July 03, 2009
Ninth Circuit Revives TCPA Claim--Satterfield v. Simon & Schuster
By Eric Goldman
Satterfield v. Simon & Schuster, Inc., No. 07-16356 (9th Circuit June 19, 2009)
Satterfield sued Simon & Schuster (and its mobile ad agency) for sending text messages to her cellphone without the requisite permission. The district court dismissed her lawsuit; but in this ruling, the Ninth Circuit revives it. Three aspects of this ruling make it noteworthy.
When is a Text Message a Telephone Call?
The court holds that a text message to a cellphone is a "call" for purposes of the Telephone Consumer Protection Act (TCPA). This isn't unprecedented. The FCC took this position in 2003, and in 2005, I blogged on the Joffe v. Acacia Mortgage case reaching the same conclusion. Nevertheless, as I pointed out in response to the Joffe case, it reminds us of the silliness of medium-specific anti-marketing restrictions when the media collapse into each other. See my Coasean Analysis of Marketing paper for more.
Poor Consent Language
Satterfield signed up for a free ringtone from Nextones. As part of the registration process, Satterfield affirmatively checked off a box next to the following language:
Yes! I would like to receive promotions from Nextones affiliates and brands. Please note, that by declining you may not be eligible for our FREE content.
This language is hardly a model of clarity. What are "Nextones brands"? What are "Nextones affiliates"? The court adopts a trademark-style definition for "brands" and a corporate governance-rooted definition for "affiliates." Interestingly, Nextones posted its own definition of affiliates elsewhere on its site to mean other companies who “sell mobile content such as ringtones and graphics.” As the court points out, "Simon & Schuster does not fall within Nextones’ own definition." Whoops.
Obviously, better drafting could have easily avoided this problem and probably would have had little effect on conversion rates. Say what you mean, and mean what you say!
For what it's worth, one of my past Cyberlaw exams involved an ambiguously drafted online checkbox consent, a problem partially based on a real-life situation encountered by Yahoo. See the exam and sample answer.
Complex Chain of Distribution
Satterfield's cellphone number/text message address fell into Simon & Schuster's hands through a complex chain of distribution as follows:
Satterfield gives # to Nextones =>
Nextones gives # to MIA, its "exclusive agent for licensing the numbers of Nextones subscribers" (huh?) =>
MIA gives # to ipsh!, which describes itself as "the world's award-winning, full-service mobile marketing and advertising agency" =>
ipsh! gives # to mBlox, an aggregator who "handled the actual transmission of the text messages to the wireless carriers" =>
Simon & Schuster contracts with ipsh! to run a text message campaign for Simon & Schuster's new Steven King novel Cell. (Ironic name? Maybe this lawsuit will spur Stephen King to write a sequel, Cellphone).
As you know, lawyers aren't very good at math, but according to my count, it looks like four different intermediaries "touched" Satterfield's number (Nextones, MIA, ipsh! and mBlox) before it was used by Simon & Schuster, the ultimate advertiser. With that many intermediaries, there are significant additional transaction costs to reach cellphone subscribers.
More importantly, this complex chain creates a sizable risk that one or more of the entities along the way would misinterpret or forget any restrictions on the customer's grant of permissions. Certainly, I can't figure out how Nextones/MIA thought this distribution chain fit within the checkbox consent it asked for and received. (Interestingly, neither Nextones nor MIA are defendants in the case).
I also cannot figure out how ipsh!/Simon & Schuster failed to detect this permissions problem in their diligence. They did diligence the source of the cellphone numbers...didn't they? They didn't just blindly assume that they could purchase a package of random cellphone numbers and party on...did they?
Posted by Eric at 09:51 AM | Marketing , Spam | TrackBack
June 17, 2009
Twitter, Email and Brand Engagement
By Eric Goldman
Last week, in an interview with a reporter, I extolled the virtues of Twitter as a tool for brands to keep in touch with and engage their customers. The reporter responded by asking why brands would choose Twitter to engage customers instead of email, which companies have been using successfully for many years. I thought this question raised important issues about online marketing, so I thought it would be worth exploring the differences here.
Let's start with some basics. I am a big fan of email marketing. Like many of you, I have voluntarily signed up for numerous commercial email newsletters/announcement. I also get unrequested email from companies I've dealt with; I look at some of these, I ignore others, and occasionally I get so fed up that I blacklist the sender or report it as spam. I also get spam, LOTS of spam, but it doesn't bother me too much. Gmail has a good spam filter and it only takes a minute or two a day to sort, review and delete the spam.
However, as a recipient, email has some downsides. Most obviously, it is not always easy to unsubscribe. I remain amazed in this post-CAN-SPAM era by how often email unsubscriptions don't work. The link may be down, or my opt-out simply doesn't stick technologically, or the sender just ignores me. This is true even for senders who are involved in the legal industry and are spamming lawyers who love to bring lawsuits (never a wise move). If I were a litigious plaintiff, I would have no problem finding plenty of defendants.
Email also has the downside that the sender has my email address and may share it with others who are going to clutter up my in-box. With a good spam filter, this extra unwanted email isn't a huge problem, but the mere threat of subsequent email deluges can give me pause about whether or not I trust a website enough to give them my email address. (As you can appreciate, the website's privacy policy is a complete non-factor in my trust determination).
From the sender's standpoint, email is a huge pain. It is more heavily regulated than other marketing media, and complying with the regulations (such as providing a reliable opt-out mechanism) is costly and filled with litigation risks. Perhaps more importantly, email can be reported or killed as spam at several steps along the way, and the sender can be tagged as a spammer as well for all future messages. So, for example, a big website's email distribution of an announcement about a new user agreement or privacy policy--a completely legitimate communication between a site and its users--is almost certain to prompt a flurry of unsubscribes, emails from users who insist to their IAPs and email service providers that they are being spammed (even though they often just forgot about the relationship), and lots of bouncebacks from dead email addresses that may cause some IAPs/email service providers to blacklist the sender as a spammer. Plus, a bunch of users will never see the message at all because it goes into their spam folder. (Recall, for example, that AT&T spam-foldered its own contract amendment announcement). These are not exactly the hallmarks of an effective communication technology.
Contrast the user experience with Twitter. More than anything, Twitter is a no-risk opt-in communication tool for consumers to listen to marketers. I can follow a brand at Twitter any time, and more importantly, I can unfollow at any time too. Plus, there isn't any risk that the brand I'm following will ignore my unsubscribes or pass along my Twitter username to spammers. When I unfollow, the relationship is completely over on my terms.
From the brand's standpoint, Twitter has none of the baggage of email marketing. No spam folders to fear, no unsubscribes to manage, no CAN-SPAM. Sure, Twitter's tight character restriction mostly limits marketers to headlines, but frankly this isn't all that different from maximizing email subject lines to get email recipients to open the email.
Twitter has one other really important benefit for brands. Folks are often willing to retweet a message--even a commercial message--thereby sharing it to their entire follower base in ways that these same folks would never forward a commercial email to hundreds of their friends. And this type of word-of-mouth marketing is the holy grail of marketing because of the extra imprimatur of having the message validated by someone in the reader's social network. The retweeting phenomenon is a powerful traffic driver (I've been watching how it boosts my bit.ly stats), and marketers who aren't on Twitter are missing some upside. (Please, marketers, don't even consider shilling or astroturfing or any of those other silly stunts to generate faux word-of-mouth marketing; if you have a good offering, you really don't need to disrespect people that way).
I don't follow many commercial brands in Twitter, but I do want to mention three brands that have impressed me:
@LivingHarvest. I tried hempmilk for the first time recently, and I was fascinated to learn about the extensive anti-industrial hemp regulations that have hampered hempmilk from coming to market. LivingHarvest, a hempmilk manufacturer, is Twittering the status of various legislative efforts to enable industrial hemp farming. It's a fascinating political drama.
@UnitedAirlines. I am a frequent flyer on United Airlines, so I'm already on their email list. But they have totally gotten the point of Twitter. Not only have they been offering valuable freebies to their Twitter follower to boost their subscriber count (they are giving away discount certificates if you sign up before they hit 50,000 followers), but they also offer "Twares," blowout deals on remnant inventory. LOVE IT!
@AmazonMP3. Amazon offers one highly discounted MP3 download a day, and this Twitter account notifies me of the deal of the day. Great stuff. I've lost track of the number of times I've purchased albums this way.
Twitter practices like these build my trust as a loyal customer and pull cash out of my wallet in ways email marketing never did.
One final point: RSS offers many of the same benefits as Twitter in terms of reader empowerment, although it does not have the same retweeting upside. In particular, RSS is a true opt-in like Twitter. The website doesn't get my email address, and whenever I unsubscribe from the RSS feed in my RSS reader, it's over.
For example, as I recently mentioned, RSS is a great option for websites to allow users to learn about changes to user agreements and privacy policies on a true opt-in basis. In this respect, RSS is so much better than email. Consider, for example, DoubleClick's privacy policy, which offers users the opportunity to learn about privacy policy amendments by signing up to an email list. (DoubleClick will rarely have the email address already because it doesn't have direct privity with users). DoubleClick's option is a more enlightened practice than most similar web services, but still, no thanks. If I don't trust DoubleClick's privacy practices to begin with, I'm not going to give them my email address with the risk that they will spam the crap out of it and pass it along to others who will spam the crap out of it too. Of course DoubleClick promises not to do this, but the whole point is that those promises mean nothing to the people who don't trust DoubleClick to begin with. On the other hand, if DoubleClick offered an RSS feed to announce modifications to its privacy policy, then I could subscribe to its notifications with no spam risk at all.
I'm so enamored with RSS as a superior notification tool for announcing privacy policy and user agreement amendments that I will be recommending it to all of my clients as a supplement to other notification options. I hope you'll consider doing the same.
Posted by Eric at 07:03 AM | Marketing , Spam , Trademark | TrackBack
May 19, 2009
Expansive Preemption of State Anti-Spam Laws Is Curtailed
Courts are splitting over the scope of CAN-SPAM preemption, with even judges in the same federal division disagreeing.
