v. Target has settled, with Target paying $6M and redesigning its site.

Posted by Eric at 09:47 PM | Content Regulation , Derivative Liability , Licensing/Contracts , Search Engines , Trademark | TrackBack

September 02, 2008

eBay Cracks Down on Cookie Stuffing--eBay v. Digital Point Solutions

By Eric Goldman

eBay, Inc. v. Digital Point Solutions, No. 5:08-cv-04052-PVT (N.D. Cal. complaint filed Aug. 25, 2008)

It is exceedingly rare for marketers to sue affiliates who are trying to game their affiliate programs. I'm sure there have been other lawsuits, but frankly I'm drawing a blank. (The only relevant precedent that came to mind was Google's tepid enforcement actions in 2004/2005 against click frauders--see Google v. Auction Experts and US v. Bradley). [Update: A reader reminded me of Land's End v. Remy, which is an on-point precedent.] The more typical remedy when commission fraud is taking place is to cancel any unpaid commissions and write off the rest as a cost of doing business (or an uncollectible painful lesson). But if someone gamed the system big--I mean, really big--maybe it would be worth hiring fancy and very high-priced counsel to go see what they might be able to retrieve...

eBay isn't saying how much it got taken for by the defendants in the case. The complaint was conspicuously silent on that juicy detail. However, the amount appears to be enough that eBay hired the premium law firm O'Melveny & Myers for a glorified collections effort. Either that, or eBay has decided to send a remarkably expensive message to other potential fraudsters.

The complaint alleges that the defendants engaged in a cookie stuffing campaign to hijack commissions through Commission Junction. Cookie stuffing occurs when a fraudster places a cookie on a third party computer that will cause the fraudster to get paid a commission that the fraudster didn't earn legitimately by doing the things that the marketer wanted to pay for. In this case, eBay alleges that the defendants used a clever technical exploit to put cookies on users' computers even though the users had not seen the requisite ads. The complaint also alleges that the defendants deployed some tricks to cover their tracks, like deliberately not cookie-ing computers in San Jose and Santa Barbara, the homes of eBay and Commission Junction respectively, to keep employees of those companies from spotting the marauding cookies.

If in fact the defendants engaged in cookie stuffing, I hope eBay nails them. However, I must say that some of eBay's legal arguments made me nervous. eBay's alleged causes of action include:

* CFAA (18 USC 1030). The allegation is that presenting a bogus cookie to eBay's servers was a misuse of the servers. Hmm...
* fraud. Similarly, the allegation is that the defendants caused web users to make a misrepresentation to eBay's servers by presenting a bogus cookie. Hmm again...
* CA Penal Code 502. There are very few cases interpreting 502, which isn't necessarily a bad thing because the statute is so broadly over-inclusive that everyone violates it routinely. Here, it looks like the lawyers weren't quite sure how to fit cookie stuffing into the statute. Take a look at para. 60 and let me know if you agree that this is an odd pleading.
* a civil RICO conspiracy claim. Given that eBay is being sued for RICO claims in the Mazur case (and, I'm sure, others), I would think eBay would want to avoid building new legal precedent that could be applied against them in other cases.

Reading the list of causes of action, I was surprised that there wasn't a more squarely applicable cause of action that governed cookie stuffing (however, I will confess, none came to mind as I drafted this post). Maybe this is due to the fact that eBay rather than Commission Junction is the plaintiff. If there isn't a better cause of action, then perhaps there is a hole in the law. However, I'm keeping my fingers crossed that a judge won't bastardize existing legal doctrines to plug it.

Posted by Eric at 09:23 AM | Licensing/Contracts , Marketing , Privacy/Security | TrackBack

July 10, 2008

eBay Not Bound By Robinson-Patman Act--Windsor Auctions v. eBay

By Eric Goldman

Windsor Auctions, Inc. v. eBay, Inc., 2008 WL 2622791 (N.D. Cal. July 1, 2008)

The Robinson-Patman Act is a Depression-era law designed to reduce the ability of manufacturers to engage in price discrimination. At the time, large buyers (such as newly emerging chain retailers) were consolidating so much buying power that they were able to strongarm manufacturers into deals that were arguably unfair to the manufacturers and competitive but smaller retailers. The Robinson-Patman Act putatively tries to prevent these buyers from engaging in "predatory" buying prices by forcing the manufacturer to sell its goods at the same price to all similarly situated buyers. Prof. Paul Stancil published a nice summary of the law in Business Law Today in 2004.

I'm skeptical about the justifications for this law in the context of the Depression, but I'm crystal-clear about its validity today. In the modern age, the law has become farcically anachronistic, and I'm not sure I've ever met a single person who thinks the law is still a good idea. In practice, the Robinson-Patman Act is one of those obscure laws that typically arises only as a "gotcha" claim against defendants who don't know better or inadvertently run afoul of its technical provisions while engaged in normal commercial decision-making. There's certainly little evidence that the law actually improves competition or the marketplace.

In the case du jour, the plaintiff sells jewelry through eBay's live auction. (It looks like Live Auction is turning into quite the lawsuit trap for eBay; see my most recent blog post about it). Windsor sold nearly $1.5M in merchandise through the site in 2005 and 2006. Windsor thought sales would double in 2007 but instead realized that its sales were decreasing. Windsor alleges that eBay gave a competitive jewelry vendor, Molayem, better listing tools than provided to Windsor, and these tools allowed Molayem's listings to get more prominent placement in eBay's interfaces than Windsor's listings. Windsor claims that eBay's differential treatment between Windsor and Molayem violated, among other things, the Robinson-Patman Act.

The court dismisses the Robinson-Patman Act claim because eBay is not providing "commodities" under the act. The act, like many others, distinguishes between goods (covered) and services (not covered). At its core, eBay's relationship with its sellers is a service relationship of providing promotional/advertising services. Windsor tries to get around this by arguing that the software tools eBay provides its sellers ("Mr. Lister"/"Turbo Lister" and the "Batch Uploading Tool") and its documentation manuals are goods. This argument is not totally ridiculous; indeed, software is routinely treated as a "good" for purposes of UCC Article 2. However, even if true, the software is just a bit part of an overall service relationship, so the court rightly rejects the Robinson-Patman Act without leave to amend. However, the case isn't entirely over, as the court left open a claim for breach of the implied covenant of good faith and fair dealing.

I think this case is closely related to the search engine bias cases such as KinderStart v. Google. A website/search engine's decisions about what content to highlight (and, by implication, what not to showcase) can have dramatic effects on both consumers and vendors--to the tune of $1.5M in perceived foregone revenues in Windsor's case. The Robinson-Patman Act was a pretty feeble legal tool to challenge a website's interface decisions, but given the cash and emotions at stake, I'm sure plaintiffs will think creatively about other legal doctrines in their quest for recourse.

Posted by Eric at 03:00 PM | E-Commerce , Licensing/Contracts | TrackBack

July 01, 2008

June 2008 Quick Links

By Eric Goldman

Trademarks/Domain Names

* Utah Lighthouse Ministry v. Foundation for Apologetic Information and Research, 2008 WL 22043807 (10th Cir. May 29, 2008). CMLP writeup. Nice 10th Circuit win for a gripe site against trademark infringement and cybersquatting. This case, plus the SKI VAIL case, indicate that the 10th circuit is making progress undoing the harm it created in the Australian Gold v. Hatfield case.

* Georgia has a new anti-phishing law (16-9-109.1) that acts as a para-trademark law. See my comments on the analogous California anti-phishing law.

* After initiating a trademark lawsuit against a consumer review site and soundly losing in court, Lifestyle Lift paid $17,500 to settle its own lawsuit and avoid claims for legal fees under Rule 11 and the Lanham Act.

* Marty reports on a German case saying that white-text-on-a-white-background is a trademark use.

* Update on the battle over the trademark registration for "SEO."

* Will TLD proliferation lead to a new open era in domain name administration, or will the resulting anarchy just reinforce that top search engine placement is the really important online real estate? It seems like the currently limited number of TLDs has some benefits from a bounded rationality standpoint, and those benefits will be lost in a cacophony of unknown TLDs.

Patents

* My colleague Colleen Chien has posted "Patently Protectionist? An Empirical Analysis of Patent Cases at the International Trade Commission" (forthcoming William & Mary Law Review). She empirically demonstrates that the ITC mostly involves disputes between two domestic litigants, making it a redundant battleground with federal district court but nevertheless an attractive venue for plaintiffs due to a number of procedural advantages. She makes a number of recommendations to eliminate the litigation gamesmanship offered by having parallel venues. Check it out.

Search Engines

* Udi Manber, chief algorithm keeper for Google, reiterates why it's silly for lawyers and judges to put too much legal emphasis on the relative placement of search engine results, saying "it's definitely the case that if you do the same search on a different cluster, you may get slightly different results at a given time. It's also the case that if you do the same search on different days you may get different results, because some of the results are things we indexed five minutes ago."

