August 24, 2010
Ghostwritten Attorney Newsletter is an "Ad" for TCPA Junk Fax Law Purposes--Holtzman v. Turza
By Eric Goldman
Holtzman v. Turza, 08 C 2014 (N.D. Ill. Aug. 3, 2010)
This case is a unremarkable straight-down-the-middle analysis of when editorial content becomes a regulated ad, which in turn makes it a remarkable case. Most editorial-content-as-ad cases have quirky hooks that undercut their broader applicability.
The defendant is an Illinois lawyer. The court says:
In August 2006, he hired Top of Mind Solutions, LLC ("Top of Mind") to create and distribute by fax and email one-page documents titled the "Daily Plan-It" to a list of persons supplied by defendant. Defendant's target list included a combination of contact information he purchased from the Illinois CPA Society and numbers he obtained from business contacts and students.
Top of Mind issued 41 versions of the Daily Plan-It on defendant's behalf, every two weeks, from August 2006 to March 2008. All 41 versions include a masthead with the words "The `Daily Plan-It'" in italicized, bolded, and underlined text. "Gregory P. Turza, JD" appears just below the masthead along with the date, volume and issue number of the document. Beneath this title, the page is divided into two columns that contain an editorial article offering advice about various topics. Each article runs the length of the left column of the page and concludes in the middle of the right column....
The content of each Daily Plan-It was created entirely by Steven Patrick Riley ("Riley"), Top of Mind's owner. Defendant did not contribute to the editorial content. At the end of each article, in the lower right corner, defendant's name is listed (in a font larger than any other type on the page, with the exception of "The `Daily Plan-It'"). He is identified as an attorney and counselor at law, and the words "estate planning," "post mortem administration," and "business succession planning" appear before his name. Each fax also includes two or three graphic images: defendant's business logo, a photo of the building in which defendant has his office, or a head shot of defendant. Also included are his business address, telephone and fax numbers, e-mail address, and website address. At the bottom of the fax the document repeats defendant's name and phone number. This "identifying information" occupies approximately 20 to 25 percent of total area of the fax.
Three things stand out from this recitation of facts:
* it was bad form to buy a list of fax numbers and start blasting fax messages every 2 weeks. I've repeatedly noted that I think the days of buying email lists are long dead. Buying fax lists strikes me as an even worse idea.
* it's interesting to think that a lawyer would rely upon a vendor to generate editorial copy that goes out under the lawyer's name. The facts don't indicate if Turza reviewed and approved the content before it went out. I don't use ghostwritten material; I usually even extensively rewrite co-authored material.
* while the content's marketing intent is clear and unmistakable, the newsletter's substance is also unambiguously editorial content however broadly or narrowly we conceive of it. The law doesn't handle editorial-content-as-marketing overlaps very well, unfortunately.
The court applies the FCC's interpretation that faxed editorial newsletters aren't regulated advertising so long as any advertising content in the newsletter is "incidental," which in turn depends on whether the ad is a "bona fide informational communication." As you can see, the quest for synonyms doesn't really advance the analysis; it just shows that if you don't know how to parse between ads and editorial content, synonym proliferation tries to mask that fact (unsuccessfully, I might add).
The court concludes that the newsletter is regulated advertising. The court appears to focus on the sender's intent: "the record is replete with evidence demonstrating that the primary purpose of defendant's agreement with Top of Mind was to generate awareness of defendant's services and build his client base." The court continues: "defendant has provided no facts to show that his genuine, primary motivation in paying Top of Mind to distribute the Daily Plan-It was to educate CPAs and his business contacts on various industry-related topics rather than to build brand recognition and solicit business referrals for his law practice."
To me, this suggests the case would have been much harder if the editorial content hadn't been ghostwritten because the newsletter's educative intent would be clearer. Nevertheless, the court's sender-payoff-oriented standard--"to generate awareness of defendant's services and build his client base"--is unworkable because those payoffs are exactly what most professional service providers seek every time they publish editorial content.
UPDATE: Carolyn Elefant has more to say about this case.
Posted by Eric at 03:30 PM | Marketing , Spam | TrackBack
July 26, 2010
Facebook's Anti-Spam Filter Blocks Legitimate Conversations about Power.com
By Eric Goldman
On Friday, Venkat and I posted about the latest ruling in Facebook v. Power.com. After Venkat or I make a blog post, I typically post the blog headline and URL to Twitter. I have enabled the app that makes my Twitter posts into my Facebook status reports as well, so the headline and URL on Twitter should automatically propagate to Facebook. On Friday, I tweeted the following:
"Blog Post: Important ruling on California's anti-computer trespass statute--Facebook v. Power.com http://bit.ly/bM7hQT"
However, I noticed that the Twitter-to-Facebook app didn't work properly and the headline didn't appear. So I tried to manually enter the headline and URL and got this message from Facebook:
"This message contains blocked content that has previously been flagged as abusive or spammy. Let us know if you think this is an error."
I do think that's an error, and I reported the problem through Facebook's automated reporting tool on Friday. Not surprisingly, I still haven't gotten a response to that. But I was baffled how my headline and URL could have been "flagged as abusive or spammy." Who flagged it? Why?
After a little more experimentation, I discovered that every instance of the character string "power.com" is blocked in Facebook. Therefore, every time I put "power.com" into my status reports or in comments to those status reports--even if it's the only content in the post/comment--I get the "blocked content" message. However, it's easily avoided; I can post "power . com" (notice the spaces before and after the period) just fine. Basically, Facebook is using a very dumb word filter.
I emailed my PR contacts at Facebook about this. They pointed to their anti-spam filter and this blog post from June. The blog post explains that "we've been working to improve our warnings and make them more clear" and that "people misunderstand one of these systems. They incorrectly believe that Facebook is restricting speech because we've blocked them from posting a specific link."
So this is where things have gone wrong. Facebook told me it has blocked Power.com because "we found that Power was spreading links to its pages in a way that violated our Statement of Rights and Responsibilities. For example, when a Power user accessed Facebook, Power would automatically create an event on Facebook (typically called 'Power.com Party' or something similar) without the person's knowledge or permission. It would then send invitations to all of the user's friends." Fair enough, and I'm glad Facebook is trying to keep its system safe for users.
However, Facebook's dumb word filter block means that every reference to "power.com," even if it's in plaintext and not linkable, is still treated as a link and therefore is blocked as well. The messaging then disparages the plaintext reference as "blocked content that has previously been flagged as abusive or spammy" when, in fact, a link to the URL, not the plaintext reference I made, has been flagged. So much for clearer error messages.
I pointed out to Facebook's spokespeople the difference between a plaintext reference to a company's name ("Power.com") and a spammy URL/link. Their response? "Spammers turning their malicious urls into plain text is the oldest trick in the book. Not blocking all of the variations of a bad URL leaves a gaping hole."
There is a kernel of truth to this, of course. A plaintext URL is not materially different from an active hypertext link--if the user chooses to cut-and-paste the link into the browser (or right-clicks on it, or whatever). However, Facebook's method of blocking spammy links by blacklisting every instance of the character string actually has the effect of blocking *every* discussion of a blacklisted company with the name [noun].[tld]. Because the main word in the name is a noun (e.g., "Power"), referencing the name without the TLD can lead to semantic ambiguity. However, the system prevents me from using the complete name (Power.com) because it can't distinguish between a link and a plaintext reference to a company's name that acts as a URL. I received a private email that another Facebook user encountered a similar block with the string seppukoo.com, the Facebook suicide tool.
In my case, the net consequence is that Facebook automatically blocks any conversations involving the string "power.com"--including my headline to my blog post--and provides an error message telling me that I am posting spammy/abusive content when I try to make the posting, which makes me feel like I did something wrong. With all of the bright engineers at Facebook, I bet they could figure out a way to more precisely tune the filter so that a plaintext reference to [noun].[tld] gets through while active links to that URL, or more fulsome plaintext URLs, remain blocked.
That is, assuming Facebook actually wants to enable Facebook users to talk about Power.com or Seppukoo.com or other enterprises that threaten the Facebook franchise. Frankly, I haven't seen much evidence of Facebook's interest in those conversations. In light of Power.com's antitrust challenges against Facebook, the fact that Facebook's system suppresses legitimate conversations about Power.com (whether it had a censorious intent or not) struck me as particularly noteworthy.
Posted by Eric at 10:33 AM | Content Regulation , Domain Names , Privacy/Security , Spam | TrackBack
July 02, 2010
Idaho District Court Dismisses CAN-SPAM Claims Due to Non-ISP Status -- Melaleuca, Inc. v. Hansen
[Post by Venkat]
Melaleuca, Inc. v. Hansen, Case No. CV 07-212-E-EJL-MHW (D.Id; June 29, 2010)
A federal magistrate judge in the District of Idaho dismissed spam claims brought by Melaleuca, Inc., in a (recommended) decision that's not particularly noteworthy, except for the fact that it's a carbon copy of Gordon v. Virtumundo.
Background: Hansen was an "independent marketing executive for a multi-level marketing company called ITV." Melaleuca was and is engaged in a similar business. Melaleuca "encourages its customers to become marketing executives by referring family and friends to Melaleuca to purchase its products and allowing them to earn commission on any orders made by the referred individuals." (Sounds Amway-like, from what little I know of Amway, but that's neither here nor there.) Hansen sent out emails while working for ITV inquiring as to whether the recipients "would be interested in hearing about a new business opportunity." Some of his emails were sent to Melaleuca marketing executives.
Melaleuca used an email service called "iglide.net," through which it provided email services to its customers. Melaleuca also used an ISP called "IP Applications," through which it provided internet access to its customers. It did not have control over (or even access to) the hardware that enabled the internet access. According to the court, Melaleuca was a customer of IP Applications and iglide.net, and simply made the services provided by these companies available to its customers.
Discussion: The court holds that Melaleuca did not fall under the definition of an "internet access provider," citing to the fact that Melaleuca did not play more than a "nominal role" in providing internet-related services. The court also finds that even if Melaleuca falls under this definition, it could not maintain claims under CAN-SPAM because it was not "adversely affected." In Virtumundo, the court noted that Congress intended private CAN-SPAM plaintiffs to be able to sue only when they suffer the type of harm that is "uniquely encountered by IAS providers." Typical consumer harm - such as calling technical support and having to undergo the inconvenience of deleting unsolicited emails - did not suffice. Melaleuca did not put forth evidence that it required hardware upgrades or even more bandwidth due to the emails at issue (or as a result of increased spam in general). No luck for Melaleuca.
Melaleuca argued that it obtained an assignment of claims from its ISP, but the court found that the assignment could not rescue Melaleuca's claims. The assignment occurred more than a year after the case was filed. (The precise nature of the relationship between Melaleuca and the ISP is unclear, but if nothing more, the assignment shows that they are friendly parties.)
The court declines to address Hansen's preemption arguments as to the state law claims, leaving those to be addressed in state court. While Melaleuca has another shot at its state law spam claims, it may have to contend with some sort of adverse fee award, which the court may well award to Hansen.
Related: Professor Goldman previously posted on another dispute involving Melaleuca, this one involving an expedited DMCA subpoena which also touched on the copyrightability of a take-down letter: "Co-Blogger Identity Isn't Disclosed via 512(h), but Takedown Letters Are Copyrightable."
Posted by Venkat at 11:30 AM | Spam
June 21, 2010
Use of Multiple (Even Random or Garbled) Domain Names to Bypass Spam Filter Does not Violate Cal. Spam Statute -- Kleffman v. Vonage
[Post by Venkat]
Kleffman v. Vonage Holdings Corp., Case No. S169195 (Calif. Supreme Ct.; June 21, 2010)
The California Supreme Court issued its opinion in Kleffman v. Vonage, a case certified from the Ninth Circuit. The California Supreme Court held that the transmission of "commercial e-mail advertisements from multiple domain names for the purpose of bypassing spam filters" does not violate California's spam statute. Kleffman was a putative class action, and in bringing claims based on the transmission of accurate emails from multiple domain names, plaintiffs tried to stretch the bounds of California's spam statute to the limit. The California Supreme Court - citing preemption, among other considerations - rightly rejected the arguments brought by Kleffman.
Background: Kleffman sued in state court, alleging that the transmission of emails on behalf of Vonage through domain names such as 'superhugeterm.com,' 'formmycompanysite.com,' 'ursunrchcntr.com,' and 'urgrtquirks.com' violated section 17519.5(a)(2), a provision of California's spam statute which prohibits the use of "falsified, misrepresented, or forged header information." Vonage removed to federal court (in the Central District of California). The Central District dismissed the lawsuit without leave to amend, finding that Kleffman's failure to allege anything misleading about the emails doomed the claims, and the claims were preempted anyway. Kleffman appealed to the Ninth Circuit, which certified the following question to the California Supreme Court:
Does sending unsolicited commercial e-mail advertisements from multiple domain names for the purpose of bypassing spam filters constitute falsified, misrepresented, or forged header information under Cal. Bus. & Prof. Code § 17529.5(a)(2)?
Discussion: The court starts out the discussion by noting a fact that to me starts and ends the discussion:
There is . . . no dispute . . . that the domain names used to send Vonage's e-mail advertisements . . . actually exist and are technically accurate, literally correct, and fully traceable to Vonage's marketing agents.
There's another case that turned a similar issue - Mummagraphics, covered by Professor Goldman here: "Fourth Circuit Rejects Anti-Spam Lawsuit." In that case, "the . . . header information [for the emails] incorrectly indicated that the e-mails originated from the server 'FL-Broadcast.net,' and [] the messages' 'from' address read cruisedeals@cruise.com, although that e-mail address was apparently non-functional' but the court says that these mistakes are immaterial because the 'e-mails at issue were chock full of methods to 'identify, locate, or respond to' the sender or to "investigate [an] alleged violation' of the CAN-SPAM Act." The court held that these immaterial errors do not state a claim under CAN-SPAM, and to the extent state law allows claims under these facts, it would be preempted. It's hard to see if the claims in Mummagraphics failed, how Kleffman's claims would be viable.
Kleffman tried to argue that the term "misrepresented" in section 17529.5(a)(2) should be construed with reference to other unfair business practices-type statutes, namely, the notoriously amorphous section 17200. According the Kleffman, the spam statute should cover not only header information that is deceptive, but also header information that's "likely to deceive." The court finds that Kleffman's argument is untenable as a matter of statutory construction (the specific provision of the spam statute uses the term "misrepresented," and does not use the term "misleading"). Second, the header information prong, which uses the term "misrepresented," can be contrasted with the subject line prong, which actually uses the term "misleading," and which the court implies has a much broader reach. The court also notes that there's a specific section in California's spam statute which speaks to the use of multiple domain names (17529.4), but section 17529.5(a)(2) says nothing about the use of multiple domain names. Finally, the court notes that the construction urged by Kleffman presents a huge preemption problem (citing Virtumundo).
___
It's nice to see the California Supreme Court come out on the right side on this one. That said, it's painful to see that the dispute had to be litigated through three different courts to achieve a clear answer. This is one of those arguments that anti-spam plaintiffs often make that is out in left field. At least there's some case law to point to in answer to these arguments.
Where does this leave us? In California at least, subject line claims continue to be viable under the broad "likely to mislead" standard. Header information claims, on the other hand, will be much harder to bring. As long as you don't violate any other rules in registering the domain names or acquiring the recipient's email addresses, sending emails from multiple (albeit accurate) sources is not a violation of either federal or state spam laws.
[corrected to note that the decision came to the Ninth Circuit from the Central District of California and to make a few edits (reversed "misrepresented" and "misleading")]
Posted by Venkat at 10:13 AM | Spam
June 15, 2010
Judge Kocoras Cuts Down $11MM Award Against Spamhaus to $27,000 -- e360 v. Spamhaus
[Post by Venkat]
e360 Insight, LLC v. The Spamhaus Project, (N.D. Ill June 11, 2010)
e360 v. Spamhaus is one of these cases that's been around so long it feels like an old friend. A few years ago, e360 got some press for winning an eleven million dollar damage award against Spamhaus. In a less heralded development, following a bench trial on damages, last week a district judge modified e360's damage award down to only $27,000 on its tortious interference and defamation claims. I'm not sure what it is about spam that spawns wasteful litigation, but this is yet another example of a lengthy spam dispute which consumed a lot of resources but which ultimately ended with a whimper.
Background: e360 is (was) a company that provided marketing services (including email marketing) to its customers. Spamhaus is a company which maintains a list of alleged spammers and provides "blacklisting" services. In 2006 Spamhaus "listed e360 and [its principal] Linhardt as being involved in transmitting unsolicited email, colloquially referred to as 'spam.'"
e360 sued Spamhaus alleging claims for tortious interference and defamation. Spamhaus, which is located in the UK, initially appeared, but then "withdrew both its counsel and its answer." The court entered default in late 2006. e360 then moved for default judgment, relying on the declaration of its executive, David Linhardt. The declaration stated that Spamhaus's actions resulted in the cancellation of three contracts e360 had with customers, and the loss of the opportunity to work with prospective customers. e360 claimed a total in damages of $11,715,000, and the district judge awarded this amount.
Spamhaus then appealed, challenging jurisdiction, service, and pretty much everything else. The Seventh Circuit rejected most of Spamhaus's challenges, but found that "a more extensive inquiry" was required on the damages issue. So the case came back to Judge Kocoras for a determination of damages.
Damages: Despite litigating the case vigorously up to this point, when it came to damages, e360 seemed to muster a lot less energy. According to the court, e360 was "slow to provide information requested by Spamhaus . . . [and] missed several [d]eadlines." I'll spare readers a detailed discussion on damages, but the court's take can be summed up as follows:
The unreliability of [e360's] approaches is unmistakably demonstrated by the profound differences in claimed damages profferred at various points during these proceedings. Finally, it strains credulity that a company that made only a fraction of the profits [e360] asks for over the course of its five-year lifespan would have garnered profits in the amounts [e360] set out in [its] testimony or documentary evidence. The profit and loss statement [e360 provided] sets out the company's overall profits at $332,000. . . . .
At the time of default judgment, the damages claimed were $11,715,000. During discovery, Exhibit 5 was proffered reflecting damages of $135,173,577. At trial, proffered Exhibit 5(a) showed damages of $122,271,346. During final argument, the claimed amount was $30,000,000.
__
Note to plaintiffs: if your damages estimates vary by more than $100M from one iteration to the next, chances are you're not going to get any.
Everyone has their own calculus for when and how far to litigate a dispute, but a case that spanned almost four years and a Seventh Circuit appeal and which resulted in a final judgment of $27,002 doesn't sound like a particularly good outcome for the plaintiff. If you're wondering where the odd two dollars came from, the court awarded nominal damages on the tortious interference with prospective economic advantage and defamation claims. The court declined to award injunctive relief.
Spamhaus had a viable Section 230 argument here, but this argument got lost in the procedural quagmire. Section 230(c)(2) protects filtering judgments and insulates "action taken to enable or make available to information content providers or others the technical means to restrict access to material [that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable]." (See Professor Goldman's post discussing Pallorium v. Jared, a California state appeals court case where the court held that a publisher of list of IP addresses for open relays could not be held liable. See also Zango v. Kaspersky.)
The decision contains a detailed discussion of the volume of emails transmitted by e360, and which customers many emails were sent on behalf of. Ironically, through litigating this dispute, e360 caused to be memorialized in a court order, facts about its email practices (and the email marketing industry in general) that I'm guessing it would prefer not be in the public eye. Two facts jumped out at me from the order. First, e360 sent out 6.6 billion (!) emails through the course of its five year existence. Second, there were some familiar faces among the list of its customers: SmartBargains and Optinbig.
Posted by Venkat at 02:09 PM | Spam
May 20, 2010
CAN-SPAM Plaintiff Slammed With $800K Attorney Fee Award -- Asis Internet v. Optin Global
[Post by Venkat]
Asis Internet Servs. v. Optin Global, Inc., et al., Case No. C-05-05124JCS (N.D. Cal. May 19, 2010)
A federal court granted a request for attorney's fees (in the amount of $806,978.84) against prolific CAN-SPAM plaintiff Asis Internet. I thought things were looking good for Asis - whose lawsuits have generated substantial blog fodder - when it recently obtained a 2.5 million dollar default judgment in a spam case. I don't know the details of Asis's financial situation, other than the fact that it's a small ISP that once argued a bond should not be imposed against it due to its financial situation. At the least, this fee award will take some spring out of its step. More importantly, it stands as a warning to CAN-SPAM plaintiffs everywhere.
The court's order contains a good summary of the procedural history of the case. In 2008, the court granted summary judgment in favor of Azoogle, finding that Asis lacked standing and there was insufficient evidence for a reasonable jury to conclude that Azoogle "procured" the emails in question. Asis then moved for fees. The court denied the fee request without prejudice, but awarded costs ($34,825.24). Asis appealed both the summary judgment order and the cost order to the Ninth Circuit. The Ninth Circuit summarily affirmed. (Here's my blog post on that Ninth Circuit ruling.) Although the Ninth Circuit affirmed both the summary judgment order and the cost order, it didn't comment on the proper standard to be used for awarding costs in CAN-SPAM cases. Asis urged a plaintiff-friendly approach that is used in civil rights cases. Azoogle argued that the more neutral Fogerty standard (which is used in copyright cases) was appropriate.
The court finds the Fogerty standard to be appropriate and grants Azoogle's request for attorney's fees and costs. Azoogle also filed a Rule 11 request for sanctions along with its request for fees. The court awards the fees and costs under CAN-SPAM and doesn't make a finding as to whether Rule 11 sanctions are appropriate:
the Court concludes that while Asis may not have acted out of bad faith in initiating litigation against Azoogle, it at least acted unreasonably. Even assuming Asis might have reasonably believed when it initially named Azoogle as a defendant that it would establish standing - a question that turned on an as-yet unresolved issue of law - there was never any evidence that Azoogle sent or procured the emails on which Asis based its claims. Rather it is apparent that Asis sued Azoogle based on little more than speculation that there might be a connection between those emails and Azoogle. Asis then continued to litigate even as its discovery efforts turned up no evidence in support of its claims against Azoogle. Having initiated over 20 similar actions, and sued over 20 defendants in this action alone, an award of attorneys' fees here is necessary to deter Asis and other plaintiffs hoping to profit under the CAN-SPAM Act from casting such a wide net. [emphasis mine]
Ouch! The court also cites to Gordon v. Virtumundo, where Judge Coughenour awarded Virtumundo $110K in fees and costs. Finally, the court finds that expert fees are unavailable under CAN-SPAM, and declines to award the $105,435 in expert fees which Azoogle requested.
Asis's filings in response to Azoogle's fee request provide a window into the approach frequently taken by Asis and other spam-plaintiffs. Despite being unable to marshal sufficient evidence to withstand summary judgment on the core issues, Asis maintained that it shouldn't be hit with a fee award because the emails at issue "were 'clear violations' of the CAN-SPAM Act." (??)
As reported by Ken Magill in 2009, Gordon (the plaintiff in Virtumundo) lost more than his spam case - he lost his house ("Anti-Spammer Loses More than His Lawsuit"). I expect Azoogle will be fairly aggressive in its collections efforts here. Only time will tell as to whether Asis will suffer the same fate as Gordon. Regardless, this is definitely a wake-up ruling for CAN-SPAM plaintiffs everywhere.
Posted by Venkat at 10:52 AM | Spam
May 19, 2010
Web-based Email Bombardment Campaign Does Not Amount to a Violation of the Computer Fraud and Abuse Act -- Pulte Homes, Inc. v. LiUNA
[Post by Venkat]
Pulte Homes, Inc. v. Laborers' International Union of North America, et al. (E.D. Mich.) (May 12, 2010)
Background: Pulte Homes, "the largest new home builder in the United States" terminated eight employees. Defendant Laborers' International Union of North America (LiUNA) is a labor organization that represents workers in the construction industry. LiUNA claimed that seven of the eight employees were fired for expressing support for LiUNA. Plaintiff alleged that in response to the terminations LiUNA began a "targeted effort to sabotage and interrupt" plaintiff's business operations. Plaintiff argued that LiUNA's email campaign was a violation of the Computer Fraud and Abuse Act (sections 1030(a)(5)(A), 1030(a)(B), and 1030(a)(C)):
Defendants have encouraged LiUNA supporters to inundate Plaintiff with mass quantities of phone calls and e-mails . . . . LiUNA's website featured a 'call to action,' which provided a pre-typed e-mail voicing opposition to Plaintiff's alleged termination of employees for supporting the union. This e-mail was pre-addressed to Plaintiff and allowed users to send it to Plaintiff with the click of a few buttons.
The Court's Ruling:
Unlawful transmissions: The unlawful transmission prong of the CFAA requires the transmission of information as a result of which the defendant "intentionally causes" damage to a protected computer. The court dismissed this claim because plaintiff failed to allege that LiUNA's email campaign caused any appreciable damage to plaintiff's computer system.
Unauthorized access: The unauthorized transmission prong of the statute requires intentional access "without authorization," along with resulting loss. The court concludes that LiUNA did not "access [plaintiff's] computer under the CFAA merely by leaving a voice-mail or sending an e-mail." The court rejects plaintiff's attempt to rely on an older AOL spam case (AOL v. National Health Care Discount, Inc.) where the Northern District of Iowa held that the transmission of bulk email through AOL's servers could constitute a violation of the CFAA. (The court there expressed serious reservations as to whether the Computer Fraud and Abuse Act even covered unsolicited bulk emails: "it is not clear that a violation of AOL's membership agreements results in 'unauthorized access.'") The AOL case was decided pre-CAN-SPAM, and as the court recognized, stretched the bounds of the Computer Fraud and Abuse Act. It's tough to conclude that sending an email to an email address that's designed to receive emails from the general public constitutes "unauthorized access" under the Computer Fraud and Abuse Act. AOL argued that mass emails were "unauthorized," because they were a violation of AOL's terms of service, but this argument suffers from the same problems that any terms of service-based Computer Fraud and Abuse Act claim suffers from.
[Anyone engaging in this sort of a mass email campaign may want to stagger the emails or otherwise take steps to minimize potential damage or slowdowns to the recipient's servers. Where there's no damage or slowdown, courts are reluctant to find liability.]
__
This case is reminiscent of Intel v. Hamidi, another case involving a departing employee who was sued for sending mass emails. In Hamidi, the California Supreme Court held that the departing employee could not be held liable under a trespass to chattels theory because the emails he sent did not damage Intel's servers. As in this case, in Hamidi, the plaintiff seemed more concerned about the content or peripheral effects of the emails, rather than any effect the emails had on plaintiff's servers.
Related:
The case also brings to mind the contempt order slapped on "television-pitchman" Kevin Trudeau. Trudeau was a defendant in a case brought by the FTC who exhorted "his radio and web followers to deluge U.S. District Judge Robert Gettleman with e-mail" in an attempt to persuade the judge to side with Trudeau in the FTC proceeding. Judge Gettleman found that this interfered with his administration of justice, and sentenced Trudeau to 30 days. That decision is on appeal to the Seventh Circuit. (See coverage from Wired's Threat Level blog here.)
Another union activity case which Prof. Goldman blogged about recently (in that case, involving trademarks) is Cintas v. Unite Here ("Union Organizers' Activist/Gripe Sites Don't Support Trademark Claims").
UPDATE FROM ERIC: This case also vaguely reminds me of the Utube v. YouTube lawsuit, where Utube claimed that YouTube was trespassing its domain name because people were lousy spellers.
Posted by Venkat at 11:28 PM | Privacy/Security , Spam
May 11, 2010
Internet Access Provider & Blocklist Publishers Denied 230(c)(2) Immunity for Anti-Spam Efforts
By Eric Goldman
Smith v. Trusted Universal Standards in Electronic Transactions, Inc., 2010 WL 1799456 (D.N.J. May 4, 2010)
It's usually a drag to read opinions in pro se lawsuits. Most of the time, the litigant gets flattened mercilessly. Occasionally, however, the judge bends over backwards to give the litigant the benefit of the doubt. Either way, the opinions are messy and untrustworthy.
This case fits that description. The judge says he can't figure out the facts from the complaint. but here's his best guess. It appears that Smith is a Comcast Internet subscriber. Comcast blocked his outgoing mail twice because he was allegedly sending spam. When pressed why it thought Smith's emails were spam, Comcast pointed the finger at IronPort (owned by Cisco), who in turn pointed the finger at Spamhaus. Smith then filed a "Consumer Watchdog" complaint against Comcast with TRUSTe (misnamed as the lead defendant).
Independently, Microsoft put Smith's email server on its Frontbridge blocklist. Smith separately filed a TRUSTe complaint against Microsoft for that. Smith ultimately decided to sue TRUSTe, Comcast, Cisco and Microsoft for 8 different legal violations in one big litigation fiesta.
Smith's claims go nowhere. The court dismisses all of them with leave to amend the complaint, so the story turns out largely happily for the defendants. Unfortunately, the plaintiff does get one more chance, and he even attached a massive 404 page (!) draft amended complaint. (Note: this is 404 pages, not a 404 error, although it certainly is an error). The court reminds the plaintiff that the rules require a short and plain statement of the claims.
Along the way, the court reaches a decidedly defendant-unfriendly conclusion by rejecting Comcast's, Cisco's and Microsoft's 230(c)(2) defense, the statutory immunity for online filtering decisions--and the often overlooked cousin of 230(c)(1) which I have blogged about many times. Worse, the court reaches its conclusion in the face of several clearly applicable precedent cases. In my opinion, this is an example of how Smith's pro se status causes the court to be overly cautious…to the point of reaching the wrong result.
The court starts off right by concluding that spam could qualify as "otherwise objectionable" content under 230(c)(2) (cite to e360insight v. Comcast). Doing a light ejusdem generis analysis, the court says "nothing about the context before or after that phrase limits it to just patently offensive items."
However, Comcast is denied 230(c)(2) on a motion to dismiss because Smith alleged that Comcast acted in bad faith. In support of this, Smith alleged that Comcast told him that they didn't mind his emails, but he just needed to upgrade to a more expensive subscription. The court says if this is true, "Comcast was not concerned that people were receiving large quantities of emails, or concerned about the content of the emails, but rather was concerned that Plaintiff had not purchased a sufficient level of service. This is not a good faith belief that the emails were objectionable, but rather a belief that they violated a service agreement."
This is a garbled statement at best. What I think the court was trying to say is that Comcast had a pink contract that allowed spam if the user paid enough money, and Smith hadn't gotten a pink contract. If so, then I can see the court's point that Comcast is being duplicitous arguing that spam is objectionable content because Comcast's assessments could be bought.
I was uncomfortable with the court's almost off-hand reference that "One would expect that if an interactive computer service had acted in good faith, it could and would come forward with the legitimate basis for its actions when questioned (though the Court is not suggesting they must do so)." First, as the court notes, this is a motion to dismiss, so Comcast can't proffer new evidence. Second, this is a burden-shift. As regular readers know, I believe 230 is an immunity against suit, not an affirmative defense, so the plaintiff has the burden to show why the service provider did not possess the requisite subjective good faith when making its filtering decision. It's not Comcast's responsibility to prove its own subjective good faith beliefs. (How does one prove those in any case?)
Cisco and Microsoft both published blocklist-type information. They try to fit into 230(c)(2)’s statutory definition of "access software providers," which requires them to show that they "provide or enable computer access by multiple users to a computer server." This issue was litigated in the Zango v. Kaspersky case, where Kaspersky distributed anti-spyware software that phoned home for new definitions. The Ninth Circuit said that the phone home feature satisfied the statutory requirement. In contrast, the court appears to say that pure blocklist publishers (i.e. those who do not distribute accompanying software with a phone home capacity) do not; this reading effectively kicks blocklist publishers out of the statute.
As the court acknowledges, this conclusion seemingly conflicts with the 2004 OptInRealBig decision, where the court held that IronPort as a blocklist publisher qualified for the statute because it was a user of an interactive computer service. The court doesn't explain why IronPort doesn't still qualify as an ICS user except to say that IronPort didn't make the requisite showing. The court also does not note that the OptInRealBig case was a 230(c)(1) decision (not a 230(c)(2)) because IronPort republished third party reports, and that should have applied here as well. The court also does not address the extensive 230(c)(1) precedent effectively treating online content publishers (which would include blocklist publishers) as "users" of ICSs, ranging from Barrett v. Rosenthal to the implicit conclusion in Novins v. Cannon.
More specific to 230(c)(2), the court doesn't explore either Pallorium v. Jared or MAPS v. Black Ice (an old 2000 case), both of which arguably contradict this particular conclusion in the 230(c)(2) context. Thus, because the court did not engage the applicable precedent, was overly solicitous to a pro se litigant, and knew that its discussion was dicta because it was ruling for the defendants anyways, the court chunks the analysis.
For more on 230(c)(2), see my 230(c)(2) talk notes from last summer.
One other noteworthy aspect of the ruling. Smith alleges that Comcast breached its privacy policy, but the court dismisses the contract claim because he doesn't show any loss from the alleged breach. This is yet another case holding that merely breaching a privacy policy isn't an actionable contract breach without more. See, e.g., the cited JetBlue case.
UPDATE: John Levine provides some perspectives about what might have happened.
Posted by Eric at 10:37 AM | Content Regulation , Derivative Liability , Privacy/Security , Spam | TrackBack
May 05, 2010
Asis Internet Awarded $2.5mm on CAN-SPAM Claims -- Asis Internet v. Rausch
[Post by Venkat]
Asis Internet Servs. v. Rausch, Case No. 08-03186 EDL (N.D. Cal.) (May 03, 2010)
Asis Internet was recently awarded summary judgment on its CAN-SPAM claims which it brought against a business known as "Find a Quote." Although not technically a default judgment, the defendant against whom summary judgment was entered did not respond to Requests for Admission (or otherwise participate). This may blunt the value of the ruling. Regardless, Asis certainly hit the jackpot, at least on paper.
Facts: Some facts about Asis and the case:
- it has "just under 1,000 internet access and email customers"
- four employees
- it receives 200,000 spam emails a day
- it costs Asis approximately $3,000 per month to "process" spam emails
- it maintains agreements with Postini, Falcon Knight and other vendors
- it brought claims based on 24,724 emails
- the emails were received "first on its filtering services . . . then transferred, processed and stored . . . "
Asis issues RFAs to defendant Heckerson, who failed to respond. Asis sent a follow up letter which also prompted no response. The court deems the facts that are the subject of the RFAs admitted and grants summary judgment.
The Court's Ruling:
Standing: The court concludes that Asis has standing. Unlike Gordon from Virtumundo, Asis actually has assets and provides a service, even if it's to a small group of people. (Gordon's "service appeared to be limited to using a control panel via an ordinary Internet connection through an ISP to set up email accounts . . . he had a nominal role in providing internet services.")
Adversely Affected: On the question of whether Asis was adversely affected, the court acknowledged that while Virtumundo did not decide whether there needed to be a "direct causal link" between the emails and harms, the court stated that there must be some sort of showing of relationship between the email and the harm (or that the emails contribute in the larger sense to ISP-type harms). Asis satisfied this element by showing that it paid $3,000 per month to "process" spam, it experienced network slow downs, its employees spent time assisting customers with the spam issue (22 hours), and Asis lost customers and revenue.
The CAN-SPAM Claims: Asis had included questions in its RFAs which pretty much went to the core question of whether defendants violated CAN-SPAM. The court relied on these facts. By failing to respond to the RFAs, Heckerson admitted that he "knew his affiliates were sending or hiring others to send commercial electronic mail advertisements with misleading information." He also admitted that he engaged in "a pattern and practice of using spammers to acquire sales leads." (Asis has litigated the affiliate liability issue before, and lost, against Epic Advertising (formerly Azoogle). See this article from MediaPost discussing the summary judgment ruling against Asis, where the court also found that Asis lacked standing.)