By Ethan Ackerman
It is a truth universally recognized that a legal blogger whose legal positions cause them to eat crow or be left crying out in the wilderness usually will be entitled to the occasional I-told-you-so post as well. Two (of three) recent court opinions from California suggest that courts are (sometimes) beginning to reject the broad CAN-SPAM preemption holdings that have followed the reasoning of the 4th Circuit's Mummagraphics case.
Hypertouch v. ValueClick
First, the status quo. A slight majority of the cases addressing CAN-SPAM preemption of state laws have found preemption. Starting with some adverse rulings in response to repetitious pro-se litigants in Washington state, and building on the sweeping Mummagraphics opinion from the 4th Circuit Court of Appeals, many judges have been tempted to dismiss state anti-spam law claims as somehow preempted by the federal CAN-SPAM Act.
Hypertouch v. ValueClick falls squarely into this category. The opinion was handed down by Los Angeles Superior Court judge Richard Adler, but it basically relies on the N.D.Cal. District Court Opinion by Judge Chesney in Hoang v. Reunion.com, which in turn relies on Mummagraphics for its preemption analysis. Judge Adler's holding, "that any claim [desiring to survive preemption] must be based on fraud" represents just the most recent of what is becoming a majority position on CAN-SPAM preemption cases. This case was likely particularly problematic for plaintiff Hypertouch, representing a state court loss following on the heels of its federal court loss earlier.
Fortunately, the tide may be turning away from impossible fraud standards and back in favor of the actual language of the CAN-SPAM preemption clause, as two recent opinions show.
Asis Internet Servs. v. Consumerbargaingiveaways
The defendants in this N.D.Cal. district court case seemed to put in a rather rote defense recycling the holdings of Hoang v. Reunion.com, a previously blogged N.D.Cal. district court that found CAN-SPAM preemption and even a blurry holding that plaintiff might lack Constitutional standing. I imagine they were a tad surprised when another N.D. Cal. district judge in the same division, Judge William Alsup, held that their Constitutional standing argument was "without merit" and their California anti-spam law standing argument was "mistaken." Over and above this significant difference from the Reunion.com line of thinking, Judge Alsup's biggest departure occurs later in the opinion where he parses the preemption language of the CAN-SPAM Act. Because a second N.D. Cal. case in another division also follows and amplifies Judge Alsup's reasoning, I thought I'd summarize them together below.
AsIs v. Vistaprint
Judge Saundra Brown Armstrong wastes no time in getting to the meat of the preemption issue in her Vistaprint holding, declaring after one brief paragraph listing the differing cases on the issue that "[t]his court agrees with the preemption analysis in the recently published order in Asis [v. Consumerbargaingiveaways], and similarly rejects Defendants' preemption challenge."
Judge Armstrong's similarly brief elaboration on this holding is equally informative in its brevity - the core of her holding taking up a few brief paragraphs:
"The very terms of the savings clause exempt laws that proscribe "falsity or deception" in email advertisements, and although the terms are not defined in the Act, this Court finds they should be applied more broadly than just to common-law fraud claims. After all, Congress explicitly used the term "fraud" in the next provision of the preemption clause, yet did not in the savings clause... In the provision immediately preceding the preemption provision, Congress specifies that "[n]othing in this chapter shall be construed to affect in any way the Commission's authority to bring enforcement actions under FTC Act for materially false or deceptive representations or unfair practices in commercial electronic mail messages." The Court is persuaded that here too, Congress intended the phrase "falsity or deception" to be apply more broadly than just to common-law fraud claims."
I told you so?
If this 'when Congress meant one thing, it said it, when it meant something else, it said something else' argument doesn't sound familiar, I'll step in with my own I-told-you-so pointer to my prior post on Congress' careful word choice in the CAN-SPAM drafting negotiations:
When 'falsity' was intended, as in 15 USC 7707(b)1, 'falsity' was used. When 'fraud' was intended, as in a mere paragraph later in 15 USC 7707(b)2, 'fraud' was used. When 'falsity' wasn't enough, but 'fraud' was too much, as in 15 USC 7701(a)1, 'materially false' was used. When Congress wanted to require actual knowledge, or a specific intent, as in 7704(a)2 and 7702(12), it used the terms "actual knowledge" and "intentionally."
The brief icing on this I-told-you-so cupcake comes from Judge Alsup's astute observation that the Mummagraphics opinion doesn't even expressly hold all that subsequent courts have attributed to it, a point I identically brought up in criticizing the scope of the Mummagraphics holding. Judge Alsup has this to say:
"Most or all of the district court decisions that have equated “falsity or deception” with fraud have relied on [Mummagraphics. Mummagraphics,] however, merely held that state laws were preempted insofar as they permitted claims for immaterial errors. It did not hold, at least not expressly, that all elements of common-law fraud were required or that any particular element other than materiality was required to survive preemption."
I'd say that's a more eloquent version of my earlier observations that district courts were extending Mummagraphics even further than its mismatched holding suggested:
"[T]he Mummagraphics holding, for all its strong dicta about fraud and broad preemption, only held that CAN-SPAM would preempt a strict liability statute... Mummagraphics' stated holding (strict liability is preempted) is inconsistent with the Mummagraphics result (a 'more-than-strict-liability' statute was preempted)."
Also worth a read is the observant coverage at spamnotes.com.
Posted by Ethan Ackerman at 09:25 AM | Spam | TrackBack
May 03, 2009
April 2009 Quick Links
By Eric Goldman
[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]
Marketing/Spam
* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.
* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.
* NYT: "Never Mind What It Costs. Can I Get 70% Off?"
* Tsan Abrahamson on social media and marketing law.
* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.
* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).
Defamation
* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.
* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.
* CMLP has a page organizing all of its 47 USC 230 material.
Intellectual Property
* Publicly republishing a private email leads to a default judgment of copyright infringement.
* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."
* Octomom is seeking trademark registrations.
Miscellaneous
* GeoCities is shutting down.
* eBay will referee customer disputes.
* Wilson Sonsini's VC financing term sheet generator.
* Oddee: 10 Most Bizarre [Online] Gaming Incidents
Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack
April 10, 2009
Q1 2009 Quick Links, Part 2
By Eric Goldman
Trademarks/Domain Names
* The ridiculous Jones Day v. BlockShopper case settled. The settlement agreement. The ABA Journal and Legal Blog Watch stories. Commentary from CMLP, Paul Levy, Tom O'Toole.
* The trial court denouement of the S&L Vitamins v. Australian Gold did not turn well for the defense--$6M jury award. The S&L Vitamins v. Australian Gold and Designer Skins v. S&L Vitamins cases subsequently settled. According to Ronald Coleman: "This settles, for our clients S&L Vitamins, Inc., the Australian Gold case and the related appeal in the Designer Skin case. All money judgments are vacated and parties bear their own fees. Our client agrees to move on to another line of work, however."
* Twelve Inches Around Corp. v. Cisco Systems, Inc., 2009 WL 928077 (S.D.N.Y. March 12, 2009). 17 USC 512(f) does not cover trademark takedown notices.
* Suarez Corp. v. Earthwise, 2008 U.S. Dist. LEXIS 92931 (W.D. Wash. Nov. 14, 2008). Including a competitor's name in a web page disclaimer creates initial interest confusion when the competitor's name is indexed by the search engines. Compare Promatek v. Equitrac, the 2002 7th Circuit case ordering the defendant to include the plaintiff's name on its web page as a cure for initial interest confusion.
* CRS Recovery v. Laxton, 2008 WL 4408001 (N.D. Cal. Sept. 26, 2008). Another California-based court says that domain names are property that can be converted. I'm amazed that these cases are still being brought.
* North American Bushman, Inc. v. Saari, 2009 WL 211932 (M.D. Pa. Jan. 27, 2009) The parties entered into a settlement agreement that "Plaintiffs further agree not to use, and in addition, to offer up or destroy, any material that includes, but is not limited to, the names, photos, images, embroideries, of likeness of [Defendant] James Saari and any of the a above named trade names and trademarks of Defendants." The court holds that this provision wasn't breached when third party users posted comments referencing the defendants in UGC areas of websites operated by the other party.
* Advice Co. v. Novak, 2009 WL 210503 (N.D. Cal. Jan. 23, 2009). Justia page. Stupid lawsuit alert! Attorneypages.com believes Attorneyyellowpages.com infringes its trademark. Case dismissed for lack of personal jurisdiction. Participating in Google AdSense doesn't automatically create jurisdiction in CA.
* DSW v. Zappos, which involved allegations of trademark infringement based on Zappo's affiliates, settled.
* An update on Google's AdWords woes in France.
* Kiva Kitchen & Bath Inc. v. Capital Distributing Inc., 2009 WL 890591 (5th Cir. April 2, 2009). The Fifth Circuit upholds enhanced damages under ACPA. Good discussion of the purpose of damages in the ACPA.
* Toys R Us buys the domain toys.com for over $5M. Is any domain name worth $5M any more?
* A 2007 interview with "Pokey" of Pokey.org fame. This is one of my favorite domain name disputes from the 1990s. A very smart cyberlawyer (Ian Ballon), on behalf of the trademark owners of Pokey & Gumby, unexpectedly got into a public tangle with a 12 year old kid nicknamed "Pokey" over the domain name pokey.org. Debating 12 year old kids in the press never turns out well.
Advertising/Marketing
* Some new material on behavioral advertising: an FTC report and a CRS report.
* Latest NYT article on human billboards. See my prior blog post.
* Privacy advocates are freaking out about Google Android and its ability to deliver location-based information and ads. But location-based information and ad targeting is inevitable...and a good thing.
* Action over mobile marketing: Mobile Messenger settled a false advertising suit with Florida for $1M, and another settlement. Google's response.
* The class in the "Vista Capable" lawsuit was decertified.
* Tsan's post on the latest FTC efforts to rein in testimonials on social networking sites and blogs. Unfortunately for the FTC, some of its efforts may be preempted by 47 USC 230.
* eBay v. Digital Point Solutions, 2009 WL 481269 (N.D. Cal. Feb. 24, 2009). eBay loses an intermediate round in its cookie stuffing lawsuit against Digital Point Solutions.