(Over)Regulation

* In response to an enforcement effort by the NY AG's office, several Internet access providers have blocked access to newsgroups that are putatively sources of child pornography. See the NYT story and the NY AG press release. In practice, this means wholesale takedowns of newsgroups that may have nothing to do with child porn. For example, Verizon is killing all USENET hierarchies except comp.*, misc.*, news.*, rec.*, sci.*, soc.*, and talk.*. Wired suggests this is the death of online intermediary freedom as conceptualized in 47 USC 230. Of course, 230 never protected intermediaries from criminal exposure for child porn, and this isn't the first time that an access provider has knuckled under to the NY AG's office. See the BuffNet enforcement action from 2001.

* Ohm, Paul. The myth of the superuser: fear, risk, and harm online. 41 UC Davis L. Rev. 1327-1402 (2008). A neat article on how regulators manufacture a fake bogeyman, the unbeatable "superuser," as a justification for expansive regulatory power.

* No evidence that data breach disclosure laws actually help reduce identity theft. Surprised?

* The FTC wants civil enforcement authority for spyware actions. Haven't they heard that the adware battle is already over...and they won?

Contracts

* Mark Radcliffe expresses concern about the ALI's proposed software licensing project on open source licenses.

* Sarah Bird on a messy contract lawsuit involving an SEO contractor.

Anonymity

* Tendler v. www.jewishsurvivors.blogspot.com, 2008 WL 2352497 (Cal. App. Ct. June 10, 2008). A subpoena request to identify a blogger doesn't support an anti-SLAPP cause of action.

* In the AutoAdmit lawsuit, Doe 21's motions to squash the subpoena and proceed anonymously were both denied. David Hoffman provides an update on the case.

Event Tickets

* Chicago has moved against eBay for reselling tickets in violation of its amusement tax law.

* The Ticketmaster v. RMG case ended with a default judgment granting a permanent injunction and $18.2M in damages.

General

* Vanity Fair: How the Web Was Won.

* Paul Levy blogs about a plaintiff's effort to bypass 230 by suing the authors of complaints about the vendor and then joining the consumer complaint site as a necessary party as a cost-increasing tactic.

* BusinessWeek on emerging technological tools to protect workers' attention against unwanted/untimely interruptions.

* Text message-savvy kids educate the North Carolina DMV about the meaning of the term "WTF," which was used on a license plate example on the DMV's website.

* I have one free pass to OMMA Behavioral in San Francisco July 21. First person to send me an email asking for the pass gets it.

Posted by Eric at 12:32 PM | Adware/Spyware , Content Regulation , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Patents , Privacy/Security , Search Engines , Trademark | TrackBack

June 03, 2008

May 2008 Quick Links, Part 2

By Eric Goldman

Copyright

* Google says it isn't settling the Viacom lawsuit (I don't believe it).

* Interesting juxtaposition: (1) Chronicle of Higher Education: How It Does It: The RIAA Explains How It Catches Alleged Music Pirates and (2) BusinessWeek ran a lengthy retrospective on Tanya Andersen's battle against the RIAA, including her beefs against the RIAA’s investigation and enforcement tactics.

* A music warez trader was convicted by a jury of criminal copyright infringement.

Online Contracts

* Juanda Lowder Daniel. Virtually mature: examining the policy of minors' incapacity to contract through the cyberscope. 43 Gonz. L. Rev. 239-269 (2007/08). This article addresses the very important issue of contracting capacity of minors. See my most recent post on that topic.

* Adelman v. Sparks Network (Cal. App. Ct. May 20, 2008). The Jdate online dating service allegedly failed to include required language (such as notice of a mandatory cooling-off period) in its user agreement. The court dismisses the plaintiff's lawsuit nonetheless because he was a happy customer who didn't suffer any damage.

* Tom O'Toole surveys some recent online contract cases. He offers the following conclusions: (1) Contract Terms Should Be Available for Review, (2) Clickable Buttons/Links Should Clearly Signal Assent, and (3) Humans Are Not Helpful.

* I realize this point would be better explored in a full blog post, and I suspect this point has been made in the academic literature (if so, I'd appreciate some cites so I can pass them along). The issue: how might the endowment effect explain consumer antipathy towards EULAs? Wikipedia says the endowment effect means that "people value a good or service more once their property right to it has been established." This observation occurred to me when I attended a ridiculously stacked panel at the ION Game Conference on "user rights" in virtual worlds. Many of the gripes/grumbles related to very common EULA provisions that simply overrode default law. It occurred to me that maybe part of the problem was that consumers assume the defaults are appropriate rights allocations granting them the "property" right, in which case they suffer a greater psychological loss when those defaults are varied than if different defaults were set. One obvious policy consequence: as part of the considerations when setting defaults, policy makers should include the psychological costs of varying the defaults. If the interaction between EULAs and the endowment effect hasn't been written about, it would make an excellent paper topic.

Other Topics

* A military court has said that distributing a hyperlink to child porn does not constitute criminal distribution of child porn. Tom O'Toole explains the situation.

* A.B. v. State, 2008 WL 2031388 (Ind. May 13, 2008). It seems like the digital age recipe for guaranteed trouble: 8th grader + hatred towards a school principal + MySpace. How many judicial cases are we going to see with this combination? This one involves some mean-spirited and profanity-laced comments about her principal made by a 14 year old girl on a private MySpace page accessible only by 26 students. The principal saw it only because one of the students gave a printout to the principal. The court concludes that posting to a private MySpace page doesn't satisfy the criminal standards of "intent to harass, annoy, or alarm" via the Internet.

* Doe v. Friendfinder Network, Inc., 2008 WL 2001745 (D.N.H. May 8, 2008). The court denied the plaintiff's motion for reconsideration on Friendfinder's 230 eligibility for the statement "Sorry, this member has removed his/her profile."

* Another "where are they now?" retrospective on dot com boom companies, ironically running in the Industry Standard (which wiped out in the dot com bust itself).

Posted by Eric at 11:56 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Licensing/Contracts , Privacy/Security , Virtual Worlds | TrackBack

May 28, 2008

Citysearch Sued for Click Fraud--Lambotte v. IAC

By Eric Goldman

Lambotte v. IAC/InterActiveCorp. (Cal. Superior Ct. complaint dated May 27, 2008) [warning: 1.9MB file]

Ever since the Google and Yahoo click fraud settlements in 2006, it's been fairly quiet on the click fraud front. See my most recent click fraud recap from February 2008.

This lawsuit launches an interesting new battlefront in the click fraud war. Instead of going after yet another search engine (of which there are only so many to sue!), the plaintiffs are suing a web publisher for running its own PPC ad program--something many web publishers have done. This means lots of new potential defendants for class action lawyers. Ca-ching!

The allegations are fairly straightforward. Citysearch sells PPC ads as part of a package of services for small business owners. It promises to proactively screen out invalid clicks in its contract/documentation, but the plaintiffs believe Citysearch isn't doing that job well. The plaintiffs claim this failure constitutes breach of contract, negligence and 17200 unfair practices.

The plaintiffs repeatedly hammer on the allegation that Citysearch compensates its salespeople based on the number of clicks delivered for their advertisers, which provides an incentve for salespeople to boost clicks fraudulently. At first, the argument really resonated with me--how slimy to incent salespeople to manufacture clicks! But then I realized that simply commissioning salespeople for advertiser revenue--a very, very common practice in the ad sales industry--would have the same effect; just like commission-driven salespeople would have incentives to manufacture pageviews for any advertiser paying on a CPM basis. So the argument sounds scary but on further reflection it's really not all that meaningful.

I also found the named plaintiff's story of click fraud surprisingly flat. The named plaintiff gives an example of how he got ~10X the number of clicks after he tried to cancel his advertising, putatively because the salesperson manufactured clicks either to boost the perceived performance or to drain the advertising account before it cancelled.

However, there are a number of potential problems with this story. First, the total number of clicks at issue is small overall (the first measuring period only involves 9 clicks total), undercutting the statistical reliability of any inferences from the dataset.

Second, the measuring periods for this click comparison are very odd--the first period is Dec. 11-25, and the second period is Dec. 26-31--basically, right before and right after Christmas. I did a search on Tom Lambotte and this LinkedIn profile says he runs www.theSanDiegoMacTutor.com, described as "Professional Help, Training & Consulting for your Apple/Mac Needs." [Note: I have emailed the plaintiff's law firm's PR guy to confirm if this is the same Tom Lambotte, but I haven't gotten a response to my inquiry.] Anyone else troubled by comparing pre-Christmas clicks with post-Christmas clicks...especially if the guy provides installation and support for Apple computer products? It seems possible that a bunch of potential customers got shiny new Apple toys for Christmas and then looked for someone to help install them. At minimum, we know that shopper traffic doesn't abate after Christmas and in some cases can increase following the holiday, so the clickthrough patterns might simply reflect normal seasonality.

Third, I don't know how long it takes Google to fully index new pages to an existing high PR website, but another possible explanation is that the new Citysearch pages promoting Lambotte got fully indexed after 2 weeks, spiking traffic to the pages and increasing the absolute volume of conversion from the page.

To be clear, even if the named plaintiff's situation can be satisfactorily explained by alternatives other than click fraud, that doesn't mean the lawsuit will or should fail. On the other hand, generally a class action lawyer will try to showcase highly compelling stories in the complaint. If this is the best story they've got so far, that's pretty weak.

More on this lawsuit from News.com.