Damages: The damages were the most interesting part of the ruling. Asis sought $3,090,500.00 in damages (!) The court looked to the ruling in Facebook's case against Sanford Wallace where Facebook was awarded $711,237,650.00 for 14 million emails (or violations). The court also looked to the recent Tagged case where the court awarded Tagged $25 per violation for a total of $151,975. (The Tagged lawsuit drew this humorous response: "The Supreme Court of Irony Investigating Tagged.com Lawsuit.") The court found the Tagged scenario more analogous and awarded Asis $25 per violation of section 7704(a)(1) and $10 per violation of section 7704(a)(2), for statutory damages of $865,340.00. [The court briefly notes that it's not considering the issue of whether the statutory damage award would violate due process.]
The court also found that Asis put forth persuasive evidence that it is entitled to treble damages. First, it put forth evidence that defendant had to have engaged in harvesting emails because defendant obtained the names of email account holders, and the names or customer information attached to the emails did not exist anywhere else. This satisfies one of the aggravating factors under section 7704(b)(1)(A), entitling Asis to treble damages under 7706(g)(C). Asis also puts forth evidence that defendant used automated scripts to create email accounts from which it sent spam messages. This is an aggravating factor under section 7704(b)(2).
When all is said and done the court awards Asis a whopping $2,596,020.00.
___
This is more or less a default judgment so it's tough to know what to make of it. There are probably collectability issues lurking in the background that could turn this into a pyrrhic victory.
The fact that Asis "received the emails first on its filtering service operated by Postini, then transferred, processed and stored the emails on its server . . . " is interesting. So Postini does a fine job filtering out the spam received by Asis (maybe spam is not the grave $2.5 million problem Asis claims?). And Asis actually moves the messages from the spam filter to its own folder where the messages are "processed"? This brought to mind Judge Gould's concurrence in Virtumundo, which talked about how the common law "did not develop remedies for people who gratuitously create . . . circumstances that would support a legal claim and act . . . with the chief aim of collecting a damage award."
Either way, Asis deserves credit for soldiering on.
Posted by Venkat at 03:40 PM | Spam
May 02, 2010
Email Header Information Claim Preempted by CAN-SPAM, But Subject Line Claim Not Preempted -- Asis Internet Servs. v. Member Source Media, LLC
[Post by Venkat]
Asis Internet Services v. Member Source Media, LLC, No. C-08-1321 EMC (N.D. Cal.) (April 20, 2010)
Yet another CAN-SPAM preemption ruling, this one is also from the Northern District of California and it also involves veteran spam plaintiff Asis Internet! Of the recent decisions that have grappled with whether CAN-SPAM preempts the California spam statute I think this one gets it most right.
Background: Asis brought claims under CAN-SPAM and section 17529.5 (one provision of California's spam statute) alleging that it received email sent by Member Source Media which had misleading header information and subject lines. The court dismissed the CAN-SPAM claims based on standing and now looks at whether the state law claims are preempted by CAN-SPAM.
The Court's Ruling: The court acknowledges that Virtumundo did not address the precise issue before the court "i.e., whether a plaintiff must plead reliance and damages in order for its state law claim to be saved from preemption." To resolve this question, the court looks to Judge Conti's ruling in the Subscriberbase (which also involved Asis Internet) where Judge Conti found that a plaintiff was not required to plead the fraud elements of reliance and damages in order to escape CAN-SPAM preemption. (Here's my previous post covering the Subscriber base ruling.) The court in this case is persuaded by Judge Conti's reasoning, and similarly concludes that "Asis need not plead reliance and damages in order for its claim to be excepted from preemption." However, the court notes Congress's concerns about "frivolous lawsuits and the scope of plaintiffs allowed to bring suit against email advertisers." The court also gives a nod to Judge Gould's concurring opinion in Virtumundo which expresses concern that allowing anyone to sue could result in the creation of "litigation factories," which Congress obviously did not intend. With this background in mind, the court turns to the specific header and subject line-based claims brought by Asis.
Header Claims: Asis argued that Member Source violated the header information prong of the California statute by sending emails from domain names such as "greenthe.com," "consumerbargrewards.com," and innocenttruthrevealed.com" Asis argued that it had to undertake a WHOIS search to find out where the emails came from, and many of the domains were registered through privacy protection services so these searches came up empty. Finally, Asis argued that certain internet protocol addresses used by the emailers were obtained through false representations because "the purported sub-lessee of the IP addresses, Frank Peters, provided a mailing address and Asis' investigation indicated that no Frank Peters resided at the address."
The court finds that these claims were similar to the claims brought by Gordon -- i.e., they were premised on "technical and immaterial . . . header deficiencies". To the extent Asis argues that domain names must somehow clearly identify Member Source, these claims are preempted under CAN-SPAM. The court contrasted Asis's claims with the claims brought against Reunion.com, which another Northern District judge found were not preempted. In the Reunion.com case, the plaintiff argued that the emails purported to come from a friend or acquaintance but they actually came from Reunion. In contrast, in this case, there was nothing inherently misleading about the header information so the court rejects these claims.
Two quick notes here. First, Professor Goldman previously blogged about US v. Kilbride, a criminal case where the court cited to the use of privacy protection services as supporting the government's case that the defendants violated the header information prong of CAN-SPAM. It's nice to see the court reject (or give nothing more than a passing reference to) Asis's argument that the email headers were somehow misleading under California law because proxy registration was used. Second, I'm not sure what's up with plaintiffs repeatedly making arguments that "fanciful" or "random" domain names can't be used to send emails. There's nothing in CAN-SPAM (or any other spam statute) that says you can't register a bunch of domain names that don't incorporate the name of your company to send out emails. Companies do this (legitimately) all the time. To me, this whole line of argument shows how much plaintiff's are trying to stretch spam laws when bringing claims. Kleffman v. Vonage is another case (certified from the 9th Circuit to the California Supreme Court) where plaintiffs make this argument, and Value Click filed a nice amicus brief [scribd link] that persuasively lays out why this argument is untenable.
Subject Line Claims: The subject line claims were based on subject lines such as "Wal-Mart 500 Dollar Gift Card Inside," and "Second Attempt: $500 Target Gift Card Inside." The court found these claims fall under the garden variety deception category (in contrast to the header information claims) and were not preempted.
End Result: The court finds the header information claim preempted and dismisses this claim with prejudice. The subject line claim is not preempted, and the court declines to exercise supplemental jurisdiction over this claim (Asis can pursue it in state court if it chooses to refile).
The court notes that this case has been going on for over two years. I wonder if Member Source will seek fees, which are available under CAN-SPAM. Fees were awarded against Gordon, the Virtumundo plaintiff. Asis in one of its own filings expressed concerns about its financial situation. It has lost a bunch of rulings over the years, but surprisingly, I haven't seen much about people trying to seek fees against it.
Related Posts: Reunion.com Revisited Again: Claims Under CA Spam Law Not Preempted by CAN-SPAM -- Hoang v. Reunion.com (March 31, 2010)
N.D. Cal Rejects Preemption and Standing Defenses Against Claims Under CA Spam Statute -- Asis Internet Servs. v. Subscriberbase Inc. (April 1, 2010)
Posted by Venkat at 08:12 AM | Spam
April 23, 2010
Beverly Stayart Strikes Again! This Time, Stayart Sues Google
By Eric Goldman
Stayart v. Google, Inc., 2:10-cv-00336-LA (E.D. Wis. complaint filed April 20, 2010)
I've previously blogged about Beverly Stayart (a/k/a Bev Stayart) and her mockable lawsuit against Yahoo. She has repeatedly declared that she is the only Beverly Stayart / Bev Stayart in the world and that her name--due to the cachet she has built up from being a quality human being--is being used to peddle sex-related pharmaceuticals. She lost her first foray against Yahoo on 47 USC 230 grounds but nevertheless is trying again.
Now, she has launched another effort to defend her name—this time she is suing Google for similar concerns. (Like we couldn't see that coming!). She objects to the fact that Google Suggest prompts searchers on "bev stayart" to search for "bev stayart levitra." (para. 13). Anticipating a 47 USC 230 defense, she argues (para. 15) that Google Suggest represents first party editorial content that drops out of 230 coverage. The complaint also seems to raise the question of whether selling a personal name as a keyword trigger constitutes a publicity rights violation; but the complaint does not appear to evidence any understanding of broad matching, i.e., that a search for "bev stayart levitra" will deliver Levitra-related broad-matched ads for reasons having nothing to do with Bev Stayart. (See this recurring defect in paras. 90-109).
(Note: this prompted me to check out a search for "eric goldman levitra." My first result, from www.hosmersoda.com, looks pretty sploggy to me, but there's no way I'm going to click on these links!!!)
Some unsolicited advice for Bev Stayart: stop suing search engines, and stop running vanity searches on the search engines. Life is too short to fret about sploggers!
Two final notes: Bev's attorney is, once again, Gregory A. Stayart, her employer and presumably a family relation. Also, searches for "Bev Stayart" and "Beverly Stayart" are worth a look—I can’t recall other search results quite like that.
Posted by Eric at 09:29 AM | Derivative Liability , Publicity/Privacy Rights , Search Engines , Spam | TrackBack
April 20, 2010
Spammer Convicted on Wire Fraud Charges -- United States v. Diamreyan
[Post by Venkat]
United States v. Diamreyan, 09-cr-0260 (JCH) (D. Conn.) (April 16, 2010)
Earlier this year Okpako Mike Diamreyan was found guilty of wire fraud. The district court recently denied his motion for judgment of acquittal.
Diamreyan "was charged with devising a scheme to defraud known as an 'advance fee.'" As the court describes it, this is a "scam . . . where a person asks an individual to pay an advance fee in order to obtain a larger sum of money, which the individual [victim] never receives."
The government presented evidence that defendant used a Yahoo email account (miklymyx@yahoo.com) for over ten years, and presented evidence of emails sent to victims, telephone calls made, and wire transfers which were initiated by the victims.
The stories about Diamreyan's purported identity, the amount of money available, the reason it was tied up, the money needed to free it, and the name of the contact person changed from email to email, but the overall scam was the same. Frequently, Diamreyan would include his phone number (one of those listed on his visa application) in the email and ask people to contact someone by a different name at that number. For example, in one email, Diamreyan told the email recipient that he was in Sierra Leone, and his family's $23.4 million was on consignment at the airport. He then asked the recipient to contact the airport director, Rev. Dr. Richard Camaro, to release the money from this consignment.
Defendant's arguments in favor of a judgment of acquittal did not end up carrying the day.
Two things about the case struck me. First, people who respond to these emails (from miklymyx@yahoo.com, no less) and transfer money to complete strangers in the hopes of receiving more money do in fact exist. Second, the amounts transferred were nominal. In this case, the amounts were between $50 and $250. (I'm curious as to what the government will end up arguing as a loss amount for sentencing purposes. I'm sure it will present some sort of projection of how much money defendant must have gained.) [Update: one of the filings contained a spreadsheet [link] which listed amounts transferred to defendant and to third parties. The amounts were more than "nominal".]
Here's the press release from the US Attorney's Office: "Federal Jury Finds Nigerian Citizen Guilty of Charges Related to Internet 'Advance Fee' Fraud Scheme." According to the press release he faces up to 20 years and a fine of up to $250,000. [I don't have a good frame of reference, but this seems absurdly high.] Also, not to make light of the plight of the victims, but you would think the government has bigger fish to fry?
Related: Two interesting radio programs on those who take matters in their own hands when dealing with internet scammers: (1) Xeni Jardin on NPR's Day to Day: "Scam-Baiters' Turn Tables on Would-Be Cons"; and (2) This American Life -- Act two of Episode 363 ("Enforcers"): "Hanging in Chad." Both programs reference "419 Eater", a website that documents "scambaiting" (scamming the scammers).
Posted by Venkat at 10:34 AM | Spam
April 16, 2010
Reunion.com Revisited Again: Claims Under CA Spam Law Not Preempted by CAN-SPAM -- Hoang v. Reunion.com
[Post by Venkat]
Hoang v. Reunion.com, No. C-08-3518 MMC (March 31, 2010)
Reunion.com is a long-running case that's been blogged extensively by Ethan and others. A group of plaintiffs who received emails through Reunion's alleged "invite your friends whether you like it or not" program sued under California spam laws. They alleged three claims: (1) a subject line claim that the emails misleadingly said "[Your friend] is looking for you"; (2) a from line claim that the from lines of the emails contained an email address (e.g., edmorphic@yahoo.com) through a domain that the sender did not have permission to use; and (3) a from line claim that the emails misrepresented that they were from specific individuals (i.e., friends), rather than from Reunion.
The Court Dismisses the Amended Complaint: The court (in December 2008) dismissed the amended complaint on the basis that CAN-SPAM preempts all but "torts" involving misrepresentations. Plaintiffs failed to allege that they relied on any of the misleading statements in the emails to their detriment so they failed to state a claim under state law. The court cites to CAN-SPAM's legislative history, noting that CAN-SPAM's preemption clause was designed to ensure a "national standard," and thus only laws that touch "fraud or deception" would be left surviving under the preemption clause. As an alternative argument, the court found that plaintiffs lacked standing to sue in federal court.
[The complaint asserted state law causes only but is in federal court under the Class Action Fairness Act of 2005.]
The Court Reconsiders Its December 2008 Order: The latest order (issued on March 31, 2010) focuses on Gordon v. Virtumundo, a 9th Circuit case many thought would sharply curtail spam litigation. (Prof. Goldman's post: "An End to Spam Litigation Factories?--Gordon v. Virtumundo".) The court "reads [Virtumundo] as implicitly finding [that the Washington email] statute was intended to confer standing based solely" on receipt of emails. [The discussion about Virtumundo and standing is somewhat confusing to me.] Ultimately, the court concludes that in light of Virtumundo, in order to have standing under state law, a spam plaintiff need not allege reliance and actual damage.
The court tackles preemption next. The court relies on the presumption against preemption (citing Virtumundo) and relies on CAN-SPAM's legislative history to find that the plaintiffs' claims against Reunion are not preempted. The court's order almost reads like an opposition brief to its earlier order. The court concludes that "plaintiffs' failure to allege they relied to their detriment on the alleged false statements in defendant's emails does not constitute a ground for dismissal of their claims."
Finally, the court addresses defendant's materiality argument. The court compares the misstatements in Virtumundo to the misstatements here. In Virtumundo, the plaintiff complained that he received emails from addresses such as "Criminal Justice@vm-mail.com," while in this case, plaintiffs allege they received emails which appeared to be sent from people they knew. Given these differences, at least at the pleading stage, the court could not conclude that the misstatements were not material.
__
What to Make of the Latest Reunion.com Order?
1. Ethan's posts are good reading for background: "CAN-Spam-a-Friend?--Hoang v. Reunion.com" and "Reunion.com Revisited". Judge Chesney's most recent order vindicates his view.
2. It's tough to figure out the current state of CAN-SPAM preemption. One way of looking at it is that Mummagraphics and Virtumundo involved claims based on state email statutes for emails that were not misleading. Reunion.com emails, on the other hand, are arguably misleading. (Are reasonable people really misled by "your friend is looking for you" emails?) The big question is: where is the line? Of course, email marketers would benefit from having a bright line which they can adhere to without fear of getting sued in any one of the fifty states.
3. There's a discrepancy between how California plaintiffs are faring versus how plaintiffs in other states such as Washington are faring. John Levine notes at Circle ID that another Washington spam case - this one brought by Bennett Haselton and Peacefire - was recently dismissed: "Another Spam Case Lost in Washington, or Gordon Strikes Again." The plaintiff in Virtumundo (James Gordon) has also had a slew of Washington spam cases recently dismissed. Although the most recent court order in the Peacefire case focused on the CAN-SPAM claims and not on state law claims (the court in footnote 1 notes that "it [appeared] plaintiffs . . . abandoned" their state law claim), the fact that similar lawsuits are moving ahead in California but failing in Washington is problematic. [Correction: it looks like Peacefire is pursuing a claim under the Washington spam statute as well as a claim under Washington's consumer protection statute. The court indicates that he abandoned the CPA claim but not the claim under the Washington spam statute.] This is one of the things preemption is designed to avoid.
4. There are two ways at looking at possible "from line" claims: (1) they could cover spoofing (where an email is sent to look like it's coming from an email address when it's not) or (2) they could more broadly cover "unauthorized" use of a domain name to transmit an email. There's a third view that's pressed by plaintiffs such as Gordon, which is that the address in the from line has to refer to an actual person, but this argument has never gotten much mileage. With respect to the second view, accepting the proposition that you can state a claim where an email is transmitted through a Yahoo email address in violation of Yahoo's terms of use (which would make it technically "unauthorized") has never sat well with me. It would be great if courts construe the from line prong of state email statutes to only cover spoofing.
5. On the bright side, we should hopefully get some clarity soon. Kleffman v. Vonage, another California spam case which raises similar issues (which the 9th Circuit certified to the California Supreme Court), is scheduled for argument in front of the California Supreme Court on May 6. Also, Reunion.com moved for a stay and permission to file an interlocutory appeal. It's a long shot, but who knows, maybe this case will end up sooner rather than later in front of the 9th Circuit? I was unpersuaded that the standards for reconsideration were satisfied here. The court pretty much did a 360 on its earlier ruling, and the court should recognize this when it considers defendant's request for leave to file an interlocutory appeal.
6. Finally, it's worth noting that counsel for the plaintiffs here are on the defense side in Asis Internet v. Subscriberbase, a case which raises similar preemption issues which I blogged about last week ("N.D. Cal Rejects Preemption and Standing Defenses Against Claims Under CA Spam Statute"). The defendant in Reunion devoted some energy to raising this issue to the court and trying to argue a conflict, but Judge Chesney wasn't swayed by this. (see page 3, footnote 3)
Related: See additional coverage from Wendy Davis here: "Judge Brings Reunion.com And Spam Suit Together Again".
Also, Tagged.com, a company that allegedly scrapes the contact lists of people who join to invite other potential members to join, recently settled up with the San Francisco DA's office by paying $650,000. This comes on the heels of other similar settlements between Tagged.com and regulators.
Posted by Venkat at 09:30 AM | Spam
April 06, 2010
Fourth Circuit: Email, ECF, and Domain Name Woes do not Excuse Failure to Respond to Summary Judgment Motion -- Robinson v. Wix Filtration
[Post by Venkat]
Robinson v. Wix Filtration Corp. LLC, 4th Cir. (Mar. 26, 2010) [scribd]
The Fourth Circuit recently held that the district court properly granted summary judgment in favor of a defendant, and rejected plaintiff's argument that counsel's failure to respond to a defense motion for summary judgment was excusable due to email, malware, and domain name issues.
As described by the court, plaintiff's counsel "was afflicted by a malware virus and . . . his counsel's firm's domain name had temporarily expired when the motion for summary judgment was filed." Counsel re-registered the domain name but the "e-mail accounts associated with the domain name were 'blacklisted' causing further e-mail problems."
The court found that plaintiff's failure to receive notice of the motion "resulted from counsel's conscious choice not to take any action with respect to his computer troubles." In the words of the court: "counsel made the affirmative decision to remain in the dark." Finding that a client must bear the consequences of his or her attorney's conduct, the court found that it was not an abuse of discretion for the trial court to refuse to set aside the judgment. The court found that plaintiff was not entitled to relief under either Rule 59(e) or 60(b).
One judge concurred, finding that the dismissal was a result of "counsel's unwise and misplaced strategic choice to litigate, ostrich-like, with his head in the sand." The concurring judge noted critically (in a footnote) that periodically checking the CM/ECF docketing system "simply was not a part of [counsel's] practice."
Judge King filed a spirited dissent, among other things, arguing that the Fourth Circuit's decision creates a "duty to monitor," and that the party should not in this case made to bear the consequences of counsel's actions. Interestingly, Judge King also argues that the exception to the rule (taken for granted as a matter of practice in many ECF jurisdictions) that ECF filing constitutes service should come into play. The dissenting opinion argues that once defense counsel became aware that plaintiff's counsel had email issues, defense counsel should have sent a paper copy of the motion in order to complete service. (The rules provide that ECF filing "is not effective if the serving party learns that [the Notice of Electronic Filing ] . . . did not reach the intended recipient," but by the time the defendant had notice of the other side's email problems, it was pretty much too late. And plaintiff's counsel should have probably checked the docket anyway, to see if a dispositive motion was filed when the deadline came and went.) Judge King also notes that imposing a "duty to monitor" will result in additional costs (in the form of PACER fees) which will fall on the shoulders of clients.
___
It's tough to not be sympathetic to plaintiff and to counsel for plaintiff. Everyone will have an email gaffe at some point in their career. (I'm not sure the failure to check the docket is as excusable.) That said, courts are not very tolerant of arguments that counsel did not respond to a motion or a deadline due to a failure to receive electronic notice. The "spam filter ate my CM/ECF notice" is often offered as an argument in these situations, but this argument typically does not get a lot of mileage. (See Shuey v. Schwab discussed in this post (court remands for consideration of the merits) and the other cases mentioned there.)
(h/t ABA Journal: "Lawyer’s Computer Virus Doesn’t Excuse Missed Dismissal Motion, 4th Circuit Says")
Posted by Venkat at 12:20 PM | Adware/Spyware , Spam
April 05, 2010
N.D. Cal Rejects Preemption and Standing Defenses Against Claims Under CA Spam Statute -- Asis Internet Servs. v. Subscriberbase Inc.
[Post by Venkat]
Asis Internet Services v. Subscriberbase Inc., (N.D. Cal.) Case No. 09-3505 SC; April 1, 2010 [scribd]
Judge Conti (in the Northern District of California) issued a potentially significant decision last week that keeps the door open for plaintiffs alleging claims under California's spam statute. This is good news for anti-spam plaintiffs, and comes on the heels of last month's state court trial win for another spam plaintiff which resulted in an award of $7000. (Balsam v. Trancos)
Background: The Ninth Circuit in Gordon v. Virtumundo held that veteran spam plaintiff James Gordon could not sue under CAN-SPAM because he was not a bona-fide ISP (or provider of an "internet access service") and because he did not suffer any "adverse effects" from the spam he received. He was harmed as any email recipient would be and thus was not among the class of plaintiffs entitled to sue under CAN-SPAM. The court also held that CAN-SPAM preempted Gordon's claims under Washington's spam statute. Here is Prof. Goldman's post discussing that ruling. The post asked whether Virtumundo would spell an end to "spam litigation factories". Following Virtumundo, courts knocked out Gordon's many pending cases. Plaintiffs who appear similarly situated to Gordon have persevered in California, trying to assert claims under California's spam statute.
One issue that was left unresolved was whether CAN-SPAM preempted California's anti-spam statute (and how much of it was preempted). A few courts have dealt with this issue. One court held that a plaintiff must satisfy the "actual fraud" standard in order to assert a claim under a state spam statute. (Hoang v. Reunion.com, discussed by Ethan here and here.) Other courts (Asis Internet v. Vistaprint and Asis Internet v. Consumerbargaingiveaways, discussed by Ethan here) have taken a less restrictive view, rejecting Reunion.com's premise that only claims satisfying the traditional "actual fraud" standard survive CAN-SPAM's broad preemption clause.
This case takes a fresh look at the issue and rejects the Reunion.com view. Regardless of the outcome of this dispute, portions of California's spam statute, such as the provisions imposing a blanket ban and those requiring labeling are preempted. The issue is whether there's room to allege that emails are misleading based on information in the subject lines, from lines, or headers, and make a claim under California's spam statute.
The Court's Ruling:
1. Were the Subject Lines Were Likely to Deceive Recipients: Defendants argued that the subject lines were not likely to deceive recipients. Section 17529.5(a)(3) prohibits subject lines that are likely to mislead "about a material fact regarding the contents or subject matters of the message." The court predictably refuses to conclude as a matter of law that the email subject lines are not deceptive. I don't know if anyone reasonably believes that email subject lines which offer free products (for example: "Review & Keep Designer Handbags worth $1500 Dollars-guys invited too") actually offer free products. But given the statutory language, it would have been tough for the court to conclude as a matter of law that the subject lines were not "likely to mislead." Once you use the word "free," if something is not actually free, you will have an uphill battle getting a court to conclude that the marketing copy is not misleading as a matter of law.
[Tip to marketers: avoid using "free" unless something truly is free, particularly when this claim is made in an email or online!]
2. Did Defendants Have Knowledge That the Subject Lines Were Likely to Deceive: Defendants also argued that the complaint did not sufficiently allege that defendants knew the subject lines were likely to deceive, in light of the fact that defendants did not transmit the messages. Plaintiffs earlier lost a case on this precise issue, where a district court held that the defendants could not be held liable for spam received by plaintiffs because the defendants in that case neither sent nor "knowingly procured" the messages. (Here's Professor Goldman's post discussing that ruling, along with other affiliate liability issues. As mentioned below, this ruling was affirmed by the Ninth Circuit.) In light of the fact that plaintiffs previously lost on this issue, it's irritating for plaintiffs to get another chance here. Defendants will likely have to fight this one out on summary judgment, rather than at the motion to dismiss stage. It would have been nice for the court to require some specific allegations regarding defendants' supposed knowledge.
3. Do Plaintiffs have Standing Under California Law: Defendants' first standing argument was that Proposition 64, which amended California's false advertising and unfair competition laws to provide that only plaintiffs who "suffered injury in fact and has lost money or property" could bring claims, applied to section 17529.5 and barred the claims asserted by plaintiffs. The court rejected this argument, noting that section 17529.5 included "independent, non-exclusive standing and remedy provisions" which authorize ISPs (defined as "electronic mail service providers") to bring suit. The court acknowledged the effect of Prop 64 was unclear, and reasoned that Prop 64 was designed to curb the practice of members of the general public bringing lawsuits to enforce advertising and unfair competition rules, rather than change the standing requirements of statutes which only applied to a narrower (more specific) class of plaintiffs. According to the court, since California's spam statute only authorized a narrow class of plaintiffs to bring claims to begin with, the statute was left unaffected by Prop 64.
4. Are Plaintiffs' Claims Preempted by CAN-SPAM: Defendants relied on Gordon v. Virtumundo and argued that plaintiffs' claims were preempted by CAN-SPAM. The court acknowledged that other courts in California had reached differing results on the preemption issue. Hoang v, Reunion.com held that CAN-SPAM's preemption clause only leaves room for state law causes of action based on "common law fraud," which requires allegations of reliance and actual harm. On the other hand, two judges in the Northern District of California (Asis Internet v. Vistaprint and Asis Internet v. Consumerbargaingiveaways) came to a different conclusion, finding that section 17529.5 was not preempted, even though this statute does not require a showing of reliance or damages. (Odd sidenote: the Reunion plaintiffs are represented by the same lawyers who are representing defendants in this case.)
Judge Conti found that Virtumundo "did not clearly resolve this split." In his view, the Ninth Circuit in Virtumundo found the plaintiff's claims under Washington's spam statute preempted because those claims reached "non-deceptive statements." The court focused on the fact that in Virtumundo, plaintiffs were complaining about immaterial errors in emails (the fact that an advertiser's name did not "expressly appear in the 'from lines,'" and Virtumundo's use of "fanciful domain names"). Judge Conti viewed Virtumundo (and Mummagraphics) as standing for the proposition that only state law claims that reach immaterial errors and omissions were preempted. The court's discussion on preemption is in depth, and worth reading. Ultimately, the court concludes that requiring the elements of reliance and damages would have one practical consequence:
[i]t would limit the scope of entities that are entitled to bring suit under section 17529.5. It would restrict enforcement suits to the (presumably more rare) case where a plaintiff actually been duped by a misleading subject line. The bulk of deceptive email would go unpunished, until such an email happened to mislead someone with the resources and wherewithal to pursue a private claim.
The court found that Congress could not have intended this result under CAN-SPAM.
5. Whether the Enforcement Mechanism of Section 17529.5 Conflicts With CAN-SPAM: The final issue (which it sounds like defendants didn't press, but which to me was the most interesting) was whether the enforcement mechanism of the California spam statute conflicts with CAN-SPAM. CAN-SPAM only allows for enforcement by two classes of entities: (1) certain government actors and agencies and (2) bona-fide ISPs who have been been "adversely affected". The California spam statute on the other hand allows the Attorney General, ISPs, and recipients of emails to bring suit. As the court notes, allowing a broader class of plaintiffs to sue under state law may "disturb . . . the fine balance struck by Congress . . . ." However, the court concludes that it would not upset the balance intended by Congress because CAN-SPAM's preemption savings clause only speaks to the subject of state law (rather than the class of plaintiffs authorized to sue). The court also noted that there was no evidence of Congressional intent to "occupy the field."
____
My Reaction: The court is right that Virtumundo and Mummagraphics found the state law claims in those cases to be preempted by CAN-SPAM because those claims relied on immaterial errors. However, California plaintiffs typically raise similar claims, and courts have not been the most vigilant about scrutinizing them. Plaintiffs seem to construe California's spam statute pretty broadly. For example, in Trancos, the recent decision following trial, and Kleffman v. Vonage, a case pending in front of the California Supreme Court, some of the arguments raised by plaintiffs were similar to the arguments raised by Gordon in Virtumundo. The preemption structure only works if courts dealing with the state law claims use the same standard for what is false or deceptive.
The practical consequence of the court's ruling is to open a gaping exception to the enforcement structure that Congress may have intended. Congress intended only two classes of actors to enforce CAN-SPAM: (1) the authorities and government agencies and (2) bona-fide ISPs who were adversely effected. CAN-SPAM does not allow for enforcement by mere recipients of email, and doesn't allow for enforcement where the recipient does not suffer any injury, and the court's ruling opens the doors to this enforcement. This is particularly troubling, given that many plaintiffs do not take steps to avoid email and may even invite the harm in question. To the extent they are trolling for spam emails in order to bring lawsuits, they are really no different from a member of the general public.
Another issue to consider is the scope of affiliate liability. It wouldn't make sense for state laws to hold a broader category of actors liable (under a lower standard) than CAN-SPAM, but this could be a practical result of allowing these types of claims to proceed under California's spam statute.
Finally, I'm not sure there's anything wrong with allowing ISPs and those with sufficient resources to sue, when they actually have been harmed. I doubt we've derived much benefit from the proliferation of the anti-spam litigation "cottage industry."
What Does the Ruling Mean For Spam Litigation: The ruling gives spam plaintiffs in California some breathing room. With respect to subject line violations at least, plaintiffs can continue to bring claims under California's spam statute, and unfortunately, can continue to try to sue affiliates as well. They can bring claims in state court (as in Trancos) or in federal court, to the extent they are able to independently satisfy jurisdictional requirements. There is a case pending in front of the California Supreme Court (Kleffman v. Vonage - oral argument is set for May) which should clarify the scope of California's anti-spam statute and whether it's preempted, and Reunion.com is likely to be appealed as well, once it makes its way out of the trial court. But until then, plaintiffs will probably cite to this case for the proposition that subject line claims and other claims based on allegedly misleading aspects of emails that don't necessarily violate CAN-SPAM are not knocked out by CAN-SPAM's preemption clause.
Other Asis Cases: Asis has filed many many different spam lawsuits. 13 alone according to a Justia search. There's been ongoing activity on several of those cases recently:
Asis Internet . Azoogle.com, Case Nos. 08-15979 and 08-17779 (9th Cir.) (Dec. 2, 2009): 9th Cir. affirms dismissal of claims brought against various entities for lack of standing and because Asis failed to prove affiliate liability.
Asis Internet v. Member Source Media, Case No. C-08-1321 EMC (Jan. 28, 2010): CAN-SPAM claims dismissed.
Asis Internet v. Active Response Group, Case No. C07-06211 TEH (Feb. 9, 2010): dismissed for lack of standing under CAN-SPAM; state law claims dismissed without prejudice.
Posted by Venkat at 08:00 AM | Spam
March 27, 2010
Another Court Finds that TCPA Applies to Text Messages -- Lozano v. Twentieth Century Fox Film Corp.
[Post by Venkat]
Lozano v. Twentieth Century Fox Film Corp., Case No. Civ. 09-cv-6344 (N.D. Ill) [scribd]
A court in Illinois rejected a motion to dismiss filed by defendants in a class action brought on behalf of plaintiffs who received SMS spam marketing an animated film called "Robots". The court's ruling is not surprising, given the other cases which have come to a similar conclusion. (Abbas v. Selling Source, LLC; Satterfield v. Simon & Schuster)
Are Text Messages "Calls" Under the TCPA: The court grants the FCC's interpretation some deference and finds that text messages are "calls" for purposes of the Telephone Consumer Protection Act.
Do SMS Spam Plaintiffs Have to Allege They Were Charged for the Text Messages: The court concludes that "the plain language of the TCPA does not require Plaintiff to allege that he was charged for the relevant call at issue in order to state a claim" under the TCPA. The defendants in Selling Source raised a similar argument which the court in that case rejected.
Does Section 227 of the TCPA Violate the First Amendment: First Amendment challenges in the context of laws regulating unsolicited communications rarely get any traction. Predictably, the court in this case rejects the First Amendment challenge raised by defendants.
___
Taken together, several recent cases have concluded that: (1) text messages are "calls" under the TCPA, (2) a message can violate the TCPA if it is sent with equipment that has the capacity to send or store messages using a "random or sequential number generator," and (3) a plaintiff need not allege that he or she was separately charged for the message in order to bring a claim under the TCPA. This does not leave much room for a company trying to market through text messages. Marketers are forced to rely on a recipient's consent/opt-in, and as the Satterfield case illustrates, this is a risky road to go down.
The cases all acknowledge that the TCPA was not enacted with text messages in mind, since text messaging was not around when the TCPA was enacted. The laws have some catching up to do, and it will be near impossible for the law in this context to keep pace with rapidly changing technologies. Either way, this case serves as a good reminder as to the perils of marketing through text messages.
Posted by Venkat at 01:42 PM | Spam
March 25, 2010
Craigslist Wins $1.3M Default Judgment Against Autoposting Facilitator -- craigslist v. Naturemarket
[Post by Venkat]
craigslist, Inc. v. Naturemarket, Inc., Case No. C 08-05065 PJH (MEJ) (N.D. Cal. March 5, 2010) [scribd] (report and recommendation adopted on February 5, 2010)
Craigslist obtained a 1.3 million dollar default judgment against defendants Naturemarket, Inc. and Igor Gasov.
Naturemarket (doing business as powerpostings.com [typical bad choice of name]) sold software which allowed its customers to automatically post listings to craigslist. As advertised by defendants, the software made "the difficult craigslist posting process child's play and [helped users] manage and multi-post . . . ads." Defendants also advertised "posting agent" services where defendants would post ads on behalf of customers. Finally, defendants sold software that scraped email addresses from the craigslist site.
Craigslist sued alleging claims under (1) copyright; (2) DMCA; (3) the Computer Fraud and Abuse Act; (4) trademark; (5) breach of contract/terms of use. Defendants failed to contest the suit. The court granted default judgment against defendants:
Copyright Infringement: Craigslist alleged it registered protectable elements of its site (the "post to classified, account registration and log-in features") and that defendants copied these elements of the craigslist site when developing, testing, and using their auto-posting software. The court accepted these allegations at face value, notwithstanding questions as to what parts of the craigslist site were copyrightable (minus the listings themselves, obviously), how the copying here was different from search engine copying under an implied license, and the fact that it's awkward to conclude that browsing in excess of the terms of use constitutes copyright infringement.
DMCA Violations: The court agreed with craigslist that defendants violated two provisions of the DMCA through making available, among other things, "pre-verified craigslist accounts and CAPTCHA credits." There's precedent that supports the proposition that at least some of these types of acts do not violate the DMCA. (See, for example Egilman v. Keller & Heckman, LLP, 401 F. Supp. 2d 105, 113-14 (D.D.C. 2005) ("using a username/password combination as intended--by entering a valid username and password, albeit without authorization--does not constitute circumvention under the DMCA.").) Real made a similar argument to the one defendants would have made here, but this argument was rejected. Either way, the trouble with the court's conclusion is that it's not clear that a violation should be based on use of an anti-circumvention mechanism in a way that's not authorized. This isn't the type of conduct that the DMCA is necessarily meant to address. Mike Masnick flags this aspect of the ruling here.
Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act claims were premised on access of craigslist computers in violation of the craigslist terms of service. This argument is often used in civil cases, but most recently received attention in the Lori Drew case, a criminal case. The Lori Drew case illustrated many of the problems with imposing Computer Fraud and Abuse Act liability based on violations of a terms of use. Professor Goldman's post when the case first started is a good read.
Trademark Infringement: Craigslist alleged that defendants used the craigslist mark "in the text and . . . the headings of sponsored links on internet search engines to advertise their auto-posting products and services." The court cites to American Blinds for the proposition that this will cause "initial customer confusion". (Here's one of Prof. Goldman's posts on American Blinds.) It's odd to see craigslist arguing initial interest confusion. These are the types of arguments one would expect to see against craigslist (for example by someone suing it for trademark infringement, not made by craigslist.
Breach of Contract/Terms of Service: Craigslist pointed to provisions in its terms of use which prohibited the use of automated means and posting agents to post listings. Craigslist argued that defendants violated these provisions and induced craigslist users (who were customers of defendants) to violate these provisions. The court awards $840,000 in liquidated damages based on the terms of use claims asserted by craigslist. Craigslist argued that defendants posted at least 18,200 ads or alternatively defendants posted 4,200 ads as a posting agent. The court assumes for purposes of calculating damages, that the lower number is correct and awards $840,000 based on this number. For each listing posted in violation of the terms of service, the court awarded $100 in liquidated damages (and an extra $100 for each item posted as a "posting agent"). [Note to self: be careful about posting items in violation of the craigslist terms of service!]
Attorney's fees: Craigslist sought $83,614.45 in fees, for the work performed by 5 lawyers and one paralegal. The court found the hours expended reasonable, but reduced the hourly rate slightly, ultimately awarding $65,038.20 in fees. (As a side note, what's up with the reduction in billing rates by one dollar in the April-June 2009 time period. The hourly rates for one partner went from $525 in 2009 to $550 in January-March 2009, to $549 in April-June 2009. Does the one dollar change in someone's hourly rate really matter?)
____
This case is similar in many ways to Ticketmaster v. RMG, where Ticketmaster sued RMG, a company that automated the ticket buying process on behalf of its customers. Following the issuance of an injunction, Professor Goldman noted that this case was "a troubling Cyberlaw development." The claims asserted by craigslist here suffered from some of the same weaknesses as those in Ticketmaster. On the other hand, this was in the context of a default judgment, where the good faith allegations in the complaint are taken as true, and craigslist knew it had to only make colorable arguments. It wants to keep out certain perceived bad actors. In the default judgment context, I'm not sure how much it can be faulted for not fine-tuning its legal arguments. That said, it's always tough to read through these types of rulings without cringing.
One of the more troubling things about the ruling is how the terms of use supports three separate claims: the copyright claims, the Computer Fraud and Abuse Act claim and, of course, the breach of contract claim. It's unsettling to see the website terms of service (which are typically tough to read and digest, rarely read by end users, and incredibly one sided) be given enough clout to support serious statutory violations. But this is nothing new, and courts always seem to be willing to accept these types of arguments.
Another issue for craigslist to consider is whether any of the arguments could come back to bite craigslist. I haven't thought through whether there was a good section 230 argument to be made here, I'm guessing not. Assuming there was, it doesn't seem like such a good idea for craigslist to knock down that argument. It's the classic section 230 beneficiary. At any rate, at a basic level, craigslist is ultimately suing Naturemarket based on harm caused by end users. This is exactly what state regulators did to craigslist. The initial interest confusion argument is also one that does not seem like it's in craigslist's interest to push.
Finally, I'm always curious as to what these damage awards accomplish. How often does the company chase down the defendant's assets? More likely, this is something that can be waved around to other potential defendants to get them to comply and/or settle.
Related: Mike Masnick discusses some of these issues in a post flagging an early round of lawsuits filed by craigslist against spammers: "Craigslist's Dumb Lawsuit Against Spam Tool Provider"
Posted by Venkat at 09:25 AM | Content Regulation , Copyright , Licensing/Contracts , Spam , Trademark
March 22, 2010
Plaintiff Wins $7,000 Following Bench Trial on Claims Under California Anti-Spam Statute -- Balsam v. Trancos
[Post by Venkat]
Balsam v. Trancos, Inc., Cal Sup. Ct. Case No. (Civ.) 471791; March 10, 2010 [scribd]
Although spam lawsuits have not gone particularly well for individual (non-ISP) plaintiffs, Dan Balsam recently took a case to trial in San Mateo Superior Court and was awarded $7,000 in damages.
Balsam sued under the California Legal Remedies Act (1750) and California's anti-spam statute (section 17529). The court held that Balsam could not maintain an action under section 1750 because he was not a "consumer" and did not sustain any damages, and dismissed the 1750 claim. His claim under section 17529 was tried to the bench and he was awarded $1,000 in statutory damages per email.
Background: Defendant Trancos registered numerous domain names through DomainsByProxy. Through Defendant's "Meridian" division, Defendant entered into a deal with Hi-Speed Media/ValueClick under which Defendant "managed" several email lists and sent out emails. Trancos and Hi-Speed Media shared revenues generated from transmission of the emails. Trancos discontinued this conduct in 2007 and according to the court had "stopped the allegedly wrongful conduct of which [Balsam complained]."
The Emails: The trial was over eight email messages. The emails were sent through various domain names (privately) registered to Trancos: misstepoutcome.com, modalworship.com, moussetogether.com, mucousmarquise.com, minuteprovenance.com, minecyclic.com, mythicaldumbwaiter.com, and nationalukulele.com. (How on earth did Trancos come up with these domain names!) The subject lines of the emails were typical unsolicited email fare, and ranged from inviting people to take surveys and get paid ("Get paid 5 dollars for 1 survey") to dating-related invitations ("It's a Great Time to Say Hello to Someone New!"; "Date Single Christians"). The emails did not purport to be from anyone particular. The "from" email addresses were from accounts such as "franchisegater@modalworship.com," and "dating@mythicaldumbwaiter.com". The emails contained varying opt-out text and (in some cases) links.
The Court's Ruling: The court held that Balsam's claim under section 17529 was not preempted under federal law. Defendant pointed to Virtumundo and argued that CAN-SPAM preempts state email statutes which reach immaterial errors in emails. The court rejected this argument noting that in Virtumundo, the plaintiff did not put forth any evidence that the emails at issue rose to the level of "falsity and deception" excluded from CAN-SPAM's preemption clause, and on the basis that the Washington statute was different from the California statute (nothing in the Washington statute required any misrepresentations to be "material").
The court looked to the "from" addresses in the emails and held that the "'senders' identified in the headers of the . . . emails do not exist or are otherwise misrepresented . . . [i]n those same headers reflecting the 'from' line of the email, the referenced sender email is a non-existence [sic] entity using a nonsensical domain name reflecting no actual company . . . ." The court also relied on the fact that the address at the end of the email messages (a PO Box in Santa Monica) was registered in the name of a non-existent entity.
Although the plaintiff "was not tricked into believing that [the] emails were anything other than commercial advertisements . . . and was not tricked into seeking to purchase any goods or services," the court held that seven of the emails violated 17529.5(a)(2) because the emails had "falsified, misrepresented, or forged header information." The emails came from Trancos, "but none of the emails disclose[d] this in the header."
Observations: The two significant preemption CAN-SPAM cases (Mummagraphics and Virtumundo) both held that state laws which prohibit immaterial misstatements in emails are preempted. There's another district court case which went beyond this and held that a plaintiff had to satisfy the "actual fraud" standard in order to successfully assert a spam claim under state law (Reunion). The cases in this context often look to whether the plaintiff could have easily ascertained where the email came from. In Mummagraphics the court relied on the fact that the plaintiff could have easily determined where the email originated from in finding the error immaterial (and the claim preempted). In Kilbride, a criminal case, the court imposed liability, finding that the sender's use of GoDaddy's privacy protection services was evidence of the sender's intent to mislead the recipient. In this case, there were similar facts. None of the emails at issue in this case stated where they originated from (or on whose behalf they were sent). Defendant used a lot of names of companies that did not exist, and got a PO Box for the company in the name of another non-existent company. That said, the violations didn't fit nicely within the statute.
17529.2: The court quoted section 17529.2, which is a blanket prohibition on the transmission of unsolicited email to or from a California email address. This section of the statute is obviously dead on preemption grounds and can't support liability.
17529.5: The court also looked to section 17529.5 which is similar to the anti-spam statutes of many states, including Washington. This section prohibits the transmission of email that (1) "contains or is accompanied by" a third party's domain name without permission; (2) "contains or is accompanied by falsified, misrepresented, or forged header information;" or (3) has a misleading subject line. The court found that the subject lines were not likely to mislead and in fact Balsam was not misled by the subject lines. The court didn't expressly find that the emails contained or were accompanied by a third party's domain name without permission. There was no violation of this provision since there was no dispute that Trancos owned the domain names at issue.
The court found that Trancos violated the header information prong, because there was no such person or entity referenced in the "from" line. It's tough to see how this is the case, since the header information was not forged. If you own or control a domain name, you are free to create any number of email addresses that can send emails through the domain name, and no one sees anti-spam statutes as requiring the reference in the from line to refer to an actual living person. I have received numerous emails from "customer support" or "orders" at Amazon.com and I'm fairly confident that there's no such person at Amazon.
What this section of the statute actually gets at is the transmission of emails that appear to come from someone when they actually don't, or the obfuscation of header information. There was no evidence of either in this case. The plaintiff in Virtumundo raised somewhat similar arguments, which were rejected by the trial court. On appeal, the court found that the claims were similar to the ones raised by the plaintiff in Mummagraphics (arguably because accurate WHOIS information could have readily identified the sender of the emails) and held that the claims were preempted under Washington's email statute. There's a colorable argument to be made that nothing in Virtumundo precludes a claim under 17529.5(2), but the differences in the statutory language cut against Balsam's claims. The California statute prohibits "falsified, misrepresented, or forged header information," while the Washington statute prohibits emails where the sender "misrepresents or obscures any information in identifying the point of origin or the transmission path." The Washington statute incorporates a "point of origin" concept that makes it easier to argue that a violation occurs if you include an email address in the from line that's related to a non-existent company.
The final point to consider is that Balsam admitted that he didn't suffer any "adverse effects" of the sort that the court held were required to support a claim under CAN-SPAM. Balsam didn't expend any funds on bandwidth, filtering, infrastructure, etc. His sole injury was the fact that he mistakenly opened the message, and presumably, expended sums litigating his claims.
___
As the court notes, the California Supreme Court is currently considering Kleffman v. Vonage, a case that deals with the scope of California's anti-spam statute. Also, the Reunion case, dealing with the scope of CAN-SPAM preemption, is still stuck in the district court (in the Northern District of California). It's likely to be appealed to the Ninth Circuit.
It will be interesting to see how this plays out. In the meantime, kudos are due to Balsam and his counsel, who unlike James Gordon, Asis Internet, and other spam plaintiffs, are at least generating positive cash flow (if Trancos ever pays up).
Added: "Save the Mail Blog" asks whether it was worth it ("Lawyer Awarded $7k in Spam Suit: We do the Math"). SFGate also covers the ruling ("S.F. lawyer awarded $7,000 from e-mail spammer").
Posted by Venkat at 12:08 PM | Marketing , Spam
March 05, 2010
Eighth Circuit: No Derivative Liability Under Iowa Spam Statute -- Kramer v. Bartok
[Post by Venkat]
Kramer v. Bartok, Case No. 08-3841 (8th Cir. Feb. 19, 2010) (scribd link).
The Eighth Circuit recently reversed an award of $236 million in damages against a spam defendant based on a theory of secondary liability. The court found that the clear language of the Iowa statute only allowed for the imposition of liability against the sender.
Background: Kramer sued defendants Bartok, Perez, and Brown after allegedly receiving millions of spam emails advertising mortgage refinancing services. Kramer asserted claims, including claims under the Iowa's spam statute (then Iowa Chapter Code 714E, which while the suit was pending was replaced with Iowa Chapter Code 716A (which looks fairly different, and does not contain the term "initiate")), the Computer Fraud and Abuse Act, and trespass. According the Eighth Circuit, Kramer (who ran an ISP) actually only received twenty three offending emails, as the remaining millions of emails were blocked by Kramer's spam filter. Defendants produced no evidence at trial, and the lower court found that one of the defendants "dissembled" and sold the computers used by the enterprise. Kramer did not produce evidence that defendant Bartok actually sent the messages in question. The only evidence of Bartok's involvement was that she was "half owner of a business whose sole source of income was predicated on spamming," she signed an agreement for the procurement of mortgage leads, and she assisted Perez in destroying some of the relevant records in question.
The lower court found that Kramer produced no evidence of "actual damages," and rejected all of the claims except for the claims under Iowa's spam statute. With respect to this claim the court awarded $236 million in statutory damages ($10 per spam email).
The Eighth Circuit's ruling: The Eighth Circuit looked to the plain language of the statute and found that the statute only imposed liability on those who "use an interactive computer service to initiate the sending of bulk electronic mail." In other words, the statute was clear that it only imposed liability on someone who actually hit the send button.
Kramer argued that he had produced sufficient evidence of a civil conspiracy between Bartok and the other defendants to sustain a finding of derivative liability, but the court rejected this theory. In the court's view, if the statute didn't authorize the imposition of liability on those who conspired with the person(s) who initiated transmission of the messages (through the use of an interactive computer service), the court was not free to imply a cause of action based on this theory. While Kramer argued a common law conspiracy claim, the court found that Kramer's failure to produce evidence of actual damages precluded the imposition of derivative liability on Bartok. To allow Kramer to assert liability against Bartok based on a conspiracy theory absent evidence of actual damages would be an end-run around the statute's limited focus on those who actually sent the offending messages.
My thoughts: Derivative liability regarding spam and other types of advertising is a favorite topic of Professor Goldman's. I agree that absent clear standards, liability can move up the chain to advertisers and service providers, and this can cause obvious problems.
Here, the court interpreted a statute which by its terms only imposed liability on the person who initiated the transmission of the messages, so the court's conclusion isn't particularly surprising. The fact that the plaintiff in this case only produced 23 emails and was awarded a whopping $236 million in damages (despite having failed to put forth evidence of actual damages) was probably not lost on the court either.
How does this relate to CAN-SPAM: In the context of CAN-SPAM, the standards are slightly different. CAN-SPAM imposes liability on those who "initiate" or "procure" the initiation of noncompliant messages. "Initiate" is defined as "to originate or transmit [messages] or to procure the origination or transmission of [messages] . . . ." "Procure" is defined as "intentionally, to pay or provide other consideration to, or induce, another person to initiate [messages] on one's behalf." Where a civil claim is brought by an ISP, the term procure contains an actual knowledge or a conscious avoidance limitation. (section 7706(g)(2)) CAN-SPAM thus allows for the imposition of derivative liability, but makes it more difficult when the ISP is the one enforcing.
How have CAN-SPAM plaintiffs fared when they sought to impose this type of liability? Not very well. I haven’t done an exhaustive tally, but on the civil side there have been several defense wins (Hypertouch v. Kennedy Western, Asis Internet v. Optin Global, Fenn v. Redmond Venture). On the affiliate liability issue, these cases are typically resolved in favor of defendants on the basis that defendants were not (and had no reason to be) aware of the underlying violations. With respect to enforcement efforts by the FTC, the FTC lost a jury trial (Impulse Media), settled one case after the court found that affiliate liability is a question of fact (Cyberheat), and obtained a conviction (US v. Kilbride). (Oddly, after losing the jury trial in the Impulse Media case, the FTC sought to obtain injunctive relief against Impulse Media. The court denied this request.) Overall, the case law is largely defense favorable. Although CAN-SPAM allows for derivative liability, courts and juries have not been quick to impose it.
Related posts: "Affiliate Liability Talk Notes From SMX West"
Posted by Venkat at 09:15 AM | Derivative Liability , Marketing , Spam
January 31, 2010
January 2010 Quick Links
By Eric Goldman
Copyright
* An English translation of Google's December loss in France on a Google Book Search lawsuit.
* Ed Felten reports on a survey of files available via BitTorrent. Acknowledging some methodological limits, he estimates ~99% were likely copyright infringing.
* Elsevier B.V. v. UnitedHealth Group, Inc., 2010 WL 150167 (S.D.N.Y. Jan 14, 2010). Denying copyright statutory damages and attorneys' fees to unregistered foreign works is constitutional because the Berne Convention (which Elsevier argued prohibits the statutory formalities) is not self-executing.
* Techdirt: Singapore Court Rules That Online DVR Is Infringing...While Noting How Copyright Law Isn't Really Set Up For This
* Techdirt: If Banning The Internet For Sex Offenders Is Unfair, Is Banning The Internet For Copyright Infringers Fair?
* The Copyright Office issued new regulations on the deposit of online-only works: “The regulation establishes that online–only works are exempt from mandatory deposit until a demand for deposit of copies or phonorecords of such works is issued by the Copyright Office.”
Trademark/Publicity Rights
* American Airlines v. Yahoo settled. Previous coverage:
- Yahoo Subpoenas Expedia in American Airlines Lawsuit
- Fifth Circuit Denies Yahoo's Jurisdictional Appeal in American Airlines Case
- American Airlines v. Yahoo Venue Transfer Denied
- Yahoo Countersues American Airlines for Declaratory Judgment
- American Airlines Sues Yahoo for Selling Keyword Advertising
* Duplicity alert! Rescuecom is in court defending its keyword ads triggered by competitor Best Buy's TMs.
* Bev Stayart sues Yahoo again over publicity rights. My September 2009 blog post on her prior loss against Yahoo.
Pornography
* Clark v. Commonwealth, 2009 WL 5125009 (Ky. App. Ct. Dec. 30, 2009). Upholding a conviction when "Clark knowingly used a computer for the purpose of getting a minor, or a peace officer whom Clark believed was a minor, to take a sexually explicit photograph of herself."
* Am. Booksellers Found. for Free Expression v. Cordray, Slip Opinion No. 2010-Ohio-149 (Jan. 27, 2010). Ohio's Supreme Court partially upholds its state law restricting Internet distribution of harmful to juveniles material to juveniles when the communications are to recipients known or believed to be juveniles.
Spam
* United States v. Zein (E.D. Mich. 2009). Posting an ad on Craigslist constituted a "mass marketing" activity sufficient to trigger a 2 level sentencing enhancement.
* Comcast and e360 settled their lawsuit. Previous blog coverage.
Blogs/Social Networking Sites
* Sieber v. Brownstone Publishing Company, 2007 CA 002549 B (D.C. Superior Ct. Dec. 23, 2009). A building contractor sued Angie's List and other people over consumer reviews. My prior mention of the case. After 2 years of litigation, a DC trial judge dismissed all defendants on summary judgment and awarded one defendant-counterclaimant $18k+. The entire text of the memo opinion:
MEMORANDUM OPINION AND ORDER GRANTING MOTIONS FOR SUMMARY JUDGMENT OF ALL DEFENDANTS, DENYING PLAINTIFFS' MOTIONS FOR SUMMARY JUDGMENT, and GRANTING POOLE'S MOTION FOR SUMMARY JUDGMENT ON HIS COUNTERCLAIM signed by Judge Long, efiled, eserved, and docketed in chambers on December 23, 2009. It is ORDERED that the Motions for Summary Judgment of Brownstone Publishing Co., the Washington Post Company, John Kelly, and John W. Poole are granted; and it is FURTHER ORDERED that the Motions for Summary Judgment filed on behalf of the plaintiffs are denied; and it is FURTHER ORDERED that judgment shall be entered in favor of all defendants against the plaintiffs as to all claims in the Second Amended Complaint; and it is FURTHER ORDERED that judgment shall be entered in favor of defendant Poole and against plaintiff SCS Contracting Group LP as to Poole's Counterclaim against plaintiff SCS Contracting Group for $18,300 plus 6% (six percent) per annum interest, and a separate money judgment for this sum shall be docketed. Court Jacket not in chambers.
* FINRA Regulatory Notice 10-06: Guidance on Blogs and Social Networking Web Sites.
* Duer v. Henderson, 2009-Ohio-6815 (Ohio App. Ct. Dec. 23, 2009). A web publication telling a ghost story and describing the location of purportedly paranormal phenomenon on private property is not liable for any resulting trespass to real property.
* The “moldy tweet” lawsuit was dismissed.
* Two lawsuits holding that bloggers aren't subject to jurisdiction in the plaintiff's home court:
- Silver v. Brown, 2009 WL 5220297 (D. N.M. Nov. 30, 2009).
- Workman Sec. Corp. v. Phillip Roy Financial Services, LLC, 2010 WL 155525 (D. Minn. Jan 11, 2010)
* BBC: France ponders a right-to-forget law.
E-commerce
* Appliance Zone, LLC v. NexTag Inc., No:4-09-cv-0089-SEB-WGH (S.D. Indiana Dec. 22, 2009). Upholding NextTag's clickthrough-formed advertiser agreement. Mehmet Munur’s comments.
* Edward A. Zelinsky, “New York’s 'Amazon Law': Constitutional But Unwise.”
* Largo Cargo v. Google, a new complaint over allegedly mismanaged AdWord bids. This is the latest incarnation of the Almeida case. I think Largo Cargo’s complaint is still a no go.
* The NYT catalogs an impressive roster of futility for US dot coms trying to compete in China.
Miscellaneous
* Gmail will consult the user's prior emails to pick an ad if a particular email doesn't lend itself to a good ad.
* Illustrating the divergence between the open source community and the Wikipedia community, APC reports that 75% of Linux code is now written by paid developers.
* Oddee: 15 Funny Facebook Fails.
* I expect to be in the Netherlands May 23-30. Let me know if you would like to meet up there.
Posted by Eric at 01:19 PM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
January 27, 2010
Utah May Repeal Its Spyware Control Act--SB 26
By Eric Goldman
It's that time of year again. The Utah legislature is back in session and cooking up new schemes to regulate the Internet. So far I only see one Internet-specific bill in queue, SB 26. Surprisingly, it does not directly attempt to regulate keyword advertising.
SB 26 is sponsored by Sen. Stephen H. Urquhart, who rocketed to national cyberlaw fame (infamy?) in 2004 when he sponsored Utah's Spyware Control Act. It was such a misguided law that it motivated me (in part) to write a 71 page magnum opus explaining its policy deficiencies. It was also hampered by its fairly obvious unconstitutionality, which was confirmed by a Utah court a few months after passage. (Note: I helped write an amicus brief in that court challenge, so you might interpret my assessment as an advocacy statement). Following the judicial thumping, then-Rep. Urquhart shepherded an amendment to the Spyware Control Act in 2005 that effectively neutered the law. Since then, I believe the law has sat largely dormant. The only court citation I know of was in the 2008 Overstock v. SmartBargains case, easily rejecting Overstock's mystifying attempt to make a claim under the superseded 2004 version of the law.
Among other items I'll discuss in a moment, SB 26 proposes to repeal the Spyware Control Act entirely. If passed, that would be a remarkable development because most legislators let their failed laws sit on the books unused. It takes some work to repeal a law, plus it can be a little embarrassing to repeal a law--especially after hyping up the law to get it passed initially (Urquhart had a lot of tough talk about spyware/adware in 2004-05, see, e.g., here). Kudos to Sen. Urquhart for having the fortitude to admit and fix his errors publicly.
While repealing the law would be a remarkable step on its own, it's even more remarkable in the context of the Utah legislature's track record of Internet regulation. By my count, repealing the Spyware Control Act would be at least the THIRD Utah Internet law that its legislature repealed in the past few years--the other two being Utah's 1995 digital signature act and its infamous Trademark Protection Act. For a legislature that meets only a couple of months a year, a trifecta of repealed Internet laws in the past couple of years is a stunning waste of scarce legislative resources. Wow.
As bad as that is, the three repealed laws don't even tell the full story of the Utah legislature's incompetence when it comes to Internet regulation. Recall Utah's failed attempt to line its coffers by taxing email (which turned into a big money-loser), and don't forget its repeated attempts to regulate Internet content that have spawned years of costly litigation (see, e.g., Free Speech Coalition v. Shurtleff). From my perspective, anyone looking objectively at the Utah legislature's track record of regulating the Internet would logically conclude that they should cut their losses and focus on other legislative priorities.
Unfortunately, SB 26 indicates that either hope springs eternal in the Utah legislature or they are doomed to forget the lessons of history. Despite doing some good by putting down the Spyware Control Act, the bill amazingly proposes more regulations of the Internet! To Sen. Urquhart's credit, the bill is largely clone-and-revise proposals from other places and not drafted from scratch, which may contribute less from a regulatory standpoint but at least they aren't quite as error prone. The proposed law has three main components:
1) anti-phishing/anti-pharming restrictions. I'm not sure where the original text came from. California has an anti-phishing law but I don't think this is a clone-and-revise of that law. Maybe it's cloned from another state's anti-phishing law. In any case, the anti-"phishing" proposal is noteworthy because the regulation doesn't restrict itself to email (presumably to avoid any risk of CAN-SPAM preemption). As a result, as currently drafted, it's an unlimited anti-pretexting law applicable to both online and offline conduct.
2) anti-spyware restrictions. After wiping out the Spyware Control Act, the new anti-spyware proposals are based on the California model of state anti-spyware laws, which have been followed by a couple dozen other states. The California model regulates various types of "intentionally deceptive" conduct regarding software activity. This is what Utah should have done in 2004-05 rather than trying to develop its own sui generis law. I generally don't have a problem with regulating intentionally deceptive software behavior, but it seems a little late to be enacting the laws now. Most of the regulations contemplate practices more common in 2003-06 and largely defunct now, so Utah is showing up late to a party that ended years ago.
3) a state version of the federal Anti-Cybersquatting Consumer Protection Act. I know some other states have enacted domain name protection laws (California comes to mind), but it's not clear what benefits these state laws have. As far as I know, California's law is almost never used. Tom O'Toole speculates that this bill will make it easier for Utah trademark owners to bring in rem lawsuits, but it's not clear to me how much this law will help given the rarity of ACPA in rem lawsuits (UDRPs are usually cheaper and faster for the same results) and already expansive jurisdictional principles under ACPA. Further, I wonder if this law is preempted either by the dormant commerce clause or via field preemption of the federal ACPA.
I should add that I’ve observed that Utah bills can change radically from draft to draft with little warning, even if the law is on the legislative floor for a final vote, so we'll have to see if this law transmogrifies through the process. And I am keeping a vigilant watch for any resurrected attempts to regulate keyword advertising.
Posted by Eric at 09:58 AM | Adware/Spyware , Domain Names , Internet History , Spam , Trademark | TrackBack
January 11, 2010
Top Cyberlaw Developments of 2009 (Eric's List)
By Eric Goldman
Guest blogger John Ottaviani recently dropped by to offer his perspectives on 2009’s top Cyberlaw developments. While I like his list a lot, I independently developed my own top 10 list that has a different emphasis. You might enjoy the contrasts. My list:
#10: Louis Vuitton v. Akanoc. After the judge ordered a web host to stand trial, a jury awarded the trademark owner $32 million due to the web host’s contributions to trademark infringement by its customers. This case stands out for the big damages award and as a rare example where an online provider was held liable under a contributory trademark liability theory. Many trademark practitioners are scratching their heads trying to figure out the import of this case, however. Does this case represent a dangerous new frontier of online liability? Was this a bad jury verdict fueled by poor defense lawyering? Or was this an appropriate outcome because the web host actually engaged in bad behavior that distinguishes it from most “legitimate” web hosts? 2010 may help us understand if this case is part of a new trend or an aberration.
#9: Gordon v. Virtumundo. We’ve seen a lot of silly anti-spam litigation, including the emergence of an entirely new group of entrepreneurs called “spam litigation entrepreneurs” who try to make a living on anti-spam lawsuits. These folks have a true love-hate relationship with spam; they hate it so much that they devote their lives to fighting it, but they love getting spam because each one is a potential revenue source. In general, judges hate spam a lot too, so over the years we have seen a number of doctrinally unsupportable results where judges bent the law to make sure spammers lost.
However, the judicial pendulum has swung in the opposite direction, and in Gordon v. Virtumundo, the Ninth Circuit destroyed a serial anti-spam plaintiff’s entrepreneurial business in a doctrinally questionable but strongly worded opinion. In short order, a number of other spam litigation entrepreneurs have seen their lawsuits shut down with emphasis. Due to this ruling, the era of anti-spammers partying in courts may be on the wane.
#8: Zango v. Kaspersky. The question raised in this issue is simple to state but hard to answer: who should decide what constitutes spam, spyware or a virus? Vendors of software designed to curb these threats would like unfettered discretion to make their classifications; businesses who are classified as a threat would like judges to overturn adverse decisions. As it turns out, in a relatively obscure provision (47 USC 230(c)(2)), in 1996 Congress said that software vendors get to make classifications decisions and unhappy businesses can’t complain about them. In June, the Ninth Circuit upheld Kaspersky’s decision to classify Zango’s software as a threat and rejected Zango’s efforts to take the classification decision out of Kaspersky’s hands. This ruling gives enormous freedom to vendors of anti-spam/anti-spyware/anti-virus software to do their best to keep us safe.
#7: Columbia Pictures v. Fung. This case came out just before the Christmas holiday, so it got lost in the holiday hoopla a bit, but it’s a case of potentially significant import. First, it held that the specific torrent sites at issue induced copyright infringement. Second, the court denied the torrent sites’ eligibility for the DMCA online safe harbors. In part, the court said that an inducing website was categorically disqualified from the DMCA online safe harbors. Like the Akanoc case, it’s not entirely clear if this result was a legal aberration or an appropriate reaction to the defendants’ poor choices. Either way, it is possible that more “legitimate” websites may change their behavior to minimize their exposure based on the legal precedents in this case. If they do, this case could have a major impact on UGC websites.
#6: Lori Drew’s acquittal. Megan Maier’s suicide remains a heartbreaking tragedy, but unfortunately, overzealous prosecutors compounded the tragedy by prosecuting Lori Drew using bogus legal doctrines. The tragic facts got a jury to convict Drew of some misdemeanor crimes. Fortunately, the judge recognized the legal errors of the prosecution’s theory and the jury’s conclusions and granted Drew an acquittal despite the jury findings. The judge finally got to the right result as a matter of Cyberlaw, but the case remains a chilling testament to prosecutorial power.
#5: Harris v. Blockbuster. The rule is really clear. Service providers can't amend online user agreements in the provider’s sole discretion without notice. As the Ninth Circuit informed us in 2007, those contracts don’t fare well in court. So although these provisions are in just about every online user agreement, they don’t work--as Blockbuster found out the hard way.
As part of the litigation detritus from the Facebook Beacon experiment, users sued Blockbuster for sharing their rental transactions with Facebook and all of their friends, allegedly in violation of the Video Privacy Protection Act. Blockbuster tried to bust the class action by invoking the contract’s arbitration clause. Instead, because Blockbuster had the impermissible amendment provision in its user agreement, the court said the contract was illusory and refused to send the case to arbitration.
This case should signal the end of the ridiculous amendment clauses. We’ll see how long it takes the lawyers to give the provisions up.
#4: Battles Over the First Sale Doctrine. We have seen numerous legal battles this year over the First Sale defenses in both copyright and trademark law.
Copyright owners try to engage in price discrimination by carving up the world into geographic territories with different prices for the same product. If they can use copyright law to keep the cheap products from entering the other geographic market, this keeps the product from effectively price-competing with itself.
This year, two cases involved European textbooks which were functionally equivalent to the textbooks being sold in the United States at higher prices. Entrepreneurs were buying the cheap European texts, shipping them to the US and then selling them online. The entrepreneurs invoked the First Sale doctrine, which says that copyright law can’t prohibit the legitimate purchaser of a tangible copyrighted item from reselling the item to whomever they want at whatever price they want.
However, copyright law has another provision that allows copyright owners to block the importation of copyrighted works into the United States. In the 1998 Quality King case, the US Supreme Court said that the First Sale doctrine trumped the importation right when the goods were manufactured in the US, sold overseas, and then imported back to the US. However, in Pearson v. Liu and John Wiley & Sons v. Kirtsaeng, the judges said that the importation right trumps the First Sale doctrine when the goods were initially manufactured overseas. This issue is ripe for further adjudication, though. A similar importation case, Costco v. Omega, is pending before the US Supreme Court, which is deciding whether or not it wants to hear the case. If it does, we may get clearer instructions about the interplay between the First Sale doctrine and the copyright importation right.
Copyright’s First Sale doctrine was also at issue in Vernor v. Autodesk, where the purchaser of a software disk wanted to resell the disk on eBay despite restrictions in the software licensing agreement barring such resales. The court held that the First Sale doctrine applied and allowed the resale. There are other cases percolating through the court system involving the resale of tangible media contained copyrighted material despite contractual restrictions on resale, so this issue remains a hot one.
Trademark owners also try to prevent competition with their products that leak out of their official channels of distribution. eBay has been the site of a couple battles over the First Sale doctrine in trademark law. In Mary Kay v. Weber, the court held that the trademark First Sale doctrine may not permit the eBay resale of expired cosmetics by a Mary Kay independent beauty consultant. In Beltronics v. Midwest, a trademark owner shut down the eBay resale of radar detectors that had leaked out of the manufacturer’s channel and were being sold (at a cheaper price) without the manufacturer’s warranty.
Clearly, the First Sale doctrine matters a lot to eBay and other consumer-to-consumer e-commerce websites. With a possible pending Supreme Court case and lots of IP owners looking to stifle competition from goods they have already profited from, expect the First Sale doctrines to get lots of attention in 2010.
#3: 47 USC 230. In my opinion, 47 USC 230 is the most important Cyberlaw statute, so new 230 developments will make my top 10 list for the foreseeable future. This year, there were three federal appellate court rulings interpreting 47 USC 230(c)(1):
* in Barnes v. Yahoo, the Ninth Circuit held that 230 protected a website’s negligent delay in removing user content. However, if the website had promised removal to the user, the user could have a viable claim for promissory estoppel that would not be preempted by 230.
* in FTC v. Accusearch, the Tenth Circuit held that a website’s resale of pretexted phone records—even if those records were supplied by third party suppliers—did not qualify for 47 USC 230 protection because of their illegality.
* in Nemet Chevrolet v. ConsumerAffairs.com, the Fourth Circuit held that a consumer review website was not liable for user-supplied reviews, even when the website worked with the user to submit the review, and despite the plaintiff’s unsubstantiated claims that the website had fabricated the reviews itself.
Really, the big 47 USC 230 news in 2009 is the absence of big news. Specifically, 2009 reinforced that the Ninth Circuit’s 2008 Roommates.com decision—one of the most significant defense losses under 47 USC 230—did not rip open a major hole in the statutory protection of websites. Of the 13 cases that I have seen that have cited the Roommates.com en banc opinion, eleven have cited the case in favor of the defense. (See the list here). The two exceptions are the Accusearch case, mentioned above, and the New England Patriots’ lawsuit against StubHub over season ticket resales, an odd opinion that may not have much influence. Therefore, despite our fears about Roommates.com, the 47 USC 230 immunity remained healthy and vibrant in 2009. For more on this topic, see my special recap of 47 USC 230's year-in-review for 2009.
#2: Keyword Advertising Battles. Keyword advertising battles are another perennial topic on these year-in-review lists. A multi-billion dollar a year industry has sprung up around the sale of keyword-triggered advertising, including some keywords that may be third party trademarks, and trademark owners don’t like it at all. This has led to a multi-front battle between trademark owners, keyword advertising sellers (such as Google), and keyword advertising buyers.
One of the biggest Cyberlaw cases of the year was the Second Circuit’s ruling in Rescuecom v. Google. In the district court in 2006, Google won an easy victory against a trademark owner because the court said that Google did not make the requisite “use in commerce” of the trademark. The Second Circuit reversed the district court, sending the case back for further proceedings. The reversal does not ensure Google’s defeat; Google will now litigate other legal doctrines and might very well win on one of those. However, the Second Circuit’s opinion largely spells the end of any “use in commerce” defense by either keyword advertising sellers or buyers.