* e360, a serial defendant in spam cases, sued Choicepoint for selling it email addresses that led to the suits. Apparently neither e360 nor Choicepoint got the memo that the days of email list brokering are dead.
Search Engines
* Study: Google's search lead not matched by loyalty. A critical response.
* Is Google giving big brands extra credit in its organic search results rankings? Compare: media giants complaining they don't get enough weighting in organic results.
* Sign of improving consumer search skills: search queries are getting longer.
* Yahoo reserves the right to "auto-optimize" advertiser accounts by changing ads and advertiser bids automatically. This is not a popular move.
* Wired: The Plot to Kill Google.
Posted by Eric at 10:20 AM | Domain Names , Internet History , Marketing , Search Engines , Spam , Trademark | TrackBack
April 08, 2009
Q1 2009 CAN-SPAM Quick Recaps
by Ethan Ackerman
While it seems most CAN-SPAM watchers (and even traditional media, apparently) await the results of key 9th Circuit and California Supreme Court cases, CAN-SPAM rulings in lower courts and in other Circuits continue to trickle in. Two of these new cases raise issues this blog has covered in the past, but they're still worth a quick note.
Ferron v. Subscriberbase Holdings, Inc
(excellent coverage, and a link to the decision, at spamnotes.com)
This case manages to come out just right in its results, even though the opinion relies rather extensively on the 4th Circuit's rather poorly-reasoned Mummagraphics precedent.
If ever there were a cut-and-dried 'actual statutory conflict' preemption case that largely didn't have to resort to parsing the CAN-SPAM Act's preemption language, it is this case. The 6th Circuit Court should have just done a straight forward preemption analysis and said: "The OH statute imposes labeling and physical address requirements in a manner inconsistent with CAN-SPAM's labeling and physical address requirements. Actual conflict preemption - the end. We need not dally in the hypothetical of whether CAN-SPAM's preemption savings clause for 'falsity or deception' applies..." While the Court came to the correct conclusions about CAN-SPAM's preemption clause not applying to this particular statute, because this statute wasn't a "falsity and deception" law, the court muddied the waters by using Mummagraphics to get there.
On the other hand, the court correctly pointed out that the general OH consumer protection act claims were not preempted, because the state act is one of general applicability and has "false or deceptive" elements, just like CAN SPAM's exception requires. [Author's comment: Wow, you'd think CAN SPAM had been specifically drafted to pointedly protect state consumer protection acts from preemption or something...]
Hypertouch v. Azoogle.com, 2009 WL 734674 (N.D.Cal.)
While this order granting motions to dismiss and granting leave to amend the complaint is a new and separate case, you could be excused in confusing it with another of federal District Judge Chesney's spam cases - the previously-blogged Hoang v. Reunion.com.
Like in Reunion.com, the opinion confuses the tort of fraud, with its special elements and pleading requirements, with the statutory provisions of the CAN-SPAM Act. To be fair, Judge Chesney does a precise and accurate job with the preemption analysis under CAN-SPAM. Everything in the opinion is an appropriate statement of the law regarding preemption, including the review of plaintiff's less-common trespass to chattels claim.
It's at the erroneous rulings over fraud pleading standards where this opinion looses its steam. As I bemoaned in a post over the same error in Reunion.com, falsity is still not the same thing as fraud, especially when Congress distinguishes between them in a statute. Unfortunately, this opinion also repeats this earlier mistake, and explicitly imposes the heightened pleading standards of FRCP Rule 9 because the pleadings "sound in fraud." It's dismaying to see this mistake again, especially after the judge even concedes that the plaintiffs in their complaint explicitly noted that they were not asserting a general claim for the tort of fraud.
Posted by Ethan Ackerman at 09:38 AM | Spam | TrackBack
March 31, 2009
Virginia v. Jaynes - This Time Really is The End
by Ethan Ackerman
The US Supreme Court has declined to grant a petition for certiorari filed by Virginia's Attorney General in Virginia v. Jaynes. That denial means the Virginia state Supreme Court's holding is the final say in the Jaynes case, and the Virigina spam statute is definitively unconstitutional.
While some coverage is suggesting that the Supreme Court had an opinion on this case or otherwise endorsed the ruling below, other articles are correctly framing the cert. denial - the Supreme Court didn't agree or disagree with the Virginia Supreme Court, it merely declined to take the case. As a result, the state opinion stands.
This also means I no longer have to end each of the blog posts I've written on the Jaynes case with a 'but this ruling could still be appealed further.'
An interesting final anecdote, perhaps? The outcome in the spam litigation turns out to be mostly academic for Mr. Jaynes. According to the Washington Post, he is currently in prison on unrelated securities fraud charges.
Posted by Ethan Ackerman at 02:44 PM | Spam | TrackBack
February 06, 2009
2008 Cyberlaw Year-in-Review
By Eric Goldman
It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.
Broad Themes
A few broad themes emerged last year:
* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.
* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.
* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.
* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.
* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.
Top 11 Cyberlaw Developments of 2008
#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.
# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.
#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.
#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.
#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.
#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.
#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.
#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.
#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).
#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.
Other Developments of Special Note
47 USC 230
* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”
* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.
* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.
Affiliate Liability
* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.
* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.
Trademarks/Domain Names
* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.
* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?
* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."
* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.
* New gTLDs. Maybe I should reserve this development for 2009...if it happens.
Others
* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?
* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.
* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.
Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
January 09, 2009
Reunion.com Revisited
Following in the expected path of her earlier ruling, District Judge Maxine Chesney again dismissed an anti-spam lawsuit against Reunion.com. This time, the Judge also threw in a tenuous constitutional holding for good measure. Count this ruling as yet another one muddying the distinction between fraud lawsuits and anti-spam lawsuits and undermining the reasonably clear preemption provisions of the CAN-SPAM Act.
By Ethan Ackerman
On Dec. 23, 2008, federal District Judge Maxine Chesney issued what the defense attorneys in Hoang v. Reunion.com will likely view as a welcome, if foreseeable, Christmas present - another conditional dismissal of the plaintiffs' class action lawsuit. I've previously blogged about the first dismissal here, with an important follow-up regarding the amended complaint here. Reading those posts first to get some important context will help in following this post.
Falsity is still not the same thing as fraud, especially when Congress distinguishes between them, unless a federal judge says it is.
Judge Chesney's first dismissal ruling focused on the absence of fraud allegations in the plaintiff's complaints, ultimately holding that in order to escape preemption by the federal CAN-SPAM Act, plaintiff's' state law claims had to include, above and beyond the falsity violations of the California anti-spam laws, some or possibly all the additional elements of a fraud claim. I criticized that holding in the prior post because that's not only not what the CAN-SPAM Act requires, but it was actually adding four additional elements to the Act that Congress considered but didn't include. Falsity is one of five elements of fraud under California law. California is hardly alone in having consumer protection laws that require a lesser standard than fraud. Adding four additional elements by judicial decision would be like a judge requiring a prosecutor to prove each of the elements of premeditated murder when she's only charging involuntary manslaughter - and in this case it would be like judicially requiring them even after the legislature considered and rejected the additional elements.
Sticks and stone may break my bones, but misleading emails alone don't really hurt anyone.
My prior disagreement with the first dismissal was its inconsistency with the falsity standard of the CAN-SPAM Act, and its reliance on the similarly mistaken 4th Circuit Mummagraphics opinion. This dismissal repeats that problem and then raises the stakes by suggesting that it would be unconstitutional for the court to even hear the case if the complaint wasn't amended to allege at least several of the additional elements - reliance and damages.
Specifically, Judge Chesney states
[In] the absence of an allegation that each such plaintiff incurred some type of injury or damage as a result of his having taken action in reliance on defendant's assertedly false use of a third-party domain name in the email, [the] action is subject to dismissal.
Failure to do so, Judge Chesney holds, would not only result in preemption under CAN-SPAM, but also run afoul of the case-or-controversy requirement of the US Constitution's Article III.
Actual Injury Standing, or Wait, spam's not illegal until someone actually wires the $10,000 to Nigeria?
Prior court disagreements over whether falsity must also be material or intentional look pretty minor compared to this Constitutional "no harm, no foul" holding, so what's going on here?
By way of background, Article III of the US Constitution requires a "case or controversy" before a federal court may rule in a case, and this provision has been interpreted by the Supreme Court to mean that a plaintiff must suffer an "injury in fact" to have standing in a federal court. This is the principle underlying Judge Chesney's holding, but it’s quite a stretch to apply the principle to dismiss a case brought by admittedly aggrieved plaintiffs directly covered by a state's consumer protection statutes.
The requirement that an individually identifiable "injury in fact" be shown by someone before they can bring a lawsuit prevents judges from having to make hypothetical rulings or issue advisory opinions without the benefits of specific facts. This lack of standing is the reason any given citizen can't sue the government for spending tax dollars in a way they don't like, or a mob boss can't preemptively sue for an unlawful wiretap before it's actually installed, or more specific to this case, why someone who hasn't actually received a misleading email from Reunion.com couldn't sue it for violation of CAN-SPAM or California law even if Reunion.com's practices clearly violated the laws.
There are even particular types of cases where "injury in fact" standing is commonly a close question; (until recently) qui tam lawsuits were often challenged on "injury in fact" grounds. Similarly, environmental organizations bringing suits against government actions (and inactions) often succeed or fail based on standing, and are the source of much of the standing caselaw. Although not relevant to this case's constitutional holding, there is also a good deal of action on issues of injury standing at the statutory level. More than one CAN-SPAM lawsuit has been dismissed on the grounds that a plaintiff lacked standing under the "adversely affected" requirement of the statute. [Author's note: While it is debatable whether this element of the statute acts as a pleading requirement or functions as a prerequisite for statutory standing, courts have used it that way. I suspect Judge Chesney may ultimately rule similarly, thus avoiding an unnecessary constitutional ruling. That would definitely be the better of these two disagreeable choices.]
Similarly, some state consumer protection laws have been amended by legislatures to remove or add a specific injury pleading requirement, alternately making some consumer protection act violations "strict liability" laws or making suits for violation more complex to prove by adding another statutory element. Two notable examples of such trends are the addition, by Proposition 64, of such a requirement to the California laws, and the removal of such a requirement in the District of Columbia's Consumer Protection Act.