Posted by Eric at 01:40 PM | Licensing/Contracts | TrackBack

May 26, 2008

Search Engine Advertiser Litigation Updates

By Eric Goldman

Recently, there were intermediate rulings in two long-standing cases by search engine advertisers against search engines.

CLRB Hanson Industries, LLC v. Google Inc., 2008 WL 2079200 (N.D. Cal. May 14, 2008)

This lawsuit involves the Google AdWords feature that allows advertisers to set "daily budgets." Google doesn't enforce the daily budgets strictly; instead, it gives itself the permission to deliver up to 20% overage in any day and credit the overage against future performance. The lawsuit was initially filed in August 2005. In August 2007, the judge issued an important preliminary ruling that had three main holdings:

1) Google's AdWords contract was a binding contract.
2) Much of the breach of contract claim was dismissed, but the judge left open claims by advertisers of less than 1 month, advertisers who ended their campaign in a partial month, and advertisers who paused their campaign.
3) The false advertising claim was left open.

Because the August 2007 substantially limited the remedies available to advertisers, I expected that ruling to prompt the parties to settle. But here we are in May 2008, and the parties are still going at it. This month's ruling was largely procedural in that it attempted to clean up any lingering confusion over the August 2007 ruling. As a result, it really doesn't break much new ground; instead, the opinion largely reiterates the main rulings from the August 2007 opinion. Rebecca has more thoughts on the false advertising aspects.

In re Yahoo! Litigation, 2008 WL 1882786 (C.D. Cal. April 21, 2008)

This lawsuit got a lot of press when it was first filed in May 2006 as an example of "syndication fraud." See my initial post. It relates to Yahoo's display of ads on pages promoted by adware and on typosquatted and domain name parking pages. The advertisers believed these pages had lower quality traffic than other pages, and this disrupted their expectations.

In the past two years, the case has gone through various procedural shenanigans. This ruling addresses Yahoo's motion to dismiss the second amended complaint on a number of grounds.

Yahoo invoked a clause in its advertising agreement barring class litigation against it. Under prevailing California law, these clauses are probably unenforceable in consumer contracts; but there hasn't been a lot of litigation over these clauses in business-to-business contexts, especially because it's hard to argue unconscionability in B2B contexts. The court punts the issue on Yahoo's motion to dismiss, saying that it needs more facts about the parties' respective positions, which makes this issue more appropriate for resolution on summary judgment. Tom O'Toole has more to say about this issue.

Yahoo also tries to dismiss the breach of contract claim over its alleged promise of targeted ad placement, but the court refuses to dismiss because California law freely allows extrinsic evidence to explain unambiguous contractual terms. However, though the court didn't dismiss the claim, I think the plaintiffs will have difficulty prevailing on this contract breach claim because, as the court implicitly concludes, the plain language of the contract weighs heavily against their arguments.

Yahoo made several other efforts to dismiss clams, and the court rejects all but one of them (it dismissed the claim of civil conspiracy). Because so much of the lawsuit survived, this motion to dismiss ruling appears to be largely a win for the plaintiffs. However, I still think this remains a low-merit lawsuit because it's disingenuous for advertisers to complain when they got everything they paid for. Further, two years later, this lawsuit now seems strangely anachronistic given that the Great Adware Wars of the mid-2000s are over.

Posted by Eric at 08:57 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack

May 23, 2008

Lori Drew Prosecuted for CFAA Violations--Some Comments, and a Practice Pointer

By Eric Goldman

Before I get started, let me first say that my heart goes out to Megan Meier's family. They have suffered a devastating tragedy, and I cannot possibly fathom the pain they must feel. As a result, I feel a little awkward blogging on the situation because I fear my words could be misinterpreted as some sign of disrespect or lack of empathy towards the family. I definitely don't intend that.

I have also passed on blogging about Megan Meier's suicide because, until recently, I didn’t think it raised a real cyberspace issue. Assuming the publicized facts are true, MySpace played a crucial role in mediating the communications between Drew and Meier, but Drew's ruse could have been perpetrated using a variety of communication media. Indeed, for millennia (and well before the Internet), people have been sending false messages to each other as part of some manipulative effort (Les Liaisons Dangereuses comes to mind, but we could find countless other examples). The fact that Drew chose MySpace for her scheme has always struck me as uninteresting at best. I recognize that perhaps MySpace made it easier for Drew to pull off her ruse, and perhaps Meier attached more credibility to MySpace messages than she would have attached to messages delivered in other media. But given that people can do serious harm to other people using many different types of communications media, I think it's a mistake to treat this tragedy as a source of profound insight into the nature of cyberbullying or the evils of cyberspace.

Despite this, we know that a high-profile situation like this will spur overreactions. Of most interest for this blog post is last week's federal indictment of Lori Drew for crimes predicated (at their core) on violations of the Computer Fraud and Abuse Act (CFAA). See the indictment. The CFAA violation putatively occurred because MySpace's user agreement required users to:

* provide accurate registration information
* not use information obtained from MySpace to harass or abuse others
* not solicit information from kids
* not promote false/misleading information
* not promote abusive or threatening conduct
* not post photos of third parties without their consent

Allegedly, Lori Drew breached the user agreement by failing to follow these provisions; and by breaching the user agreement, she made an unauthorized criminal use of MySpace's servers.

In the civil context, plaintiffs frequently use the CFAA to attack a defendant's server usage in violation of a site's user agreement. However, as far as I (and Orin) know, this is the first time the DOJ has tried to treat a user's breach of a site's user agreement as a CFAA crime. Not only is this theory potentially unsupported by the law (see, e.g., Orin Kerr and Dan Solove), but it puts almost all of us at risk of federal prosecution (see, e.g., Wired and the AP). Implicitly, the DOJ is saying that breaching a user agreement to provide false registration to a website or post a third party's photo without permission can be a federal crime. If you have never done any of these activities, please email me so I can send you some angel wings. For the rest of us, the DOJ seems to think that we should avoid the Big House only out of their sheer grace.

Also, though Drew's actions may have been heinous, her alleged breaches of the MySpace user agreement were, to be as charitable as possible, chickenscratch. Most websites like MySpace include contractual restrictions like the ones at issue simply to preserve their ability to kick off troublesome users at their discretion--not to put every non-conforming user at risk of looking down the barrel of an FBI agent's .45.

As a result, the DOJ prosecutors appear to be trying to make the MySpace user agreement do more work than it was designed to do. In that respect, I see this case as part of a broader trend where government enforcement agencies are misreading and misusing website user agreements. Consider two other very recent examples of government folks attaching undue emphasis to restrictions in website user agreements:

* the New Jersey Attorney General's office apparently misread restrictions in JuicyCampus' user agreement to think they should constitute affirmative marketing representations

* Joe Lieberman thinks YouTube should wipe terrorist videos off its site because its community guidelines discourage users from posting violent videos

This disturbing trend prompts me to offer a practice pointer to those of you who draft user agreements. Many user agreements—including MySpace’s—have gotten bloated with lengthy lists of restrictive rules (a manifestation of the rule proliferation phenomenon I blogged about here). It's pretty clear to me that government enforcement actors, either because of their fundamental misunderstanding of contract law or for their own self-aggrandizement, will treat these restrictions as expectations that the conduct won't occur on the site. But because most websites don't proactively enforce the restrictions they announce, this sets up a mismatch between rules and actual behavior—a mismatch that enforcers appear all too happy to exploit.

Therefore, I think it is better practice for contract-drafters to rely more heavily on general restrictive clauses in website user agreement (e.g., "we can kick you off at our convenience") than on overly detailed/specific but underenforced lists of restrictions. I know this stance runs contrary to the prevailing sentiment among most Cyberlawyers, who seem to believe that for every bad user behavior, it's easy enough to add a new contract prohibition that putatively eliminates the problem. But if the contracts are being misread, rule proliferation may be doing more long-term harm than good.

Posted by Eric at 05:49 PM | Content Regulation , Licensing/Contracts , Privacy/Security | TrackBack

May 07, 2008

April 2008 Quick Links

By Eric Goldman

Anti-Gaming

* Even though Ticketmaster won its lawsuit, Minnesota overreacted to the Hannah Montana ticket crush by banning software to circumvent an online ticket allocation process. See Sec. 609.806. Check out the hyperbole in this press release! What's next? Are legislators going to make SEO a crime?

* Google modified its relevancy algorithm 450 times in 2007. And yet courts still cite to Brookfield for how search engines operate!

* The UK cracks down on shill marketing online. ClickZ: "Under the new [UK] Consumer Protection from Unfair Trading regulations, it will be illegal to "Falsely claim or create the impression that the trader is not acting for purposes relating to his/her trade, business, craft or profession," or to "falsely represent oneself as a consumer."" See also AdAge.

IP

* Speaking of SEO....the latest pathetic attempt to grab a generic term and trademark it? "SEO." Sarah Bird is on the job.

* Do student notes of a professor's lecture constitute copyright infringement? We may find out.

* Atlantic v. Howell. More on the "making available" theory of copyright infringement.

* Sarah Bird on registering copyrights in websites and blogs.

* A for-profit T-shirt listing the names of deceased Iraq soldiers sparks a publicity rights lawsuit.