Because of the “use in commerce” defense’s demise, keyword advertising cases will now likely turn on whether the advertisements create a likelihood of consumer confusion. One case, Hearts on Fire v. Blue Nile, offered up a new and complicated test for gauging consumer confusion. If other courts adopt this test, keyword advertising cases will get even more expensive and complicated—highlighting how important it was that the Rescuecom case eliminated an easy way to end these lawsuits early.
Meanwhile, despite the fact that keyword advertising battles have been taking place for at least a decade, we have not heard what a jury thinks about the practice—until the November jury ruling in Fair Isaac v. Experian. In that case, the jury found for the defense that the keyword-triggered ads did not create the requisite likelihood of consumer confusion. It remains to be seen if other juries reach the same conclusion. If they do, keyword advertising lawsuits should slowly fade away over time because the trademark owners can’t win in the end.
As for now, keyword litigation is going strong and hardly fading away. In Spring, Google made two changes to its trademark policies where it voluntarily agrees to take down certain types of ads at the trademark owner’s request. In May, Google extended its more liberal US-based policy to nearly 200 other countries, replacing the more restrictive policies it had in place there. Shortly thereafter, Google modified its US policy to do less for trademark owners in situations involving product resales, review websites and sales of complementary/replacement parts. Trademark owners were none too pleased with these changes. In response to these changes and the door opened by the Second Circuit Rescuecom decision, Google got hit with about a dozen new lawsuits, including some class action lawsuits, of which I believe 10 are currently still active.
Finally, all of the wrangling in court and over voluntary trademark policies could be mooted by legislative action, and for the third time, the Utah state legislature considered resolving the keyword advertising issue itself. A law regulating keyword advertising passed the Utah house but died in the Utah senate. Expect the pro-regulatory forces to round up the troops for a fourth try in 2010.
#1: FTC Endorsement Guidelines for Bloggers. The Obama administration has breathed new life into a pro-regulatory FTC, and the FTC sure is interested in all things Internet. The FTC has been nosing around Internet privacy and Internet marketing practices pretty carefully, and I expect 2010 to bring more FTC pronouncements designed to tackle the Internet.
But nothing stirred up a hornet’s nest of confusion and anger in 2009 like the FTC’s Endorsement and Testimonials Guidelines. I think it’s fair to say that the FTC’s guidelines rollout was a complete failure. As usual, the FTC’s guidelines were mealy-mouthed and filled with conditional statements (the FTC hates to lay out bright line rules that might constrain their future discretion). However, the FTC’s general gist was clear: bloggers should disclose when they receive financial or other consideration for their blog posts.
Unfortunately, this general principle leaves open some fairly fundamental questions, like when is disclosure required in situations less clear than straight cash-for-posting, and where should disclosure be made, especially in space-constrained media like Twitter. Needless to say, unhappy bloggers can be very noisy, so blogger response to the FTC’s announcement was loud and vituperative. The FTC tried to backpedal a little by saying that it did not intend to pursue individual bloggers, but this announcement only reinforced that bloggers do not understand what the FTC wants from them.
Meanwhile, the FTC’s proposed guidelines also took an interesting position about an advertiser’s liability for rogue blogger’s posts. This position is generally consistent with government enforcement agencies’ views that commercial players can be legally responsible for content they endorse or link to (see, e.g., my comments on the SEC’s liability-for-linking policy), but this position runs directly contrary to 47 USC 230’s provisions that say A isn’t liable for B’s online content. As a result, I believe that part of the FTC’s proposed guidelines violate 47 USC 230 and would not survive a court challenge.
Overall, the firestorm over the FTC’s Endorsement and Testimonials guidelines is a small part of a larger effort to regulatorily separate advertising from content. The Internet has collapsed those distinctions, perhaps irreparably, so regulators may be trying to accomplish the impossible. Nevertheless, the FTC seems determined to prop up the distinction, and I expect 2010 will bring more FTC efforts on this front.
* * * * *
While that concludes my top 10 list, there were a number of other interesting developments in 2009 that are worth a brief note:
* Moreno v. Hanford Sentinel. A woman trashed her hometown in an obscure but public MySpace posting and learned there is no “do-over” for Internet content publication. My vote for the most factually interesting Cyberlaw case of 2009.
* Google’s keyword metatag announcement. Courts generally treat the inclusion of third party trademarks in keyword metatags as per se trademark infringement. But Google has confirmed that it ignores keyword metatags. Will courts get the message?
* Google Book Search settlement. If the Google Book Search settlement ever gets approved, it may reshape the book industry, redefine libraries, and make all kinds of other socially significant changes. But the list of opponents to the settlement is long and growing. Professor James Grimmelmann of New York Law School is our community’s maven for all things “GBS.”
* Kindle book deletion. The Kindle store sold e-books it didn’t have the right to sell, so it took them back. Users learned of a key factual difference between physical books and e-books—the vendor can remotely make e-books go poof.
* States’ efforts to impose sales tax efforts based on marketing affiliates. For years, states have been looking for ways to make online retailers collect sales tax for them. They are generally stopped by Supreme Court precedent, but in 2008 New York finally figured out a workaround. The New York statute said that marketing affiliates were like traveling salespeople and thus created the physical nexus required for a state to impose sales tax collection obligations. The New York statute survived its first legal challenge, which opened the floodgates of other states passing similar laws hoping to get their piece of the action. Meanwhile, online retailers aren’t just rolling over; instead, they are threatening to cut off (or actually cutting off) marketing affiliates in states that enact these laws—thus potentially costing the states income tax from the marketing affiliates’ revenue, and creating the potential for the entire affiliate industry to be torn apart.
* Maine kids privacy law. Maine thought it could pass a law banning marketing to kids. It was wrong. The state had to withdraw the law and go back to the drawing board.
* UMG v. Veoh. Veoh won another nice DMCA online safe harbor victory.
* US v. Kilbride. The Ninth Circuit says that online obscenity prosecutions need to evaluate national attitudes towards obscene content, not local community standards.
* Kentucky domain name seizure. Kentucky tried to grab 141 domain names that enabled Kentucky residents to engage in illegal gambling. But those domain names also serviced customers for whom the gambling was completely legal, so the Kentucky courts are rethinking the grab.
* FTC v. Sears. As another example of the new pro-regulatory winds blowing through the FTC, the FTC cracked down on Sears for installing spyware on users’ computers that looked at the users’ hard drives, even though Sears paid the users for the installation and disclosed the spyware’s snooping in the user agreement (though in an inconspicuous manner). This case has made a lot of lawyers concerned that adverse disclosures in user agreements won’t satisfy the FTC.
* Facebook the Drama Queen. Ah, Facebook. Love it. Hate it. Facebook is a pretty nifty site and part of my daily routine, but boy, they sure do have a knack for stirring up trouble.
- In February, they made a relatively modest change to their user agreement that caused people to freak out.
- In response to this, Facebook took the provocative step towards user self-governance. Facebook let users vote on some choices and promised to be bound by the results, but with an asterisk: Facebook decided what options users could vote on, and Facebook would honor those choices only if a prohibitively large number of users exercised their franchise. Still, it was a nice gesture towards cyberspace community self-governance.
- In summer, they tried to settle their Beacon litigation, but that also reminded folks of how much Beacon irritated them in the first place.
- Summer also brought allegations of click fraud on Facebook, and lawsuits followed.
- Finally, in Thanksgiving, Facebook rolled out some changes to its privacy options that it pitched as giving users more choices, but it also took away some choices and defaulted users into some options that surprised them.
Given this track record, is it unrealistic to expect more Facebook drama in 2010?
* Estavillo v. Sony. Speaking of self-governance, virtual world enthusiasts would love to establish the legal proposition that virtual worlds are legally equivalent to governments and therefore obligated to restrain their actions just like governments are. One virtual world enthusiast sued Sony for kicking him off the network, claiming that Sony was legally governed as a “company town” and therefore lacked the discretion to kick him off. WRONG (and it wasn’t even close).
* Wikipedia's policy change. In August, the English-language Wikipedia announced that it was going to tighten up its editorial policies, and people Freaked Out. (In fact, I have predicted that Wikipedia cannot avoid increased editorial restrictions over time, so this change should not have been surprising). However, it turns out that everyone got it wrong, and Wikipedia’s editorial changes are far less dramatic (and consequential) than initially reported. I will post a separate recap on Wikipedia shortly.
If you would like a stroll down memory lane, you can see my previous top 10 lists from 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 10:46 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark , Virtual Worlds | TrackBack
December 17, 2009
Court Finds that SMS Spam Messages are Subject to the TCPA and Rejects First Amendment Defense -- Abbas v. Selling Source, LLC
[Post by Venkat]
Abbas v. Selling Source, LLC, Case no. 09 CV 3413 (N.D. Ill.; Dec. 14, 2009).
I didn't think there was much dispute as to whether SMS spam falls under the Telephone Consumer Protection Act, but Judge Gottschall's order in Abbas v. Selling Source, LLC, tackles this issue and concludes that SMS spam messages are "calls," under the Telephone Consumer Protection Act. Along the way, the court addresses a few other interesting arguments, including defendant Selling Source's First Amendment defenses.
Abbas allegedly received SMS spam from Selling Source. Abbas sued Selling Source in state court under the TCPA. Selling Source removed and filed a motion to dismiss. The court rejected the crux of Selling Source's arguments.
Was Abbas Charged for the Text Messages? Selling Source's first argument was that Abbas did not allege he was charged for the text messages, and that the TCPA only applies to messages for which the recipient is charged. Due to lazy drafting, the statute is not totally clear on this issue. It contains a list of services to which the TCPA applies, but adds a catch-all: "or any service for which the called party is charged for the call." The question for the court is whether this modifier applies to numbers assigned to all types of services, or whether it's just a separate catch-all category. Following passage of the TCPA, the FCC concluded that the TCPA did not apply to calls to cellular customers for which the called party is not charged. Shortly after this FCC pronouncement, Congress passed a law that allowed the FCC to exempt from the scope of the TCPA any calls for which the called party is not charged. The court looked to this Congressional amendment and concluded that the TCPA applies to both "charged and uncharged calls." [Sidenote: should the applicability of the TCPA to "uncharged calls" affect the First Amendment analysis?]
Did Selling Source Use an Automatic Telephone Dialing System? Selling Source argued that Abbas failed to adequately allege that Selling Source used an auto-dialing system to send the messages. The Ninth Circuit dealt with this issue in Satterfield (discussed by Prof. Goldman here and Jeff Neuburger here), where it held that the TCPA only required that the calling mechanism have the capacity to store or produce numbers using a "random or sequential number generator," not that this mechanism was used to initiate the calls (messages). I'm not really sure what to make of this argument in the context of this case, since it's unclear exactly what equipment Selling Source used. Plaintiff certainly has no way of knowing this information at this stage in the litigation. Whatever it means for a piece of equipment to have the "capacity" to store or produce random or sequential numbers, I would guess - given the analysis in Satterfield and in this case - that any reasonably sophisticated piece of equipment fits the bill.
Does the TCPA Apply to SMS messages? Selling Source argued that the TCPA only applies to
"calls," and not to text messages (or that text messages were not "calls" under the TCPA). The court engages in a fairly lengthy analysis (which is worth reading) before concluding that "an SMS message is a 'call' within the meaning of the TCPA." Most people treat this as a foregone conclusion (or at least assume this is likely the case), given that the FCC has long held (starting from a 2003 FCC order) that text messages are "calls" within the TCPA. But Selling Source made some creative arguments that the court seemed to grapple with. Interestingly, the court declined to give the 2003 FCC order concluding that text messages were calls under the TCPA Chevron deference. (The court undertakes an independent look at the issue and concludes that SMS messages are "calls" within the meaning of the TCPA.)
Selling Source's First Amendment Challenge: Finally, the court rejects Selling Source's First Amendment challenge. Jaynes (and the Virginia spam statute) notwithstanding, First Amendment challenges to unsolicited marketing laws are a losing proposition. It wasn't a big surprise that the court didn't buy Selling Source's First Amendment arguments, but cost-shifting is typically advanced as one of the big evils sought to be addressed by unsolicited marketing laws. The court's interpretation of the TCPA potentially takes this out of the equation, at least in some cases. This leaves the privacy rationale, but accepting that rationale as a justification for laws governing unsolicited marketing may make way for lot broader regulation than most people think is appropriate from a First Amendment standpoint. I'm not quarreling with the court's conclusion, and I haven't taken a close look at the issue, but I thought this was worth noting.
***
It's worth mentioning that the court grants Selling Source's motion to dismiss on the basis of specificity. Although it finds plaintiff's claims viable as a matter of law, plaintiff is required to re-file and allege specifics regarding the receipt of the text messages in question.
It's also worth noting that last week a district court dismissed Computer Fraud and Abuse Act claims based on the receipt of SMS spam messages. See, my post here for a discussion of Czech v. Wall Street on Demand, Inc. As I mentioned in that post, the TCPA is a possible avenue for plaintiffs who receive SMS spam messages.
Posted by Venkat at 09:09 PM | Spam
December 11, 2009
Court Rejects Computer Fraud & Abuse Act Claim Based on Unsolicited Text Messages--Czech v. Wall Street on Demand
[Post by Venkat]
Czech v. Wall Street on Demand, Inc., No. 09-180 (DWF/RLE) (Dec. 8, 2009).
A Minnesota district judge rejected claims brought under the Computer Fraud and Abuse Act based on the receipt of unsolicited text messages. There's not much to the facts, except that plaintiff received unwanted text messages from Wall Street on Demand, Inc. She did not have a prior business relationship with WSOD. She (vaguely) alleged that she incurred fees and charges related to her receipt of these messages. Based on her receipt of unwanted text messages, she filed a claim against WSOD alleging violations of the Computer Fraud and Abuse Act and state statutes.
The Court's Ruling: The court dismisses plaintiff's amended complaint in an order that helpfully provides a summary of the Computer Fraud and Abuse Act (and recent 2008 tweaks) as it's used in the civil context. Plaintiff brings three possible claims: (1) a claim for obtaining information from her phone; (2) a claim for transmitting information or code through her phone; and (3) a claim for "accessing" her phone.
Information Claim: The court rejects the information-based claim because there's no information that WSOD allegedly obtained through accessing the plaintiff's phone. Plaintiff analogizes to websites and argues that any time someone sends a message to a mobile phone, information is "obtained" in the same way that information is obtained any time someone accesses a website. The court rejects this analogy, finding that "there is a fundamental difference between viewing websites and communicating with wireless devices such as cell phones by sending text messages." Even if the transmission of an unwanted text message somehow resulted in the "obtaining of information," the court concludes that there's no loss as a result of defendant having obtained the information.
Transmission Claim: The transmission claim requires plaintiff to allege that WSOD caused the transmission of code or information and as a result "intentionally caused damage without authorization" to plaintiff's device. The complaint fails on both counts. There wasn't a credible allegation of damage (there was no allegation of impairment to the machine) or of WSOD's intent to cause the damage.
Access Claim: The court rejects the access claim since plaintiff does not adequately allege that the unauthorized access was intentional.
My Take: The Computer Fraud and Abuse Act is an often abused statute, and this seemed like another example of a situation where the statute is being stretched to fit the conduct/harm that was not intended to be covered by the statute. I was surprised that plaintiffs cited to the Lori Drew case [link], which many people view as a classic example of stretching the statute to its breaking point. In some ways this case is reminiscent of ISPs using the Computer Fraud and Abuse Act to attack spam. Some courts were open to this; other courts expressed reservations to the applicability of the Computer Fraud and Abuse Act to spam. See, e.g., America Online, Inc. v. National Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1275 (N.D. Iowa 2000) ("A disturbing issue is whether subsection (a)(5)(c) is intended to address UBE at all.").
The case is also somewhat reminiscent of Abrams v. Facebook, a lawsuit based on the fact that Facebook sent SMS messages to cellphone numbers provided by its users and would keep sending those messages even if the cellphone number changed owners. In a lengthy article, Prof. Goldman discussed the weaknesses of using phone numbers as identity authenticators.
Advice to plaintiffs. If the court dismisses your complaint, come back with additional facts. Do not merely add what the court here calls "background discussion" about the issue you are complaining about. In five or six separate instances, the court mentions the fact that the amended complaint is just a bulkier, more "dressed up version" of the old complaint . . . with no new facts. At a broader level, the court's understandable skepticism towards the damage claims in this case illustrates how difficult it is to bring claims based on unsolicited marketing communications (whether received via your phone or your computer).
Advice to defendants. Transmitting unsolicited text messages is not free of risk. The Telephone Consumer Protection Act is one possible avenue for plaintiffs, and courts are not always deferential to broadly (and poorly) worded opt-ins. (See Eric's post on Satterfield v. Simon & Schuster here.)
Posted by Venkat at 12:27 PM | Marketing , Privacy/Security , Spam
December 04, 2009
Ninth Circuit Rebuffs Another CAN-SPAM Plaintiff -- Asis Internet Services v. Azoogle.com, Inc.
[Post by Venkat]
The Ninth Circuit recently rejected [pdf] two appeals brought by CAN-SPAM plaintiff Asis Internet Services. The trial court granted summary judgment in favor of Azoogle and awarded costs. See Eric's earlier blog post on that ruling. Asis has brought numerous lawsuits against different defendants. While this ruling won't necessarily be used preclusively against Asis it will definitely be cited by the defendants in those cases.
Citing Gordon v. Virtumundo, the court finds that:
the mere costs of carrying SPAM emails over Plaintiff's facilities does not constitute a harm as required by the statute. While Plaintiff argues that employee time was spent on spam-related issues, Plaintiff concedes that it has no records detailing employee time. Plaintiff also spent money on email filtering, though the cost of email filtering did not increase due to the emails at issue. Such ordinary filtering costs do not constitute a harm. [cite omitted] Thus, Plaintiff has not suffered a harm within the meaning of the statute and lacks standing.
The entire memo opinion is about two pages, and the court spends a sentence noting that Asis is not entitled to relief under the California statute (17529.5) because Azoogle "neither sent nor procured the emails at issue, and therefore did not 'advertise' within the meaning of the statute."
The big take away is that courts seem to be able to sniff out people who they view as pursuing litigation for the wrong reasons. It's unlikely that Asis was truly damaged to the extent of even a fraction of fees and resources it spent on this case.
Plaintiffs who aren't large ISPs or social networking websites haven't found a very sympathetic audience, particularly at the appellate level. We're probably left with a regime where only larger ISPs, social networking websites, and state actors are able to effectively bring anti-spam lawsuits. The scope of preemption of California's anti-spam statute is still unclear (Kleffman v. Vonage was certified to the California Supreme Court) so this is one possible option for plaintiffs, but I can't imagine they'll be spending much energy on this.
Posted by Venkat at 07:31 AM | Derivative Liability , Marketing , Spam
December 01, 2009
"Spam Filter Ate My Electronic Filing Notice" Plaintiffs Get Another Chance -- Shuey v. Schwab
[Post by Venkat]
The "spam filter ate my electronic filing notice" excuse was an inevitable byproduct of the CM/ECF electronic filing system now in place in federal courts. As expected, courts have not been very sympathetic to this excuse. In an unpublished decision, the Third Circuit gave a party who advanced this excuse another chance. (The case caption is Shuey v. Schwab, Case No. 08-4727 (3rd Cir.; November 3, 2009). Here's a link to the Justia page.)
Plaintiffs brought civil rights claims against a township and certain police officers alleging excessive force. Defendants moved to dismiss. Plaintiffs failed to respond. The court issued an order directing plaintiffs to respond or "otherwise communicate with the court." Plaintiffs did not respond to this order either, and the court dismissed the action with prejudice. After the dismissal was entered, plaintiffs sought reconsideration, alleging among other things that their failure to respond was caused by "technological error." Specifically, counsel "explained that the court's electronically filed order was errantly tagged as 'spam' in counsel's email system and therefore was never delivered." The district court denied plaintiffs' request for reconsideration.
On appeal, the Third Circuit reversed, holding that before dismissing a case as a sanction the trial court must engage in some sort of merits analysis. The court's ruling doesn't directly address the "spam filter ate my CM/ECF notice" excuse, but gives the lawsuit a small dose of oxygen.
Although I'm sure we'll see parties continue to assert this excuse, I don't think courts will be very sympathetic. I guess common sense is the best advice here. Get a good spam filter and whitelist all domain names through which you are likely to receive electronic notices. When all else fails, keep track of your cases by checking PACER (or RECAP) once in a while!
Related: You can see my take on the ruling below here: "The Spam Filter Ate My CM/ECF Notice?," and posts on other cases where parties have asserted this excuse here (Russo v. Network Solutions, Inc.), here (American Boat Company, Inc. v. United States), and here (Stewart v. Avaya, Inc.).
Posted by Venkat at 10:15 AM | Spam
November 12, 2009
Tagged Settles Spam and Address Book Harvesting Claims Brought by NY and TX Authorities
[Post by Venkat]
Tagged, which is supposedly the "third-largest social networking site in the world" (whatever this means) recently settled enforcement actions brought by New York and Texas Attorneys General. (See coverage at Bits and Media Post.)
The basic allegations were that Tagged sent emails to people which falsely implied that the people were depicted (or "tagged") in photos in order to get people to sign up for the service. At sign up Tagged also allegedly failed to disclose that Tagged would access the address books of users and send emails trying to get friends of these users to sign up.
The Tagged settlements - details of which are recapped by David Johnson here - required Tagged to pay 250,000 and 500,000 to Texas and New York, respectively. The settlements also require Tagged to provide users with greater disclosure and require Tagged to jump through certain hoops before accessing the address book of a user. David notes that the enforcement actions were brought under a variety of New York statutes including New York's deceptive trade practices law and false advertising statutes. He notes that those statutes "would not be preempted by CAN-SPAM . . . [but] we will never know" for sure, since Tagged settled.
Although Tagged chose not to fight the battle, there's another case pending in California that is roughly analogous, where the court ruled that claims arising out of similar conduct were preempted by CAN-SPAM. (Hoang v. Reunion.com, discussed by Ethan here and here.) As Ethan notes, in the Reunion case, Judge Chesney ruled that CAN-SPAM preempted pretty much every type of email-based claim except for those sounding in common law fraud. Common law fraud has a high damage threshold and because none of the plaintiffs were able to show that they actually relied on, or suffered out of pocket loss due to, misstatements in any Reunion emails, Judge Chesney dismissed the claims against Reunion. (Incidentally, that case is mired at the district court level. Plaintiffs have indicated they plan to appeal, but defendants moved for sanctions based on the fact that plaintiffs represented to the court that they could file a third amended complaint containing adequate damage allegations but ultimately changed their minds and decided they wanted to appeal. The court deferred ruling on the pending motions and requested additional briefing from the parties.)
Tagged is also defending against a class action filed in California. The plaintiffs in this case allege claims under the Computer Fraud and Abuse Act and the Stored Communications Act, among other statutes. (You can access a copy of the complaint here (scroll down).)
So, what to make of these lawsuits against Tagged and Reunion?
1. I'm inclined to agree with Ethan that Reunion went too far in concluding that only claims for common law fraud are carved out of CAN-SPAM's preemption clause. Mummagraphics - the early appellate preemption case - concluded that immaterial errors are not actionable, but that's a far cry from the high bar set by the court in the Reunion case.
2. CAN-SPAM's preemption clause has a second exception for laws that "are not specific to electronic mail," I don't understand why plaintiffs don't try to rely on non-email specific laws. The Reunion plaintiffs brought claims under California spam statutes. Maybe there were structural (standing or damages-related) reasons for why they did so, but I was surprised they didn't just bring claims under California's unfair business practices statute. On a related note, with respect to the Tagged class action, the Computer Fraud and Abuse Act and Stored Communications Act don't seem like a good fit for these types of claims. The Computer Fraud and Abuse Act has a damage threshold that is probably tough to satisfy, and the Stored Communications Act regulates access to the contents of communications.
3. There isn't a ton of law on the scope of California's anti-spam statute, but the Ninth Circuit certified an issue to the California Supreme Court in Kleffman v. Vonage. I'm not sure if this ruling will add to the mix, but it should be interesting to see what the court does here.
4. It's tough to say whether these lawsuits illustrate that enforcement is better left in the hands of government regulators or whether private parties should play a role in enforcement. Excluding large ISPs, private plaintiffs don't seem to have accomplished very much by way of stopping spam. If anything, they have pushed the envelope, and ended up with a framework that makes private enforcement much harder. That said, here the Texas and New York enforcement actions followed the California class action against Tagged, so it's tough to say.
5. Where is the FTC in all of this? Busy regulating paid endorsements by bloggers I guess.
Posted by Venkat at 08:54 AM | Spam
November 02, 2009
October 2009 Quick Links
By Eric Goldman
Just a reminder that I am posting most of these types of links exclusively to my Twitter feed.
* Tricome v. eBay, Inc., 2009 WL 3365873 (E.D.Pa. Oct 19, 2009). Court upholds eBay user agreement's venue selection clause. Evan Brown covers the case.
* The AutoAdmit case is over. Above the Law and the Yale newspaper.
* Google doesn't want to hear your complaints about your reputation management.
* Moneygram settles with the FTC (to the tune of $18M) that its money wiring service was used to perpetrate fraud.
* The FTC scores a rare COPPA settlement, this time with Iconix for $250,000.
* John Wiley & Sons, Inc. v. Kirtsaeng, 2009 U.S. Dist. LEXIS 96520 (SDNY Oct. 19, 2009). Another federal court holds that the purchase of foreign-manufactured textbooks and resale in the US via the Internet is blocked by the importation right and not excused by the First Sale doctrine. My coverage of the analogous Pearson v. Liu ruling.
* Utah's "Don't Spam the Kids" registry survived a constitutional challenge. That doesn't make it good policy!
* Saadi v. Maroun. Blogger hit with $90k judgment for defamation. MLRC coverage. My initial blog post on the case.
* Erik Estavillo, the gamer who sued for being kicked off the PlayStation Network, is appealing his district court loss to the Ninth Circuit. I guess he wants to lock in the adverse ruling as the binding law of the Western United States. My blog post on the district court ruling.
* Rep. Paul Kanjorski wants to end 47 USC 230 with respect to bogus stock investing info? This legislation needs careful monitoring due to its potential perniciousness.
* Venkat has his own version of Quick Links on his site.
Posted by Eric at 05:08 PM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Privacy/Security , Spam | TrackBack
October 30, 2009
Internet Obscenity Conviction Requires Assessment of National Community Standards--US v. Kilbride
By Eric Goldman
U.S. v. Kilbride, 2009 WL 3448360 (9th Cir. Oct. 28, 2009)
Jeffrey Kilbride and James Schaffer were porn spammers, operating through Ganymede Marketing, a Mauritian company. I previously blogged on their case in 2007. Their spam failed to comply with CAN-SPAM in several respects, including forged headers, fake email addresses and bogus contact info. The FTC claimed that it had received over 662,000 complaints about their spam. After a 3 week trial, a jury convicted them of criminal CAN-SPAM violations, criminal obscenity for 2 spammed images and other charges. Kilbride was sentenced to 6 1/2 years and Schaffer got over 5 years. Both appealed their convictions.
In the resulting Ninth Circuit opinion, the most important discussion relates to their obscenity convictions. The Supreme Court defined obscene material in the Miller case as:
(a) whether the average person, applying contemporary community standards would find that the work, taken as a whole, appeals to the prurient interest; (b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable ... law; and (c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value [emphasis added]
On the Internet, the question arises: whose community standards? The Miller test anticipates that geographically dispersed communities could have different norms, and in theory an Internet content publisher needs to conform to all of them or at least the most restrictive ones. For an early example of this, see United States v. Thomas, 74 F.3d 701 (6th Cir. 1996) (involving a dial-in BBS). However, the cost and limitations of geographic authentication technology means that many Internet content publishers can't steer their content into or away from a particular geography. Personally, I think this is especially true for publishing content by email because I know of no effective way to accurately authenticate the geography of most email recipients.
The US Supreme Court squarely wrestled with the issue of disparate geographic communities being collapsed on the Internet in 2002 in its first Ashcroft v. ACLU ruling (this should be distinguished with the more influential second Ashcroft v. ACLU opinion from 2004, which I still teach today in Cyberlaw). That case involved a challenge to the 1998 Child Online Protection Act (COPA), and the Third Circuit had affirmed a preliminary injunction against COPA on the grounds that the application of a "contemporary community standards" clause to Internet publication was constitutionally infirm due to disparate community standards. In 2002, the US Supreme Court reversed the Third Circuit in a massively fractured way, with 5 different opinions and no clear consensus on anything.
To resolve this appeal, the Ninth Circuit had to divine a single rule of law from this mess-o-opinions. After parsing the inscrutable Supreme Court opinions, the Ninth Circuit concluded that "a national community standard must be applied in regulating obscene speech on the Internet, including obscenity disseminated via email." Whether or not the Ninth Circuit read the Ashcroft v. ACLU precedent correctly, it reached the only logical outcome for a communication medium without clear geographic authentication. Nevertheless, this is hardly an unquestionable conclusion; the Miller case expressly rejected a national standard (whatever that means): "obscenity is to be determined by applying 'contemporary community standards'...not 'national standards.'" Presumably, the 2002 Ashcroft v. ACLU opinion overwrote this statement from Miller (and similar statements in earlier obscenity cases), but no one really understands what the Supreme Court said in 2002.
While the Ninth Circuit reached a sound result, its ruling doesn't help these appellants. Even though the district court provided different jury instructions, the Ninth Circuit concluded that the district court's instructions were not "plain error" (the applicable review standard), so the convictions stand. Harsh.
Even if appellants wrested a reversal, I'm not sure it would matter because I have never fully understood the import of regionally disparate "contemporary community standards." The phrase only explicitly modifies the Miller test’s determination of whether a work "appeals to the prurient interests"--basically, whether the work appeals to content consumers' interest in sex. Community standards can also implicitly come into play with the determination of what is "patently offensive" or the perceived value of the work, but these are not explicitly referenced in the Miller test.
With respect to the prurient interest reference, I could imagine regional differences about some borderline cases (say, a sex education tutorial) or with respect to niche sexual interests, where the niche audience would find that the work appeals to their esoteric interests and the remainder of a region's population might find the work so unappealing that it’s not viewed as sexually interesting at all. But for a lot of "mainstream" pornography, my guess is that there are not meaningful regional differences about the work's sexual appeal. I haven't seen the 2 images at issue in this case, so maybe they fall into the borderline cases. Otherwise, I wonder if a new trial using national community standards would actually change the result. (Another reason for skepticism: our rage towards spam frequently causes us to ignore the rule of law when we have a chance to punish spammers).
In the ruling, the Ninth Circuit also rejected the defendants' facial and as-applied challenges to the criminal CAN-SPAM provisions. The defendants focused their attack on CAN-SPAM restrictions on falsifying information in a way that would "impair" spam blocking. The court concludes that none of the provisions are constitutionally too vague. This wasn't really a close case for the as-applied challenge because of the defendants' egregious handling of their email campaigns. In contrast, I would like to think the facial challenge has not been resolved permanently; these were clearly not the right defendants to raise or litigate the facial issues.
Along the way, the Ninth Circuit takes a swipe at domain name proxy registrations. Pulling a quote only slightly out of context, the court says "Based on the plain meaning of the relevant terms discussed above, private registration for the purpose of concealing the actual registrant's identity would constitute 'material falsification'" (one of the elements of a CAN-SPAM crime). You may also recall the recent Solid Host v. NameCheap case suggesting that proxy service providers could face contributory ACPA liability. Collectively, these two opinions indicate legally disadvantageous treatment for proxy service usage. Given this disconcerting trend, I don't see the domain name proxy business as a growth industry.
Thomas O'Toole also discusses the ruling.
Posted by Eric at 03:00 PM | Content Regulation , Domain Names , Spam | TrackBack
October 25, 2009
Tucows Not Liable for Spam Judgment Against 3rd Party Based on Private Registration Services -- Balsam v. Tucows
[Post by Venkat]
Judge Breyer (N.D. Cal.) rejected an attempt by a spam plaintiff to hold a registrar liable for a judgment against a third party based on private registration services provided by the registrar. (Balsam v. Tucows Inc., et al., CV 09-03585 CRB (N.D. Cal. Oct. 23, 2009). Access a copy of the order at Scribd here.) Incidentally, the plaintiff - Dan Balsam - is a recent law school grad who catalogues his extensive anti-spam efforts at his website: "danhatesspam.com."
Facts: As recounted by the court, Balsam received 1,125 pieces of spam advertising an adult-oriented website over a seven month period. Balsam performed a WHOIS lookup and found that the website was registered to Angeles Technology Inc. Some time later, Angeles started utilizing private registration services provided by Tucows. Balsam sued Angeles, and obtained a default judgment for $1,125,000. After Balsam brought suit but before he obtained judgment, Balsam requested the registrant’s identity from Tucows. Tucows refused to provide the name without a court order.
Balsam tried unsuccessfully to collect against Angeles and have garnished revenues from the website's payment processor. He even tried to have the underlying domain name seized. Understandably miffed, he brought suit against Tucows, arguing that Tucows was liable for the judgment due to its failure to disclose the identity of the person who held the beneficial interest in the domain name.
The Court's Ruling: Balsam sought to hold Tucows liable based on a variety of claims, but they were all premised on Balsam being a third party beneficiary to the "Registrar Accreditation Agreement" which registrars are required to sign with ICANN. Specifically, the RAA contains a clause which requires all registrars to enter into agreements which obligates registrants to provide accurate information and also for each registrar (referred to as a "Registered Name Holder") who provides private (or nominee) registration services to "accept liability for harm caused by wrongful use of the [domain name], unless [the registrar] promptly discloses the identity of the licensee to a party providing [the nominee registrar] reasonable evidence of actionable harm." I've reproduced the actual clause below at the end of this post. (Arguably, the reference in section 3.7.7.3 to the "registered name holder" should not necessarily be seen as a reference to the registrar. Registrars often wear multiple hats, and this results in some confusion. But to me it doesn't seem like the fact that registrars often provide private registration services through subsidiaries or related entities should be a determining factor. At the end of the day, the clause speaks to the person or entity in whose name the domain name is registered, which in the case of private registration services is the registrar or its subsidiary.)
Judge Breyer held that Balsam was not a third party beneficiary under the RAA and thus all of Balsam's claims failed.
Thoughts: To begin with, Balsam was fighting against the weight of precedent in arguing third party beneficiary claims under the RAA. Courts have refused to find that the RAA creates obligations enforceable by third parties. (See, e.g., Register.com v. Verio, 356 F.3d 393 (2d Cir. 2004).) Also, this isn't the first time a court has looked specifically at whether section 3.7.7.3 of the RAA creates a class of third party beneficiaries. As Professor Goldman previously noted, in Solid Host NL v. NameCheap, Inc. (No. 08-5414) (C.D. Cal. May 19, 2009), a judge in the Central District of California denied a registrar's motion to dismiss where a plaintiff sought to hold a registrar liable for cybersquatting under theories of direct and contributory liability (among other theories). That case also involved a registrar's failure to disclose the identity of the person or entity using the private registration services. Oddly, the court in Balsam cites NameCheap for the proposition that section 3.7.7.3 does not create an intended class of third party beneficiaries. I actually read NameCheap to say that third party beneficiary status was possible, depended on the facts as to intent and construction of the agreement, and thus could not be resolved on a motion to dismiss. (See pp. 39-49 of the NameCheap order.)
Balsam's case is somewhat tougher to make than Solid Host's, in that Balsam obtained a default judgment of over a million dollars. No judge is going to put the registrar on the hook for this type of a damage award absent some serious facts showing misconduct (i.e., the type of evidence the jury found persuasive in the Louis Vuitton case mentioned below). And that's where Balsam falls short in my opinion. It's tough to see where the real harm is to Balsam from the use by Angeles of private registration services. Balsam already knew the identity of the registrant, since the registrant he proceeded against started using the privacy protection services after Balsam after discovered its identity. (Stepping back, it's tough to see how a thousand emails should result in a million dollar damage award, but that's a separate issue.) Balsam only alleges that the failure by Tucows to reveal the identity of the beneficial registrant 'complicated' Balsam's ability to collect against Angeles Technology Inc. Regardless of how the third party beneficiary status discussion plays out, to me this casts a shadow over Balsam's claim.