Based on this quick treatment, Judge Chesney's holding seems plausible. This "injury in fact" doctrine really does exist and some cases do turn on it. But, while the Constitutional requirement that there be an "injury in fact" keeps hypothetical cases out of federal court, it is a fairly low threshold for those cases actually brought under a federal or state law directed against a certain type of behavior Congress or a state legislature has already found to be damaging. But this dismissal ruling departs from other court rulings on standing by blowing past legislative determinations of just what is "damage."
So your real beef is not the result, but that the Judge had to ignore the damage determinations of the legislatures to come to such a holding?
In a word, yes. The California anti-spam act included specific findings of costs and damage to the end-user, findings that even the federal CAN-SPAM Act echoed. This frustration is perhaps amplified by the practice of Judge Chesney in other contexts to accept and defer to Congressional policy decisions, an important and correct skill needed when interpreting nuanced statutory provisions. In other contexts, Judge Chesney has cited with clear approval the notion that a court "was not at liberty to second guess congressional determinations and policy judgments."
Perhaps this holding is explicable because the statute's lower pleading standard is unique to spam laws?
In a word, no. There is no shortage of laws requiring some lesser standard of falsity than fraud at the federal and state level. Similarly, many laws provide for liability based on a statutory presumption of reliance. In some other cases, mere or factual error is sufficient to trigger liability regardless of materiality or reliance. These laws are so common and numerous that the term "strict liability laws" is a frequently used term describing just one subset. Let's explore in more detail just how large a majority of federal and state suits are brought under these laws...
Most analogous to anti-spam lawsuits are other consumer protection laws against unfair or deceptive practices where committing a prohibited practice triggers a right to sue, regardless of any monetary damages. For example, the federal Fair Debt Collection Practices Act prohibits a range of collection practices and gives debtors subjected to the illegal practices a right to sue for statutory damages, regardless of whether the unfair dunning results in a collection or not. Wisely, courts, including Circuit Courts of Appeal, have held that the illegal threats to collect constitute an "injury in fact" regardless of whether or not the debtor heeds them and pays up. Similarly, “It is well settled, however, that proof of actual deception or damages is unnecessary to a recovery of statutory damages” under the Truth in Lending Act, according to the Second Circuit in Gambardella v. G. Fox & Co.
There are also a whole host of civil laws ordering business structures and transactions where committing a prohibited practice triggers a right to sue and provides for statutory damages regardless of any monetary damages. Trademark law contemplates lawsuits over trademark use violations that in some cases don't even require an actual showing of confusion, merely the (by definition speculative) "likelihood of confusion." Touching close to the current case (and presumably different only in having more complete damages pleading) Judge Chesney apparently had no problems with the Article III standing of some recent trademark plaintiffs, allowing summary judgment under the statute in favor of an initial-interest-confusion plaintiff based only on the likelihood of initial interest confusion.
But perhaps the most dramatic examples of laws permitting civil suits to recover money even absent any measurable or conceivable or alleged harm are the IP laws, copyright and patent. The patent holder's right is fundamentally the right to exclude others from practicing her patent, and a non-practicing patent holder who has never made, sold, licensed or marketed a single product, and thus lost not a single penny in sales or licensing fees to the infringer, or indeed suffered under any cognizable theory of harm, may still bring suit to recover the wrongful profits of the infringer. Similarly, a copyright holder with an unpublished manuscript or suffering from an infringement occurring in an entirely different media is still entitled to sue for statutory damages, even in the absence of any actual damages. Indeed, many of these laws even provide statutory damages as a measurement of harm precisely because the actual harms are variable, need to be deterred, or are hard to assess.
Some parting words from the controlling courts
Suits of this type, where a legislature has already found an injury in a certain prohibited practice or behavior and passed a statute granting particular individuals a right to sue in response to that practice, are precisely the suits the Supreme Court was contemplating in Lujan v. Defenders of Wildlife when it said the "injury required by Art. III may exist solely by virtue of ‘statutes creating legal rights, the invasion of which creates standing."
The Ninth Circuit also has a particularly lenient view of what constitutes damage for Article III purposes. So if Judge Chesney had accepted the damages findings of the California legislature, she would likely have to find those enumerated damages were of the types (time, money) that the Ninth Circuit has previously identified in various cases as being Constitutionally sufficient.
Concluding thoughts
As Venkat's timely post on this case notes in conclusion, several related cases raising some of these issues are in the process of being decided by the California Supreme Court or Ninth Circuit Court of Appeals. Those decisions have the possibility of perpetuating or correcting several of the trial court errors I've discussed in prior posts. Also, in this particular case, Judge Chesney did graciously grant another opportunity to amend, meaning there may be yet another opinion in this case. Finally, and most simply, an amendment to the complaint could just recite the harms identified in the California statute and allege that plaintiffs have suffered them.
Posted by Ethan Ackerman at 03:10 PM | Spam | TrackBack
December 02, 2008
November 2008 Quick Links
By Eric Goldman
Trademark
* NYT: "A handful of new Web sites with names like Typo Bay and Typo Buddy are out to help shoppers save money by searching eBay for misspelled brand names." In 2005, I blogged that typographical errors are a significant issue for eBay's search engine.
* It's a bull market for Obama-related trademark filings and Obama merchandise.
* Domain name tasting down 84%?
* Wired: "Think Godzilla's Scary? Meet His Lawyers"
Copyright
* Reuters: "Instead of triggering the usual take-down notices, copyright-infringing footage of select MTV Networks programing uploaded by MySpace subscribers would be automatically redistributed with advertisements that would generate revenue for the companies." I'm interested to see how this system applies to fair uses of the works!
* Arista Records LLC v. Usenet.com, Inc., 2008 WL 4974823 (S.D.N.Y. Nov. 24, 2008). The court dismisses USENET.com's counterclaims for declaratory relief that it doesn't violate 17 USC 512 because the claims duplicate its affirmative defenses.
* James Grimmelmann does an excellent job parsing the Google Book Search settlement agreement and makes some sage recommendations for how it should be modified before court approval.
Advertising/Marketing
* The Google-Yahoo ad syndication deal is dead. Some behind-the-scenes discussions.
* I'm not sure about the implications of this, but Google is expanding its efforts to allow website and ad targeting based on automatic geographic detection. See my prior post about the future of geolocation and a bordered Internet.
* Good news: entrepreneurs want to authenticate children's ages to keep them out of online trouble. Bad news: entrepreneurs might use age authentication to hit the kids with targeted marketing.
* Classmates.com sued for misrepresenting that former school chums were actually looking to reconnect. Yet more pushback on bogus "X is looking for you!" ads.
47 USC 230
* The Supreme Court denied cert in Doe v. MySpace, 2008 WL 4218722. According to Tom O'Toole, this is the seventh time that the Supreme Court has denied cert in a 47 USC 230 case.
* It appears that Children of America v. Magedson has settled.
* The Santa Clara University community is having a catharsis about Juicy Campus.
* Dan Solove and I chatted with Doug Lichtman about social networking sites (asynchronously--I spoke with Doug after Dan had), with most of my conversation focusing on 47 USC 230. Doug edited the conversations together into a one-hour podcast entitled "Privacy in the Networked World." An added bonus for listening--you may be able to earn one hour of CLE FREE!
Spam
* Facebook v. Guerbuez. Facebook wins $873M default judgment under CAN-SPAM. Now, if Facebook could only collect any of this, they would have finally figured out a way to make money!
* Gordon v. SubscriberBASE Holdings, Inc., 2008 WL 4809833 (E.D. Wash. Oct. 31, 2008). Serial anti-spam plaintiff lost again on whether he has standing under CAN-SPAM.
* Evan Brown: Government spam filters do not deprive citizen of right to petition the government.
* Venkat: Unsolicited Marketing Extravaganza in the Ninth Circuit.
Miscellaneous
* eHarmony settles claim that it discriminates against gay singles.
* NYT: "almost five years into its expansion into Europe...Google is getting caught in a web of privacy laws that threaten its growth and the positive image it has cultivated as a company dedicated to doing good."
Posted by Eric at 09:47 AM | Copyright , Derivative Liability , Domain Names , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
November 18, 2008
October 2008 Quick Links, Part 2
By Eric Goldman
Spam
* Kramer v. Perez. An Iowa court awards $236M in damages in a spam case. Venkat's comments.
* After the government lost its jury trial against Impulse Media, the court denied Impulse Media attorneys fees.
Contracts
* AT&T put its own emailed notice of amended contract terms into its spam folder. Whoops! Due to spam filters and other automated blocks, it is becoming almost impossible for websites to communicate with their users by email.
* An estimate of the massive "tax" imposed on consumers by reading privacy policies. Of course the financial drain is overstated because many people make a rational decision not to read every privacy policy, plus not every person has to read a privacy policy for marketplace responses to be effective.
* The Blizzard v. MDY WOWGlider case has reached a stipulated damages amount of $6M.
* Pulaski & Middleman, LLC v. Google Inc., 5:2008cv03888 (N.D. Cal. complaint filed August 14, 2008). The Justia page. Yet another me-too lawsuit against Google over serving ads to parked domains and error pages.
* An Israeli GPL enforcement action settled.
Trademarks/Domain Names
* Kentucky v. 141 Domain Names. Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name. More recently, the seizure was stayed.
* Speaking of inappropriate seizures, the Feds are trying to seize the trademarks of the Mongols motorcycle group. DOJ press release. LA Times article.
* Best Western Intern., Inc. v. Doe, 2008 WL 4630313 (D. Ariz. Oct. 20, 2008). Prior blog post in this case. The judge is losing patience: "These filings are wasteful in the extreme. The Court is not a forum for the parties to expend every possible dollar seeking to litigate every conceivable issue, no matter how insubstantial. The Court will no longer tolerate the excesses of this case."
* The Verizon v. Navigation Catalyst Systems domainer lawsuit settled.
* 50 Cent brings yet another questionable lawsuit. (1, 2).
Advertising
* Goddard v. Google Inc., 2008 WL 4542792 (N.D. Cal. Oct. 10, 2008). The case against Google for deceptive mobile phone ads will stay in federal court.