General

* Bowen v. YouTube, Inc., 2008 WL 1757578 (W.D. Wash. April 15, 2008). The court upheld the forum selection clause in YouTube's user agreement.

* eBay is ending its promotion of third party live auctions. Maybe because of this loss?

* Rebecca blogs on SuccessFactors, Inc. v. Softscape, Inc., 2008 WL 906420 (N.D. Cal.), an odd case involving the Computer Fraud & Abuse Act and an "attack PowerPoint" allegedly sent by a competitor to its prospective customers.

* Kate Kaye writes about the new Internet industry lobby group, the "State Privacy and Security Coalition," designed to fight laws like the Utah Trademark Protection Act.

* Kevin Werbach, The Centripetal Network: How the Internet Holds Itself Together, and the Forces Tearing it Apart, UC Davis Law Review, Forthcoming. An interesting paper applying "network formation" theory to show how the Internet came together as a unified network and how those unifying forces are under constant stress.

Posted by Eric at 08:52 PM | Content Regulation , Copyright , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack

April 21, 2008

March 2008 Quick Links, Part I

By Eric Goldman

It's a sign of my busy March/April that I am just now posting these...

Reputation/47 USC 230

* I have a lot to say about the JuicyCampus story (AP, MSNBC, Chronicle of Higher Education). Unfortunately, I ran out of time to write a full blog post on the subject. For now, some quick thoughts about this interesting and complex situation:
- Taken to its logical conclusion, 47 USC 230 naturally enables sites to do absolutely nothing to restrict harmful speech. (I'm not saying that accurately describes JuicyCampus--I don't have enough facts to make that claim). However, that's not an unexpected failure of the statute--it's the natural consequence of the statute's design. Any concerns about the costs of unrestricted speech fora need to compared with the costs of more regulated systems. It's not clear that one result is automatically better than the other, and certainly there are costs implicit in all solutions. Sam Bayard explores this issue more.
- Sites that lack credible information will face marketplace responses regardless of any legal rules. In JuicyCampus' case, the marketplace responses include consumers deeming the site not credible, plus intermediaries (in this case, universities) may simply block access by its core users.
- Any possible legal action by the New Jersey Attorney General over JuicyCampus' facilitation of harmful speech should be unambiguously preempted by 47 USC 230--even after Roommates.com.
- The attempted legal bypass to 47 USC 230--trying to convert a negative covenant from the users in the user agreement into an actionable affirmative marketing representation by JuicyCampus--is analytically corrupt. It's also not the law, and it's been rejected in several 230 cases (Noah v. AOL comes immediately to mind). Rebecca has more to say on this issue.
- If negative behavioral covenants by users in a user agreement are actionable affirmative marketing representations that such behavior isn't occurring, then the Internet is a target-rich ecosystem because I imagine that just about every Internet company is eligible for enforcement actions.
- Isn't it typical of an enforcement action to go after the target's vendors (in this case, JuicyCampus' ad networks) and watch them instantly fold?
- This issue reminds us that a website can't promise its users anonymity if it allows anyone else (such as an ad server) to serve up portions of its page and thereby have the ability to collect the same server log data.

* Ciolli v. Iravani: The AutoAdmit lawsuits spill over into a new battleground. As I said when I first blogged on the case, this is a "very messy situation" that has only gotten messier.

* Nemet v. ConsumerAffairs.com. Another lawsuit against an online consumer review site for publishing allegedly defamatory negative critiques.

* Steinbuch v. Cutler, 2008 WL 596747 (8th Cir. Mar. 6, 2008). Steinbuch's lawsuit against Hyperion, the publisher of the Washingtonienne book, can continue in Arkansas. His other claims must proceed in Washington DC if at all.

* Washington Post: Due to the speed at which gossip moves over the Internet, "compared with the pre-Internet era, politicians are less likely than ever to survive a sex scandal with their careers intact."

* H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, 56 U. Kan. L. Rev. 369 (2008). Prof. Holland wrote a paper I had been meaning to write! He explains how 47 USC 230 enables online communities to use a variety of self-governance structures, while a different liability regime would give communities fewer choices and thereby inhibit community formation and management.

Search Engines

* A Canadian web network called Geosign received $160M of VC money but the company was rendered worthless overnight when Google changed its policies and cut off traffic. Domainers beware!

* New book worth checking out: WEB SEARCH: MULTIDISCIPLINARY PERSPECTIVES (Amanda Spink & Michael Zimmer, eds.) (Springer 2008). A nice cross-section of essays on search engine issues from multiple disciplines.

* Need some original content to improve your SEO? You can automatically generate it through splogging, or you can pay actual humans a small amount of money to write short articles. If the cost is low enough and the SEO credit for truly original content is high enough, the latter may end up being a better economic deal.

Spam

* The FTC has lost a jury trial against Impulse Media on its theory that Impulse Media is liable for the spam sent by its affiliates. This is a pretty important decision because (1) the FTC/DOJ rarely lose at trial, (2) their expansive theories about liability for affiliate behavior may be legally incorrect, and (3) the FTC has strong-armed numerous defendants into settlements based on its theory, and future defendants now be willing to fight back.

* On that topic, Cyberheat won an early round in litigation with the FTC over its affiliate practices but has now settled up with the FTC. The settlement gives some guidance about the FTC's thoughts of how marketers should police affiliates, but the Impulse Media jury loss may undermine the teaching of this settlement.

Posted by Eric at 08:32 AM | Derivative Liability , Licensing/Contracts , Marketing , Search Engines , Spam | TrackBack

March 24, 2008

Clickthrough Agreement Binding Against Minors--A.V. v. iParadigms

By Eric Goldman

A.V. v. iParadigms, 2008 U.S. Dist. LEXIS 19715 (E.D. Va., March 11, 2008),

I previously blogged that the judge was going to dismiss this case. The judge finally issued an opinion explaining his reasoning, and it's quite an interesting read.

At issue is iParadigms' Turnitin plagiarism detection service. It works as follows: a professor adopts the Turnitin service for a class. Students then submit class papers directly to the Turnitin database. Turnitin compares the submitted papers against its database, which includes Internet content, previously submitted student papers, and various commercial databases. Turnitin then provides the professor with an "Originality Report" assessing the likelihood that the paper was original to the student and not copied from one of the sources in the database. At the same time, Turnitin adds each student-submitted paper to its proprietary database so those papers create matches if submitted again.

Personally, I've never used the Turnitin service. I'm lucky enough that when I've taught "paper courses," I've been able to work closely enough with each student that a plagiarized paper would be useless. However, not every professor or teacher can interact with students enough to make these individualized assessments, and there are plenty of courses where students basically dump a paper onto professors in a relatively impersonal exchange. In those cases, I could see why Turnitin is an important or even essential tool to combat student efforts to game the grading system.

Even so, I remain troubled by some aspects of the Turnitin service. Most of my concerns relate to the implicit coercion of students to use Turnitin. Some students may not be aware that the professor will require Turnitin use at the beginning of the semester when (in theory) objecting students could freely drop the course, in which case the student is effectively required to use Turnitin to pass the class regardless of student consent. Even more problematically, students might be required to take a Turnitin-mediated course--such as when the course is a mandatory prerequisite and there aren't multiple professors teaching the course, or when students are assigned to a course without any choice (such as in high school). In those cases, students are forced to participate in the Turnitin scheme whether they want to do so or not. This isn't the biggest travesty in the world, but I'm not sure it's fair either.

The plaintiffs in this case--a group of four high schoolers--mount a solid attack on the Turnitin system for copyright infringement based on Turnitin keeping copies of their papers and occasionally republishing the papers to other professors when the papers trigger matches in future Originality Reports. iParadigms defends based on its mandatory clickthrough agreement, which every student must agree to as part of the submission process. The clickthrough was properly formed, so there's no question that it superficially demonstrates mutual assent.

However, student consent is illusory in at least two ways. First, as I mentioned, many students don't have a meaningful choice about consenting to the clickthrough agreement because they will fail their courses if they don't submit. The students attack this as duress, and the court correctly notes that Turnitin is not the source of duress; instead, the schools are the source, and the court tells the students to take it up with them. While the court is right that duress doesn't apply directly here, I could have seen other courts using the school-supplied duress as part of an unconscionability attack on the contract.

Second, the plaintiffs were minors, and well-settled law is that incomplete contracts with minors are voidable. The court sidesteps this issue by saying that the students had received the complete benefit of the Turnitin contract relationship when their papers were cleared by the Originality Report, and therefore they could not "return" the benefits conferred on them by Turnitin.

This is a ruling of potentially large significance. I've long believed that courts would struggle with dismissing claims by minors against websites because of the voidability issue, which seemingly left a large class action hole against all websites with minors as users. That hole may still exist--it depends on whether the contract is complete or not, and in many cases both parties will have incomplete obligations in a standard website EULA. Despite this, it's clear that this judge wasn't going to entertain any bypass that threatened the integrity of the Turnitin service, and I wouldn't be surprised if many other courts would reach the same conclusion in other circumstances.