As a side note, I agree with Professor Goldman that the court's reasoning in NameCheap isn't crystal clear, but I think it's a closer question as to whether - based on section 3.7.7.3 - a registrar should be held liable for harm flowing from a delay in disclosure. Regardless of whether the parties intended to create a class of third party beneficiaries, the thrust of section 3.7.7.3 is that if a registrant offers privacy protection services (i.e., register the domain name in your own legal name and allow someone else to be the beneficial owner), it seems to have a contractual obligation to disclose the identity of the beneficial owner upon request by an injured party. The fact that the RAA is an agreement registrars enter into with ICANN (which is a quasi-public entity) as a condition of being accredited and being allowed to offer domain name registration services also weighs in favor of the third party beneficiary argument. On the other hand, accepting that the RAA creates third party beneficiaries would result in a variety of problems and create unintended classes of plaintiffs and causes of action. Ultimately I don't think it's a very good idea, and courts have not been very receptive in general to third party beneficiary claims under the RAA.
To the extent the third party beneficiary argument flies, Solid Host had a stronger argument for why it should be treated as a third party beneficiary. Solid Host involved wrangling over a domain name that was originally registered in the name of Solid Host. Solid Host arguably relied on the provisions in the RAA in registering its domain name in the first place. (Note: to the extent a court accepts the third party beneficiary argument this leaves registrars in an arguably tricky spot. Section 3.7.7.3 does not limit itself to harm caused by the failure to disclose. It seems to cover harm "caused by wrongful use of [the domain name] . . .")
In any event, trying to hold a registrar (or someone else in the chain) liable for ACPA or trademark claims raises a host of thorny issues that courts struggle with. To the extent they can be unpacked, I'll admit I'm incapable of unpacking these issues in a blog post, or even a series of blog posts. I'll leave that to Professor Goldman. (See posts from Professor Goldman on the Solid Host case here and on the recent jury verdict for contributory liability for trademark infringement ($32MM!) obtained by Louis Vuitton here.) Suffice it to say that facts often dictate the result, and here, it just didn't pass the gut test to hold Tucows liable for a significant default judgment based on failure to disclose by Tucows. Particularly when in the court's view Balsam's evidence connecting the failure to disclose by Tucows with the underlying harm wasn't particularly strong.
As I read Balsam v. Tucows, I wondered whether Tucows had a Section 230 argument lurking in the background. My tentative thought is that it could have a viable 230 argument, since Balsam is seeking to hold Tucows liable based on third party content. Although Balsam could argue that under Barnes v. Yahoo Tucows could be viewed as having a contractual obligation which it didn't fulfill, this could be a tough argument to make, given that Tucows did not make any promises to Balsam directly. (See the two rulings in Goddard v. Google, Inc. (rejecting attempts to bring claims against Google based on third party beneficiary status under Google's advertising terms); see also Morrison v. America Online, Inc., 153 F. Supp. 2d 930, 934 (N.D. Ind. 2001) (rejecting attempt to evade § 230 immunity by claiming to be third-party beneficiary of AOL’s member agreement with chat-room users).) Given his interest in Section 230, I'll leave this issue to Professor Goldman as well.
__
ICANN Registrar Accreditation Agreement (pre-May 21, 2009):
3.7.7 Registrar shall require all Registered Name Holders to enter into an electronic or paper registration agreement with Registrar including at least the following provisions:3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.
Posted by Venkat at 10:45 PM | Domain Names , Spam
October 22, 2009
Power.com Counterclaims Dismissed -- Facebook v. Power Ventures
[Post by Venkat]
Facebook and Power Ventures have been involved in a lawsuit over whether Power.com can allow its users to access user data on Facebook's network. Facebook brought suit against Power.com asserting a slew of claims ranging from copyright infringement to violations of the Computer Fraud and Abuse Act. Power.com brought a motion to dismiss, which the court denied. This ruling was noteworthy, among other reasons because it recognized Facebook's potentially tenuous copyright claims and gave credence to Facebook's argument that access of user data by Power.com (or Power.com users) in violation of Facebook's terms of use was potentially actionable by Facebook. (For comments on this ruling, see Cyberlaw Cases; BNA's TechLaw blog; Jeff Neuberger; and an earlier post from me.) After the court denied Power.com's motion to dismiss, Power.com answered the complaint and asserted counterclaims against Facebook. Power.com's counterclaims garnered some attention, likely due to the fact Power.com alleged that Facebook engaged in anti-competitive conduct by restricting consumers' access to their data. (See, e.g., NYT/Bits Blog ("Power.com Fights Back Against Facebook").)
In a recent order, Judge Fogel granted Facebook's motion to dismiss, finding that Power.com failed to sufficiently articulate the bases for its counterclaims. (Access a copy of the order here: [pdf].) There's not much to say about Judge Fogel's order, except that it was brief (four pages!), and the court was not moved by Power.com's vague allegations of misconduct by Facebook. As noted by the court:
Power's Answer and Counter-Complaint contains a seven and a half page 'Introduction and Background' narrative untethered to any specific claim. The claims themselves each consist of a conclusory recitation of the applicable legal standard and a general 'reference [to] all allegations of all prior paragraphs' . . . .[T]his form of pleading does not enable the Court to surmise which facts in the introductory narrative support which claims, if in fact they do.
The court observes that antitrust claims require a heightened standard of pleading, and throws in a reference to Twombly for good measure. The court also strikes Power.com's affirmative defenses (of misuse and estoppel) as unsupported by "any factual allegations." Although the court grants Power.com leave to amend its counterclaims and affirmative defenses, I would guess Power.com will think twice about filing amended counterclaims unless these claims have solid factual backup.
Rumors of an impending settlement between the parties swirled around, even after Facebook filed its complaint. Then it looked like Power.com was looking to fight back. It's always tough to tell from the win or loss of a particular motion which way the lawsuit will go, but Judge Fogel's order certainly lets the air out of Power.com's counterclaims. To the extent Power.com was looking to gain leverage by asserting counterclaims, it may be out of luck.
Posted by Venkat at 08:39 PM | Copyright , Spam
October 18, 2009
Q3 2009 Quick Links, Part 4
By Eric Goldman
Spam
* Ars Technica: "a disturbing number of e-mail users respond to spam, and not just because they're dumb—some of them did so because they were actually interested in the product or service." I collected some empirical research establishing this point in 2004.
* SpamFighter: Software Creator Admits to Aiding & Abetting Spam
Fraud
* Reuters: A virtual bank rips off depositors in EVE Online.
* Click fraud concerns at Facebook: TechCrunch; Unified ECM v. Facebook complaint (one of at least three pending).
* There can be legitimate circumstances where it makes sense for a vendor to automatically pass a user's credit card number to another vendor, but the practice seems ripe for regulation.
Contracts
* BNA: End of the Notice Paradigm?: FTC's Proposed Sears Settlement Casts Doubt On the Sufficiency of Disclosures in Privacy Policies and User Agreements (BNA Subscription required)
* In August, the NYT interviewed David Vladeck, who suggests that the FTC v. Sears settlement could signal a changing of the guard at the FTC.
* Jonathan Ezor on common drafting mistakes in privacy policies.
* Hines v. Overstock.com, Inc., 2009 U.S. Dist. LEXIS 81204 (E.D.N.Y. Sept. 4, 2009). Browsewrap terms aren’t enforceable “because the website did not prompt her to review the Terms and Conditions and because the link to the Terms and Conditions was not prominently displayed so as to provide reasonable notice of the Terms and conditions.”
* Timothy D. Cedrone, Morals? Who Cares About Morals? An Examination of Morals Clauses in Talent Contracts and What Talent Needs to Know, Seton Hall Journal of Sports & Entertainment Law. I have given my first year contracts students an exercise involving morals clauses that I think worked pretty well (see the links on this page under the "endorsement contract" bullet).
Miscellaneous
* The USPTO has not renewed the peer-to-patent program.
* ABA Journal: E-Discovery is $4B/yr industry but is experiencing consolidation.
* Paul Ohm's paper on re-identification of putatively anonymous databases. This may be one of the more important privacy law papers in some time, as it indicates that we cannot meaningfully distinguish between personally identifiable and non-personally identifiable information.
Posted by Eric at 02:43 PM | E-Commerce , Licensing/Contracts , Patents , Privacy/Security , Spam , Virtual Worlds | TrackBack
October 08, 2009
CAN-SPAM Doesn't Preempt CA Privacy Law--Powers v. Pottery Barn
by Ethan Ackerman
On Sept. 19th, a California state appellate court held that CAN-SPAM doesn't categorically trump state laws that may address email. Defendant retail store Pottery Barn was hoping it would agree with the initial ruling of the California trial court and hold that the federal CAN-SPAM law preempted the state law at issue, the Song-Beverly Credit Card Act.
The Song-Beverly Credit Card Act (apparently the enemy of corporate defense attorneys everywhere judging from google search results) generally prohibits the collection of certain personal information as a condition of processing a credit card transaction. Powers sued Pottery Barn under this law over its practice of collecting email addresses at the time of payment. Faced with these fairly uncontested facts, Pottery Barn argued at the trial court that the federal CAN-SPAM Act, regulating the sending and content of email, should preempt the state law.
Putting aside the obvious difference between a law that governs the collecting of personal information and a law that governs the sending and content of commercial email, the California Court of Appeals took the arguably easier route in addressing the issue - it read the preemption exceptions contained in the federal statute.
Readers interested in the details and holding logic can read the actual opinion. My short summary:
The California court read the preemption exceptions in CAN-SPAM and rightfully held that since the federal statute itself said it didn't preempt general state laws not specific to email, Song-Beverly wasn't preempted by CAN-SPAM.
"By its terms CAN-SPAM does not pre-empt state statutes which are not specific to e-mail and have only such incidental impact on e-mail use. (Tit.15, U.S.C. § 7707(b)(2).)"
In thinking of just how weak the preemption argument is, it's not hard to come up with other instances of state law addressing the collection or use of email addresses that aren't specific to "the use of electronic mail to send commercial messages." Indeed, the court rules of all state courts in California address the redaction of certain types of personal information (although not ultimately email addresses in the rules' present version.) I suspect the state's freedom of information laws have similar provisions addressing personal identifiers. I don't imagine that defendant's counsel would have relished acknowledging that the logical extension of defendant's argument was that the courts own filing rules were preempted.
Tom O'Toole at BNA has more.
[Eric's comment: while I agree with Ethan that the court correctly concluded that the Song-Beverly law isn't preempted by CAN-SPAM, I remain a little confused and troubled by the implications of the plaintiffs' arguments. It seems to me like the logical extension of their arguments is that it is illegal to collect email addresses when accepting credit card payments online. If this is the direction the case heads, then this case could have disconcerting implications for virtually the entire e-commerce industry. UPDATE: Ethan has pointed out that Saulic v. Symantec and some other cases have constrained the application of the Song-Beverly law to online commerce, a point I had forgotten. I hope that precedent will help put this lawsuit to rest, but it does make me wonder why the defendant accelerated CAN-SPAM preemption argument, a weaker one, to the front of the line,]
Posted by Ethan Ackerman at 04:34 PM | E-Commerce , Spam | TrackBack
August 25, 2009
Why More Wikipedia Editing Restrictions Are Inevitable, and Some Comments on Flagged Revisions for Living People's Biographies
By Eric Goldman
I have posted my latest article, "Wikipedia’s Labor Squeeze and its Consequences," to SSRN. The article will be published in the Journal of Telecommunications and High Technology Law in the relatively near future. The article is still in draft form, and I gratefully welcome your comments. Please take a look.
The article traces its roots to my Dec. 2005 prediction that Wikipedia will fail in 5 years. I have continued to blog informally about Wikipedia since then, but I only decided to write a more formal academic defense of my prediction late last year. This article is that defense, but you'll notice that I don't refer to "failure" in the article. In my presentations and earlier drafts of this article, I found that predicting Wikipedia's "failure" produced very emotional responses that overwhelmed consideration of my argument's merits. I still think my 2005 predictions look pretty good (using my self-selected definition of "failure"), but I deliberately directed the article towards the "why" rather than the "when."
As a result, the article explains why evolutionary changes in Wikipedia's labor supply is forcing Wikipedia to change its basic architectural design of permissive user editability. Flagged revisions is a prime example of the ongoing architectural shift. With flagged revisions, every user has the technical capacity to edit a Wikipedia entry, but submitted revisions remain hidden from public view until a trusted editor approves them for publication. Accordingly, flagged revisions significantly changes the Wikipedia experience. It delays publication of most contributions, it buries some contributions without ever being published at all, and it creates a significant workload for editors. For example, the German Wikipedia deploys flagged revisions site-wide and publication delays are up to three weeks.
Yesterday, Wikipedia announced that it is deploying Flagged Revisions for biographies of living people. Wikipedia has been on red alert with biographies since the John Seigenthaler incident in September 2005, so it's not surprising that Wikipedia will tighten the reins there first.
However, I think this change is just one more intermediate step in Wikipedia's ongoing process of restricting user editability, and it is not the final restrictive step Wikipedia will take. For reasons I outline in the article, I expect Wikipedia eventually will deploy Flagged Revisions, or some other stringent form of editorial lock-down, across the entire site, not just for living people's biographies. I explore some other possible alternatives in the paper, but I conclude that substantial restrictions to user editability are Wikipedia's only viable long-term solution to preserve site credibility.
People who have reviewed the article have asked about the article's relationship to Benkler's Wealth of Networks and its related commentary. Those works have explored the phenomenon and implications of large-scale online volunteerism, including a convincing proof that people will contribute their labor to online collaborative enterprises without any direct financial compensation. However, I've seen less attention paid to the exact reasons why people volunteer for these projects. My article focuses on the "why" in some detail, but even then, I make some assumptions and guesses. Despite extensive academic research into the Wikipedia community, we still lack a complete and clear empirical picture of why people join the community and, perhaps just as important, why people leave. I offer up my theoretical considerations, but more empirical work remains to be done.
If you want more discussion on this topic, during the paper's development, I gave a talk at University of Colorado Boulder that sparked some online responses:
* the talk itself (in the middle of the video)
* Ars Technica coverage
* ZDNet's paraphrase of the Ars Technica post
* p2pnet
* Blorge
* Thinking Spaces
* Futureismic
The presentation led to an NPR Interview with more comments and a response from What Jeff Learned Today.
Posted by Eric at 09:09 AM | Internet History , Marketing , Spam | TrackBack
August 07, 2009
An End to Spam Litigation Factories?--Gordon v. Virtumundo
By Eric Goldman
Gordon v. Virtumundo, Inc., No. 07-35487 (9th Cir. Aug. 6, 2009)
When CAN-SPAM was passed in 2003, it was fairly clear that Congress wasn’t trying to enable broad private enforcement. Everyone knew that rabid anti-spammers would seize any new statutory right for a litigation frenzy. As this court says, "lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results." Although I personally think Congress would better served all of us by omitting all private enforcement rights in CAN-SPAM, unquestionably the private rights in CAN-SPAM are drafted narrowly to prevent their abuses.
That hasn't stopped some zealous anti-spammers from testing the limits of CAN-SPAM's private enforcement remedies anyway. James Gordon has been one of the most active. He is a "professional plaintiff" who has operated a spam "litigation factory" by configuring his technology to try to trap spammers. In effect, he goes out of his way to look for spam. As the court says, “the burdens Gordon complains of are almost exclusively self-imposed and purposefully undertaken."
As it turns out, this business model does not fare well in court. He lost this case in the district court and subsequently was ordered to pay over $100k in legal fees to the defendant under CAN-SPAM's fee-switching provision. On appeal, the Ninth Circuit has even less kind words for him, saying that CAN-SPAM “was enacted to protect individuals and legitimate businesses—not to support a litigation mill for entrepreneurs like Gordon." As a result, the court issues a broad but muddy opinion that shuts down Gordon’s litigation factory and presumably others like his, but has a less clear effect on other CAN-SPAM defendants.
"Internet Access Service"
CAN-SPAM's private enforcement rights only accrue to "Internet access services." This phrase is troublesome in part because it differs from other possible statutory synonyms for online actors like "interactive computer service" (47 USC 230), "online service provider" (DMCA), "electronic communication service" and "remote computer service" (ECPA), etc. This verbiage proliferation raises questions about the scope of governed entities (who’s covered and who isn’t) and why different online actors are being treated differently (if they are). I hope future legislative drafters will recognize the costs of using different terms for online actors.
In CAN-SPAM, Congress defined an “Internet access service” as "a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." Check out Ethan’s lengthy but irresolute deconstruction of this definition from last year.
Read literally, this definition seemingly covers all Internet services because they allow users to access their "other" services. However, the Ninth Circuit doesn’t think that's what Congress meant, although it’s not sure about the boundaries either. Instead, the Ninth Circuit "decline[s] this opportunity to set forth a general test or define the outer bounds of what it means to be a provider of ‘Internet access service.’" Gee, thanks.
Nevertheless, the Ninth Circuit had no problem saying that Gordon wasn't an Internet access service. I can’t pin down a specific reason why Gordon wasn’t covered while, according to the court, his service providers (Verizon and GoDaddy) might be. Ultimately, I think the court rejects Gordon's transparent efforts to manufacture a claim.
"Adversely Affected"
A CAN-SPAM private litigant also needs to show that it was “adversely affected” by the spam. The court doesn’t offer a single definition of adverse effect, but it does try to draw some boundaries that leave Gordon out.
In general, the court tries to narrow the scope of cognizable harms in two ways. First, the court segregates consumer-related harms from service provider-related harms. I was heartened to see this because better harm delineation was a central point of my (uncited) 2004 article "Where's the Beef? Dissecting Spam's Purported Harms." Back in the earlier part of this decade, anti-spam advocates would routinely lump together a laundry list of gripes about spam in ways that would degrade policy-makers’ ability to target policy responses to the harm. For example, CAN-SPAM suffers heavily from this schizophrenia about the targeted harm. This court makes it clear that consumer-related harms aren’t part of the CAN-SPAM private litigation calculus.
Second, the court tries to distinguish between the fixed and variable costs of spam fighting and implies that the fixed costs should be ignored when calculating adverse effect. The court’s handling of this distinction is hardly deft. It says repeatedly that we have to assume that IAS providers are absorbing some spam costs as part of their normal costs of operation. For example, the court says:
the harm must be of significance to a bona fide IAS provider—something beyond the mere annoyance of spam and greater than the negligible burdens typically borne by an IAS provider in the ordinary course of business. In most cases, evidence of some combination of operational or technical impairments and related financial costs attributable to unwanted commercial e-mail would suffice
And the court says:
We expect a legitimate service provider to secure adequate bandwidth and storage capacity and take reasonable precautions, such as implementing spam filters, as part of its normal operations….network slowdowns, server crashes, increased bandwidth usage, and hardware and software upgrades bear no inherent relationship to spam or spamming practices. On the contrary, we expect these issues to arise as a matter of course and for legitimate reasons as technology, online media, and Internet services continue to advance and develop. Therefore, evidence of what could be routine business concerns and operating costs is not alone sufficient to unlock the treasure trove of the CAN-SPAM Act’s statutory damages.
Reading these quotes, it seems like the court is trying to zero out the fixed costs borne by anyone connected to the Internet, which would then focus the analysis on only those marginal/variable consequences attributable to a specific spam campaign. However, the court does not want to raise the bar that high, at least not for “legitimate” service providers (which the court thinks clearly excludes Gordon). As the court says:
the threshold of standing should not pose a high bar for the legitimate service operations contemplated by Congress. In some civil actions—where, for example, well-recognized ISPs or plainly legitimate Internet access service providers file suit—adequate harm might be presumed because any reasonable person would agree that such entities dedicate considerable resources to and incur significant financial costs in dealing with spam.
So I’m not quite sure what to make of this language. On the one hand, the court’s acknowledgement that complex societies impose some unwanted but unavoidable costs seems to raise the harm bar pretty high for CAN-SPAM plaintiffs. On the other hand, the court is willing to presume harm for “good” plaintiffs. So why won’t the court make such presumptions for Gordon? Mostly because he “came to the nuisance” (my words, not the court). As the court says:
Gordon purposefully refuses to implement spam filters in a typical manner or otherwise make any attempt to block allegedly unwanted spam or exclude such messages from users’ email inboxes...Gordon made no real effort to avoid, block, or delete commercial e-mail, but instead has voluntarily assumed the role of a spam sleuth. He expends time and resources seeking out and capturing massive volumes of spam, which he collects and then organizes for use in his prolific lawsuits. He admits setting up domains as “spam traps” with the sole purpose of snagging as many e-mail marketing messages as possible.
So my reading of this discussion is that the court sets up a bifurcated “adverse effect” analysis. If you’re a commercial email service provider, you presumptively get access to CAN-SPAM’s “treasure trove.” If you’re a spam troll, nuts to you.
Preemption of State Laws
One of CAN-SPAM's main raisons d'etre was to preempt the rapid proliferation of state anti-spam laws in the early part of this decade (especially California's opt-in anti-spam law). I naively assumed that CAN-SPAM's preemption clause would drive states out of the anti-spam regulation business altogether (a separate rant, but I'm not a fan of any state attempts to regulate Internet activity). No such luck. Following CAN-SPAM’s enactment, nearly every state enacted NEW anti-spam laws designed to fit within the preemption exceptions. This renewed activity at the state level has contributed to the anti-spam litigation frenzy, because the plaintiffs can use both state and federal claims to extract settlements and concessions from defendants.
In 2006, in Omega Travel v. Mummagraphics, the Fourth Circuit took a lot of the wind out of plaintiffs' sails by holding that state anti-spam laws survived CAN-SPAM preemption only as applied to fraud or material misrepresentations, not garden-variety errors or immaterial deception. Here, the Ninth Circuit adopts the Mummagraphics standard, which presumably eviscerates several state laws in Ninth Circuit-governed jurisdictions.
Applying the Mummagraphics’ standard to Gordon’s case wipes out his Washington state anti-spam claim. Gordon argued that, although he was not misled or deceived, Virtumundo’s “from line” violated Washington law because it does not clearly identify Virtumundo as the sender. He also argued that to avoid being deceptive, Virtumundo’s email subject lines must have either Virtumundo’s or its client’s name. The court rejects these arguments because "Gordon offers no proof that any headers have been altered to impair a recipient’s ability to identify, locate, or respond to the person who initiated the email. Nor does he present evidence that Virtumundo’s practice is aimed at misleading recipients as to the identity of the sender."
Expect to see more state laws bite the dust in the face of this preemption analysis.
Implications
This case is exceedingly interesting and important because it destroys the arguments of anti-spam plaintiffs trying to manufacture technical violations of CAN-SPAM for their profit. Not only does the opinion send an unmistakable message to the lower courts to toss these plaintiffs out on their keister, but it sends the harsh message that these plaintiffs ought to rethink their legal hubris. As the court says, “As should be apparent here, ‘the law’ that Gordon purportedly enforces relates more to his subjective view of what the law ought to be, and differs substantially from the law itself.” Ouch. The court has apparently just invalidated the fantastic laws that some anti-spam plaintiffs dream up in their heads.
This case is also important because it puts state anti-spam laws even more clearly on the ropes. It has been an impressive but pathetic display of futility watching the states trip over themselves trying to show that they are tough on spam when their efforts are all irrelevant in light of the Fourth Circuit's and now Ninth Circuit's interpretations of CAN-SPAM. Fortunately (?), most of the states have moved on to being tough on cyberbullying instead of beating up on spammers.
It is less clear to me if the court’s discussion about “Internet access services” and “adverse effect” will have broader import on private CAN-SPAM litigation. The court deliberately sidestepped definitive interpretations of both terms, so I expect the interpretive slate is mostly clean outside of the spam litigation factories.
One final point. Spam remains actively litigated in the courts and the subject of some policy discussion, but do you still fret about the spam you receive personally? I get the sense that this panel was not that impressed with Gordon’s efforts in part because spam isn’t as big a deal for the judges as it used to be. Certainly that’s true in my case. I get about 100 spams a day, 90+% of which Gmail appropriately filters into my spam folder (with very few misclassifications of legit email as spam). As a result, it takes me just a minute or two a day to burn through the spam accruals. Not surprisingly, at least for me, good spam filters have solved the problem much better than any legislative intervention.
I understand that spam is a bigger issue for email service providers, especially now that more than 100% of all emails are spam (according to the ridiculously overhyped stats put out by vendors of anti-spam solutions). CAN-SPAM partially offers a solution to these individuals, along with other doctrines like the Computer Fraud & Abuse Act and possibly the common law trespass to chattels doctrine. However, at this point, so much of the anti-spam battle has to be fought technologically, not in the courts, due to the sheer volume and dispersed nature of the putative defendants. As a result, it doesn’t really seem to matter to the overall quantum of spam in our society if courts read CAN-SPAM broadly or narrowly.
Other comments on this case:
* Venkat
* Jeff Neuburger
UPDATE: Ken Magill reports on how Gordon has lost his house belongings due to his persistence.
Posted by Eric at 12:40 PM | Internet History , Marketing , Spam | TrackBack
July 03, 2009
Ninth Circuit Revives TCPA Claim--Satterfield v. Simon & Schuster
By Eric Goldman
Satterfield v. Simon & Schuster, Inc., No. 07-16356 (9th Circuit June 19, 2009)
Satterfield sued Simon & Schuster (and its mobile ad agency) for sending text messages to her cellphone without the requisite permission. The district court dismissed her lawsuit; but in this ruling, the Ninth Circuit revives it. Three aspects of this ruling make it noteworthy.
When is a Text Message a Telephone Call?
The court holds that a text message to a cellphone is a "call" for purposes of the Telephone Consumer Protection Act (TCPA). This isn't unprecedented. The FCC took this position in 2003, and in 2005, I blogged on the Joffe v. Acacia Mortgage case reaching the same conclusion. Nevertheless, as I pointed out in response to the Joffe case, it reminds us of the silliness of medium-specific anti-marketing restrictions when the media collapse into each other. See my Coasean Analysis of Marketing paper for more.
Poor Consent Language
Satterfield signed up for a free ringtone from Nextones. As part of the registration process, Satterfield affirmatively checked off a box next to the following language:
Yes! I would like to receive promotions from Nextones affiliates and brands. Please note, that by declining you may not be eligible for our FREE content.
This language is hardly a model of clarity. What are "Nextones brands"? What are "Nextones affiliates"? The court adopts a trademark-style definition for "brands" and a corporate governance-rooted definition for "affiliates." Interestingly, Nextones posted its own definition of affiliates elsewhere on its site to mean other companies who “sell mobile content such as ringtones and graphics.” As the court points out, "Simon & Schuster does not fall within Nextones’ own definition." Whoops.
Obviously, better drafting could have easily avoided this problem and probably would have had little effect on conversion rates. Say what you mean, and mean what you say!
For what it's worth, one of my past Cyberlaw exams involved an ambiguously drafted online checkbox consent, a problem partially based on a real-life situation encountered by Yahoo. See the exam and sample answer.
Complex Chain of Distribution
Satterfield's cellphone number/text message address fell into Simon & Schuster's hands through a complex chain of distribution as follows:
Satterfield gives # to Nextones =>
Nextones gives # to MIA, its "exclusive agent for licensing the numbers of Nextones subscribers" (huh?) =>
MIA gives # to ipsh!, which describes itself as "the world's award-winning, full-service mobile marketing and advertising agency" =>
ipsh! gives # to mBlox, an aggregator who "handled the actual transmission of the text messages to the wireless carriers" =>
Simon & Schuster contracts with ipsh! to run a text message campaign for Simon & Schuster's new Steven King novel Cell. (Ironic name? Maybe this lawsuit will spur Stephen King to write a sequel, Cellphone).
As you know, lawyers aren't very good at math, but according to my count, it looks like four different intermediaries "touched" Satterfield's number (Nextones, MIA, ipsh! and mBlox) before it was used by Simon & Schuster, the ultimate advertiser. With that many intermediaries, there are significant additional transaction costs to reach cellphone subscribers.
More importantly, this complex chain creates a sizable risk that one or more of the entities along the way would misinterpret or forget any restrictions on the customer's grant of permissions. Certainly, I can't figure out how Nextones/MIA thought this distribution chain fit within the checkbox consent it asked for and received. (Interestingly, neither Nextones nor MIA are defendants in the case).
I also cannot figure out how ipsh!/Simon & Schuster failed to detect this permissions problem in their diligence. They did diligence the source of the cellphone numbers...didn't they? They didn't just blindly assume that they could purchase a package of random cellphone numbers and party on...did they?
Posted by Eric at 09:51 AM | Marketing , Spam | TrackBack
June 17, 2009
Twitter, Email and Brand Engagement
By Eric Goldman
Last week, in an interview with a reporter, I extolled the virtues of Twitter as a tool for brands to keep in touch with and engage their customers. The reporter responded by asking why brands would choose Twitter to engage customers instead of email, which companies have been using successfully for many years. I thought this question raised important issues about online marketing, so I thought it would be worth exploring the differences here.
Let's start with some basics. I am a big fan of email marketing. Like many of you, I have voluntarily signed up for numerous commercial email newsletters/announcement. I also get unrequested email from companies I've dealt with; I look at some of these, I ignore others, and occasionally I get so fed up that I blacklist the sender or report it as spam. I also get spam, LOTS of spam, but it doesn't bother me too much. Gmail has a good spam filter and it only takes a minute or two a day to sort, review and delete the spam.
However, as a recipient, email has some downsides. Most obviously, it is not always easy to unsubscribe. I remain amazed in this post-CAN-SPAM era by how often email unsubscriptions don't work. The link may be down, or my opt-out simply doesn't stick technologically, or the sender just ignores me. This is true even for senders who are involved in the legal industry and are spamming lawyers who love to bring lawsuits (never a wise move). If I were a litigious plaintiff, I would have no problem finding plenty of defendants.
Email also has the downside that the sender has my email address and may share it with others who are going to clutter up my in-box. With a good spam filter, this extra unwanted email isn't a huge problem, but the mere threat of subsequent email deluges can give me pause about whether or not I trust a website enough to give them my email address. (As you can appreciate, the website's privacy policy is a complete non-factor in my trust determination).
From the sender's standpoint, email is a huge pain. It is more heavily regulated than other marketing media, and complying with the regulations (such as providing a reliable opt-out mechanism) is costly and filled with litigation risks. Perhaps more importantly, email can be reported or killed as spam at several steps along the way, and the sender can be tagged as a spammer as well for all future messages. So, for example, a big website's email distribution of an announcement about a new user agreement or privacy policy--a completely legitimate communication between a site and its users--is almost certain to prompt a flurry of unsubscribes, emails from users who insist to their IAPs and email service providers that they are being spammed (even though they often just forgot about the relationship), and lots of bouncebacks from dead email addresses that may cause some IAPs/email service providers to blacklist the sender as a spammer. Plus, a bunch of users will never see the message at all because it goes into their spam folder. (Recall, for example, that AT&T spam-foldered its own contract amendment announcement). These are not exactly the hallmarks of an effective communication technology.
Contrast the user experience with Twitter. More than anything, Twitter is a no-risk opt-in communication tool for consumers to listen to marketers. I can follow a brand at Twitter any time, and more importantly, I can unfollow at any time too. Plus, there isn't any risk that the brand I'm following will ignore my unsubscribes or pass along my Twitter username to spammers. When I unfollow, the relationship is completely over on my terms.
From the brand's standpoint, Twitter has none of the baggage of email marketing. No spam folders to fear, no unsubscribes to manage, no CAN-SPAM. Sure, Twitter's tight character restriction mostly limits marketers to headlines, but frankly this isn't all that different from maximizing email subject lines to get email recipients to open the email.
Twitter has one other really important benefit for brands. Folks are often willing to retweet a message--even a commercial message--thereby sharing it to their entire follower base in ways that these same folks would never forward a commercial email to hundreds of their friends. And this type of word-of-mouth marketing is the holy grail of marketing because of the extra imprimatur of having the message validated by someone in the reader's social network. The retweeting phenomenon is a powerful traffic driver (I've been watching how it boosts my bit.ly stats), and marketers who aren't on Twitter are missing some upside. (Please, marketers, don't even consider shilling or astroturfing or any of those other silly stunts to generate faux word-of-mouth marketing; if you have a good offering, you really don't need to disrespect people that way).
I don't follow many commercial brands in Twitter, but I do want to mention three brands that have impressed me:
@LivingHarvest. I tried hempmilk for the first time recently, and I was fascinated to learn about the extensive anti-industrial hemp regulations that have hampered hempmilk from coming to market. LivingHarvest, a hempmilk manufacturer, is Twittering the status of various legislative efforts to enable industrial hemp farming. It's a fascinating political drama.
@UnitedAirlines. I am a frequent flyer on United Airlines, so I'm already on their email list. But they have totally gotten the point of Twitter. Not only have they been offering valuable freebies to their Twitter follower to boost their subscriber count (they are giving away discount certificates if you sign up before they hit 50,000 followers), but they also offer "Twares," blowout deals on remnant inventory. LOVE IT!
@AmazonMP3. Amazon offers one highly discounted MP3 download a day, and this Twitter account notifies me of the deal of the day. Great stuff. I've lost track of the number of times I've purchased albums this way.
Twitter practices like these build my trust as a loyal customer and pull cash out of my wallet in ways email marketing never did.
One final point: RSS offers many of the same benefits as Twitter in terms of reader empowerment, although it does not have the same retweeting upside. In particular, RSS is a true opt-in like Twitter. The website doesn't get my email address, and whenever I unsubscribe from the RSS feed in my RSS reader, it's over.
For example, as I recently mentioned, RSS is a great option for websites to allow users to learn about changes to user agreements and privacy policies on a true opt-in basis. In this respect, RSS is so much better than email. Consider, for example, DoubleClick's privacy policy, which offers users the opportunity to learn about privacy policy amendments by signing up to an email list. (DoubleClick will rarely have the email address already because it doesn't have direct privity with users). DoubleClick's option is a more enlightened practice than most similar web services, but still, no thanks. If I don't trust DoubleClick's privacy practices to begin with, I'm not going to give them my email address with the risk that they will spam the crap out of it and pass it along to others who will spam the crap out of it too. Of course DoubleClick promises not to do this, but the whole point is that those promises mean nothing to the people who don't trust DoubleClick to begin with. On the other hand, if DoubleClick offered an RSS feed to announce modifications to its privacy policy, then I could subscribe to its notifications with no spam risk at all.
I'm so enamored with RSS as a superior notification tool for announcing privacy policy and user agreement amendments that I will be recommending it to all of my clients as a supplement to other notification options. I hope you'll consider doing the same.
Posted by Eric at 07:03 AM | Marketing , Spam , Trademark | TrackBack
May 19, 2009
Expansive Preemption of State Anti-Spam Laws Is Curtailed
Courts are splitting over the scope of CAN-SPAM preemption, with even judges in the same federal division disagreeing.
By Ethan Ackerman
It is a truth universally recognized that a legal blogger whose legal positions cause them to eat crow or be left crying out in the wilderness usually will be entitled to the occasional I-told-you-so post as well. Two (of three) recent court opinions from California suggest that courts are (sometimes) beginning to reject the broad CAN-SPAM preemption holdings that have followed the reasoning of the 4th Circuit's Mummagraphics case.
Hypertouch v. ValueClick
First, the status quo. A slight majority of the cases addressing CAN-SPAM preemption of state laws have found preemption. Starting with some adverse rulings in response to repetitious pro-se litigants in Washington state, and building on the sweeping Mummagraphics opinion from the 4th Circuit Court of Appeals, many judges have been tempted to dismiss state anti-spam law claims as somehow preempted by the federal CAN-SPAM Act.