* Eyeblaster, Inc. v. Federal Insurance Co., 2008 WL 4539497 (D. Minn. Oct. 7, 2008). This is a collateral lawsuit to Sefton v. Eyeblaster alleging that Eyeblaster distributed spyware. Eyeblaster tendered the claim to its insurer. This court holds that the CGL policy doesn't apply because the claim relates to software problems, not physical damage to the users' computers. Further the E&O policy doesn't apply because Sefton alleges that Eyeblaster intentionally installed the spyware, bumping Eyeblaster into one of the policy's exclusions.
* Are consumers becoming more tolerant of pop-up ads? For more on consumer acceptance of new advertising formats, see here.
* A big damages award in NetQuote v. Byrd.
Posted by Eric at 06:42 AM | Adware/Spyware , Domain Names , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
November 14, 2008
Just who is an Internet access service provider under CAN-SPAM?
Worded to prevent lawsuits by individual email recipients, the federal CAN-SPAM Act limits who can bring suit for a CAN-SPAM violation. In addition to state and federal enforcers, the Act allows suits by "Internet access service providers." Just who are they, and can individuals find a way back in to court under this provision?
By Ethan Ackerman
One of the most distinct differences between the federal CAN-SPAM Act and state anti-spam laws is the federal law's restrictions on who may bring suit for a violation. Like many federal laws, it's vital to consider the environment in which it passed in attempting to understand the scope and intent of its provisions.
After several years of experience with state laws allowing individual email recipients to bring suit under state laws, and both actual and exaggerated instances of 'professional plaintiffs' bringing questionable suits against email marketers, many business and marketing lobbyists were eager to limit who could bring suits under a federal spam law. While efforts to expand or limit liability under federal laws are as old as the 1st Congress, 2003 was a notable high-water mark. At the same time as, and in the same Congress as, the CAN-SPAM Act, similar Acts altering liability standards and raising barriers to lawsuits and class actions were being passed under the mantra of "tort reform." Limitations on environmental and manufacturer liability, extending sovereign immunity to vaccine developers, restrictions on class actions, preemption of state enforcement and consumer protection laws, statutorily-mandated settlements of active court litigation - these were some of the hallmarks of the 108th Congress' involvement with the judicial branch.
In this environment, it's not surprising that various provisions in the CAN SPAM Act were negotiated back and forth to expand or contract liability, standing and preemption. This blog has previously covered the preemption back-and-forth, but similar negotiation went into just who could sue, and how, and where, and for how much under the CAN SPAM Act.
The final version of s.877 signed into law in 2003 that became the CAN SPAM Act reflects the compromises on several issues necessary to get sufficiently broad political support. This post will attempt to identify each of those issues in turn.
The final bill allows suits by a broad swath of federal regulatory agencies to enforce the law, including most notably the FTC. The scope of state officials' enforcement of the federal law, and just who else could sue, was somewhat more disputed. Prior year versions of the bill allowed suits in state as well as federal court. The initial Senate version of s.877 also allowed suit in federal or state court, but the final version negotiated with the more lawsuit-averse House of the 108th Congress restricted suits to only US federal District Courts, and now redundantly also granted the relevant federal agencies additional authority to removes suits filed by States to federal courts.
The issue of caps on damages and attorney's fees was also near and dear (or anathema) to many in the 108th Congress, and extensive changes exist between various versions of the bill as conditions were horse-traded and various constituencies weighed in. State enforcement statutory damages swung from $20 to $250 over the course of the different Congresses, with treble damages being available, then dropped and replaced with discretionary 'aggravated' damages possibilities. State enforcers' attorneys fees similarly went from mandatory to discretionary between the introduced Senate version and House-approved version. Statutory damages for internet access providers saw similar swings and horse trading, ultimately with certain egregious violations triggering $100 damages and other damages valued at $25, a far mark from a proposed 'up to $10.' Damages caps were also a feature, but swung from as little as $500,000 to in some cases $3 million.
Similarly, the political demands of the House resulted in additional, heightened pleading standards for civil suits by anyone other than federal enforcement agencies. These heightened standards, absent in the initial Senate version but added in sections 7(f)9 and 7(g)2 of the final version, raised a scienter pleading requirement for state enforcers and constricted the definition of 'procure' for suits brought by Internet access providers.
But back to the big difference
As initially indicated, the biggest difference between most state and the federal anti-spam law is the absence of a private right of action for spam recipients in the federal law. In the 108th Congress, a general private right of action was a non-starter. Even the initial Senate version of the bill restricted suits to enforcement officials and Internet access providers. Contrary to the desires of state enforcers from state with such provisions, and apparently an uncomfortable concession from the minority Democrat sponsors, the absence of a private right of action was a stated minimum.
The final wording of Section 7 of the CAN SPAM Act specifies who can bring suit, listing first federal enforcement, then state enforcement, and finally granting Internet access providers the right to bring some civil suits. So who is an 'Internet access provider'?
The short answer - the definition written in the 'definitions' section of CAN SPAM - is that the "term `Internet access service' has the meaning given that term in section 231(e)(4) of the Communications Act of 1934 (47 U.S.C. 231(e)(4))." This somewhat unenlightening reference leads to the actual statutory definition of:
The term “Internet access service” means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.
This broad definition originally was passed into law as part of the earlier Child Online Protection Act (not to be confused with the Childrens' Online Privacy Protection Act). Importantly, CAN SPAM also used other definitions from other prior laws defining similar terms. One example, one short line above the CAN SPAM 'internet access provider' definition, is the definition of 'Internet.' CAN SPAM defines 'Internet' by reference to the earlier passed Internet Tax Freedom Act, 47 USC 151 note. Importantly, CAN SPAM did not adopt the much narrower, more ISP-centric definition of 'internet access provider' in that Act. The Internet Tax Freedom Act defines an internet access provider as "a person engaged in the business of providing a computer and communications facility through which a customer may obtain access to the Internet..."
This definitional difference is important because CAN SPAM was written with service providers above and beyond just then-traditional modem-pooling, DNS-providing traditional ISPs in mind. Spam impacts next-generation services like online website hosts, online email providers, online proxies and filtering services, and CAN SPAM was drafted to take into account not just the dial-up AOLs of the world, but also the Rackspaces, the Hotmails, and the TUCOWs.
So courts have uniformly picked up this clear distinction, right?
If they had, what would there be to write about? While CAN SPAM was commonly understood to prevent end-user lawsuits, that portion of the law is implicit, not explicit. CAN SPAM was, however, explicitly written broadly to cover all, even the as-of-yet-uninvented, online service providers that spam negatively impacted. Unfortunately, subsequent court cases addressing the issue of whether it is an 'internet access provider' bringing suit have sometimes attempted to reinsert traditional ISP-style definitions into the Act.
A recent case getting the issue correct is Haselton v. Quicken Loans Inc.. Though anti-filtering activist Bennett Haselton, administrator of peacefire.org, sued Quicken in his individual capacity, separately incorporated Peacefire also was a named plaintiff. Defendant Quicken made much of the fact that Haselton was the sole employee of the organization and alleged Haselton was simply an individual end-user filing suit. Haselton countered, and the court agreed, that Peacefire's filter-circumventing service, even if operated only by Haselton, was clearly an 'internet access service provider' within the meaning of the Act.
Unfortunately, other courts, and commenters, have often channeled their skepticism over the litigation intentions of a plaintiff into interpreting this broad definition narrowly. For example, the Gordon v. Virtumundo court's palpable disagreement with serial plaintiff Gordon's litigation intentions and strategy led it to reach to hold, contrary to the plain wording of the definition, that Gordon's multi-user internet email service was not a " a service that enables users to access ...electronic mail... offered over the Internet." UPDATE
While they may be legitimate concerns over the capacity and legitimacy of serial plaintiffs' anti-spam suits, courts can address them without resorting to unnecessarily adjusting definitions in the statute. In Hypertouch v. Kennedy-Western University, for example, the court correctly recognized that an email service provider, even though small and providing accounts without charge, was nonetheless a 'internet access service provider.' As Eric blogged earlier, this court addressed its, and defendant's, concern that the plaintiffs allegations were inadequate and more properly addressed towards the actual marketing company in its ruling that plaintiff was an internet access service provider, but its claims were inadequate to survive a motion for summary judgment.
12/08 Update An observant Tri-cities reader gently corrects me, noting that Judge Coughenour ultimately did, contrary to what I suggested, conclude the plaintiff qualified as an Internet access service provider in Gordon v. Virtumundo. After reviewing all the criticisms and interpretation of legisaltive history and analogous cases that suggested Gorden was not intended to qualify, Judge Coughenour did ultimately conclude Gorden qualified "under the statute's capacious definition." So, my speedy reading aside, Gordon v. Virtumundo stands as an appropriate example of a court properly addressing questions about the propriety of a suit without narrowing the definition of an Internet access service provider after all.
Posted by Ethan Ackerman at 01:29 PM | Internet History , Spam | TrackBack
October 29, 2008
CAN-Spam-a-Friend?--Hoang v. Reunion.com
Hoang v. Reunion.com sidesteps an eagerly anticipated legal dispute over the legality of commercial address book scraping and 'send-to-a-friend' emails, and also highlights the damage that can cascade when a federal Circuit Court woefully misreads a statute.
By Ethan Ackerman
In July 2008, Violetta Hoang filed a class action lawsuit under California's state anti-spam laws against Reunion.com, a Los Angeles-based social network site. On October 6th, the court ruled for Reunion.com, granting its motion to dismiss, but allowing Hoang leave to re-file an amended complaint. While a less-than-3-months turnaround is admirable, this case stands as an apt reminder that haste makes waste.
What was sent?