The court dismisses the copyright infringement claim on the alternative ground that Turnitin's copying is fair use:
* storing the copy of the paper for plaigarism purposes is highly transformative
* the court twists the nature of work factor to weigh in favor of Turnitin, saying that Turnitin doesn't use the papers for their creative meaning
* the court also twists the amount/substantiality of the portion taken to weigh in favor of Turnitin. Even though Turnitin takes 100% of the work, it doesn't really publish the entire work (except in the occasional cases where a professor requests a copy after a match in the Originality Report) to others but simply flags the match.
* the court dismisses the effect on the market value of the work. Most student papers have no commercial value. The papers would have commercial value if resold to the term paper websites, but the plaintiffs conceded that they wouldn't authorize this usage because that would be cheating.

While I can't really quibble with the conclusion that Turnitin's use is fair, especially given the laudable objective of plagiarism suppression, other judges would have reached the opposite conclusion because Turnitin forces students to put their papers into a database that iParadigms mines for its profit.

In any case, this fair use ruling may augur well for search engine fair use cases, most obviously Google's book search and Google News--both of which pump third party copyrighted works into a for-profit database but republish only a limited portion.

The opinion also has some interesting discussion about iParadigms' counterclaims against the students. iParadigms initiated a very aggressive counterattack against the students (the words "scorched earth" came to mind). I guess iParadigms wanted to send the message--don't screw with us, because we'll make your life heck. I don't think iParadigms expected to get any meaningful payoff from their counterclaims, but they got nothing. In some sense they are lucky that it wasn't worse; I could see some judges taking such umbrage at iParadigms' tactics that they could have backfired.

iParadigms sought indemnity from the students based on a clause in its usage policy. The problem is that the usage policy wasn't presented as a mandatory clickthrough (whoops!) and the court refuses to extend the Register.com v. Verio bailout here.

One of the students obtained false credentials to log into the system at one point, but the court rejects iParadigms' claim that such a login was a trespass to chattels, Computer Fraud & Abuse Act violation or Virginia Computer Crimes violation because iParadigms couldn't make any showing of damages from this unauthorized login. This is the right result (at least with respect to trespass to chattels) per Intel v. Hamidi, but we've seen plenty of courts ignore the damages requirement from the Hamidi case.

Other comments on this case:
* Tom O'Toole
* Rebecca Tushnet
* Siva Vaidhyanathan
* Georgia Harper
* William Patry

UPDATE: According to the Chronicle of Higher Education, the students plan to appeal. Given the many conflicting norms associated with this case, I would be surprised if the appellate ruling was as decisively favorable for Turnitin as the district court opinion was.

Posted by Eric at 10:41 PM | Copyright , Licensing/Contracts , Privacy/Security | TrackBack

March 13, 2008

eBay Denied 230 Defense for Its Marketing Representations--Mazur v. eBay

By Eric Goldman

Mazur v. eBay Inc., 2008 WL 618988 (N.D. Cal. March 4, 2008)

I declared Monday "47 USC 230 Day" here at the Technology & Marketing Law Blog, but with this new case, I'm declaring it 47 USC 230 Week. This case explores one of the frontiers of 47 USC 230 jurisprudence--when can 230 preempt a claim that a website made false marketing representations? This issue has been lurking in numerous recent 47 USC 230, but it arises squarely here. Unfortunately, the legal analysis isn't clean or easy.

eBay offers its users the ability to engage in "live bidding" (i.e., bidding via the Internet on auctions taking place in physical space) through third party vendors. eBay's marketing materials described these vendors as "safe" and "carefully-screened, reputable international auction houses" and that the bidding was against "floor bidders" (i.e., people bidding on the physical floor of the auction). The plaintiff claims that instead shill bidders at the auctions caused her to overpay. eBay defends against the claims based on 230 because any falsity introduced into its statements was attributable to the actions of third party vendors.

Judge Patel found that 230 helped eBay in a number of respects:

* "to the extent plaintiff seeks to hold eBay liable for information provided by [a third party vendor], eBay is immune from liability".
* "plaintiff’s assertion that eBay knew of the seller’s illegal conduct and failed to prevent it is nevertheless under the ambit of section 230"
* "eBay’s assertion that the auction houses were screened is not actionable" because the screening is an editorial function [note: I'm not sure screening vendors for quality is really an editorial function in the traditional sense. Perhaps this particular issue would have been more appropriately handled under 230(c)(2)?]

At the same time, the court says that three other statements at issue--that live bidding is "safe," is conducted against "floor bidders" and involves "international" auction houses--are not preempted by 230. In doing so, the court distinguishes several cases, including:

* the Gentry case (involving eBay's liability for fake sports memorabilia) because eBay's communications there were distilled from user-supplied feedback
* the SexSearch case (where the site claimed its users were 18+ but a minor lied about her age) because the marketing claims "were merely a regurgitation of its users’ representations" whereas here, apparently eBay made no regurgitations
* the infoUSA case (where infoUSA said that it verified data in its database) and the Barnes case (where Yahoo failed to take down bogus user profiles) because each involved the accuracy of data, while this case involves the promise of safety. [Note: I think the court makes a rather fine distinction here. Clearly the word "safe" means something special to this judge: "eBay’s statement regarding safety affects and creates an expectation regarding the procedures and manner in which the auction is conducted and consequently goes beyond traditional editorial discretion."]

The court doesn't discuss the Accusearch case, which seemed like the most analogous case to me. That case involved a vendor's resale of illicit phone records that were procured by third parties via pretexting, and the court held that 230 didn't protect the vendor even though the underlying asset being sold was information from a third party. The Accusearch opinion doesn't directly hold the vendor responsible for marketing these illicit records as legitimate, but that would be a fair way to read the opinion. The court also could have cited (but didn't) the CafePress opinion, which also involved a 230 denial for a website selling tortious third party goods.

So, what does all of this mean? The bad news is that this case seems to open up a major bypass to 230 for plaintiffs. They don't need to sue a website for a third party-caused tort by asserting the prima facie tort against the website; instead, following the "logic" in this opinion, all a plaintiff needs to do is find that the website made a marketing representation somewhere that says or implies the tort wouldn't occur, and the claim for bad marketing should be outside 230's coverage. [Note: I understand that's not exactly what Patel said because she did reject the claims for eBay's marketing representation about screening. But the claim over "safety" fits this pattern neatly.]

On the other hand, I'm not sure this case reached the wrong result. Assume for a moment that per 230, eBay isn't liable for the marketing claim that its vendors are "safe." This seemingly would mean that eBay could freely make such claims, true or not, reap the economic benefits from consumer choices driven by those claims, and yet completely avoid liability. I don't think 230 should provide a free pass for commercial misrepresentation. eBay picks the words to describe its business; it should own those words.

In any case, as this case illustrates, I think it's fair to say that 230's preemption of marketing representations remains a major open area in 230 jurisprudence. If you're looking for a term paper project, this looks like a good one to me.

Even if 230 doesn't apply, eBay has other defenses against liability for the alleged marketing misrepresentations. The court rejects eBay's defense based on the release in the eBay user agreement, but it does dismiss the fraud claim (with leave to amend) because it lacked the requisite specificity.

The opinion also discusses one of the auction vendor's user agreements, which specified a highly expedited extrajudicial adjudication as the sole dispute resolution option. The court tosses the contractual adjudication procedure as unconscionable due to the contract's formatting and substantive unfairness. Along the way, the court casts some doubt on extrajudicial adjudication clauses that have "no witness" provisions. If you're interested in forming enforceable online user agreements, you should check out this opinion.

Posted by Eric at 09:40 AM | Derivative Liability , E-Commerce , Licensing/Contracts , Marketing | TrackBack

February 26, 2008

Click Fraud Talk at SMX West

By Eric Goldman

At SMX West, I participated on a panel about recent search engine law developments with Clarke Walton, Sarah Bird and Jeffrey Rohrs as moderator. Jeff asked me to address click fraud developments, so here's a recap of my very brief talk:
______

From a legal standpoint, I think click fraud is a relatively unexciting topic. Principally, click fraud is a fairly routine contract interpretation issue--the advertising contract defines the payment mechanism, so search engine-advertiser click fraud cases simply involve the interpretation of that provision. As a result, click fraud cases don't really break any new theoretical ground; the basic legal doctrinal are squarely covered in a first year Contracts course.

The click fraud topic has gotten even less interesting following the 2006 settlements by Google and Yahoo. Since then, I think we've seen a gradual but unmistakable decline in the attention and emotional energy directed towards the topic. Google and Yahoo settled up in part to put the issue behind them, and it looks like they did just that. Let’s consider the denouement from the 2006 settlements:

* Google and Yahoo paid fairly nominal amounts of cash (by their standards)
* The plaintiffs’ attorneys made off with a nice chunk of change (by their standards)
* Advertisers got almost no value from the settlements. My understanding is that the dollar value of credits requests pursuant to the settlement was trivial.
* Hundreds of advertisers opted out of the settlements, and some of those opt-outs have matured into standalone lawsuits of relatively low import (and, IMO, relatively low merit), such as the Feldman v. Google lawsuit. There are some ancillary lawsuits, such as the ongoing Miva securities litigation, that I also think are chickenscratch cases.