Hypertouch v. ValueClick falls squarely into this category. The opinion was handed down by Los Angeles Superior Court judge Richard Adler, but it basically relies on the N.D.Cal. District Court Opinion by Judge Chesney in Hoang v. Reunion.com, which in turn relies on Mummagraphics for its preemption analysis. Judge Adler's holding, "that any claim [desiring to survive preemption] must be based on fraud" represents just the most recent of what is becoming a majority position on CAN-SPAM preemption cases. This case was likely particularly problematic for plaintiff Hypertouch, representing a state court loss following on the heels of its federal court loss earlier.
Fortunately, the tide may be turning away from impossible fraud standards and back in favor of the actual language of the CAN-SPAM preemption clause, as two recent opinions show.
Asis Internet Servs. v. Consumerbargaingiveaways
The defendants in this N.D.Cal. district court case seemed to put in a rather rote defense recycling the holdings of Hoang v. Reunion.com, a previously blogged N.D.Cal. district court that found CAN-SPAM preemption and even a blurry holding that plaintiff might lack Constitutional standing. I imagine they were a tad surprised when another N.D. Cal. district judge in the same division, Judge William Alsup, held that their Constitutional standing argument was "without merit" and their California anti-spam law standing argument was "mistaken." Over and above this significant difference from the Reunion.com line of thinking, Judge Alsup's biggest departure occurs later in the opinion where he parses the preemption language of the CAN-SPAM Act. Because a second N.D. Cal. case in another division also follows and amplifies Judge Alsup's reasoning, I thought I'd summarize them together below.
AsIs v. Vistaprint
Judge Saundra Brown Armstrong wastes no time in getting to the meat of the preemption issue in her Vistaprint holding, declaring after one brief paragraph listing the differing cases on the issue that "[t]his court agrees with the preemption analysis in the recently published order in Asis [v. Consumerbargaingiveaways], and similarly rejects Defendants' preemption challenge."
Judge Armstrong's similarly brief elaboration on this holding is equally informative in its brevity - the core of her holding taking up a few brief paragraphs:
"The very terms of the savings clause exempt laws that proscribe "falsity or deception" in email advertisements, and although the terms are not defined in the Act, this Court finds they should be applied more broadly than just to common-law fraud claims. After all, Congress explicitly used the term "fraud" in the next provision of the preemption clause, yet did not in the savings clause... In the provision immediately preceding the preemption provision, Congress specifies that "[n]othing in this chapter shall be construed to affect in any way the Commission's authority to bring enforcement actions under FTC Act for materially false or deceptive representations or unfair practices in commercial electronic mail messages." The Court is persuaded that here too, Congress intended the phrase "falsity or deception" to be apply more broadly than just to common-law fraud claims."
I told you so?
If this 'when Congress meant one thing, it said it, when it meant something else, it said something else' argument doesn't sound familiar, I'll step in with my own I-told-you-so pointer to my prior post on Congress' careful word choice in the CAN-SPAM drafting negotiations:
When 'falsity' was intended, as in 15 USC 7707(b)1, 'falsity' was used. When 'fraud' was intended, as in a mere paragraph later in 15 USC 7707(b)2, 'fraud' was used. When 'falsity' wasn't enough, but 'fraud' was too much, as in 15 USC 7701(a)1, 'materially false' was used. When Congress wanted to require actual knowledge, or a specific intent, as in 7704(a)2 and 7702(12), it used the terms "actual knowledge" and "intentionally."
The brief icing on this I-told-you-so cupcake comes from Judge Alsup's astute observation that the Mummagraphics opinion doesn't even expressly hold all that subsequent courts have attributed to it, a point I identically brought up in criticizing the scope of the Mummagraphics holding. Judge Alsup has this to say:
"Most or all of the district court decisions that have equated “falsity or deception” with fraud have relied on [Mummagraphics. Mummagraphics,] however, merely held that state laws were preempted insofar as they permitted claims for immaterial errors. It did not hold, at least not expressly, that all elements of common-law fraud were required or that any particular element other than materiality was required to survive preemption."
I'd say that's a more eloquent version of my earlier observations that district courts were extending Mummagraphics even further than its mismatched holding suggested:
"[T]he Mummagraphics holding, for all its strong dicta about fraud and broad preemption, only held that CAN-SPAM would preempt a strict liability statute... Mummagraphics' stated holding (strict liability is preempted) is inconsistent with the Mummagraphics result (a 'more-than-strict-liability' statute was preempted)."
Also worth a read is the observant coverage at spamnotes.com.
Posted by Ethan Ackerman at 09:25 AM | Spam | TrackBack
May 03, 2009
April 2009 Quick Links
By Eric Goldman
[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]
Marketing/Spam
* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.
* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.
* NYT: "Never Mind What It Costs. Can I Get 70% Off?"
* Tsan Abrahamson on social media and marketing law.
* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.
* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).
Defamation
* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.
* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.
* CMLP has a page organizing all of its 47 USC 230 material.
Intellectual Property
* Publicly republishing a private email leads to a default judgment of copyright infringement.
* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."
* Octomom is seeking trademark registrations.
Miscellaneous
* GeoCities is shutting down.
* eBay will referee customer disputes.
* Wilson Sonsini's VC financing term sheet generator.
* Oddee: 10 Most Bizarre [Online] Gaming Incidents
Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack
April 10, 2009
Q1 2009 Quick Links, Part 2
By Eric Goldman
Trademarks/Domain Names
* The ridiculous Jones Day v. BlockShopper case settled. The settlement agreement. The ABA Journal and Legal Blog Watch stories. Commentary from CMLP, Paul Levy, Tom O'Toole.
* The trial court denouement of the S&L Vitamins v. Australian Gold did not turn well for the defense--$6M jury award. The S&L Vitamins v. Australian Gold and Designer Skins v. S&L Vitamins cases subsequently settled. According to Ronald Coleman: "This settles, for our clients S&L Vitamins, Inc., the Australian Gold case and the related appeal in the Designer Skin case. All money judgments are vacated and parties bear their own fees. Our client agrees to move on to another line of work, however."
* Twelve Inches Around Corp. v. Cisco Systems, Inc., 2009 WL 928077 (S.D.N.Y. March 12, 2009). 17 USC 512(f) does not cover trademark takedown notices.
* Suarez Corp. v. Earthwise, 2008 U.S. Dist. LEXIS 92931 (W.D. Wash. Nov. 14, 2008). Including a competitor's name in a web page disclaimer creates initial interest confusion when the competitor's name is indexed by the search engines. Compare Promatek v. Equitrac, the 2002 7th Circuit case ordering the defendant to include the plaintiff's name on its web page as a cure for initial interest confusion.
* CRS Recovery v. Laxton, 2008 WL 4408001 (N.D. Cal. Sept. 26, 2008). Another California-based court says that domain names are property that can be converted. I'm amazed that these cases are still being brought.
* North American Bushman, Inc. v. Saari, 2009 WL 211932 (M.D. Pa. Jan. 27, 2009) The parties entered into a settlement agreement that "Plaintiffs further agree not to use, and in addition, to offer up or destroy, any material that includes, but is not limited to, the names, photos, images, embroideries, of likeness of [Defendant] James Saari and any of the a above named trade names and trademarks of Defendants." The court holds that this provision wasn't breached when third party users posted comments referencing the defendants in UGC areas of websites operated by the other party.
* Advice Co. v. Novak, 2009 WL 210503 (N.D. Cal. Jan. 23, 2009). Justia page. Stupid lawsuit alert! Attorneypages.com believes Attorneyyellowpages.com infringes its trademark. Case dismissed for lack of personal jurisdiction. Participating in Google AdSense doesn't automatically create jurisdiction in CA.
* DSW v. Zappos, which involved allegations of trademark infringement based on Zappo's affiliates, settled.
* An update on Google's AdWords woes in France.
* Kiva Kitchen & Bath Inc. v. Capital Distributing Inc., 2009 WL 890591 (5th Cir. April 2, 2009). The Fifth Circuit upholds enhanced damages under ACPA. Good discussion of the purpose of damages in the ACPA.
* Toys R Us buys the domain toys.com for over $5M. Is any domain name worth $5M any more?
* A 2007 interview with "Pokey" of Pokey.org fame. This is one of my favorite domain name disputes from the 1990s. A very smart cyberlawyer (Ian Ballon), on behalf of the trademark owners of Pokey & Gumby, unexpectedly got into a public tangle with a 12 year old kid nicknamed "Pokey" over the domain name pokey.org. Debating 12 year old kids in the press never turns out well.
Advertising/Marketing
* Some new material on behavioral advertising: an FTC report and a CRS report.
* Latest NYT article on human billboards. See my prior blog post.
* Privacy advocates are freaking out about Google Android and its ability to deliver location-based information and ads. But location-based information and ad targeting is inevitable...and a good thing.
* Action over mobile marketing: Mobile Messenger settled a false advertising suit with Florida for $1M, and another settlement. Google's response.
* The class in the "Vista Capable" lawsuit was decertified.
* Tsan's post on the latest FTC efforts to rein in testimonials on social networking sites and blogs. Unfortunately for the FTC, some of its efforts may be preempted by 47 USC 230.
* eBay v. Digital Point Solutions, 2009 WL 481269 (N.D. Cal. Feb. 24, 2009). eBay loses an intermediate round in its cookie stuffing lawsuit against Digital Point Solutions.
* e360, a serial defendant in spam cases, sued Choicepoint for selling it email addresses that led to the suits. Apparently neither e360 nor Choicepoint got the memo that the days of email list brokering are dead.
Search Engines
* Study: Google's search lead not matched by loyalty. A critical response.
* Is Google giving big brands extra credit in its organic search results rankings? Compare: media giants complaining they don't get enough weighting in organic results.
* Sign of improving consumer search skills: search queries are getting longer.
* Yahoo reserves the right to "auto-optimize" advertiser accounts by changing ads and advertiser bids automatically. This is not a popular move.
* Wired: The Plot to Kill Google.
Posted by Eric at 10:20 AM | Domain Names , Internet History , Marketing , Search Engines , Spam , Trademark | TrackBack
April 08, 2009
Q1 2009 CAN-SPAM Quick Recaps
by Ethan Ackerman
While it seems most CAN-SPAM watchers (and even traditional media, apparently) await the results of key 9th Circuit and California Supreme Court cases, CAN-SPAM rulings in lower courts and in other Circuits continue to trickle in. Two of these new cases raise issues this blog has covered in the past, but they're still worth a quick note.
Ferron v. Subscriberbase Holdings, Inc
(excellent coverage, and a link to the decision, at spamnotes.com)
This case manages to come out just right in its results, even though the opinion relies rather extensively on the 4th Circuit's rather poorly-reasoned Mummagraphics precedent.
If ever there were a cut-and-dried 'actual statutory conflict' preemption case that largely didn't have to resort to parsing the CAN-SPAM Act's preemption language, it is this case. The 6th Circuit Court should have just done a straight forward preemption analysis and said: "The OH statute imposes labeling and physical address requirements in a manner inconsistent with CAN-SPAM's labeling and physical address requirements. Actual conflict preemption - the end. We need not dally in the hypothetical of whether CAN-SPAM's preemption savings clause for 'falsity or deception' applies..." While the Court came to the correct conclusions about CAN-SPAM's preemption clause not applying to this particular statute, because this statute wasn't a "falsity and deception" law, the court muddied the waters by using Mummagraphics to get there.
On the other hand, the court correctly pointed out that the general OH consumer protection act claims were not preempted, because the state act is one of general applicability and has "false or deceptive" elements, just like CAN SPAM's exception requires. [Author's comment: Wow, you'd think CAN SPAM had been specifically drafted to pointedly protect state consumer protection acts from preemption or something...]
Hypertouch v. Azoogle.com, 2009 WL 734674 (N.D.Cal.)
While this order granting motions to dismiss and granting leave to amend the complaint is a new and separate case, you could be excused in confusing it with another of federal District Judge Chesney's spam cases - the previously-blogged Hoang v. Reunion.com.
Like in Reunion.com, the opinion confuses the tort of fraud, with its special elements and pleading requirements, with the statutory provisions of the CAN-SPAM Act. To be fair, Judge Chesney does a precise and accurate job with the preemption analysis under CAN-SPAM. Everything in the opinion is an appropriate statement of the law regarding preemption, including the review of plaintiff's less-common trespass to chattels claim.
It's at the erroneous rulings over fraud pleading standards where this opinion looses its steam. As I bemoaned in a post over the same error in Reunion.com, falsity is still not the same thing as fraud, especially when Congress distinguishes between them in a statute. Unfortunately, this opinion also repeats this earlier mistake, and explicitly imposes the heightened pleading standards of FRCP Rule 9 because the pleadings "sound in fraud." It's dismaying to see this mistake again, especially after the judge even concedes that the plaintiffs in their complaint explicitly noted that they were not asserting a general claim for the tort of fraud.
Posted by Ethan Ackerman at 09:38 AM | Spam | TrackBack
March 31, 2009
Virginia v. Jaynes - This Time Really is The End
by Ethan Ackerman
The US Supreme Court has declined to grant a petition for certiorari filed by Virginia's Attorney General in Virginia v. Jaynes. That denial means the Virginia state Supreme Court's holding is the final say in the Jaynes case, and the Virigina spam statute is definitively unconstitutional.
While some coverage is suggesting that the Supreme Court had an opinion on this case or otherwise endorsed the ruling below, other articles are correctly framing the cert. denial - the Supreme Court didn't agree or disagree with the Virginia Supreme Court, it merely declined to take the case. As a result, the state opinion stands.
This also means I no longer have to end each of the blog posts I've written on the Jaynes case with a 'but this ruling could still be appealed further.'
An interesting final anecdote, perhaps? The outcome in the spam litigation turns out to be mostly academic for Mr. Jaynes. According to the Washington Post, he is currently in prison on unrelated securities fraud charges.
Posted by Ethan Ackerman at 02:44 PM | Spam | TrackBack
February 06, 2009
2008 Cyberlaw Year-in-Review
By Eric Goldman
It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.
Broad Themes
A few broad themes emerged last year:
* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.
* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.
* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.
* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.
* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.
Top 11 Cyberlaw Developments of 2008
#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.
# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.
#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.
#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.
#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.
#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.
#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.
#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.
#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).
#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.
Other Developments of Special Note
47 USC 230
* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”
* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.
* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.
Affiliate Liability
* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.
* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.
Trademarks/Domain Names
* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.
* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?
* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."
* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.
* New gTLDs. Maybe I should reserve this development for 2009...if it happens.
Others
* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?
* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.
* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.
Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
January 09, 2009
Reunion.com Revisited
Following in the expected path of her earlier ruling, District Judge Maxine Chesney again dismissed an anti-spam lawsuit against Reunion.com. This time, the Judge also threw in a tenuous constitutional holding for good measure. Count this ruling as yet another one muddying the distinction between fraud lawsuits and anti-spam lawsuits and undermining the reasonably clear preemption provisions of the CAN-SPAM Act.
By Ethan Ackerman
On Dec. 23, 2008, federal District Judge Maxine Chesney issued what the defense attorneys in Hoang v. Reunion.com will likely view as a welcome, if foreseeable, Christmas present - another conditional dismissal of the plaintiffs' class action lawsuit. I've previously blogged about the first dismissal here, with an important follow-up regarding the amended complaint here. Reading those posts first to get some important context will help in following this post.
Falsity is still not the same thing as fraud, especially when Congress distinguishes between them, unless a federal judge says it is.
Judge Chesney's first dismissal ruling focused on the absence of fraud allegations in the plaintiff's complaints, ultimately holding that in order to escape preemption by the federal CAN-SPAM Act, plaintiff's' state law claims had to include, above and beyond the falsity violations of the California anti-spam laws, some or possibly all the additional elements of a fraud claim. I criticized that holding in the prior post because that's not only not what the CAN-SPAM Act requires, but it was actually adding four additional elements to the Act that Congress considered but didn't include. Falsity is one of five elements of fraud under California law. California is hardly alone in having consumer protection laws that require a lesser standard than fraud. Adding four additional elements by judicial decision would be like a judge requiring a prosecutor to prove each of the elements of premeditated murder when she's only charging involuntary manslaughter - and in this case it would be like judicially requiring them even after the legislature considered and rejected the additional elements.
Sticks and stone may break my bones, but misleading emails alone don't really hurt anyone.
My prior disagreement with the first dismissal was its inconsistency with the falsity standard of the CAN-SPAM Act, and its reliance on the similarly mistaken 4th Circuit Mummagraphics opinion. This dismissal repeats that problem and then raises the stakes by suggesting that it would be unconstitutional for the court to even hear the case if the complaint wasn't amended to allege at least several of the additional elements - reliance and damages.
Specifically, Judge Chesney states
[In] the absence of an allegation that each such plaintiff incurred some type of injury or damage as a result of his having taken action in reliance on defendant's assertedly false use of a third-party domain name in the email, [the] action is subject to dismissal.
Failure to do so, Judge Chesney holds, would not only result in preemption under CAN-SPAM, but also run afoul of the case-or-controversy requirement of the US Constitution's Article III.
Actual Injury Standing, or Wait, spam's not illegal until someone actually wires the $10,000 to Nigeria?
Prior court disagreements over whether falsity must also be material or intentional look pretty minor compared to this Constitutional "no harm, no foul" holding, so what's going on here?
By way of background, Article III of the US Constitution requires a "case or controversy" before a federal court may rule in a case, and this provision has been interpreted by the Supreme Court to mean that a plaintiff must suffer an "injury in fact" to have standing in a federal court. This is the principle underlying Judge Chesney's holding, but it’s quite a stretch to apply the principle to dismiss a case brought by admittedly aggrieved plaintiffs directly covered by a state's consumer protection statutes.
The requirement that an individually identifiable "injury in fact" be shown by someone before they can bring a lawsuit prevents judges from having to make hypothetical rulings or issue advisory opinions without the benefits of specific facts. This lack of standing is the reason any given citizen can't sue the government for spending tax dollars in a way they don't like, or a mob boss can't preemptively sue for an unlawful wiretap before it's actually installed, or more specific to this case, why someone who hasn't actually received a misleading email from Reunion.com couldn't sue it for violation of CAN-SPAM or California law even if Reunion.com's practices clearly violated the laws.
There are even particular types of cases where "injury in fact" standing is commonly a close question; (until recently) qui tam lawsuits were often challenged on "injury in fact" grounds. Similarly, environmental organizations bringing suits against government actions (and inactions) often succeed or fail based on standing, and are the source of much of the standing caselaw. Although not relevant to this case's constitutional holding, there is also a good deal of action on issues of injury standing at the statutory level. More than one CAN-SPAM lawsuit has been dismissed on the grounds that a plaintiff lacked standing under the "adversely affected" requirement of the statute. [Author's note: While it is debatable whether this element of the statute acts as a pleading requirement or functions as a prerequisite for statutory standing, courts have used it that way. I suspect Judge Chesney may ultimately rule similarly, thus avoiding an unnecessary constitutional ruling. That would definitely be the better of these two disagreeable choices.]
Similarly, some state consumer protection laws have been amended by legislatures to remove or add a specific injury pleading requirement, alternately making some consumer protection act violations "strict liability" laws or making suits for violation more complex to prove by adding another statutory element. Two notable examples of such trends are the addition, by Proposition 64, of such a requirement to the California laws, and the removal of such a requirement in the District of Columbia's Consumer Protection Act.
Based on this quick treatment, Judge Chesney's holding seems plausible. This "injury in fact" doctrine really does exist and some cases do turn on it. But, while the Constitutional requirement that there be an "injury in fact" keeps hypothetical cases out of federal court, it is a fairly low threshold for those cases actually brought under a federal or state law directed against a certain type of behavior Congress or a state legislature has already found to be damaging. But this dismissal ruling departs from other court rulings on standing by blowing past legislative determinations of just what is "damage."
So your real beef is not the result, but that the Judge had to ignore the damage determinations of the legislatures to come to such a holding?
In a word, yes. The California anti-spam act included specific findings of costs and damage to the end-user, findings that even the federal CAN-SPAM Act echoed. This frustration is perhaps amplified by the practice of Judge Chesney in other contexts to accept and defer to Congressional policy decisions, an important and correct skill needed when interpreting nuanced statutory provisions. In other contexts, Judge Chesney has cited with clear approval the notion that a court "was not at liberty to second guess congressional determinations and policy judgments."
Perhaps this holding is explicable because the statute's lower pleading standard is unique to spam laws?
In a word, no. There is no shortage of laws requiring some lesser standard of falsity than fraud at the federal and state level. Similarly, many laws provide for liability based on a statutory presumption of reliance. In some other cases, mere or factual error is sufficient to trigger liability regardless of materiality or reliance. These laws are so common and numerous that the term "strict liability laws" is a frequently used term describing just one subset. Let's explore in more detail just how large a majority of federal and state suits are brought under these laws...
Most analogous to anti-spam lawsuits are other consumer protection laws against unfair or deceptive practices where committing a prohibited practice triggers a right to sue, regardless of any monetary damages. For example, the federal Fair Debt Collection Practices Act prohibits a range of collection practices and gives debtors subjected to the illegal practices a right to sue for statutory damages, regardless of whether the unfair dunning results in a collection or not. Wisely, courts, including Circuit Courts of Appeal, have held that the illegal threats to collect constitute an "injury in fact" regardless of whether or not the debtor heeds them and pays up. Similarly, “It is well settled, however, that proof of actual deception or damages is unnecessary to a recovery of statutory damages” under the Truth in Lending Act, according to the Second Circuit in Gambardella v. G. Fox & Co.
There are also a whole host of civil laws ordering business structures and transactions where committing a prohibited practice triggers a right to sue and provides for statutory damages regardless of any monetary damages. Trademark law contemplates lawsuits over trademark use violations that in some cases don't even require an actual showing of confusion, merely the (by definition speculative) "likelihood of confusion." Touching close to the current case (and presumably different only in having more complete damages pleading) Judge Chesney apparently had no problems with the Article III standing of some recent trademark plaintiffs, allowing summary judgment under the statute in favor of an initial-interest-confusion plaintiff based only on the likelihood of initial interest confusion.
But perhaps the most dramatic examples of laws permitting civil suits to recover money even absent any measurable or conceivable or alleged harm are the IP laws, copyright and patent. The patent holder's right is fundamentally the right to exclude others from practicing her patent, and a non-practicing patent holder who has never made, sold, licensed or marketed a single product, and thus lost not a single penny in sales or licensing fees to the infringer, or indeed suffered under any cognizable theory of harm, may still bring suit to recover the wrongful profits of the infringer. Similarly, a copyright holder with an unpublished manuscript or suffering from an infringement occurring in an entirely different media is still entitled to sue for statutory damages, even in the absence of any actual damages. Indeed, many of these laws even provide statutory damages as a measurement of harm precisely because the actual harms are variable, need to be deterred, or are hard to assess.
Some parting words from the controlling courts
Suits of this type, where a legislature has already found an injury in a certain prohibited practice or behavior and passed a statute granting particular individuals a right to sue in response to that practice, are precisely the suits the Supreme Court was contemplating in Lujan v. Defenders of Wildlife when it said the "injury required by Art. III may exist solely by virtue of ‘statutes creating legal rights, the invasion of which creates standing."
The Ninth Circuit also has a particularly lenient view of what constitutes damage for Article III purposes. So if Judge Chesney had accepted the damages findings of the California legislature, she would likely have to find those enumerated damages were of the types (time, money) that the Ninth Circuit has previously identified in various cases as being Constitutionally sufficient.
Concluding thoughts
As Venkat's timely post on this case notes in conclusion, several related cases raising some of these issues are in the process of being decided by the California Supreme Court or Ninth Circuit Court of Appeals. Those decisions have the possibility of perpetuating or correcting several of the trial court errors I've discussed in prior posts. Also, in this particular case, Judge Chesney did graciously grant another opportunity to amend, meaning there may be yet another opinion in this case. Finally, and most simply, an amendment to the complaint could just recite the harms identified in the California statute and allege that plaintiffs have suffered them.
Posted by Ethan Ackerman at 03:10 PM | Spam | TrackBack
December 02, 2008
November 2008 Quick Links
By Eric Goldman
Trademark
* NYT: "A handful of new Web sites with names like Typo Bay and Typo Buddy are out to help shoppers save money by searching eBay for misspelled brand names." In 2005, I blogged that typographical errors are a significant issue for eBay's search engine.
* It's a bull market for Obama-related trademark filings and Obama merchandise.
* Domain name tasting down 84%?
* Wired: "Think Godzilla's Scary? Meet His Lawyers"
Copyright
* Reuters: "Instead of triggering the usual take-down notices, copyright-infringing footage of select MTV Networks programing uploaded by MySpace subscribers would be automatically redistributed with advertisements that would generate revenue for the companies." I'm interested to see how this system applies to fair uses of the works!
* Arista Records LLC v. Usenet.com, Inc., 2008 WL 4974823 (S.D.N.Y. Nov. 24, 2008). The court dismisses USENET.com's counterclaims for declaratory relief that it doesn't violate 17 USC 512 because the claims duplicate its affirmative defenses.
* James Grimmelmann does an excellent job parsing the Google Book Search settlement agreement and makes some sage recommendations for how it should be modified before court approval.
Advertising/Marketing
* The Google-Yahoo ad syndication deal is dead. Some behind-the-scenes discussions.
* I'm not sure about the implications of this, but Google is expanding its efforts to allow website and ad targeting based on automatic geographic detection. See my prior post about the future of geolocation and a bordered Internet.
* Good news: entrepreneurs want to authenticate children's ages to keep them out of online trouble. Bad news: entrepreneurs might use age authentication to hit the kids with targeted marketing.
* Classmates.com sued for misrepresenting that former school chums were actually looking to reconnect. Yet more pushback on bogus "X is looking for you!" ads.
47 USC 230
* The Supreme Court denied cert in Doe v. MySpace, 2008 WL 4218722. According to Tom O'Toole, this is the seventh time that the Supreme Court has denied cert in a 47 USC 230 case.
* It appears that Children of America v. Magedson has settled.
* The Santa Clara University community is having a catharsis about Juicy Campus.
* Dan Solove and I chatted with Doug Lichtman about social networking sites (asynchronously--I spoke with Doug after Dan had), with most of my conversation focusing on 47 USC 230. Doug edited the conversations together into a one-hour podcast entitled "Privacy in the Networked World." An added bonus for listening--you may be able to earn one hour of CLE FREE!
Spam
* Facebook v. Guerbuez. Facebook wins $873M default judgment under CAN-SPAM. Now, if Facebook could only collect any of this, they would have finally figured out a way to make money!
* Gordon v. SubscriberBASE Holdings, Inc., 2008 WL 4809833 (E.D. Wash. Oct. 31, 2008). Serial anti-spam plaintiff lost again on whether he has standing under CAN-SPAM.
* Evan Brown: Government spam filters do not deprive citizen of right to petition the government.
* Venkat: Unsolicited Marketing Extravaganza in the Ninth Circuit.
Miscellaneous
* eHarmony settles claim that it discriminates against gay singles.
* NYT: "almost five years into its expansion into Europe...Google is getting caught in a web of privacy laws that threaten its growth and the positive image it has cultivated as a company dedicated to doing good."
Posted by Eric at 09:47 AM | Copyright , Derivative Liability , Domain Names , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
November 18, 2008
October 2008 Quick Links, Part 2
By Eric Goldman
Spam
* Kramer v. Perez. An Iowa court awards $236M in damages in a spam case. Venkat's comments.
* After the government lost its jury trial against Impulse Media, the court denied Impulse Media attorneys fees.
Contracts
* AT&T put its own emailed notice of amended contract terms into its spam folder. Whoops! Due to spam filters and other automated blocks, it is becoming almost impossible for websites to communicate with their users by email.
* An estimate of the massive "tax" imposed on consumers by reading privacy policies. Of course the financial drain is overstated because many people make a rational decision not to read every privacy policy, plus not every person has to read a privacy policy for marketplace responses to be effective.
* The Blizzard v. MDY WOWGlider case has reached a stipulated damages amount of $6M.
* Pulaski & Middleman, LLC v. Google Inc., 5:2008cv03888 (N.D. Cal. complaint filed August 14, 2008). The Justia page. Yet another me-too lawsuit against Google over serving ads to parked domains and error pages.
* An Israeli GPL enforcement action settled.
Trademarks/Domain Names
* Kentucky v. 141 Domain Names. Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name. More recently, the seizure was stayed.
* Speaking of inappropriate seizures, the Feds are trying to seize the trademarks of the Mongols motorcycle group. DOJ press release. LA Times article.
* Best Western Intern., Inc. v. Doe, 2008 WL 4630313 (D. Ariz. Oct. 20, 2008). Prior blog post in this case. The judge is losing patience: "These filings are wasteful in the extreme. The Court is not a forum for the parties to expend every possible dollar seeking to litigate every conceivable issue, no matter how insubstantial. The Court will no longer tolerate the excesses of this case."
* The Verizon v. Navigation Catalyst Systems domainer lawsuit settled.
* 50 Cent brings yet another questionable lawsuit. (1, 2).
Advertising
* Goddard v. Google Inc., 2008 WL 4542792 (N.D. Cal. Oct. 10, 2008). The case against Google for deceptive mobile phone ads will stay in federal court.
* Eyeblaster, Inc. v. Federal Insurance Co., 2008 WL 4539497 (D. Minn. Oct. 7, 2008). This is a collateral lawsuit to Sefton v. Eyeblaster alleging that Eyeblaster distributed spyware. Eyeblaster tendered the claim to its insurer. This court holds that the CGL policy doesn't apply because the claim relates to software problems, not physical damage to the users' computers. Further the E&O policy doesn't apply because Sefton alleges that Eyeblaster intentionally installed the spyware, bumping Eyeblaster into one of the policy's exclusions.
* Are consumers becoming more tolerant of pop-up ads? For more on consumer acceptance of new advertising formats, see here.
* A big damages award in NetQuote v. Byrd.
Posted by Eric at 06:42 AM | Adware/Spyware , Domain Names , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
November 14, 2008
Just who is an Internet access service provider under CAN-SPAM?
Worded to prevent lawsuits by individual email recipients, the federal CAN-SPAM Act limits who can bring suit for a CAN-SPAM violation. In addition to state and federal enforcers, the Act allows suits by "Internet access service providers." Just who are they, and can individuals find a way back in to court under this provision?
By Ethan Ackerman
One of the most distinct differences between the federal CAN-SPAM Act and state anti-spam laws is the federal law's restrictions on who may bring suit for a violation. Like many federal laws, it's vital to consider the environment in which it passed in attempting to understand the scope and intent of its provisions.
After several years of experience with state laws allowing individual email recipients to bring suit under state laws, and both actual and exaggerated instances of 'professional plaintiffs' bringing questionable suits against email marketers, many business and marketing lobbyists were eager to limit who could bring suits under a federal spam law. While efforts to expand or limit liability under federal laws are as old as the 1st Congress, 2003 was a notable high-water mark. At the same time as, and in the same Congress as, the CAN-SPAM Act, similar Acts altering liability standards and raising barriers to lawsuits and class actions were being passed under the mantra of "tort reform." Limitations on environmental and manufacturer liability, extending sovereign immunity to vaccine developers, restrictions on class actions, preemption of state enforcement and consumer protection laws, statutorily-mandated settlements of active court litigation - these were some of the hallmarks of the 108th Congress' involvement with the judicial branch.
In this environment, it's not surprising that various provisions in the CAN SPAM Act were negotiated back and forth to expand or contract liability, standing and preemption. This blog has previously covered the preemption back-and-forth, but similar negotiation went into just who could sue, and how, and where, and for how much under the CAN SPAM Act.
The final version of s.877 signed into law in 2003 that became the CAN SPAM Act reflects the compromises on several issues necessary to get sufficiently broad political support. This post will attempt to identify each of those issues in turn.
The final bill allows suits by a broad swath of federal regulatory agencies to enforce the law, including most notably the FTC. The scope of state officials' enforcement of the federal law, and just who else could sue, was somewhat more disputed. Prior year versions of the bill allowed suits in state as well as federal court. The initial Senate version of s.877 also allowed suit in federal or state court, but the final version negotiated with the more lawsuit-averse House of the 108th Congress restricted suits to only US federal District Courts, and now redundantly also granted the relevant federal agencies additional authority to removes suits filed by States to federal courts.
The issue of caps on damages and attorney's fees was also near and dear (or anathema) to many in the 108th Congress, and extensive changes exist between various versions of the bill as conditions were horse-traded and various constituencies weighed in. State enforcement statutory damages swung from $20 to $250 over the course of the different Congresses, with treble damages being available, then dropped and replaced with discretionary 'aggravated' damages possibilities. State enforcers' attorneys fees similarly went from mandatory to discretionary between the introduced Senate version and House-approved version. Statutory damages for internet access providers saw similar swings and horse trading, ultimately with certain egregious violations triggering $100 damages and other damages valued at $25, a far mark from a proposed 'up to $10.' Damages caps were also a feature, but swung from as little as $500,000 to in some cases $3 million.
Similarly, the political demands of the House resulted in additional, heightened pleading standards for civil suits by anyone other than federal enforcement agencies. These heightened standards, absent in the initial Senate version but added in sections 7(f)9 and 7(g)2 of the final version, raised a scienter pleading requirement for state enforcers and constricted the definition of 'procure' for suits brought by Internet access providers.
But back to the big difference
As initially indicated, the biggest difference between most state and the federal anti-spam law is the absence of a private right of action for spam recipients in the federal law. In the 108th Congress, a general private right of action was a non-starter. Even the initial Senate version of the bill restricted suits to enforcement officials and Internet access providers. Contrary to the desires of state enforcers from state with such provisions, and apparently an uncomfortable concession from the minority Democrat sponsors, the absence of a private right of action was a stated minimum.
The final wording of Section 7 of the CAN SPAM Act specifies who can bring suit, listing first federal enforcement, then state enforcement, and finally granting Internet access providers the right to bring some civil suits. So who is an 'Internet access provider'?
The short answer - the definition written in the 'definitions' section of CAN SPAM - is that the "term `Internet access service' has the meaning given that term in section 231(e)(4) of the Communications Act of 1934 (47 U.S.C. 231(e)(4))." This somewhat unenlightening reference leads to the actual statutory definition of:
The term “Internet access service” means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.
This broad definition originally was passed into law as part of the earlier Child Online Protection Act (not to be confused with the Childrens' Online Privacy Protection Act). Importantly, CAN SPAM also used other definitions from other prior laws defining similar terms. One example, one short line above the CAN SPAM 'internet access provider' definition, is the definition of 'Internet.' CAN SPAM defines 'Internet' by reference to the earlier passed Internet Tax Freedom Act, 47 USC 151 note. Importantly, CAN SPAM did not adopt the much narrower, more ISP-centric definition of 'internet access provider' in that Act. The Internet Tax Freedom Act defines an internet access provider as "a person engaged in the business of providing a computer and communications facility through which a customer may obtain access to the Internet..."
This definitional difference is important because CAN SPAM was written with service providers above and beyond just then-traditional modem-pooling, DNS-providing traditional ISPs in mind. Spam impacts next-generation services like online website hosts, online email providers, online proxies and filtering services, and CAN SPAM was drafted to take into account not just the dial-up AOLs of the world, but also the Rackspaces, the Hotmails, and the TUCOWs.
So courts have uniformly picked up this clear distinction, right?
If they had, what would there be to write about? While CAN SPAM was commonly understood to prevent end-user lawsuits, that portion of the law is implicit, not explicit. CAN SPAM was, however, explicitly written broadly to cover all, even the as-of-yet-uninvented, online service providers that spam negatively impacted. Unfortunately, subsequent court cases addressing the issue of whether it is an 'internet access provider' bringing suit have sometimes attempted to reinsert traditional ISP-style definitions into the Act.
A recent case getting the issue correct is Haselton v. Quicken Loans Inc.. Though anti-filtering activist Bennett Haselton, administrator of peacefire.org, sued Quicken in his individual capacity, separately incorporated Peacefire also was a named plaintiff. Defendant Quicken made much of the fact that Haselton was the sole employee of the organization and alleged Haselton was simply an individual end-user filing suit. Haselton countered, and the court agreed, that Peacefire's filter-circumventing service, even if operated only by Haselton, was clearly an 'internet access service provider' within the meaning of the Act.