A series of May 2008 solicitations from plaintiffs' acquaintances were the origin of this suit. More precisely, the series of emails were sent from Reunion.com mail servers but bore the names (and in some cases, addresses) of plaintiff's acquaintances in the 'From' line of the email. The emails also contained subject lines like "[Acquaintance] Wants to Connect with You." The emails were sent by Reunion.com servers because plaintiffs' acquaintances had registered with Reunion.com and at some point agreed to, or failed to opt out of, Reunion.com's address scraping practices. In the lawsuit, plaintiffs alleged that these emails were sent to plaintiffs not by plaintiff's acquaintances, as the email 'From' line and subject suggested, but by Reunion.com after Reunion.com had scraped the plaintiffs' addresses from acquaintances' address books when acquaintances became Reunion.com members. In short, pursuant to a possibly agreed-to Terms of Service, Reunion.com scraped its members' address books and then sent solicitations to the resulting addresses, but also took several steps to make it appear that the solicitation was from the member.
This email-scraping-and-dodgy-addressing practice sounds consistent with other accounts of Reunion.com's less than desirable (or legal) efforts to expand its member base. The site claims tens of millions of registered members, suggesting these email campaigns seem to work. The frequency of critical coverage over Reunion.com's various advertising and data-gathering methods also seems to suggest the tactics are as commonly objectionable as they are effective.
In February of this year, Eric highlighted a Wired article about address book scraping and other common web gathering processes. It's a very interesting area with a lot of thorny legal questions. This post, however, is just about the resulting spam.
But was it spam?
Claiming a violation of all three portions of California's anti-spam law, plaintiff's brought a claim against Reunion.com. Plaintiffs alleged Reunion.com used a falsified, misrepresented or forged 'From' line. Plaintiffs alleged that the subject lines Reunion.com used were misleading. Plaintiffs also alleged Reunion.com used a 3rd party domain name (yahoo.com) without Yahoo's permission.
[Author's aside: From the complaint, which describes several instances of 'From' line name forging, but only one instance of 'yahoo.com' appearing as part of a 'From' line, it sounds like Reunion.com's address book scraping likely picked up an email address that was stored in the name field of a member's address book, rather than some more nefarious domain name forging.]
Smells like spam, so what does the law say?
Rather than denying these accusations, Reunion.com chose to counter with a preemption defense. Reunion.com claimed that its practices were sanctioned by federal law and thus, even if actionable under California law, the federal CAN-SPAM Act preempted plaintiffs' claims.
The CAN-SPAM Act's preemption clause, 15 USC 7707 (b)1, does broadly preempt most state anti-spam laws - "This chapter supersedes any [State law] that expressly regulates the use of electronic mail to send commercial messages." This first sentence makes Reunion.com's preemption defense sound pretty plausible. But wait, as the late night infomercials say, there's more. The rest of the clause identifies a significant exception that preserves many of these state laws - "except to the extent that any such statute, regulation, or rule prohibits falsity or deception in [an email]."
So state law claims, like the plaintiffs', are preempted, except to the extent that the state law addresses falsity or deception, in which case the claims may proceed. Courts have been handling the preemption and preemption exception clauses of CAN-SPAM now for several years, and have had more or less no problem concluding that compliant state anti-spam laws can survive if they fit in CAN-SPAM's exception.
OK, so that's what CAN-SPAM says. Let's compare that to the California state law at issue. As identified above, the plaintiffs made three claims under the California law: a falsified 'From' line, a deceptive subject line, and the deceptive use of a 3rd party's domain name in an email header. All three claims address falsity and deception in an email's header, the core of CAN-SPAM's preemption exception. While Reunion.com might dispute the facts of each claim (not misleading, not false because authorized, etc.) it seems pretty clear that the claims can survive CAN SPAM's preemption test as written.
So if the law passes the CAN-SPAM test, whose preemption test is it failing?
The Reunion.com preemption defense cited two sources - the Mummagraphics holding and an FTC rule-making and policy paper on refer-a-friend email marketing.
The court accepts Reunion.com's first source, the prior Mummagraphics case, and doesn't rely on the FTC's policy paper for its holding. As a result, its discussion of the FTC guidance is a very brief discussion at the opinion's end in its discussion over whether to grant leave to amend.
A brief tangent
Before addressing the Mummagraphics precedent, I want to address the FTC rulemaking and policy paper too. Reunion.com asserts that the FTC rulemaking and policy paper permit, as a matter of law, its address book scraping and subsequent emailing. As a threshold matter, there's the fairly complex question of which portions of the FTC's Rulemaking and policy paper on refer-a-friend emails are actual Rulemakings with the force of law and which are policy guidance. Fun APA stuff. But even if the refer-a-friend portions are construed as a rulemaking, a brief read of the guidance reveals that there's, to put this politely, no sane way to conclude that the guidance makes Reunion.com's actions "as a matter of law, exempt from liability under CAN-SPAM." The guidance is page after page of non-exclusive, hedged discussions of what may make a sender liable. The FTC doesn't hand out any 'exemptions from liability' in the rules. Even this otherwise preemption-accepting court is suspicious of this assertion, stating
The FTC did not rule that a commercial entity whose message is the subject of a "forward-to-a-'friend'" email is, as a matter of law, exempt from liability under CAN-SPAM or that such entity could never be held liable, as a matter of federal law, for initiating an email containing false information. Rather, the FTC found that a determination as to whether such entity is exempt from liability under CAN-SPAM would require a "highly fact specific inquiry.
To further beat a dead horse, I'll just focus the issue a bit more. The guidance discusses when a commercially motivated refer-a-friend email is, and very infrequently isn't, subject to CAN-SPAM's provisions. It is page after page addressing when an email will be held to CAN-SPAM's standards, not on when an email will be held to, or preempted from, a state law's standards. While it may be possible that the FTC rules could categorize a given email as "not covered" by CAN-SPAM, that's not the same thing as preempted by CAN-SPAM. Buried deep within a hypothetical set of facts there might be a negative implied preemption argument that could be teased out of the FTC ruling, but Reunion.com isn't making that argument.
Back to the holding, then...
It's not that common in the development of case law that a significant intellectual error can be traced to one particular case, but that's the case here. This case errs because the court was too quick to rely on the erroneous 4th Circuit holding of Omega World v. Mummagraphics to dismiss.
The Mummagraphics court was faced with a similar suit alleging state and CAN-SPAM claims over emails with similar false and misleading subjects and headers, including subject lines falsely suggesting the recipient had requested the email, and "from:" addresses from unaffiliated domains that were not even in the actual transmission path.
A more critical argument against the Mummagraphics opinion could easily be made, but I'll simply opine that Judge Wilkerson of the Fourth Circuit sent spam jurisprudence down the wrong path in several key respects with this holding. While each of the errors will likely cause a lot of damage, several of them (e.g. the re-writing of the statute's 'materiality' standard, concluding that truthful email body text 'cures' header falsity) only have to do with claims under CAN-SPAM, and not on state law preemption. As a result, I'll focus on the error of Mummagraphics that causes so much headache for preemption claims - what constitutes a "falsity or deception" for purposes of determining preemption.
The statute says 'falsity and deception,' but this court thinks it should say fraud instead, so we now hold that it does...
The Mummagraphics court was faced with a claim under an Oklahoma statute that prohibited falsity and deception in email headers. While acknowledging that 'falsity' means just that - "erroneous, wrong," or "untrue", the court proceeded to construe the CAN-SPAM exception as preempting any state law using any standard less than "fraudulent".
This shift is no angels-on-the-head-of-a-pin difference. It's more analogous to the difference between murder and simple assault. Fraud requires misrepresentation and knowledge of falsity and intent to defraud and justifiable reliance and damage. Fraud is a significant enough legal claim that it has its own pleading standards in Federal court. In contrast, falsity or deception are just individual elements of fraud.
The Mummagraphics court dresses up this statutory re-writing by pointing to instances in CAN-SPAM where a heightened standard beyond 'falsity' is used, and argues that these other instances prove Congress intended a heightened standard. Unfortunately, this argument just proves the opposite. Far from being another instance of the same standard, the other language proves Congress knew how to state the particular standard it wanted. When 'falsity' was intended, as in 15 USC 7707(b)1, 'falsity' was used. When 'fraud' was intended, as in a mere paragraph later in 15 USC 7707(b)2, 'fraud' was used. When 'falsity' wasn't enough, but 'fraud' was too much, as in 15 USC 7701(a)1, 'materially false' was used. When Congress wanted to require actual knowledge, or a specific intent, as in 7704(a)2 and 7702(12), it used the terms "actual knowledge" and "intentionally."
Eh, so Mummagraphics was probably based on an erroneous conclusion, what's the harm?
The Mummagraphics opinion represents a Circuit-level opinion on federal law, so it is wholly binding in state and federal courts in the 4th Circuit and persuasive in all others. Additionally, it construes the scope of federal law, the CAN-SPAM Act, rather than just a particular state's law, so it is, if not controlling, at least pertinent in every case that raises a CAN-SPAM preemption defense. Not surprisingly, the opinion is having an effect. Several courts, even before Reunion.com, have relied on Mummagraphics' impossible to meet preemption standard to summarily dismiss cases raising state law anti-spam claims. State enforcers and legislatures are even starting to take notice and drafting amicus briefs and legislation to circumvent the results of the holding.
More comments about the opinion: Venkat and Tom O'Toole.
______
Eric's comments: Ethan makes a persuasive case that the statutory language in CAN-SPAM distinguished fraud from falsity. Nevertheless, I still support the Mummagraphics holding because I always thought it was unnecessary and counterproductive for Congress to let any state anti-spam statute survive preemption. From my vantage point, state anti-spam laws have done nothing useful to curb abusive spam. Instead, they have just littered the court system with junk cases, often from serial entrepreneurial litigants trying to punch lottery tickets. So if Mummagraphics provides defendants with a quick way to squelch unnecessary state law claims, I'm all for it.
I think Ethan is right that this case may misread Mummagraphics to extend the preemption even further than the 4th Circuit intended. Given my predisposition towards broad preemption, this is still a good outcome, but I am more troubled. In particular, I think the Reunion.com approach does not comfortably fit in the refer-a-friend bucket, and their efforts to leverage off the implicit social network connections bring to mind the worst aspects of the Facebook Beacon program. In this sense, the line between a true refer-a-friend program and a pretend referral that's just blatant marketing by grabbing email addresses reminds me a little of the first party/third party marketing representation distinction in 47 USC 230 jurisprudence. If the friend asks the site to send the email, it's a referral and not spam. If the friend provides the email address but doesn't endorse the message, it's governable by CAN-SPAM. This distinction is cloudy in 230 jurisprudence too, and it is giving the SEC fits too. Smells like a paper topic here.