Looking forward, I see two main open issues about click fraud:

1) Just how bad is the click fraud problem? We still don’t know the exact rates or volume of click fraud (a topic that has sparked an irresolute war of words and statistics), and advertisers still don’t have a good way to quantify it for themselves. As a result, many advertisers are still mad about click fraud, but at the same time I don’t see any obvious suppression of the click-based advertising market either. I’m sure some advertisers have checked out due to click fraud, and other advertisers have reallocated a portion of their dollars to advertising media less susceptible to fraud, but on the whole the click-based advertising market remains robust, healthy and profitable for all involved. I think this is one of the main reasons that click fraud is receiving less attention.

Another possible reason is that perhaps advertisers are doing a better job managing click fraud despite their imperfect tools. Certainly, advertisers who can track ROI from their click-based advertising can adjust their click bids to account for any valueless clicks. For those advertisers, I recommend that they reduce their bids downward to reflect the value they actually derive. Let your competitors overpay for those clicks.

2) Will there be new class action lawsuits against Google and Yahoo? While the 2006 settlements cleaned up Yahoo and Google’s past liability for click fraud, in theory a new class of advertiser-plaintiffs has been developing since the settlement dates. In light of the sweet deal that the plaintiffs’ attorneys got in the last settlements, it seems inevitable that some entrepreneurial plaintiff-side attorneys are going to round up a new class of post-settlement advertisers.

For more on the click fraud topic, in May 2007, I gathered my blog posts on the click fraud topic into a single PDF.

Posted by Eric at 10:20 PM | Licensing/Contracts , Search Engines | TrackBack

February 15, 2008

Turnitin Lawsuit to Be Dismissed--AV v. iParadigms

By Eric Goldman

A.V. v. iParadigms, LLC, No. 07-0293 (E.D. Va. removal from trial docket Jan. 9, 2008)

iParadigms, the operators of the Turnitin plagiarism detection tool, issued a confusing press release earlier this week announcing that the lawsuit against them was going to be dismissed. To make sense of the press release, I pulled the applicable court filing--see it here. The main operative provision says:

"It appearing to the Court that Plaintiffs' Motion for Summary Judgment should be granted as to the counterclaims and Defendant's Motion for Summary Judgment should be granted as to the Complaint, it is hereby ORDERED that the this [sic] case is removed from the Court's trial docket, and a Memorandum Opinion and Order will be forthcoming."

It is unusual for a judge to foreshadow an opinion like this. I'm guessing the judge was trying to schedule another trial and needed the space, so the judge issued this order before he had time to write up his thoughts. As of this morning, the opinion still hadn't been posted to PACER. I'm not sure why iParadigms waited a month to issue this press release but then decided to release it now prior to the actual opinion. In any case, I'm sure the opinion will be an interesting read on the contract or copyright topics (or both), but we'll have to wait to see the judge's thinking.

Posted by Eric at 09:32 AM | Copyright , Licensing/Contracts | TrackBack

February 12, 2008

Jan. 2008 Quick Links (Non-IP Edition)

By Eric Goldman

47 USC 230

* Doe v. SexSearch, the case absolving a website for age verification of its users, has been appealed.

* The Supreme Court denied cert in Parker v. Google. See 2008 WL 114262.

* NYT update on the Subway v. Quiznos lawsuit. I'm still waiting to see how the CCBill case affects the legal analysis.

Ripoff Report

* CMLP reported that Energy Automation Systems v. Xcentric Ventures has settled.

* A lot of people would love to take down the Ripoff Report. The latest (perhaps unexpected) opponents--the SEO crowd. See here, here and here. Definitely not a group I'd want to have gunning for me...

* Sarah Bird wrote the blog post I wanted to write: a recap of all of the litigation involving the Ripoff Report and its related entities. She updates a number of cases I've blogged about here.

Privacy

* The quest to find defendants in the AutoAdmit lawsuit has spilled over to unrelated websites whose URLs were posted to AutoAdmit, on the theory that AutoAdmit users were likely to have visited there prior to or after the links were posted. See the plaintiff's motion. This has proven to be a controversial move; see critiques from Mike Masnick and Sam Bayard.

* World Privacy Forum's Top Ten Opt Outs.

* The Privacy Rights Clearinghouse has compiled a master list of all the data breaches that have been announced.

Spam

* Venkat on 4 years of CAN-SPAM. I think the best we can say is that CAN-SPAM hasn't destroyed email as a communication tool, but I am skeptical that its significant transaction costs are outweighed by its benefits.

* Search Engine Land shows Wired that its wiki isn't spam-proof and then apologizes for it.

Marketing/Advertising

* Greg Linden predicts a dot-com crash in 2008 where a dry-up of investment capital will lead to marketing desperation: "Much like we saw after the 2000 crash, it is likely that those with little to lose will attempt scary new forms of advertising. The Web will become polluted with spyware, intrusiveness, and horrible annoyances. None of this will work, of course, and there will be lawsuits and new privacy legislation, but we will have to endure it while it lasts."

* Oddee has some vintage ads that couldn't be made today.

Blogging

* Examples of how blogging is actually increasing some companies' sales.

* Giving in to cyberspace exceptionalism, a divorce court judge ordered a husband to stop blogging about the wife. Fortunately, the judge soon realized his error and reversed course, basically throwing up his hands saying "I don't know what to do here." Garrido v. Krasnansky, No. F 466-12-06 (Vt. Fam. Ct. Jan. 14, 2008).

Miscellaneous

* Once again, Mike Masnick says what I was thinking better than I could: "Both Microsoft And Google Are Probably Best Off Shutting Up About Monopolies."

* Wired has a great article on scraping data from major Internet players, many of whom themselves use scraping-like methodologies to gather data: "But beneath all the kumbayas, there's an awkward dance going on, an unregulated give-and-take of information for which the rules are still being worked out. And in many cases, some of the big guys that have been the source of that data are finding they can't — or simply don't want to — allow everyone to access their information, Web2.0 dogma be damned."

* The FTC has cracked down (again) on a website for inadequate security. This time, the e-tailer "Life is good" promised that "all information is kept in a secure file" but a hacker got good stuff (credit card #s, etc.) anyway. The FTC pointed to several deficiencies, including (1) the retailer's failure to store the sensitive data in encrypted format, (2) inadequate efforts to identify and patch security holes, and (3) inadequate monitoring of intrusions.

* Krause v. Chippas, 2007 WL 4563471 (N.D. Tex. Dec. 28, 2007). Court says a website user was bound to the contract when "lead page" of website said "USE OF THIS SITE AND OR SERVICES OFFERED WITHIN THIS FUTURESCOM.COM SITE SIGNIFIES YOUR AGREEMENT TO THIS SERVICE AND USAGE AGREEMENT."

* An interesting British study explains the downsides of government-mandated disclosures to consumers. HT Rebecca.

* I participated in a 30 minute podcasted conversation on the Lawyer 2 Lawyer show on the topic of social networking sites.

* I have 2 copies left of my 2007 Cyberspace Law course reader. First 2 people to email me with a request and their mailing address get them. [UPDATE: Gone!]

Posted by Eric at 05:50 PM | Derivative Liability , Licensing/Contracts , Marketing , Privacy/Security , Spam | TrackBack

January 16, 2008

Contract Formed Even If Customer Never Received It--Schwartz v. Comcast

By Eric Goldman

Schwartz v. Comcast Corp., 2007 WL 4212693 (3d Cir. Nov. 30, 2007)

This case just crossed my desk, and I'm surprised it hasn't gotten more attention. (Declan at News.com wrote about it with a misdirected headline, and other coverage has been thin). The opinion provides a surprising answer to the thorny existential question of how to form a contract without forming a contract.

Schwartz is a disgruntled Comcast customer (is there any other type?) because he thinks Comcast has overpromised and underdelivered (Comcast claimed that it was "always on," except for the 10 days it was off for Schwartz). Schwartz wants his day in court. Comcast prefers that he have his day in arbitration per the terms of its subscriber agreement--which, not incidentally, also handily says that there are no class actions in arbitration. Comcast says that it included a copy of the subscriber agreement in its welcome kit for all new customers and posted a copy on its website, but Schwartz claims he never saw the subscriber agreement. The court's response to this factual dispute is rather amazing:

Comcast's evidence of its consistent practice regarding delivery of subscription agreements and of the conduct of the parties in this case constitute prima facie evidence that Schwartz was aware that the services he accepted were being offered pursuant to a subscription agreement

Isn't this a complete non sequitur? Sure, Comcast can enter evidence that it spams its new customers with the subscriber agreement, but it's also likely that this process is not 100% effective--surely, some errors in the system cause some customers not to receive the agreement. The court cites a Federal Rule of Evidence that says a corporate routine is relevant to prove that the routine was followed in this case. So when Comcast claims it has a pattern of spamming its users with the subscriber agreement, the court says that it will treat all customers as having agreed to those terms--even if they never saw those terms, let alone actually manifested assent to them.