Unfortunately, other courts, and commenters, have often channeled their skepticism over the litigation intentions of a plaintiff into interpreting this broad definition narrowly. For example, the Gordon v. Virtumundo court's palpable disagreement with serial plaintiff Gordon's litigation intentions and strategy led it to reach to hold, contrary to the plain wording of the definition, that Gordon's multi-user internet email service was not a " a service that enables users to access ...electronic mail... offered over the Internet." UPDATE
While they may be legitimate concerns over the capacity and legitimacy of serial plaintiffs' anti-spam suits, courts can address them without resorting to unnecessarily adjusting definitions in the statute. In Hypertouch v. Kennedy-Western University, for example, the court correctly recognized that an email service provider, even though small and providing accounts without charge, was nonetheless a 'internet access service provider.' As Eric blogged earlier, this court addressed its, and defendant's, concern that the plaintiffs allegations were inadequate and more properly addressed towards the actual marketing company in its ruling that plaintiff was an internet access service provider, but its claims were inadequate to survive a motion for summary judgment.
12/08 Update An observant Tri-cities reader gently corrects me, noting that Judge Coughenour ultimately did, contrary to what I suggested, conclude the plaintiff qualified as an Internet access service provider in Gordon v. Virtumundo. After reviewing all the criticisms and interpretation of legisaltive history and analogous cases that suggested Gorden was not intended to qualify, Judge Coughenour did ultimately conclude Gorden qualified "under the statute's capacious definition." So, my speedy reading aside, Gordon v. Virtumundo stands as an appropriate example of a court properly addressing questions about the propriety of a suit without narrowing the definition of an Internet access service provider after all.
Posted by Ethan Ackerman at 01:29 PM | Internet History , Spam | TrackBack
October 29, 2008
CAN-Spam-a-Friend?--Hoang v. Reunion.com
Hoang v. Reunion.com sidesteps an eagerly anticipated legal dispute over the legality of commercial address book scraping and 'send-to-a-friend' emails, and also highlights the damage that can cascade when a federal Circuit Court woefully misreads a statute.
By Ethan Ackerman
In July 2008, Violetta Hoang filed a class action lawsuit under California's state anti-spam laws against Reunion.com, a Los Angeles-based social network site. On October 6th, the court ruled for Reunion.com, granting its motion to dismiss, but allowing Hoang leave to re-file an amended complaint. While a less-than-3-months turnaround is admirable, this case stands as an apt reminder that haste makes waste.
What was sent?
A series of May 2008 solicitations from plaintiffs' acquaintances were the origin of this suit. More precisely, the series of emails were sent from Reunion.com mail servers but bore the names (and in some cases, addresses) of plaintiff's acquaintances in the 'From' line of the email. The emails also contained subject lines like "[Acquaintance] Wants to Connect with You." The emails were sent by Reunion.com servers because plaintiffs' acquaintances had registered with Reunion.com and at some point agreed to, or failed to opt out of, Reunion.com's address scraping practices. In the lawsuit, plaintiffs alleged that these emails were sent to plaintiffs not by plaintiff's acquaintances, as the email 'From' line and subject suggested, but by Reunion.com after Reunion.com had scraped the plaintiffs' addresses from acquaintances' address books when acquaintances became Reunion.com members. In short, pursuant to a possibly agreed-to Terms of Service, Reunion.com scraped its members' address books and then sent solicitations to the resulting addresses, but also took several steps to make it appear that the solicitation was from the member.
This email-scraping-and-dodgy-addressing practice sounds consistent with other accounts of Reunion.com's less than desirable (or legal) efforts to expand its member base. The site claims tens of millions of registered members, suggesting these email campaigns seem to work. The frequency of critical coverage over Reunion.com's various advertising and data-gathering methods also seems to suggest the tactics are as commonly objectionable as they are effective.
In February of this year, Eric highlighted a Wired article about address book scraping and other common web gathering processes. It's a very interesting area with a lot of thorny legal questions. This post, however, is just about the resulting spam.
But was it spam?
Claiming a violation of all three portions of California's anti-spam law, plaintiff's brought a claim against Reunion.com. Plaintiffs alleged Reunion.com used a falsified, misrepresented or forged 'From' line. Plaintiffs alleged that the subject lines Reunion.com used were misleading. Plaintiffs also alleged Reunion.com used a 3rd party domain name (yahoo.com) without Yahoo's permission.
[Author's aside: From the complaint, which describes several instances of 'From' line name forging, but only one instance of 'yahoo.com' appearing as part of a 'From' line, it sounds like Reunion.com's address book scraping likely picked up an email address that was stored in the name field of a member's address book, rather than some more nefarious domain name forging.]
Smells like spam, so what does the law say?
Rather than denying these accusations, Reunion.com chose to counter with a preemption defense. Reunion.com claimed that its practices were sanctioned by federal law and thus, even if actionable under California law, the federal CAN-SPAM Act preempted plaintiffs' claims.
The CAN-SPAM Act's preemption clause, 15 USC 7707 (b)1, does broadly preempt most state anti-spam laws - "This chapter supersedes any [State law] that expressly regulates the use of electronic mail to send commercial messages." This first sentence makes Reunion.com's preemption defense sound pretty plausible. But wait, as the late night infomercials say, there's more. The rest of the clause identifies a significant exception that preserves many of these state laws - "except to the extent that any such statute, regulation, or rule prohibits falsity or deception in [an email]."
So state law claims, like the plaintiffs', are preempted, except to the extent that the state law addresses falsity or deception, in which case the claims may proceed. Courts have been handling the preemption and preemption exception clauses of CAN-SPAM now for several years, and have had more or less no problem concluding that compliant state anti-spam laws can survive if they fit in CAN-SPAM's exception.
OK, so that's what CAN-SPAM says. Let's compare that to the California state law at issue. As identified above, the plaintiffs made three claims under the California law: a falsified 'From' line, a deceptive subject line, and the deceptive use of a 3rd party's domain name in an email header. All three claims address falsity and deception in an email's header, the core of CAN-SPAM's preemption exception. While Reunion.com might dispute the facts of each claim (not misleading, not false because authorized, etc.) it seems pretty clear that the claims can survive CAN SPAM's preemption test as written.
So if the law passes the CAN-SPAM test, whose preemption test is it failing?
The Reunion.com preemption defense cited two sources - the Mummagraphics holding and an FTC rule-making and policy paper on refer-a-friend email marketing.
The court accepts Reunion.com's first source, the prior Mummagraphics case, and doesn't rely on the FTC's policy paper for its holding. As a result, its discussion of the FTC guidance is a very brief discussion at the opinion's end in its discussion over whether to grant leave to amend.
A brief tangent
Before addressing the Mummagraphics precedent, I want to address the FTC rulemaking and policy paper too. Reunion.com asserts that the FTC rulemaking and policy paper permit, as a matter of law, its address book scraping and subsequent emailing. As a threshold matter, there's the fairly complex question of which portions of the FTC's Rulemaking and policy paper on refer-a-friend emails are actual Rulemakings with the force of law and which are policy guidance. Fun APA stuff. But even if the refer-a-friend portions are construed as a rulemaking, a brief read of the guidance reveals that there's, to put this politely, no sane way to conclude that the guidance makes Reunion.com's actions "as a matter of law, exempt from liability under CAN-SPAM." The guidance is page after page of non-exclusive, hedged discussions of what may make a sender liable. The FTC doesn't hand out any 'exemptions from liability' in the rules. Even this otherwise preemption-accepting court is suspicious of this assertion, stating
The FTC did not rule that a commercial entity whose message is the subject of a "forward-to-a-'friend'" email is, as a matter of law, exempt from liability under CAN-SPAM or that such entity could never be held liable, as a matter of federal law, for initiating an email containing false information. Rather, the FTC found that a determination as to whether such entity is exempt from liability under CAN-SPAM would require a "highly fact specific inquiry.
To further beat a dead horse, I'll just focus the issue a bit more. The guidance discusses when a commercially motivated refer-a-friend email is, and very infrequently isn't, subject to CAN-SPAM's provisions. It is page after page addressing when an email will be held to CAN-SPAM's standards, not on when an email will be held to, or preempted from, a state law's standards. While it may be possible that the FTC rules could categorize a given email as "not covered" by CAN-SPAM, that's not the same thing as preempted by CAN-SPAM. Buried deep within a hypothetical set of facts there might be a negative implied preemption argument that could be teased out of the FTC ruling, but Reunion.com isn't making that argument.
Back to the holding, then...
It's not that common in the development of case law that a significant intellectual error can be traced to one particular case, but that's the case here. This case errs because the court was too quick to rely on the erroneous 4th Circuit holding of Omega World v. Mummagraphics to dismiss.
The Mummagraphics court was faced with a similar suit alleging state and CAN-SPAM claims over emails with similar false and misleading subjects and headers, including subject lines falsely suggesting the recipient had requested the email, and "from:" addresses from unaffiliated domains that were not even in the actual transmission path.
A more critical argument against the Mummagraphics opinion could easily be made, but I'll simply opine that Judge Wilkerson of the Fourth Circuit sent spam jurisprudence down the wrong path in several key respects with this holding. While each of the errors will likely cause a lot of damage, several of them (e.g. the re-writing of the statute's 'materiality' standard, concluding that truthful email body text 'cures' header falsity) only have to do with claims under CAN-SPAM, and not on state law preemption. As a result, I'll focus on the error of Mummagraphics that causes so much headache for preemption claims - what constitutes a "falsity or deception" for purposes of determining preemption.
The statute says 'falsity and deception,' but this court thinks it should say fraud instead, so we now hold that it does...
The Mummagraphics court was faced with a claim under an Oklahoma statute that prohibited falsity and deception in email headers. While acknowledging that 'falsity' means just that - "erroneous, wrong," or "untrue", the court proceeded to construe the CAN-SPAM exception as preempting any state law using any standard less than "fraudulent".
This shift is no angels-on-the-head-of-a-pin difference. It's more analogous to the difference between murder and simple assault. Fraud requires misrepresentation and knowledge of falsity and intent to defraud and justifiable reliance and damage. Fraud is a significant enough legal claim that it has its own pleading standards in Federal court. In contrast, falsity or deception are just individual elements of fraud.
The Mummagraphics court dresses up this statutory re-writing by pointing to instances in CAN-SPAM where a heightened standard beyond 'falsity' is used, and argues that these other instances prove Congress intended a heightened standard. Unfortunately, this argument just proves the opposite. Far from being another instance of the same standard, the other language proves Congress knew how to state the particular standard it wanted. When 'falsity' was intended, as in 15 USC 7707(b)1, 'falsity' was used. When 'fraud' was intended, as in a mere paragraph later in 15 USC 7707(b)2, 'fraud' was used. When 'falsity' wasn't enough, but 'fraud' was too much, as in 15 USC 7701(a)1, 'materially false' was used. When Congress wanted to require actual knowledge, or a specific intent, as in 7704(a)2 and 7702(12), it used the terms "actual knowledge" and "intentionally."
Eh, so Mummagraphics was probably based on an erroneous conclusion, what's the harm?
The Mummagraphics opinion represents a Circuit-level opinion on federal law, so it is wholly binding in state and federal courts in the 4th Circuit and persuasive in all others. Additionally, it construes the scope of federal law, the CAN-SPAM Act, rather than just a particular state's law, so it is, if not controlling, at least pertinent in every case that raises a CAN-SPAM preemption defense. Not surprisingly, the opinion is having an effect. Several courts, even before Reunion.com, have relied on Mummagraphics' impossible to meet preemption standard to summarily dismiss cases raising state law anti-spam claims. State enforcers and legislatures are even starting to take notice and drafting amicus briefs and legislation to circumvent the results of the holding.
More comments about the opinion: Venkat and Tom O'Toole.
______
Eric's comments: Ethan makes a persuasive case that the statutory language in CAN-SPAM distinguished fraud from falsity. Nevertheless, I still support the Mummagraphics holding because I always thought it was unnecessary and counterproductive for Congress to let any state anti-spam statute survive preemption. From my vantage point, state anti-spam laws have done nothing useful to curb abusive spam. Instead, they have just littered the court system with junk cases, often from serial entrepreneurial litigants trying to punch lottery tickets. So if Mummagraphics provides defendants with a quick way to squelch unnecessary state law claims, I'm all for it.
I think Ethan is right that this case may misread Mummagraphics to extend the preemption even further than the 4th Circuit intended. Given my predisposition towards broad preemption, this is still a good outcome, but I am more troubled. In particular, I think the Reunion.com approach does not comfortably fit in the refer-a-friend bucket, and their efforts to leverage off the implicit social network connections bring to mind the worst aspects of the Facebook Beacon program. In this sense, the line between a true refer-a-friend program and a pretend referral that's just blatant marketing by grabbing email addresses reminds me a little of the first party/third party marketing representation distinction in 47 USC 230 jurisprudence. If the friend asks the site to send the email, it's a referral and not spam. If the friend provides the email address but doesn't endorse the message, it's governable by CAN-SPAM. This distinction is cloudy in 230 jurisprudence too, and it is giving the SEC fits too. Smells like a paper topic here.
On a personal note, mazel tov to Ethan and his wife on the arrival of their daughter Lily!
____________
10/30 UPDATE: Venkat's comments include a link to the plaintiffs' amended complaint. It takes a legally correct, tactically courageous approach. Rather than taking the Court up on its invitation to amend the pleadings to meet the various elements of a fraud standard, the plaintiffs' complaint reiterates its earlier falsity standard pleadings and then attempts to distinguish Mummagraphics, or at least limit the holding. The amended complaint distinguishes and notes that the Mummagraphics holding, for all its strong dicta about fraud and broad preemption, only held that CAN-SPAM would preempt a strict liability statute. The plaintiffs then proceed to show that the California statute is more than a strict liability statute, and even helpfully point to 9th Circuit precedent that distinguishes falsity from fraud for federal law purposes, clearly holding falsity as a lesser standard. I suspect Reunion.com could make the strong counter-argument that the Mummagraphics results matter more than the holding, because the Mummagraphics result, preemption, was of an almost identical statute that wasn't strict liability either. But making such an argument only invites closer scrutiny of Mummagraphics and highlights its error. Not only was Mummagraphics' stated holding (strict liability is preempted) inconsistent with the Mummagraphics result (a 'more-than-strict-liability' statute was preempted) but the holding was legally wrong in attempting to re-write the carefully negotiated preemption standard up from falsity to something higher. Before giving the benefit of the doubt to the Mummagraphics court in its re-writing, consider that the precise wording and standards in the preemption provisions of a federal spam law were one of its most-negotiated provisions. They changed from one Congress to the next, were different between various bills in the 108th congress, and were even switched between the different versions introduced and ultimately passed in the 108th Congress.
Posted by Ethan Ackerman at 03:55 PM | Marketing , Spam | TrackBack
October 14, 2008
September 2008 Quick Links, Part 3
By Eric Goldman
eBay
* Universal Grading Service v. eBay, Inc. More fallout from the National Numismatic v. eBay case--another lawsuit alleging antitrust and defamation because eBay designated some coin rating services as preferred and impliedly devalued others.
* Windsor Auctions v. eBay has been refiled in a new jurisdiction.
* Mehmet v. Paypal, Inc., 2008 WL 3495541 (N.D. Cal. Aug. 12, 2008). Upholding the consequential damages waiver in PayPal’s user agreement.
* A company's failure in the marketplace can drive up the value of its collectibles on eBay.
* Stelor Productions, Inc. v. Google, Inc., 2008 WL 4218107 (S.D. Fla. Sept. 15, 2008). In the lawsuit alleging that Google causes reverse confusion of Googles.com [warning: annoying music ahead], the plaintiff doesn't get to depose Sergey or Larry yet. Rose Hagan, Google’s long-time chief trademark counsel, is the lucky substitute.
* Lots of rhetoric in the Google/Yahoo ad syndication deal. Google’s advocacy website. Google Chief Economist Hal Varian explains why the deal won’t raise ad prices in the auction. Randall Stross weighs in.
* Google has changed course and now allows religious groups to advertise on the keyword “abortion.”
* Kubit v. Google Groups, 2:2008cv00738 (M.D. Fla. complaint filed Sept. 29, 2008):
I then would like to sue Google Groups for not removing the posts when I repeatedly asked them to for 2 years. I believe I am entitled to at least a small amount of compensation for the emotional distress and lost business income that has resulted from them allowing these posts to remain on their Google Groups, even though I offered them VERY solid proof that I do not have HIV. If they had stopped the posts when they first occurred, they would not have proliferated to hundreds of websites. I became suicidal for a period of time after the posts started. I incurred a lot of emotional pain and fear because of the posts and had to seek psychiatric and psychological help to get my life back together. I still suffer from fears of dating, living a public business life and trusting others.
Yes, this is a pro se complaint. Yes, it is preempted by 47 USC 230.
Marketing/Advertising
* NebuAd is dead (1, 2). Even so, the lure of intermediaries aggregating deep data about consumers for commercial purposes will never die.
* Is Gator/Claria dead?
* The EU passed a non-binding resolution against sexual stereotypes in advertising.
* Celebrity branded merchandise run amok.
Miscellaneous
* Valleywag: "The 5 most laughable terms of service on the Net." For more laughs, see Mark Lemley’s Terms of Use paper.
* Murakowski v. University of Delaware, 2008 WL 4104087 (D. Del. Sept. 4, 2008). This reminded me a lot of the Jake Baker case from the mid-1990s.
* The Virginia Supreme Court reversed itself on the Jaynes anti-spam prosecution, and Jaynes walks. Does Virginia routinely pass unconstitutional laws?
* Becker v. Toca, 2008 WL 4443050 (E.D. La. Sept. 26, 2008). Ex-wife's alleged delivery of "Infostealer" program to grab passwords from ex-husband could violate the ECPA, SCA and CFAA.
* Interesting article on ESPN’s exclusive distribution and bundling agreements with Internet access providers.
* Silly? Horrifying? A sign of the apocalypse?
Posted by Eric at 06:17 PM | Adware/Spyware , Content Regulation , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam | TrackBack
October 11, 2008
September 2008 Quick Links, Part 2
By Eric Goldman
Copyrights
* In the Harry Potter fair use case, the court declared that the Lexicon encyclopedia isn't fair use.
* The judge declared a mistrial in the Jammie Thomas case.
* Designer Skin v. S&L Vitamins has reached its denouement. Previous blog coverage of the case (1, 2). In the prior ruling, the judge denied the plaintiff damages for the copyright infringement. In the final ruling, the court enjoins cutting and pasting product shots but allows the defendant to recreate the product shots. Ronald Coleman has more here and here (noting that the court says that, per MercExchange, an injunction does not automatically follow from a finding of copyright infringement).
* Wired's 5 year retrospective on the RIAA's litigation campaign against file sharing.
Social Networking Sites, Blogs and Online Publishing
* J.S. ex rel. Snyder v. Blue Mountain School Dist., 2008 WL 4279517 (M.D. Pa. Sept. 11, 2008). Upholding student discipline for creating a fake MySpace page of principal. The school initially based the discipline on the student infringing copyright (by cutting and pasting the principal's photo) but this aspect of the case wasn't mentioned at all in the court’s reasoning.
* O.Z. v. Board of Trustees of Long Beach Unified School Dist., 2008 WL 4396895 (C.D. Cal. Sept. 9, 2008). Two seventh graders make a video about killing their teacher, described as:
The slide show is essentially a dramatization of the murder of Mrs. [redacted]. The first slide photo states, "Mrs. [redacted] dies." Throughout the slide show there are photos of Plaintiff dressed up in a costume, depicting a woman meant to resemble Mrs. [redacted]. There is red text on each slide photo that describes the scene. One slide says, "Jelly Donut's knife: haha fat bastard. here i come!" In this same photo, the viewer can see a butcher knife lunging at Mrs. [redacted] character from the camera's point of view. The butcher knife is then laid on the fallen victim while the text reads, "hehehe. i'm a shank yoooooooooo!" At the end of the slide show, it reads, "your [sic] dead, BITCH! :D".
I think they thought it was funny, but no one else did. One of them posted the video to YouTube. It's unclear what happens to the poster, but the co-content creator was suspended and forced to transfer to another school for her eighth grade. In this case, her TRO request is denied, even if she didn't intend the video to be publicly distributed and even if the video was not a "true threat."
* Spanierman v. Hughes, 2008 WL 4224483 (D. Conn. Sept 16, 2008). Teacher who was fired for inappropriate MySpace communications with students can't sue the school.
* An encouraging update on the Lori Drew prosecution.
* Bill McGeveran on Facebook Beacon and legal liability.
* Good NYT article on the sociology of Facebook and Twitter.
* Sam Bayard on an interesting but confusing ruling from Montana on its shield law applied to anonymous online posters.
* Verdana Partners v. Giles. Online newspaper wins anti-SLAPP claim.
* Jardin v. Datallegro, Inc., 2008 WL 4104473 (S.D. Cal. Sept. 3, 2008). A litigant's taking down a blog post and its comments is not destruction of evidence.
* Nemet Chevrolet has appealed its 230 loss. Previous blog coverage.
* Do Facebook's anti-spam policies overregulate Facebook's power users?
Posted by Eric at 07:49 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Spam | TrackBack
October 07, 2008
Email Ad Network Isn't Liable for Unsolicited Email--Ferron v. Echostar
By Eric Goldman
Ferron v. Echostar Satellite LLC, 2008 WL 4377309 (S.D. Ohio Sept. 24, 2008). The Justia page.
John Ferron is one of several "repeat" plaintiffs around the country suing over unsolicited email (perhaps not coincidentally, he's also an attorney). In this case, Ferron sued a variety of defendants associated with unsolicited email promoting dish satellite offerings for violations of Ohio's consumer protection law and the Electronic Mail Advertising Act (EMAA).
One of the defendants is Hydra, "a service that connects satellite dish service retailers with companies that advertise by email. The retailers create the advertisements. Hydra then stores the advertisements on its database. Other companies then access Hydra's database and send the advertisements to consumers by email." Hydra does not create the ad content or send the actual emails.
Ohio's consumer protection act has a defense for innocent publishers of ads. Even though the statute does not contemplate the existence of an email ad network, the court says that Hydra is only an "information disseminator" and therefore qualifies for the defense. It was also alleged that Hydra wasn't innocent because Ferron had sent it a copy of his complaint, but the court says that the complaint does not act as sufficient proof of a statutory violation.
The court declines to grant Hydra SJ on the EMAA claim, saying that while Hydra did not "transmit" the email, it could not tell if Hydra "caused" the email to be transmitted. Nevertheless, the court says that, per Mummagraphics, Ohio's EMAA is preempted by CAN-SPAM because it regulates conduct that is not sufficiently fraudulent or deceptive. As a result, Hydra gets SJ on the EMAA claim and is dismissed from the lawsuit.
From my perspective, this case is another example of the larger battle against unsolicited email using state law (such as the many state anti-spam laws). In my opinion, the heavy reliance on state law has led to enormous wasted motion, which is the direct and unfortunate consequence of (1) CAN-SPAM failing to completely preempt all state anti-spam laws, and (2) early opinions (mistakenly, IMO) holding that state anti-spam laws don't violate the dormant commerce clause even though most email senders cannot realistically "steer" their emails into or out of a state.
[This post has been amended in response to emails from John Ferron alleging that my prior post was defamatory.]
Posted by Eric at 04:32 PM | Marketing , Spam | TrackBack
September 09, 2008
August 2008 Quick Links, Part 2
By Eric Goldman
Net Neutrality
* The FCC gets on Comcast’s case for deceptively blocking BitTorrent connections without disclosure. While I don’t know anyone who has defended Comcast’s behavior here, at the same time there is an undercurrent of concern about the FCC’s authority to regulate Internet activities. Could this be the FCC camel's nose in the Internet's tent? We will learn more about the FCC's authority because Comcast has appealed the FCC's decision.
* A topic I haven't seen discussed very much: how the doctrine of trespass to chattels intersects with net neutrality principles. The only article I found in a 60 second search on the topic was a couple of paragraphs in J. Gregory Sidak, A Consumer-Welfare Approach to Network Neutrality Regulation of the Internet, 2 J. Competition L. & Econ. 349 (2006).
Contracts
* Jacobsen v. Katzer (Fed. Cir. Aug. 13, 2008). This ruling has been hailed as a validation of open source licenses, but I’m not sure what to make of this opinion. If the opinion merely says that breach of a copyright license can support copyright infringement, that’s no big deal. However, among other conspicuous omissions, the court does not discuss how the licensor formed a contract in this case. Thus, if the court’s conclusion is that copyright owners can impose conditions on licensees’ enjoyment of their copyright without properly forming a contract, then this opinion could undo the entire scheme of online contract formation. For example, it could support a conclusion that browsewrap-style “contracts”/terms of use should be enforceable as conditions on the accessing of copyrighted web pages. See, e.g., Ticketmaster v. RMG.
* Interactive Retail Management, Inc. v. Microsoft Online, L.P., 2008 WL 3851691 (Fla. App. Ct. Aug. 20, 2008). This is a click fraud case I hadn't heard about previously. Microsoft won at the trial court on jurisdiction grounds. This court revives the lawsuit for more jurisdictional investigation.
* Jeff Neuburger on a Wisconsin case saying that the UCC governs contract formation via email instead of UETA.
* Request for your guidance. Wikipedia has some photos that simultaneously say they are released under both a Creative Commons license and the GFDL. See, e.g., this photo. The license terms are irreconcilably inconsistent. If someone wants to use such a photo, now what?
Competition Restrictions
* Edwards v. Arthur Andersen (CA Sup. Ct. Aug. 6, 2008). The Ninth Circuit was wrong to create a narrow restraint exception to B&P 16600, the California statute voiding non-compete clauses.
* XPEL Technologies Corp. v. American Filter Film Distributors, 2008 WL 3540345 (W.D. Tex. Aug. 11, 2008). Rebecca on an odd case involving (once again) the DMCA anti-circumvention provisions as an anti-competition tool.
Miscellaneous
* Two interesting studies recently about people’s response to spam. Despite the animosity, a quarter of consumers have responded to cellphone spam and 30% say they have made purchases in response to spam. For more complementary statistics and my attempt to explain this seeming dichotomy, see here.
* The First Circuit issued an interesting DMCA 1201 case that I haven’t seen discussed. The BNA summary: “District court properly granted summary judgment to plaintiff cable television service provider on claim that defendants violated Digital Millennium Copyright Act by selling low-frequency signal filters, within plaintiff's service area, that were capable of bypassing plaintiff's pay-per-view billing mechanism, since plaintiff's pay-per-view delivery and billing system is technological measure that effectively controls access to copyrighted works, and digital cable filter allows subscribers to "avoid" or "bypass" that technological measure (CoxCom Inc. v. Chaffee, 1st Cir., 8/4/08)”
* AP v. Moreover settles. My initial post on the lawsuit.
* Funny YouTube video: "Here Comes Another Bubble," set to the tune of Billy Joel's "We Didn't Start the Fire"
Posted by Eric at 08:49 AM | Content Regulation , Copyright , Licensing/Contracts , Marketing , Search Engines , Spam | TrackBack
August 08, 2008
Affiliate Liability Extravaganza
By Eric Goldman
[Note: I recently published a version of this article at InformIT. Here's the pre-edited version I sent them.]
Introduction
This article discusses marketers’ liability for the actions of their marketing affiliates (what I refer to as “affiliate liability”). The affiliate liability issue has become red-hot recently because numerous plaintiffs have taken aggressive legal positions seeking to expand the boundaries of affiliate liability. In three recent rulings, courts have emphatically rejected these expansive liability arguments. Even so, it seems likely that plaintiffs will continue to look for ways to expand affiliate liability, and despite the favorable rulings, defendants often settle a lawsuit alleging affiliate liability rather than establish their rights in court.
Affiliate Marketing—Good and Bad
Marketers create affiliate programs to outsource marketing decisions to domain experts. For example, independent third parties may have better or cheaper access to subcommunities of potentially interested consumers than a marketer’s employees. An affiliate marketing program compensates these local experts for work and expertise involved to take the marketer’s message to those consumer communities. When it works properly, affiliate marketing programs can play an important role in the broad “invisible hand” economic phenomenon of allocating scarce resources to consumers who value them the most.
Affiliate marketing doesn’t always have this salutary effect. Affiliate marketing programs create payoffs to motivate affiliate behavior, and inevitably some affiliates will try to obtain the payoff without doing the desired activity. Thus, even if the marketer would prefer otherwise, some affiliates might do “whatever it takes” to get paid, including using false advertising or illegitimate marketing mechanisms. Further, the fact that the marketer outsources some choices to affiliates (a necessary part of any affiliate program) can lead to “diffuse responsibility” where the marketer and affiliates point fingers at each other if something goes wrong. Sometimes, when there are multiple tiers of affiliates, it can become effectively impossible to assign responsibility for the wrongdoing.
To bypass these legal entanglements, plaintiffs have sought ways to hold marketers vicariously (automatically) liable for their affiliates’ actions. However, these efforts “break” standard tort law by trying to treat independent contractors as if they are principal-agents without the requisite supervision or authority that typically triggers agency liability. As a result, overexpansive theories of affiliate liability cause marketers to internalize too many costs, curtailing potentially socially beneficial marketing activities or leading to overinvestment in socially wasteful liability minimization schemes.
Plaintiffs Gone Wild: Two Recent Efforts to Expand Affiliate Liability
There have been countless affiliate liability enforcement actions, but I’ll focus on two recent initiatives.
New York Sales Tax Law
State and local taxing jurisdictions have long coveted a way to impose sales tax collection responsibilities on non-resident Internet vendors. In general, these efforts have been stymied by the Supreme Court’s decision in Quill Corp. v. North Dakota, 504 U.S. 298 (1992), which requires a vendor to have a physical presence in the jurisdiction before the taxing entity can impose sales tax collection obligations on it.
New York, however, developed a nifty workaround. In April, it passed a law (Chapter 57, N.Y. Laws of 2008) declaring that a vendor’s marketing affiliates in New York constituted a physical presence in New York by the vendor. If so, New York can impose sales tax collection obligations on remote vendors due to their New York affiliates. As part of its crafty plan, New York tried to induce compliance with a carrot—if remote vendors voluntarily agreed to collect and pay sales tax from New York residents going forward, then New York would grant them amnesty for any back sales tax collection obligations.
Neat trick, but…a small problem: affiliates are independent contractors of the vendor, so this effort to treat them as legally related entities surely doesn’t comply with the Constitution. I suspect a court will confirm this flaw because both Amazon and Overstock.com have sued New York over the law. At the same time, to minimize its risk, Overstock has also tossed all of its New York affiliates overboard. One might question the wisdom of the New York legislators prompting marketers to cut off opportunities for New York online entrepreneurs.
Trademark Owners Claiming Marketers Are Liable for their Affiliates’ Marketing
Another trend: trademark owners are trying to hold a marketer liable for the alleged trademark infringement committed by its affiliates, such as when affiliates purchase the third party trademark as a keyword trigger for search engine ads. Plaintiffs have alleged affiliate liability in at least three lawsuits in the past couple of months:
* DSW v. Zappos.com (S.D. Ohio complaint filed May 12, 2008). For more, see SEOmoz.
* NameSafe v. LifeLock (M.D. Tenn. complaint filed June 26, 2008). For more, see Techdirt and News.com.
* Rosetta Stone v. Rocket Languages (C.D. Cal. complaint dated July 2, 2008). For more, see the WSJ Law Blog.
Courts Weigh In—and Plaintiffs’ Expansive Theories Don’t Fare Well
The efforts to extend liability in the sales tax and trademark contexts are novel, and it’s hard to predict the final outcome because we have limited direct precedent to consult. However, looking at some recent rulings in other contexts, there is good reason to believe that both legal theories go way too far.
CAN-SPAM
Unlike many other areas of the law, CAN-SPAM (15 USC 7705 and 7706) specifically authorizes affiliate liability in the statute. The Federal Trade Commission (FTC) has routinely invoked this provision in its pursuit of marketers promoted by affiliate-initiated spam (for one of the more recent examples, see the FTC’s press release on one of its porn spam busts and settlements). Further, typically when the FTC targets a marketer on an affiliate liability theory, the marketer rolls over and settles rather than fight.
But…a small problem: the FTC’s expansive interpretation of the affiliate liability statute—the basis it has used to procure these settlements from marketers—may not actually reflect the law. In an outcome that didn’t get nearly the press it deserved, in an lawsuit against Impulse Media earlier this year, the FTC took its affiliate liability theories to a jury and lost. This is a huge verdict because (1) the FTC rarely loses in court, and (2) perhaps more importantly, when average citizens evaluate the FTC’s expansive affiliate liability theories, they may balk.
Oddly, the FTC didn’t take no for an answer. It subsequently asked the judge to enjoin Impulse Media even though Impulse Media won the jury verdict. Talk about chutzpah! Not surprisingly, the court declined the request. US v. Impulse Media, 2008 WL 1968307 (W.D. Wash. May 1, 2008).
In another lawsuit, ASIS Internet Services, v. Optin Global, Inc., 2008 WL 1902217 (N.D. Cal. March 27, 2008; unsealed April 29, 2008), a civil plaintiff, ASIS (a serial anti-spam litigant), invoked the CAN-SPAM affiliate liability provision in its anti-spam lawsuit against 20 defendants. One defendant never showed; 18 defendants settled up (as mentioned, the typical response); and only one defendant—Azoogle—persisted in court.
Azoogle is a lead generation company for upstream marketers, and it relies on downstream affiliates to help it generate leads for its clients. Some of those downstream affiliates generate leads via spam. In this ruling, the court rejects Azoogle’s liability for spam sent by its marketing affiliates:
Although ASIS has pointed to significant evidence that Azoogle, during the relevant time period, did little to investigate the third party vendors it engaged, there is no evidence in the record from which a jury could conclude that Azoogle, in contracting with Seamless Media, made a deliberate choice not to know that Seamless Media would engage third parties to send out spam on Azoogle's behalf. The evidence cited by ASIS to establish knowledge on Azoogle's part is entirely speculative. Even assuming it is true that the Emails were sent by a single individual and that the lead was typed into a web site that was copied from Azoogle's lowrateadvisors site, this is insufficient to show that Azoogle consciously avoided knowing that the Emails would be sent. Further, while ASIS relies primarily on the allegation that Azoogle failed to adequately investigate its third-party vendors, ASIS has pointed to no evidence that if Azoogle had investigated Seamless Media prior to entering into the Insertion Order, it would have learned facts sufficient to show that Seamless Media was likely to engage in CAN-SPAM violations. There is no evidence in the record that would put Azoogle on notice that Seamless Media, or Seamless Media's vendors, obtained leads from spammers. Indeed, the only evidence on this subject is that Seamless Media had a good reputation at the time, and was obliged by its contract with Azoogle to follow the law.
Adware
Another recent affiliate liability decision is the remarkable ruling in People v. Direct Revenue LLC, 2008 WL 1849855 (N.Y. Sup. Ct. March 12, 2008), another case that did not get the attention it deserved. Disclosure note: I helped file an amicus brief in this case.
In 2006, the NY Attorney General’s office (NYAG) made the apparent decision that adware vendor DirectRevenue needed to be shut down by any means necessary, and it launched a multi-front attack on DirectRevenue. It publicly posted a website with information about DirectRevenue that had no apparent purpose other than to denigrate DirectRevenue’s reputation. It bullied DirectRevenue’s advertisers, ultimately procuring, and then releasing a hyperbolic press release about, an insignificant settlement that spooked potential advertisers away from DirectRevenue. And finally, it sued DirectRevenue directly.
The NYAG’s actions had their desired effect. Perhaps due in part to the NYAG’s campaign to close DirectRevenue down, DirectRevenue did in fact go out of business. Congratulations to the NYAG for achieving its apparent goal.