On a personal note, mazel tov to Ethan and his wife on the arrival of their daughter Lily!
____________
10/30 UPDATE: Venkat's comments include a link to the plaintiffs' amended complaint. It takes a legally correct, tactically courageous approach. Rather than taking the Court up on its invitation to amend the pleadings to meet the various elements of a fraud standard, the plaintiffs' complaint reiterates its earlier falsity standard pleadings and then attempts to distinguish Mummagraphics, or at least limit the holding. The amended complaint distinguishes and notes that the Mummagraphics holding, for all its strong dicta about fraud and broad preemption, only held that CAN-SPAM would preempt a strict liability statute. The plaintiffs then proceed to show that the California statute is more than a strict liability statute, and even helpfully point to 9th Circuit precedent that distinguishes falsity from fraud for federal law purposes, clearly holding falsity as a lesser standard. I suspect Reunion.com could make the strong counter-argument that the Mummagraphics results matter more than the holding, because the Mummagraphics result, preemption, was of an almost identical statute that wasn't strict liability either. But making such an argument only invites closer scrutiny of Mummagraphics and highlights its error. Not only was Mummagraphics' stated holding (strict liability is preempted) inconsistent with the Mummagraphics result (a 'more-than-strict-liability' statute was preempted) but the holding was legally wrong in attempting to re-write the carefully negotiated preemption standard up from falsity to something higher. Before giving the benefit of the doubt to the Mummagraphics court in its re-writing, consider that the precise wording and standards in the preemption provisions of a federal spam law were one of its most-negotiated provisions. They changed from one Congress to the next, were different between various bills in the 108th congress, and were even switched between the different versions introduced and ultimately passed in the 108th Congress.
Posted by Ethan Ackerman at 03:55 PM | Marketing , Spam | TrackBack
October 14, 2008
September 2008 Quick Links, Part 3
By Eric Goldman
eBay
* Universal Grading Service v. eBay, Inc. More fallout from the National Numismatic v. eBay case--another lawsuit alleging antitrust and defamation because eBay designated some coin rating services as preferred and impliedly devalued others.
* Windsor Auctions v. eBay has been refiled in a new jurisdiction.
* Mehmet v. Paypal, Inc., 2008 WL 3495541 (N.D. Cal. Aug. 12, 2008). Upholding the consequential damages waiver in PayPal’s user agreement.
* A company's failure in the marketplace can drive up the value of its collectibles on eBay.
* Stelor Productions, Inc. v. Google, Inc., 2008 WL 4218107 (S.D. Fla. Sept. 15, 2008). In the lawsuit alleging that Google causes reverse confusion of Googles.com [warning: annoying music ahead], the plaintiff doesn't get to depose Sergey or Larry yet. Rose Hagan, Google’s long-time chief trademark counsel, is the lucky substitute.
* Lots of rhetoric in the Google/Yahoo ad syndication deal. Google’s advocacy website. Google Chief Economist Hal Varian explains why the deal won’t raise ad prices in the auction. Randall Stross weighs in.
* Google has changed course and now allows religious groups to advertise on the keyword “abortion.”
* Kubit v. Google Groups, 2:2008cv00738 (M.D. Fla. complaint filed Sept. 29, 2008):
I then would like to sue Google Groups for not removing the posts when I repeatedly asked them to for 2 years. I believe I am entitled to at least a small amount of compensation for the emotional distress and lost business income that has resulted from them allowing these posts to remain on their Google Groups, even though I offered them VERY solid proof that I do not have HIV. If they had stopped the posts when they first occurred, they would not have proliferated to hundreds of websites. I became suicidal for a period of time after the posts started. I incurred a lot of emotional pain and fear because of the posts and had to seek psychiatric and psychological help to get my life back together. I still suffer from fears of dating, living a public business life and trusting others.
Yes, this is a pro se complaint. Yes, it is preempted by 47 USC 230.
Marketing/Advertising
* NebuAd is dead (1, 2). Even so, the lure of intermediaries aggregating deep data about consumers for commercial purposes will never die.
* Is Gator/Claria dead?
* The EU passed a non-binding resolution against sexual stereotypes in advertising.
* Celebrity branded merchandise run amok.
Miscellaneous
* Valleywag: "The 5 most laughable terms of service on the Net." For more laughs, see Mark Lemley’s Terms of Use paper.
* Murakowski v. University of Delaware, 2008 WL 4104087 (D. Del. Sept. 4, 2008). This reminded me a lot of the Jake Baker case from the mid-1990s.
* The Virginia Supreme Court reversed itself on the Jaynes anti-spam prosecution, and Jaynes walks. Does Virginia routinely pass unconstitutional laws?
* Becker v. Toca, 2008 WL 4443050 (E.D. La. Sept. 26, 2008). Ex-wife's alleged delivery of "Infostealer" program to grab passwords from ex-husband could violate the ECPA, SCA and CFAA.
* Interesting article on ESPN’s exclusive distribution and bundling agreements with Internet access providers.
* Silly? Horrifying? A sign of the apocalypse?
Posted by Eric at 06:17 PM | Adware/Spyware , Content Regulation , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam | TrackBack
October 11, 2008
September 2008 Quick Links, Part 2
By Eric Goldman
Copyrights
* In the Harry Potter fair use case, the court declared that the Lexicon encyclopedia isn't fair use.
* The judge declared a mistrial in the Jammie Thomas case.
* Designer Skin v. S&L Vitamins has reached its denouement. Previous blog coverage of the case (1, 2). In the prior ruling, the judge denied the plaintiff damages for the copyright infringement. In the final ruling, the court enjoins cutting and pasting product shots but allows the defendant to recreate the product shots. Ronald Coleman has more here and here (noting that the court says that, per MercExchange, an injunction does not automatically follow from a finding of copyright infringement).
* Wired's 5 year retrospective on the RIAA's litigation campaign against file sharing.
Social Networking Sites, Blogs and Online Publishing
* J.S. ex rel. Snyder v. Blue Mountain School Dist., 2008 WL 4279517 (M.D. Pa. Sept. 11, 2008). Upholding student discipline for creating a fake MySpace page of principal. The school initially based the discipline on the student infringing copyright (by cutting and pasting the principal's photo) but this aspect of the case wasn't mentioned at all in the court’s reasoning.
* O.Z. v. Board of Trustees of Long Beach Unified School Dist., 2008 WL 4396895 (C.D. Cal. Sept. 9, 2008). Two seventh graders make a video about killing their teacher, described as:
The slide show is essentially a dramatization of the murder of Mrs. [redacted]. The first slide photo states, "Mrs. [redacted] dies." Throughout the slide show there are photos of Plaintiff dressed up in a costume, depicting a woman meant to resemble Mrs. [redacted]. There is red text on each slide photo that describes the scene. One slide says, "Jelly Donut's knife: haha fat bastard. here i come!" In this same photo, the viewer can see a butcher knife lunging at Mrs. [redacted] character from the camera's point of view. The butcher knife is then laid on the fallen victim while the text reads, "hehehe. i'm a shank yoooooooooo!" At the end of the slide show, it reads, "your [sic] dead, BITCH! :D".
I think they thought it was funny, but no one else did. One of them posted the video to YouTube. It's unclear what happens to the poster, but the co-content creator was suspended and forced to transfer to another school for her eighth grade. In this case, her TRO request is denied, even if she didn't intend the video to be publicly distributed and even if the video was not a "true threat."
* Spanierman v. Hughes, 2008 WL 4224483 (D. Conn. Sept 16, 2008). Teacher who was fired for inappropriate MySpace communications with students can't sue the school.
* An encouraging update on the Lori Drew prosecution.
* Bill McGeveran on Facebook Beacon and legal liability.
* Good NYT article on the sociology of Facebook and Twitter.
* Sam Bayard on an interesting but confusing ruling from Montana on its shield law applied to anonymous online posters.
* Verdana Partners v. Giles. Online newspaper wins anti-SLAPP claim.
* Jardin v. Datallegro, Inc., 2008 WL 4104473 (S.D. Cal. Sept. 3, 2008). A litigant's taking down a blog post and its comments is not destruction of evidence.
* Nemet Chevrolet has appealed its 230 loss. Previous blog coverage.
* Do Facebook's anti-spam policies overregulate Facebook's power users?
Posted by Eric at 07:49 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Spam | TrackBack
October 07, 2008
Email Ad Network Isn't Liable for Unsolicited Email--Ferron v. Echostar
By Eric Goldman
Ferron v. Echostar Satellite LLC, 2008 WL 4377309 (S.D. Ohio Sept. 24, 2008). The Justia page.
John Ferron is one of several "repeat" plaintiffs around the country suing over unsolicited email (perhaps not coincidentally, he's also an attorney). In this case, Ferron sued a variety of defendants associated with unsolicited email promoting dish satellite offerings for violations of Ohio's consumer protection law and the Electronic Mail Advertising Act (EMAA).
One of the defendants is Hydra, "a service that connects satellite dish service retailers with companies that advertise by email. The retailers create the advertisements. Hydra then stores the advertisements on its database. Other companies then access Hydra's database and send the advertisements to consumers by email." Hydra does not create the ad content or send the actual emails.
Ohio's consumer protection act has a defense for innocent publishers of ads. Even though the statute does not contemplate the existence of an email ad network, the court says that Hydra is only an "information disseminator" and therefore qualifies for the defense. It was also alleged that Hydra wasn't innocent because Ferron had sent it a copy of his complaint, but the court says that the complaint does not act as sufficient proof of a statutory violation.
The court declines to grant Hydra SJ on the EMAA claim, saying that while Hydra did not "transmit" the email, it could not tell if Hydra "caused" the email to be transmitted. Nevertheless, the court says that, per Mummagraphics, Ohio's EMAA is preempted by CAN-SPAM because it regulates conduct that is not sufficiently fraudulent or deceptive. As a result, Hydra gets SJ on the EMAA claim and is dismissed from the lawsuit.