That's a pretty neat parlor trick. Too bad it's not contract law. There's no question that Schwartz and Comcast have a contract for services. Most likely, it formed when Schwartz placed his order and Comcast accepted (or, less likely, when Comcast made its offer and Schwartz accepted by ordering). All we're haggling about is what terms were included in that contract when it formed. [Note: because this contract is for services, the UCC-based contract cases saying "pay now, terms later" do not automatically apply here...not that any of them were cited by this court.] This court says that Schwartz is bound to terms that were sent post-formation (a dicey proposition) even if Comcast can't prove that Schwartz received the terms (let alone assented to them) (a doubly dicey proposition). How in the world can those terms become part of the bargain?

The court bolsters its shaky conclusion with two other facts:

* Schwartz signed a piece of paper when he disconnected his cable service (but not his Internet connectivity) that said "If other non-installation work was provided, I agree to continue to be bound by the current Comcast Subscriber Agreement" and contained the cryptic reference "O/L PRO SERV" which stood for "Online Pro Internet Service." I'm not sure what to make of this language because (1) I don't know what the term "if other non-installation work was provided" refers to, (2) we're haggling over the terms of the original subscriber agreement, so this language doesn't clarify the terms, and (3) the cryptic reference makes no sense to anyone other than a Comcast employee.

* the subscriber agreement was on the web. Noting this, the court makes this remarkable statement: "the terms of the contract were available to Schwartz via the web site, and thus they are binding, despite the fact that he was unaware of them." I don't think the court could possibly mean what it says.

Even though the court went out of its way to form the contract, it did remand the case to consider if the arbitration clause is unconscionable. (According to PACER, nothing has happened since the remand). There's good reason to consider the unconscionability question given that a primary goal of Comcast's arbitration clause was to destroy class actions. Courts have been striking down arbitration clauses for this reason with some frequency, so perhaps the district court will do so here.

The court designates the opinion non-precedential and otherwise clearly communicates its hope that no one other than the litigants will read the opinion. Given the opinion’s sloppiness, that is an appropriate desire. Accordingly, I'm not sure how much wisdom we can salvage from this case. A couple of points:

* the case seems to reinforce that a mandatory clickthrough process (i.e., every user has to go through the same process) should be well-received by a court because it reflects the kind of corporate routine the court lauds here.

* even though the court bailed it out here, it looks like Comcast (and, I suspect, many other telecommunications, cable and Internet providers) have a lot of work to improve their contract formation process so they don't have to rely on parlor tricks to form their contracts.

Posted by Eric at 05:46 PM | Licensing/Contracts | TrackBack

December 13, 2007

Oct.-Nov. 2007 Quick Links, Part 1

By Eric Goldman

I was so jammed at the beginning of November that I didn't have time to post my quick links from October. Never fear; that omission is being corrected with a double shot of quick links covering October and November:

Wikipedia

* Slashdot: Has Wikipedia peaked? If true, I'm not surprised.

* The new status symbol of the digital age? A personal Wikipedia page. FWIW, my personal Wikipedia page was crunched and rolled into a general criticism of Wikipedia page. I found this ironic given that the Wikipedians had already caucused about the merits of my page and decided not to kill it; and then a single Wikipedian swept through and ignored that decision. Sounds like the process worked really well there, guys.

* The newest fork from Wikipedia: Veropedia.

Google

* Webmasters give preference to the Googlebot over other search engine robots in robots.txt files.

* Searchers prefer Google results in a blind taste test. But...searchers also prefer search results when they are branded Google!

* For years, people have speculated that Google advertisers get extra bounce in organic search results. Search Engine Guide lays out the case.

* Carl Person isn't giving up in his (unquestionably futile) fight against Google. The latest: he's appealed his case to the Ninth Circuit. HT Links & Law.

Adware/Spyware

* FTC Commissioner Leibowitz thinks bigger civil fines would help shut down more spyware operators. Then again, it seems like the market is doing that job for them; another adware vendor, DirectRevenue, has gone under.

* Zango has appealed Zango v. Kaspersky to the Ninth Circuit. I wasn't a fan of this lawsuit from the outset, so pursuing the case sounds like a mistake to me.

Virtual Worlds

* Herman Miller (maker of the famous Aeron chairs--I had one at Epinions) is combating the makers of fake virtual Aeron chairs in Second Life.

* Bragg v. Linden Lab has settled. The case involved a claim that Linden Lab improperly impounded some virtual assets.

* Wired: "Cheaters in multiplayer online games beware: Game developers are turning to advanced financial fraud-detection software to keep you from crooking your way to online riches."

47 USC 230

* Roskowski v. Corvallis Police Officers' Ass'n, 2007 WL 2963633 (9th Cir. Oct. 10, 2007). A summary opinion upholding a dismissal based on 47 USC 230. See my blog post on the district court ruling. Michael Erhman's comments.

* The US Supreme Court denied certiorari in Perfect 10 v. ccBill.

* The AutoAdmit plaintiffs filed an amended complaint that dropped Ciolli as a defendant and reworked the substantive allegations. Coverage: Above the Law, Concurring Opinions (1, 2), WSJ Law Blog.

* A former student informed me that a judge on the show Boston Legal (the Nov. 13 episode, "Attack of the Xenophobes," episode 74) applied 47 USC 230--correctly!--to dismiss a lawsuit against YouTube for a defamatory video. See the episode recap.

Online Contracts

* Adsit Co. v. Gustin (Ind. Ct. App. Oct. 16, 2007). Daughter-in-law gives credit card number to mom-in-law to complete online transaction. Court holds that mom-in-law acted as daughter-in-law’s agent and thus bound the daughter-in-law to the vendor’s clickthrough agreement. Accord: the Hofer and Abramson cases.

* Whitnum v. Yahoo, Inc., 2007 WL 2609825 (NY Supreme Court, Sept. 5, 2007). Woman sought damages because Yahoo shut down her website the same day she got a good publicity hit. Yahoo pointed to the liability limits in its user agreement, and the court found that those limits supported a motion to dismiss. Given the ubiquity of similar provisions in web hosting contracts, this case nicely illustrates that web hosting customers really don’t have any recourse if their vendor just shuts them down. This is also why I find 17 USC 512(g) (the DMCA limit on liability if a web host honors a counter-notification) so baffling—web hosts don’t need any help from the statutory safe harbor when they have already eliminated the risk through their contracts.

Posted by Eric at 02:05 PM | Adware/Spyware , Derivative Liability , Licensing/Contracts , Search Engines , Virtual Worlds | TrackBack

October 24, 2007

Interesting Contract Interpretations in Eighth Circuit Fantasy Baseball Case--CBC v. MLB

By Eric Goldman

CBC Distribution and Marketing, Inc., v. Major League Baseball Advanced Media, L.P., No. 06-3357/3358 (8th Cir. Oct. 16, 2007)

You've already heard about this case, which held that MLB's right of publicity claim against a fantasy baseball league provider was barred by the First Amendment. Personally, I found that ruling only mildly interesting. The First Amendment defense to ROP claims is so squirrelly that I have no idea when we'll see it again, so the precedential impact of this ruling is unfortunately low. Instead, the court should have ruled that publishing player statistics in an online commercial database isn't a commercial exploitation (i.e., lacked the requisite "commercial advantage") of any player's publicity rights any more than publishing a book compiling such statistics would be. That would have been a more sensible ruling and would have provided a lot greater certainty for the future.

In any case, I think the discussion about the expired CBC-MLB contract is way more interesting than the right of publicity discussion. The court lays waste to the standard interpretation of at least 2 very commonly used contract provisions, and this provides a cautionary tale to drafters.

Representation/Warranty of Authority

The contract said that the licensor "represents and warrants that it has the authority to grant the rights licensed herein." Normally, this R&W is made as part of a series of ownership R&Ws--typically that the licensor (1) owns its licensed stuff, (2) has the right to grant licenses to the stuff, and (3) use of the licensed stuff won't infringe any third party rights. When these R&Ws are poorly drafted, they can be effectively redundant (i.e., a third party claim of infringement triggers all three R&Ws), but #2 does pick up two additional situations compared to #1: (a) where the licensor owns the stuff but has granted an exclusive license to a third party that would conflict with the newly granted license, and (b) where the licensor itself in-licenses stuff, in which case the R&W tests if the licensor has appropriate sublicensing rights.

Here, the court rejects the licensee's argument that the Players Association (the licensor) breached the R&W because it didn't have good title (because there were no enforceable publicity rights). Instead, the court reads the R&W as an R&W of agency--that is, that the Players Association is the agent of the players.

FWIW, personally, I rarely use R&Ws of ownership. Usually, I handle infringement risks solely through an indemnity. So I would be unlikely to encounter this issue in a contract I drafted. But I have seen this language hundreds of times in other contracts, and I believe the parties have always intended to ascertain the licensor's good title. As a result, this court seems to have completely misread this provision, and its interpretation jeopardizes the interpretation of the language in the many, many other contracts where it appears.

Declaration of Ownership

The court also interprets the language that the Players Association "is the sole and exclusive holder of all right, title and interest" in and to the players' names/statistics. I call this type of provision a declaration of ownership--typically intended to clarify the respective ownership rights between the parties. Personally, I hate these provisions, especially in licenses of public domain data. What does it mean to declare the licensor the "owner" of public domain data? And I've had way too many pointless/fruitless negotiations over the ownership about user data that are unquestionably hindered by the weak grammatical structure of such a declaration.