But…a small problem: the NYAG’s assessment of DirectRevenue’s legitimacy may have, in fact, been itself lawless, because the court emphatically rejected all of NYAG’s legal theories. This might be amusingly ironic if the NYAG’s anti-DirectRevenue campaign wasn’t such a chilling and crushing misuse of governmental powers.
The opinion is worth reading in its entirety, especially where the court affirms the EULA formation and limits extraterritorial liability. However, apropos to this post, the court rejected DirectRevenue’s liability for allegedly illegitimate software installations made by its affiliates, saying “petitioner has not shown that respondent should be held liable for the actions of those third parties under a theory of agency or ratification, or otherwise.” The court explains:
Dismissal is required with respect to the 22 [installations by] third parties, who petitioner concedes were independent contractors rather than agents of Direct Revenue. A principal is generally not liable for the acts of an independent contractor because of the lack of control over how the contractor's work is performed (Chainani v. Bd. of Educ., 87 N.Y.2d 370, 380-81 [1995]). Neither may the principal be charged with the conduct of even more remote subcontractors (People v. Synergy6, Inc., Index No 404027/03 [Sup Ct N.Y. Co 2006][unpublished disposition][Attorney General's action for deceptive practices and false advertising under GBL dismissed as against email marketing company where fraudulent emails were sent by company retained by agent]). Although exceptions exist, such as where the contractor was negligently retained or supervised (Saini v. Tonju Assocs., 299 A.D.2d 244, 245 [1st Dept 2002]) or where the principal has ratified the wrongful acts (Kormanyos v. Champlain Valley Fed. Sav. and Loan Assoc. of Plattsburgh, 182 A.D.2d 1036, 1038 [3d Dept 1992]), the record here does not support any grounds for departure from the usual rule.
As noted, under the SDA, Direct Revenue contractually required its distributors to obtain consent of consumers consistent with the terms of the EULA. The SDA also forbade the distributors from holding themselves out as respondent's agents. Respondent was not authorized or obligated to control their work, particularly since many of them additionally acted as distributors for various other advertisers. Although in Sotelo v. Direct Revenue, 384 Supp2d 1219 (ND Ill 2005) the court upheld a cause of action against respondent for negligent supervision of distributors, the issue arose on a motion to dismiss and the court thus restricted its inquiry to the four corners of the complaint. Notably, the court stated that it was precluded at that procedural juncture from considering respondent's evidence that the distributors were independent contractors, evidence which, as here, included the SDA.
…
The theory that respondents ratified the alleged third party misconduct also fails. The allegations that respondent had general and/or constructive knowledge of some distributors' wrongful practices are insufficient to impose liability (see, Synergy6, supra; Del Signore v. Pyramid Sec. Servs., Inc., 147 A.D.2d 759, 760-61 [3d Dept 1989][mere knowledge of litigation and complaints against security company for undue force by guards insufficient to impose liability upon hiring firm]; see also Hamilton v. Beretta USA Corp., 96 N.Y.2d 222, 237 [2001]). Moreover, it is conceded that in those few instances in which respondent obtained actual knowledge of a distributor's misconduct, it took significant steps to modify its procedures. A finding of ratification cannot be found upon such facts, notwithstanding that respondent may have benefited financially from its relationship with the distributors before remedial measures were implemented (see Synergy6, supra).
It is my understanding that the NYAG has filed a notice of appeal in this case to preserve its options, but it is still deciding if it will pursue the appeal.
Unfortunately, I’m not aware of the Synergy6 opinion being available electronically, which is a shame because it’s an interesting and relatively early rejection of the NYAG’s expansive affiliate liability doctrines. Due to that ruling (which involved email marketing instead of adware), the NYAG already had good reason to suspect that its predicate theories were dubious, which makes its decision to pursue those theories against DirectRevenue even more lamentable.
Conclusion
This post highlights two seemingly inconsistent trends. Trend #1 is that plaintiffs (private actors or government agencies) are taking very expansive positions on affiliate liability. Trend #2 is that when tested, expansive affiliate liability theories are failing in the courts. These two trends seem to be in conflict with each other. My hope is that trend #2 becomes so strong that it overrides trend #1, i.e., plaintiffs and government actors get the message that they have gone too far.
Unfortunately, in the interim, many defendants will capitulate and settle an expansive affiliate liability claim—even if it’s lawless—because it’s the cheapest path to resolution or because the precedent isn’t strong enough to ensure victory. Perhaps some defendants will realize that the trend is in their favor and will fight back accordingly. More judicial clarity about the line between permissible and impermissible behavior would benefit everyone.
It is also possible that the legal ambiguities of affiliate liability will be resolved by statute. However, despite the defendants’ string of court victories, I see the chances of legislative intervention to curtail expansive affiliate liability doctrines as nil. If anything, it’s more likely that future legislation will codify liability expansion.
For a rare in-depth analysis of affiliate liability, see Jean Noonan and Michael Goodman, Third-party liability for federal law violations in direct-to-consumer marketing: telemarketing, fax, and e-mail 63 Bus. Law. 585-596 (2008) [ABA subscription required to download].
Posted by Eric at 08:04 AM | Adware/Spyware , Derivative Liability , Marketing , Spam , Trademark | TrackBack
May 02, 2008
Spam Revisited: Virginia-style
By Ethan Ackerman
The Virginia Supreme Court revisits its First Amendment holding in Jaynes.
In what is likely a second stroke of luck for criminal spammer Jeremy Jaynes, the Virginia state Supreme Court recently granted a discretionary rehearing on the earlier 4-3 opinion. The Court limited review to First Amendment standing issues. These standing issues were the focus of skepticism in the dissent and in an earlier post on this blog.
The rehearing order is here.
This blog's earlier post discussing the ruling is here.
UPDATE 9/12/08
After granting a discretionary re-hearing, the Supreme Court of the State of Virginia reversed its earlier opinion, and Jaynes' coviction, and held the Virginia anti-spam statute unconstitutionally violates the 1st Amendment. Since the statute covers non-commercial as well as commercial speech, the Court ruled it is unconstitutionally broad. In doing so, the court concluded that its initial reading of Hicks was problematically narrow, and Jaynes properly had overbreadth standing.
Posted by Ethan Ackerman at 03:26 PM | Spam | TrackBack
April 28, 2008
47 USC 230 Trifecta of Cases--Friendfinder, e360insight, iBrattleboro
By Eric Goldman
47 USC 230 cases have been coming at such a rapid clip that I've fallen behind. In this blog post, I'll catch up on three recent cases:
Friendfinder
Doe v. Friendfinder Network, Inc., 2008 WL 803947 (D.N.H. March 27, 2008)
This case involves the publication of a false user-supplied profile on adult dating/hook-up services operated by AdultFriendfinder and Various. Fake dating profiles have been the source of a fair amount of 230 litigation; see, e.g., the Anthony v Yahoo, Landry-Bell v. Various, Doe v. SexSearch, Barnes v. Yahoo, and of course the Carafano case. The Friendfinder case involves two allegations we haven't seen before: (1) when the plaintiff complained, the sites removed the profile but displayed the following message on the profile page: "Sorry, this member has removed his/her profile," which allegedly implied that the plaintiff in fact had authorized the page initially, and (2) portions of the fake profile had been displayed on third party sites as "teasers" to advertise the adult dating services.
The court quickly dismisses the defamation, intentional infliction of emotional distress and various soft tort claims per 230, even if the defendants affirmatively reposted the profiles and even with respect to pull-down menus used to help profile building. This opinion came out before the Ninth Circuit en banc ruling in Roommates.com, but taking Kozinski's disclaimers at face value, the discussion about pull-down menus should have survived Roommates.com.
The court also says that 230 protects the site-authored announcement on the removed profile because "the allegedly tortious nature of those statements proceeds solely from the association they create between the plaintiff and the content of the profile." This might be an important standard to help future courts determine when 230 governs allegations of false marketing representations predicated on bad user info.
The court takes a less defense-favorable direction regarding the right of publicity claim. In direct conflict with the Ninth Circuit's ccBill ruling, this court says that 230 does not preempt state IP claims. Personally, I think this court got the statutory construction right and the Ninth Circuit got it wrong. As this court correctly explains, a court cannot interpolate the word "federal" into 230(e)(2) if it uses intellectually rigorous statutory interpretation.
Having left open the state IP claims, the court (also correctly, IMO) says that a right of publicity claim is an IP claim while any other invasion of privacy claim (i.e., the other three prongs of Prosser's four privacy torts) is not.
The court also survives the plaintiff's allegation of a Lanham Act false designation of origin claim with respect to the use of the false profile in the advertising teasers. But why didn't the court examine the application of 230 to this Lanham Act provision, which arguably isn't an IP claim? I think the court considered the false designation of origin claim, as applied to a false endorsement, to be equivalent to a right of publicity claim, but it would have been nice for the court to unpack this assumption.
The litigation over teaser content raises a question that's been bothering me for some time--when is republication of user-supplied editorial content (in this case, the dating profile) as teaser content on third party websites legally governed as commercial advertising? Teaser editorial content is ubiquitous, but it also serves a marketing function that could (should?) be regulated by commercial advertising restrictions such as the right of publicity. Hey, if you're looking for a paper topic, I think this issue (use of user content in teaser content as a right of publicity issue) is a good one.
More discussion about this case: CMLP, Rebecca, Jeff Neuburger, John Leonard
e360Insight
e360Insight, LLC v. Comcast Corp., 2008 WL 1722142 (N.D. Ill. April 10, 2008)
e360 is an email marketer/alleged spammer. Comcast blocks their emails from getting to Comcast subscribers. e360 sues Comcast for a variety of torts. The court sweeps all of the claims away on a judgment on the pleadings per 230(c)(2), saying that spam filtering constitutes the blocking of objectionable content contemplated by the statute. Further, agreeing with the Kaspersky case, the court says that any good faith requirement in the statute is subjective, not objective, and e360 didn't plead any evidence of subjective bad faith. Case dismissed.
This opinion adds to the burgeoning caselaw under 230(c)(2) showing that it will crunch claims by anyone upset that their communications are being filtered. As applied to an IAP like Comcast, I think this raises an interesting angle in the net neutrality debate. If you're looking for a paper topic, it seems like it would be timely to recap 230(c)(2) jurisprudence and analyze its interplay with other speech-preserving doctrines (must-carry laws, Constitutional free speech restrictions, net neutrality, consumer protection requirements of disclosure, etc.).
iBrattleboro
Mayhew v. Dunn, 580-11-07 (Vt. Superior Ct. March 18, 2008)
This is a simple and clean opinion. The defendants operate the iBrattleboro.com website. A third party posted material to the website that allegedly harmed the plaintiff. The website operators get a judgment on the pleadings. Case dismissed. This is a nice illustration of 230 working exactly as it should. Some useful color on the case from CMLP.
Posted by Eric at 10:27 AM | Derivative Liability , Publicity/Privacy Rights , Spam | TrackBack
April 21, 2008
Still Standing? Catching Up on the Jaynes Case
By Ethan Ackerman
Virginia's 1st-Amendment-deficient Spam law is still standing, but only because the Va. Supreme Court closely split over whether Jeremy Jaynes had standing to challenge it.
A cynic could dismiss the most recent ruling in this fairly well-covered and dissected criminal spamming case with the familiar legal adage - "bad facts make bad law." But cynics never read this blog...
So what happened?
Jeremy Jaynes was apparently quite the spammer, until he got caught in 2003 sending large volumes of commercial solicitations to AOL users via email messages with forged or misleading headers and From: addresses. As a result, he was charged with criminal violations of Virginia's spam laws. The initial appeal in this case was covered in an earlier post.
At the Va. Supreme Court, Jaynes brought up the same three primary challenges (lack of jurisdiction, Dormant Commerce Clause violations, and 1st Amendment overbreadth/vagueness violations) he raised at the Court of Appeals. He had the same unsatisfactory (for him) results. This previous post detailed where the Va. Court of Appeals' resulting opinion left things wanting on the First Amendment and jurisdiction front. If all was the same old-same old, however, I wouldn't be writing a separate post on the Va. Supreme Court's follow-up ruling. This opinion is a bit more rigorous, but runs into trouble (in my, and the 3 dissenters', minds) over First Amendment issues. As a result, this post is only going to focus on the First Amendment issues of the case. Spam law junkies looking for Dormant Commerce Clause, CAN-SPAM, or jurisdiction issues can read the next paragraph and then go here instead.
Hey wait? What about CAN-SPAM?
Astute readers may wonder where or if the federal anti-spam law comes into play here. The spamming in question took place in July 2003, before the passage of the effective date of the federal CAN-SPAM Act. While there's some question as to what degree this case, and other state laws on spam, could have been preempted by the federal anti-spam laws if it'd happened later, CAN-SPAM wasn't a retroactive law, and it didn't offer retroactive immunity.
On to the First Amendment (or outside it, in this case)
On appeal, Jaynes argued that the Virginia anti-spam statute swept overly broad in prohibiting some types of protected speech, in violation of the First Amendment. Virginia's particular prohibition on mislabeling or falsity in emails, commercial or otherwise, makes it particularly vulnerable to a First Amendment challenge. In fact, I'll come right out and say it: by not limiting itself to commercial emails, the law is almost certainly sweeping in emails that are protected under the First Amendment along with the unprotected fraudulent commercial speech that it can target.
There is vigorous First Amendment debate over each of the issues at play here. What degree of First Amendment protection does commercial speech have? Does commercial email get a different amount than other commercial speech? Does it matter if it's false? Misleading? Just in the headers, not in the content? Who decides? What if the emails are unsolicited, or sent in bulk? What if their headers are forged or altered? What if they're not commercial, but are still bulk? What if they're political? What if the 'altering' is just done to make the email effectively anonymous? Many spam cases at the state and federal level have turned on these distinctions. And the last issue - the scope of the First Amendment right to anonymous speech - drew a brief from the Virginia ACLU at each stage.
While the initial appellate opinion dealt unsatisfactorily with some of these issues, the Va. Supreme Court almost entirely sidestepped them. The Court found Jaynes' lacked 'standing' to even raise a First Amendment challenge to the law, and so declined to address the appeals court's findings on the merits of Jaynes' First Amendment claims. The funny thing is, in going out of its way to only decide standing and avoid a ruling on the merits, the Va. Supreme Court had to make almost all the legal and factual findings necessary to decide the merits.
A quick primer on Standing
'Standing' is a legal term of art that means it is proper for a particular person to be in court contesting something. Courts are vigilant about standing issues because most constitutions, state and federal, require that a particular person have it before they can challenge a law or bring a suit against another person. Standing decisions are also used to avoid deciding thorny issues before they're clearly at hand, or sometimes to avoid them altogether if the issue or law doesn't really apply to the person making the claim.
Take an animal lover in New York City, a wildlife watcher in Laramie, a commercial wildlife-watching guide operating in Yellowstone National Park, a wildlife biologist studying wolves at the University of Wyoming, and a wolf rancher operating a private free-range wolf farm outside of Cheyenne. Each of these people might be upset and allege harms related to a Wyoming statute that mandates the shooting of wolves. The law distinguishes between each of these categories by recognizing some and not others according to the principle of standing.
When someone is unfairly targeted by the way a law is enforced, or is actually prevented from doing something, or has been charged with committing a crime, they likely have standing to challenge the law - as it was applied to them. This is called an "as-applied" challenge to a law. It is a challenge only to the particular portion of the law applied to them in their particular facts and circumstances.
When a skateboarding youth contests her citation for loitering at the public park every time she joins up with her friends for a some skating, she's probably not alleging that the entire loitering statute is unconstitutional, or that the police can never issue a loitering ticket, but that a particular biased police officer is unfairly targeting her in a certain way that violates her First Amendment associational rights. This is an example of an "as applied" challenge.
On the other hand, in some cases a suit can be brought challenging a law outright, outside of a criminal or enforcement action. This particular head-on challenge is called a "facial" challenge to a law, and means that the law, as it is written, violates some other law or Constitutional principle. Facial challenges to a law are much less frequent precisely because many times standing is lacking. If Rosa Parks had sued Alabama over its bus segregation laws before she had ever been sent to the back of the bus, she would have had to allege that the law was unconstitutional "on its face," since it hadn't yet been "applied" to her.
Related to a facial challenge is an "overbreadth" challenge. It alleges that a partially acceptable law sweeps 'overly broad,' catching protected activities up along with those that may legitimately be restricted. A "no leafleting without a name and address on the leaflet" law might be constitutional when enforced against a commercial door-to-door vendor, but not when enforced against a political pamphleteer. These different types of challenges matter because many times whether or not a person has standing depends on what type of challenge - facial, as-applied, or overbreadth - they are bringing.
A breath-taking run through the First Amendment 'overbreadth' exception to standing rules.
As succinctly admitted by the Va. Supreme Court in Jaynes, a litigant may have standing to raise an 'overbreadth' claim against a statute even if they did not have standing to raise a facial or as applied challenge, because "the United States Supreme Court has recognized an exception to the ordinary rules of standing when Constitutional claims involve the First Amendment."
Why relax the otherwise good and useful principle of standing? If it works, it works, right? In general yes, but when it comes to speech, extra protection is a good thing, and chilling speech, even potentially, is a bad thing according to the Supreme Court. Better an occasional court case that is somewhat hypothetical than a wide-sweeping law that makes people reluctant to speak because they might step afoul of it. As the US Supreme court explained in Broadrick v. Oklahoma,
Litigants, therefore, are permitted to challenge a statute not because their own rights of free expression are violated, but because of a judicial prediction or assumption that the statute’s very existence may cause others not before the court to refrain from constitutionally protected speech or expression.
So the First Amendment "overbreadth" exception to standing serves to protect against laws that may chill speech. It's clearly a First Amendment protection device, and it's also clearly a procedural exception developed by courts. But which of those is it more like? That seemingly odd question turns out to make all the difference for Jeremy Jaynes' conviction.
A (not Constitutional?) means to a Constitutional End
If the overbreadth exception is an element of federal Constitutional law arising from the First Amendment, state (and federal) courts generally must follow it. Further, any prior Supreme Court rulings on the issue are binding on state courts as well. However, if it is just a rule of standing, albeit one that happens to protect important First Amendment interests, then state courts are generally free to apply it or reject it according to the laws of their own state. Much like setting filing fee prices, or specifying the number of days in which a motion must be filed, or whether a particular state recognizes "psychotherapist-client" privilege, standing rules can and do vary from state to state.
So is the overbreadth exception required by the First Amendment, or is it just a procedural rule that can be varied by pretty much any court or a state legislature? This kind of distinction - where a remedy or process guards a Constitutional right but (is or) isn't mandated by the Constitution - pops up in quite a few important Constitutional cases. Shockingly enough, reasonable people disagree, both in the US and in other countries with free speech laws facing similar questions.
Perhaps the most obvious US example of this distinction, and a helpful analogy, is the status of several procedural protections under the Fourth Amendment prohibition on warrantless searches. If police violate (or just plain don't get) a warrant but search a suspect or her premises anyway, does the Constitution require that any evidence seized be suppressed? Can the victim of the illegal search sue the police? The Supreme Court goes several ways depending on the question. In at least some cases, the Constitution itself provides a "Constitutional" right to sue, in other cases the suppression "remedy" or standing to sue turn on statutes or standing rules that may vary from state to state to federal law.
These types of inconsistencies seem to be creeping into overbreadth doctrine as well, with some legal scholars warning against the trend away from a Constitutional view and toward a 'mere' procedural standing view. The same challenge seems to be facing other common-law countries with free speech rights as well.
OK, OK, the answer already...
It turns out that the US Supreme Court may have already answered this particular question - or at least suggested a likely answer. In Virginia v. Hicks, even though the Court was ruling on the question of the degree to which enforcer discretion rendered a 'no loitering' statute overbroad, the Court also stated that state court standing rules, not the First Amendment or any other Constitutional considerations, determined whether the Virginia court even had to hear Hicks' overbreadth challenge. According to a brief paragraph in the unanimous majority opinion written by Justice Scalia, "Whether Virginia’s courts should have entertained this overbreadth challenge is entirely a matter of state law." The Virginia Supreme court says this answer is good enough - Virginia courts can choose whether to hear an overbreadth challenge.
But is this the full answer? Hicks is admittedly an on-point ruling on an overbreadth challenge. But is this really the best way to take Justice Scalia's preliminary (precatory?) statement? Concluding that state court protections of 1st Amendment rights are optional makes no sense. See Amendment 14, U.S. Constitution. Perhaps a better reading is that in Hicks, Scalia was saying that the Virginia court was free to choose whether to step above the federal constitutional overbreadth 'floor' and choose or decline to hear Hicks' overbreadth challenge because then-existing overbreadth doctrine didn't cover Hick's challenge. This 'overbreadth doctrine standing is a floor, not a ceiling' argument is perhaps the better reading.
To the State law, then...
In Jaynes, the Va. Supreme Court seized on the Hicks language in an effort to avoid admitting the Virginia spam statue is overbroad and infringes on the First Amendment. But how?
In a word, narrowly. 4-3, the state Supreme Court declined to hear Jaynes' First Amendment claims by holding that Virginia state law only required that overbreadth standing be granted to someone actually able to allege the statute in question was unconstitutional 'as applied' to them - effectively collapsing overbreadth challenges in state court into an 'as applied' challenge - at least in commercial speech cases. Of course the majority didn't couch its opinion like that, taking pains to state that the opinion preserved overbreadth standing in most cases but only denied it to those commercial actors whose speech was clearly outside of the protections the First Amendment grants commercial speech.
Wait, I thought they weren't going to decide the First Amendment issue?
There are several shortcomings with the Jaynes majority opinion. The most glaring inconsistency is the choice to decide that Jaynes' commercial speech, by virtue of its falsity or tendency to mislead, isn't the type of commercial speech entitled to First Amendment protection. The court says:
Jaynes’ commercial speech would fail the initial requirement for First Amendment review under Central Hudson Gas and Fox because it is “misleading” on its face. In that circumstance, it is reasonable not to accord the speaker of such misleading commercial speech, admittedly unprotected in its own right, standing to vicariously raise the First Amendment claims of others.
At first glance, this seems reasonable - it is, after all, a correct statement of First Amendment law under the so-called Central Hudson test. The Supreme Court's various First Amendment commercial speech tests all use truthfulness and non-deceptiveness as an initial threshold, one of the more certain principles in this somewhat varying field. Jaynes' commercial spamming rather clearly fell on the false/misleading/illegal side of the First Amendment line.
That non-controversial decision was a decision on the underlying First Amendment issue in the case, however. It is exactly what the Virginia Supreme Court majority was saying couldn't be made because Jaynes lacked standing. Jaynes petitioned the court to address the First Amendment issue of overbreadth. The Virginia Supreme Court declined, concluding "Because we hold the standing issue is dispositive, we do not address the [First Amendment merits] analysis." In other words, Jaynes lacked standing to raise a First Amendment issue, and so it would be inappropriate to rule on that First Amendment issue. But to come to that standing conclusion, the Court decided the First Amendment issue of whether Jaynes' speech was the type of speech entitled to First Amendment protection.
So what else is wrong?
The three member dissenting opinion of the Virginia Supreme Court (from p. 33 on) takes issue with the majority ruling. It does so not on the tangential issue of its internal inconsistency I raised, but head on. To paraphrase the dissent, 'you've got it wrong, there's a reason every other court, state and federal, does it the other way.' The dissent delves into the important First Amendment principle of avoiding laws with a chilling effect on speech. It reiterates that this vital principle is the reason for an exception to the general standing doctrines. The dissent emphasizes the inconsistency between state and federal law on this issue. The dissent notes, and wisely the majority previously conceded, that in federal court Jaynes would have had standing. That's not just inconsistent, the dissent notes, but it will push cases construing Virginia statutes out of Virginia courts (where they now can't be brought) and into federal courts. It's Virgina's courts' job to construe these laws, the dissent please, and Virginia courts' job to remedy them if needed.
Epilogue
As noted last time, Jaynes is out of any mandatory appeals. This Virginia Supreme Court case was a discretionary review. Any US Supreme Court case would also be discretionary. As other bloggers have noted, this case splits the general Supreme Court trends on First Amendment issues, furthering the Supremes' trend of narrowing standing, but also offering less First Amendment protection to commercial speech than the likely-more-protective current Supreme Court might.
UPDATE 9/12/08
After granting a discretionary re-hearing, the Supreme Court of the State of Virginia reversed its earlier opinion, and Jaynes' coviction, and held the Virginia anti-spam statute unconstitutionally violates the 1st Amendment. Since the statute covers non-commercial as well as commercial speech, the Court ruled it is unconstitutionally broad. In doing so, the court concluded that its initial reading of Hicks was problematically narrow, and Jaynes properly had overbreadth standing.
Posted by Ethan Ackerman at 09:44 AM | Spam | TrackBack
March 2008 Quick Links, Part I
By Eric Goldman
It's a sign of my busy March/April that I am just now posting these...
Reputation/47 USC 230
* I have a lot to say about the JuicyCampus story (AP, MSNBC, Chronicle of Higher Education). Unfortunately, I ran out of time to write a full blog post on the subject. For now, some quick thoughts about this interesting and complex situation:
- Taken to its logical conclusion, 47 USC 230 naturally enables sites to do absolutely nothing to restrict harmful speech. (I'm not saying that accurately describes JuicyCampus--I don't have enough facts to make that claim). However, that's not an unexpected failure of the statute--it's the natural consequence of the statute's design. Any concerns about the costs of unrestricted speech fora need to compared with the costs of more regulated systems. It's not clear that one result is automatically better than the other, and certainly there are costs implicit in all solutions. Sam Bayard explores this issue more.
- Sites that lack credible information will face marketplace responses regardless of any legal rules. In JuicyCampus' case, the marketplace responses include consumers deeming the site not credible, plus intermediaries (in this case, universities) may simply block access by its core users.
- Any possible legal action by the New Jersey Attorney General over JuicyCampus' facilitation of harmful speech should be unambiguously preempted by 47 USC 230--even after Roommates.com.
- The attempted legal bypass to 47 USC 230--trying to convert a negative covenant from the users in the user agreement into an actionable affirmative marketing representation by JuicyCampus--is analytically corrupt. It's also not the law, and it's been rejected in several 230 cases (Noah v. AOL comes immediately to mind). Rebecca has more to say on this issue.
- If negative behavioral covenants by users in a user agreement are actionable affirmative marketing representations that such behavior isn't occurring, then the Internet is a target-rich ecosystem because I imagine that just about every Internet company is eligible for enforcement actions.
- Isn't it typical of an enforcement action to go after the target's vendors (in this case, JuicyCampus' ad networks) and watch them instantly fold?
- This issue reminds us that a website can't promise its users anonymity if it allows anyone else (such as an ad server) to serve up portions of its page and thereby have the ability to collect the same server log data.
* Ciolli v. Iravani: The AutoAdmit lawsuits spill over into a new battleground. As I said when I first blogged on the case, this is a "very messy situation" that has only gotten messier.
* Nemet v. ConsumerAffairs.com. Another lawsuit against an online consumer review site for publishing allegedly defamatory negative critiques.
* Steinbuch v. Cutler, 2008 WL 596747 (8th Cir. Mar. 6, 2008). Steinbuch's lawsuit against Hyperion, the publisher of the Washingtonienne book, can continue in Arkansas. His other claims must proceed in Washington DC if at all.
* Washington Post: Due to the speed at which gossip moves over the Internet, "compared with the pre-Internet era, politicians are less likely than ever to survive a sex scandal with their careers intact."
* H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, 56 U. Kan. L. Rev. 369 (2008). Prof. Holland wrote a paper I had been meaning to write! He explains how 47 USC 230 enables online communities to use a variety of self-governance structures, while a different liability regime would give communities fewer choices and thereby inhibit community formation and management.
Search Engines
* A Canadian web network called Geosign received $160M of VC money but the company was rendered worthless overnight when Google changed its policies and cut off traffic. Domainers beware!
* New book worth checking out: WEB SEARCH: MULTIDISCIPLINARY PERSPECTIVES (Amanda Spink & Michael Zimmer, eds.) (Springer 2008). A nice cross-section of essays on search engine issues from multiple disciplines.
* Need some original content to improve your SEO? You can automatically generate it through splogging, or you can pay actual humans a small amount of money to write short articles. If the cost is low enough and the SEO credit for truly original content is high enough, the latter may end up being a better economic deal.
Spam
* The FTC has lost a jury trial against Impulse Media on its theory that Impulse Media is liable for the spam sent by its affiliates. This is a pretty important decision because (1) the FTC/DOJ rarely lose at trial, (2) their expansive theories about liability for affiliate behavior may be legally incorrect, and (3) the FTC has strong-armed numerous defendants into settlements based on its theory, and future defendants now be willing to fight back.
* On that topic, Cyberheat won an early round in litigation with the FTC over its affiliate practices but has now settled up with the FTC. The settlement gives some guidance about the FTC's thoughts of how marketers should police affiliates, but the Impulse Media jury loss may undermine the teaching of this settlement.
Posted by Eric at 08:32 AM | Derivative Liability , Licensing/Contracts , Marketing , Search Engines , Spam | TrackBack
March 02, 2008
Feb. 2008 Quick Links
By Eric Goldman
Advertising
* BusinessWeek: Monetizing social networking sites isn't as easy as everyone had hoped, clickthrough rates are through the floor (0.04%!), and ad proliferation on the sites is driving users away.
* Wilbur, Kenneth C. and Zhu, Yi, "Click Fraud" (January 2, 2008). This paper appears to argue that search engines can increase their profits by failing to disclose the true rate of click fraud on their network.
* In re Miva, Inc. Securities Litigation, 2008 WL 450037 (M.D. Fla. Feb. 15, 2008). This lawsuit alleges that Miva and some associated individuals understated or misreported Miva’s reliance on click fraud, spyware and third party distributors in its public statements and thus inflated the company's stock price. Last year, the court dismissed many of the allegations but let a couple survive. In this ruling, the court dismisses a few more defendants from some statements and lets the rest of the case proceed.
* Going-out-of-business sales are often just another scam. (HT ContractsProf). Note this is completely consistent with economists’ theoretical predictions of final-period behavior of trademark owners.
* Google's stock has lost $70B in market cap in 7 weeks. Oh darn. Clickz offers some theories about why Google's clicks are declining. Could lower rates of click fraud be part of it?
* Hal Varian, Google's Chief Economist, argues that Google's marketplace success is solely due to its "secret sauce" (i.e., the advantage of learning by doing) rather than any defects in the marketplace.
Spam
* Jaynes v. Virginia (Va. Sup. Ct. Feb. 29, 2008). By a 4-3 vote, the Virginia Supreme Court upheld Jeremy Jaynes' 9 year sentence for violating Virginia’s spam law.
* Silverstein v. Experienced Internet.com, 2008 U.S. App. LEXIS 3364 (9th Cir. 2008). Ninth Circuit dismissed a CAN-SPAM lawsuit for lack of jurisdiction when the defendants attest that they didn't send the message and aren't local.
Domain Names
* NSI has been sued for its practice of grabbing pre-registration domain names based on WHOIS searches. The complaint. Good luck defending those practices, NSI!
* Two more breathy articles about the economics of domaining from the New York Times and Network World.
47 USC 230
* Johnson v. Barras, 2007 CA 001600 B (DC Superior Ct Feb. 1, 2008). Court dismisses a lawsuit against a website for republishing a defamatory story per 47 USC 230.
* Yet another doomed lawsuit against MySpace for facilitating communications between an adult male and an underage female that led to sex. Sam Bayard's comments.
Pornography
* NY Lawyer (login required): "Defense Bar Sees Growing Practice in Internet Sex Crimes"
* A federal obscenity prosecution for publishing graphic short stories (without pictures) on the Internet? As Tim Wu says, "astonishing."
* The Utah legislature is considering entering the marketplace again, this time through a certification mark program for Internet access providers who are willing to combat porn. See HB407. Of course, the Utah legislature has had terrific success in the past creating successful new business opportunities that the marketplace has overlooked.
User-Generated Content
* Nick Carr: "What we've seen happen with self-regulating communities, both real and virtual, is that they go through a brief initial period during which their performance improves - a kind of honeymoon period, when people are on their best behavior and rascals are quickly exposed and put to rout - but then, at some point, their performance turns downward. They begin, naturally, to decay." Like, I think, Wikipedia.
* Slate on the top-heavy nature of contributions to Wikipedia and Digg.
* Christian Science Monitor: Teachers Strike Back at Students' Online Pranks.
* Sam Bayard on a motion to quash in the AutoAdmit case.
Reputation
* eBay no longer lets sellers leave negative/neutral feedback for buyers. This putatively stops sellers from retaliating against buyers who leave legitimate complaints, but it also skews the database towards only positive reviews, which ultimately undercuts its credibility.
* In India, where courtships remain very brief by US standards and grooms can be paid dowries by the bride's families, there is an emerging trend for brides to hire "wedding detectives" to ferret out the scoop on grooms and whether their representations are correct.
* Funny article on being a secret shopper for Consumer Reports.
* Dan Solove's book, The Future of Reputation, is now available online for free. Ethan's review of the book.
Patents
* Six years later, eBay finally buys it now: eBay v. MercExchange settles with eBay buying out some of MercExchange's patents and licensing others.
* Mike Masnick: "Psst! Patent Examiners Do Not Scale"
Copyright
* Mike Masnick: “Why We Should All Want Politicians Who Plagiarize.”
* Do Not Resuscitate...My Copyrights (funny).
Miscellaneous
* Citizen Media Law Project has a useful discussion on getting insurance for cyberlaw risks.
* People v. Fernino, 2008 WL 382348 (N.Y. City Crim. Ct. Feb. 13, 2008) (woman violated a no-contact order when sending a MySpace message to the person).
* Mike Masnick: "We Need A Broadband Competition Act, Not A Net Neutrality Act"
* A retrospective on some of the leading dot-coms from the 1990s.
Posted by Eric at 05:32 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Marketing , Patents , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
February 12, 2008
Jan. 2008 Quick Links (Non-IP Edition)
By Eric Goldman
47 USC 230
* Doe v. SexSearch, the case absolving a website for age verification of its users, has been appealed.
* The Supreme Court denied cert in Parker v. Google. See 2008 WL 114262.
* NYT update on the Subway v. Quiznos lawsuit. I'm still waiting to see how the CCBill case affects the legal analysis.
Ripoff Report
* CMLP reported that Energy Automation Systems v. Xcentric Ventures has settled.
* A lot of people would love to take down the Ripoff Report. The latest (perhaps unexpected) opponents--the SEO crowd. See here, here and here. Definitely not a group I'd want to have gunning for me...
* Sarah Bird wrote the blog post I wanted to write: a recap of all of the litigation involving the Ripoff Report and its related entities. She updates a number of cases I've blogged about here.
Privacy
* The quest to find defendants in the AutoAdmit lawsuit has spilled over to unrelated websites whose URLs were posted to AutoAdmit, on the theory that AutoAdmit users were likely to have visited there prior to or after the links were posted. See the plaintiff's motion. This has proven to be a controversial move; see critiques from Mike Masnick and Sam Bayard.
* World Privacy Forum's Top Ten Opt Outs.
* The Privacy Rights Clearinghouse has compiled a master list of all the data breaches that have been announced.
Spam
* Venkat on 4 years of CAN-SPAM. I think the best we can say is that CAN-SPAM hasn't destroyed email as a communication tool, but I am skeptical that its significant transaction costs are outweighed by its benefits.
* Search Engine Land shows Wired that its wiki isn't spam-proof and then apologizes for it.
Marketing/Advertising
* Greg Linden predicts a dot-com crash in 2008 where a dry-up of investment capital will lead to marketing desperation: "Much like we saw after the 2000 crash, it is likely that those with little to lose will attempt scary new forms of advertising. The Web will become polluted with spyware, intrusiveness, and horrible annoyances. None of this will work, of course, and there will be lawsuits and new privacy legislation, but we will have to endure it while it lasts."
* Oddee has some vintage ads that couldn't be made today.
Blogging
* Examples of how blogging is actually increasing some companies' sales.
* Giving in to cyberspace exceptionalism, a divorce court judge