The Eighth Circuit gives us another reason to hate the declaration of ownership clauses. They say that "quite obviously" the language is an R&W of ownership, which the Players Association breached because, in fact, it didn't have enforceable right of publicity rights. So watch out for those declaration of ownership clauses--they could become an unintended backdoor warranty of ownership!

Enforceability of Post-Termination Restrictions

The MLB contract had provisions waiving a licensee's right to challenge MLB's ownership rights (the no-challenge clause) and restricting post-termination use of the data (the no-use clause). The no-challenge clause isn't that unusual in the trademark license context, but it's extremely aggressive with respect to licenses of public domain data. (I can't recall ever seeing it in a right of publicity license). The no-use provision is very common among licenses of public domain data. Without the clause, immediately after the license, the licensee will have an electronic copy of the data and can exploit it freely without paying for it, thus undermining the licensor's business model.

The district court struck down both clauses on public policy grounds. This was a sensible approach with respect to the no-challenge clause, which has the effect of precluding judicial oversight over dubious claims of ownership. As for the no-use clause, I'm reminded of the Listerine case and the survival of confidentiality restrictions in a trade secret license even after a trade secret has lapsed in the public domain. Normally we tolerate these trade secret restrictions that make the licensee worse off than if the licensee had never signed the contract in the first place. I'm not sure it's a good policy result, but it's well-established as a legal doctrine.

Whenever I did data in-licenses, I would always contractually preserve our post-termination ability to procure replacement data from other sources for this very reason (just like I always include a provision in trade secret licenses/NDAs removing the confidentiality obligations if the trade secret is in the public domain). My guess is that MLB was a real bear about such negotiations, so they probably would have resisted the inclusion of such a provision. But without that provision, there is a risk that the court would enforce the post-termination obligation in a way that effectively made the data licensor a monopoly supplier of the data in the future.

The court sidesteps all of this by finding the declaration of ownership provision was a warranty that the licensor breached and thus released CBC from the reciprocal obligations. This sure seems like a roundabout way to reach the result that CBC isn't contractually restricted from using public domain data. It would have been cleaner if the court would have categorically restricted such clauses on public policy grounds. Instead, because the court took this convoluted process, licensees of public domain data either have to (a) include sufficient warranties (or clauses that a court will misinterpret as a warranty) that will allow the licensee to escape post-termination restrictions on public domain data, or (b) as I always do, include a post-termination right to obtain the data from other sources, which is usually painful to negotiate.

Posted by Eric at 06:13 PM | Licensing/Contracts , Publicity/Privacy Rights | TrackBack

October 22, 2007

AOIR Regulating Virtual Worlds Panel, and My Notes on Investment Expectations in Virtual Worlds

By Eric Goldman

Last week at AOIR's annual meeting (AOIR 8.0) in Vancouver, Greg Lastowka, James Grimmelmann, Tyler Ochoa and I presented on the topic of regulation of virtual worlds. My notes from the presentations are below. See Mark Bell's recap too.

Greg Lastowka, Rules of Play

Greg discussed how game rules can increase the fullness and beauty of life. Yet, legal rules may be too rational. For example, a traditional economic analysis would encourage the development of markets for virtual property, regardless of any EULA restrictions, because these markets would facilitate Pareto exchanges (i.e., both parties better off; no one worse off). However, lawyers can't understand peoples' need to live in beauty or how gameplay can facilitate this.

My comment to Greg: how much are rules of play exogenous to the players (i.e., imposed from the top down by the VW providers) and how much are just codifications of rules that the community of players demand on a bottoms-up basis. At Epinions, our users demanded that we vigilantly police the conduct of other players, in many cases forcing us to impose more rules or police them more vigorously than we would have done if the choice was solely ours.

James Grimmelmann

James talked about the metaphysics of virtual objects/experiences. The VW provider has the power to determine people's perceptions within the world. For example, if the VW provider deletes an object, everyone agrees that the object ceases to exist in the world.

Also, the VW software is proprietary, so there's no check on a provider's autocracy. Even if the software creation was open sourced, it still wouldn't solve the normative determination of what's fair to do to players.

James thinks that virtual worlds need healthy virtual governance--specifically, that there should be a public sphere within virtual worlds as a way for players to discuss the providers' autocratic decisions.

I made two comments: (1) is there anything unusual about the metaphysics in virtual worlds? It seems to me that we have many shared hallucinations in realspace (like when our government lies to us, and we accept the lie rather than listen to our inner skepticism). (2) If the risk of provider exercise of arbitrary autocratic power is a problem, couldn't providers outsource an auditing function to third parties? For example, accounting firms audit the financial statements of companies.

Tyler asked what's so good about liberty and fairness? I think he was driving at the fact that VWs could in fact involve benevolent dictators, and this could lead to better outcomes than we could accomplish in the real world.

There was a good Q for James that if virtual property is real, does that mean that cybertorts committed in the virtual world equally "real"? For example, is hate speech in a virtual world just as tangible as virtual property?

Tyler Ochoa, Who Owns Avatars?

Tyler acknowledged that the first response to this topic is that avatar ownership should be determined by the EULA. He made his arguments why the default ownership of avatars matters:

1) EULAs may not be binding (see, e.g., the Bragg decision, which put Second Life's EULA in serious jeopardy)
2) some things can't be assigned by contract, such as the 17 USC 203 termination of transfer right. (So, in 35 years, someone might come back and demand the copyrights to their avatar!)
3) the default copyright rules may determine the applicability/enforceability of contract rules

He noted the numerous aspects of an avatar that may be protected, including the avatar's appearance, capabilities, behavior and communications.

He thinks the more that a provider gives choices to consumers to configure avatars, the more that the avatar looks like the creation of a user. As a result, he advocated that avatars should be thought of as a contribution to a collective work (although, depending on the facts, they could be a derivative work, a compilation or a joint work). He explained why this solved some of the problems about avatar ownership.

I asked Tyler whether the more appropriate model would be for providers to treat avatars as a specially commissioned work for hire as part of an audiovisual work. This would require providers to characterize the avatar as a work for hire in their EULA, but this seems like a complete solution for providers (maybe not for users!).

In his talk, Tyler asked about the appropriate remedies if a hacker deleted someone's avatar. This seems like a problem outside of copyright law, but tangible property law could in theory apply. See, e.g., Kremen v. Cohen.

Tyler also asked what remedies users would have if their avatars were included in a derivative work (like a movie based on the VW). Again, copyright may or may not provide an adequate remedy, but it made me wonder if users have a publicity right in their avatar. I haven't researched it, but I assume that the ROP can cover pseudonyms, nicknames, etc. If so, it seems like a derivative work may need permission from avatar alter egos irrespective of the copyright disposition.

Eric Goldman, Investment Decisions on a Shaky Virtual Foundation

Here are my notes from my talk. I am thinking about writing this up into a short essay, so I would gratefully welcome any comments.

_______________________________________________

Investment Decisions on a Shaky Virtual Foundation

There has been lots of discussion in literature about who owns virtual property. However, I’m more interested in *how* virtual property comes into existence in the first place because it gets created in a seemingly poor environment for investment decisions.

Obviously, some virtual property is generated as part of the ordinary course of gameplay. We generally don’t need to worry about the incentives to create this property; the gameplay provides the needed incentive. And I believe we don’t need to protect the investment “expectations” for this property—because the gameplay provides the motivation, there are no *investment* expectations to protect. (There may still be unhappy users who feel screwed by gameplay or providers’ monkeying with the gameplay, but this seems wholly internal to the game itself).

In other cases, virtual property will be protected by default IP laws (such as copyrightable works created within the context of Second Life). These investment decisions are no different than the creation of any other IP.

Despite these two motivations, there is still plenty of other investments made on spec or with the hope of a return, and these investments can be wiped away in a moment. There can be in-world reasons, like inflation, exploits or in-game theft. More importantly, the VW’s user agreement may give the provider unlimited ability to moot the agreement, such as by kicking the user off the site or stripping the user of assets.

The most obvious example is Second Life, where there is no gameplay per se but still plenty of real-world investment capital being invested. Second Life's EULA makes it clear that all of this investment could be wiped away at its discretion. From its user agreement:

Sec. 1.4: You agree that Linden Lab has the absolute right to manage, regulate, control, modify and/or eliminate such Currency as it sees fit in its sole discretion, in any general or specific case, and that Linden Lab will have no liability to you based on its exercise of such right.

Sec. 2.6: Linden Lab has the right at any time for any reason or no reason to suspend or terminate your Account, terminate this Agreement, and/or refuse any and all current or future use of the Service without notice or liability to you. In the event that Linden Lab suspends or terminates your Account or this Agreement, you understand and agree that you shall receive no refund or exchange for any unused time on a subscription, any license or subscription fees, any content or data associated with your Account, or for anything else.

Sec. 5.3: When using the Service, you may accumulate Content, Currency, objects, items, scripts, equipment, or other value or status indicators that reside as data on Linden Lab's servers. THESE DATA, AND ANY OTHER DATA, ACCOUNT HISTORY AND ACCOUNT NAMES RESIDING ON LINDEN LAB'S