From my perspective, this case is another example of the larger battle against unsolicited email using state law (such as the many state anti-spam laws). In my opinion, the heavy reliance on state law has led to enormous wasted motion, which is the direct and unfortunate consequence of (1) CAN-SPAM failing to completely preempt all state anti-spam laws, and (2) early opinions (mistakenly, IMO) holding that state anti-spam laws don't violate the dormant commerce clause even though most email senders cannot realistically "steer" their emails into or out of a state.
[This post has been amended in response to emails from John Ferron alleging that my prior post was defamatory.]
Posted by Eric at 04:32 PM | Marketing , Spam | TrackBack
September 09, 2008
August 2008 Quick Links, Part 2
By Eric Goldman
Net Neutrality
* The FCC gets on Comcast’s case for deceptively blocking BitTorrent connections without disclosure. While I don’t know anyone who has defended Comcast’s behavior here, at the same time there is an undercurrent of concern about the FCC’s authority to regulate Internet activities. Could this be the FCC camel's nose in the Internet's tent? We will learn more about the FCC's authority because Comcast has appealed the FCC's decision.
* A topic I haven't seen discussed very much: how the doctrine of trespass to chattels intersects with net neutrality principles. The only article I found in a 60 second search on the topic was a couple of paragraphs in J. Gregory Sidak, A Consumer-Welfare Approach to Network Neutrality Regulation of the Internet, 2 J. Competition L. & Econ. 349 (2006).
Contracts
* Jacobsen v. Katzer (Fed. Cir. Aug. 13, 2008). This ruling has been hailed as a validation of open source licenses, but I’m not sure what to make of this opinion. If the opinion merely says that breach of a copyright license can support copyright infringement, that’s no big deal. However, among other conspicuous omissions, the court does not discuss how the licensor formed a contract in this case. Thus, if the court’s conclusion is that copyright owners can impose conditions on licensees’ enjoyment of their copyright without properly forming a contract, then this opinion could undo the entire scheme of online contract formation. For example, it could support a conclusion that browsewrap-style “contracts”/terms of use should be enforceable as conditions on the accessing of copyrighted web pages. See, e.g., Ticketmaster v. RMG.
* Interactive Retail Management, Inc. v. Microsoft Online, L.P., 2008 WL 3851691 (Fla. App. Ct. Aug. 20, 2008). This is a click fraud case I hadn't heard about previously. Microsoft won at the trial court on jurisdiction grounds. This court revives the lawsuit for more jurisdictional investigation.
* Jeff Neuburger on a Wisconsin case saying that the UCC governs contract formation via email instead of UETA.
* Request for your guidance. Wikipedia has some photos that simultaneously say they are released under both a Creative Commons license and the GFDL. See, e.g., this photo. The license terms are irreconcilably inconsistent. If someone wants to use such a photo, now what?
Competition Restrictions
* Edwards v. Arthur Andersen (CA Sup. Ct. Aug. 6, 2008). The Ninth Circuit was wrong to create a narrow restraint exception to B&P 16600, the California statute voiding non-compete clauses.
* XPEL Technologies Corp. v. American Filter Film Distributors, 2008 WL 3540345 (W.D. Tex. Aug. 11, 2008). Rebecca on an odd case involving (once again) the DMCA anti-circumvention provisions as an anti-competition tool.
Miscellaneous
* Two interesting studies recently about people’s response to spam. Despite the animosity, a quarter of consumers have responded to cellphone spam and 30% say they have made purchases in response to spam. For more complementary statistics and my attempt to explain this seeming dichotomy, see here.
* The First Circuit issued an interesting DMCA 1201 case that I haven’t seen discussed. The BNA summary: “District court properly granted summary judgment to plaintiff cable television service provider on claim that defendants violated Digital Millennium Copyright Act by selling low-frequency signal filters, within plaintiff's service area, that were capable of bypassing plaintiff's pay-per-view billing mechanism, since plaintiff's pay-per-view delivery and billing system is technological measure that effectively controls access to copyrighted works, and digital cable filter allows subscribers to "avoid" or "bypass" that technological measure (CoxCom Inc. v. Chaffee, 1st Cir., 8/4/08)”
* AP v. Moreover settles. My initial post on the lawsuit.
* Funny YouTube video: "Here Comes Another Bubble," set to the tune of Billy Joel's "We Didn't Start the Fire"
Posted by Eric at 08:49 AM | Content Regulation , Copyright , Licensing/Contracts , Marketing , Search Engines , Spam | TrackBack
August 08, 2008
Affiliate Liability Extravaganza
By Eric Goldman
[Note: I recently published a version of this article at InformIT. Here's the pre-edited version I sent them.]
Introduction
This article discusses marketers’ liability for the actions of their marketing affiliates (what I refer to as “affiliate liability”). The affiliate liability issue has become red-hot recently because numerous plaintiffs have taken aggressive legal positions seeking to expand the boundaries of affiliate liability. In three recent rulings, courts have emphatically rejected these expansive liability arguments. Even so, it seems likely that plaintiffs will continue to look for ways to expand affiliate liability, and despite the favorable rulings, defendants often settle a lawsuit alleging affiliate liability rather than establish their rights in court.
Affiliate Marketing—Good and Bad
Marketers create affiliate programs to outsource marketing decisions to domain experts. For example, independent third parties may have better or cheaper access to subcommunities of potentially interested consumers than a marketer’s employees. An affiliate marketing program compensates these local experts for work and expertise involved to take the marketer’s message to those consumer communities. When it works properly, affiliate marketing programs can play an important role in the broad “invisible hand” economic phenomenon of allocating scarce resources to consumers who value them the most.
Affiliate marketing doesn’t always have this salutary effect. Affiliate marketing programs create payoffs to motivate affiliate behavior, and inevitably some affiliates will try to obtain the payoff without doing the desired activity. Thus, even if the marketer would prefer otherwise, some affiliates might do “whatever it takes” to get paid, including using false advertising or illegitimate marketing mechanisms. Further, the fact that the marketer outsources some choices to affiliates (a necessary part of any affiliate program) can lead to “diffuse responsibility” where the marketer and affiliates point fingers at each other if something goes wrong. Sometimes, when there are multiple tiers of affiliates, it can become effectively impossible to assign responsibility for the wrongdoing.
To bypass these legal entanglements, plaintiffs have sought ways to hold marketers vicariously (automatically) liable for their affiliates’ actions. However, these efforts “break” standard tort law by trying to treat independent contractors as if they are principal-agents without the requisite supervision or authority that typically triggers agency liability. As a result, overexpansive theories of affiliate liability cause marketers to internalize too many costs, curtailing potentially socially beneficial marketing activities or leading to overinvestment in socially wasteful liability minimization schemes.
Plaintiffs Gone Wild: Two Recent Efforts to Expand Affiliate Liability
There have been countless affiliate liability enforcement actions, but I’ll focus on two recent initiatives.
New York Sales Tax Law
State and local taxing jurisdictions have long coveted a way to impose sales tax collection responsibilities on non-resident Internet vendors. In general, these efforts have been stymied by the Supreme Court’s decision in Quill Corp. v. North Dakota, 504 U.S. 298 (1992), which requires a vendor to have a physical presence in the jurisdiction before the taxing entity can impose sales tax collection obligations on it.
New York, however, developed a nifty workaround. In April, it passed a law (Chapter 57, N.Y. Laws of 2008) declaring that a vendor’s marketing affiliates in New York constituted a physical presence in New York by the vendor. If so, New York can impose sales tax collection obligations on remote vendors due to their New York affiliates. As part of its crafty plan, New York tried to induce compliance with a carrot—if remote vendors voluntarily agreed to collect and pay sales tax from New York residents going forward, then New York would grant them amnesty for any back sales tax collection obligations.
Neat trick, but…a small problem: affiliates are independent contractors of the vendor, so this effort to treat them as legally related entities surely doesn’t comply with the Constitution. I suspect a court will confirm this flaw because both Amazon and Overstock.com have sued New York over the law. At the same time, to minimize its risk, Overstock has also tossed all of its New York affiliates overboard. One might question the wisdom of the New York legislators prompting marketers to cut off opportunities for New York online entrepreneurs.
Trademark Owners Claiming Marketers Are Liable for their Affiliates’ Marketing
Another trend: trademark owners are trying to hold a marketer liable for the alleged trademark infringement committed by its affiliates, such as when affiliates purchase the third party trademark as a keyword trigger for search engine ads. Plaintiffs have alleged affiliate liability in at least three lawsuits in the past couple of months:
* DSW v. Zappos.com (S.D. Ohio complaint filed May 12, 2008). For more, see SEOmoz.
* NameSafe v. LifeLock (M.D. Tenn. complaint filed June 26, 2008). For more, see Techdirt and News.com.
* Rosetta Stone v. Rocket Languages (C.D. Cal. complaint dated July 2, 2008). For more, see the WSJ Law Blog.
Courts Weigh In—and Plaintiffs’ Expansive Theories Don’t Fare Well
The efforts to extend liability in the sales tax and trademark contexts are novel, and it’s hard to predict the final outcome because we have limited direct precedent to consult. However, looking at some recent rulings in other contexts, there is good reason to believe that both legal theories go way too far.
CAN-SPAM
Unlike many other areas of the law, CAN-SPAM (15 USC 7705 and 7706) specifically authorizes affiliate liability in the statute. The Federal Trade Commission (FTC) has routinely invoked this provision in its pursuit of marketers promoted by affiliate-initiated spam (for one of the more recent examples, see the FTC’s press release on one of its porn spam busts and settlements). Further, typically when the FTC targets a marketer on an affiliate liability theory, the marketer rolls over and settles rather than fight.
But…a small problem: the FTC’s expansive interpretation of the affiliate liability statute—the basis it has used to procure these settlements from marketers—may not actually reflect the law. In an outcome that didn’t get nearly the press it deserved, in an lawsuit against Impulse Media earlier this year, the FTC took its affiliate liability theories to a jury and lost. This is a huge verdict because (1) the FTC rarely loses in court, and (2) perhaps more importantly, when average citizens evaluate the FTC’s expansive affiliate liability theories, they may balk.
Oddly, the FTC didn’t take no for an answer. It subsequently asked the judge to enjoin Impulse Media even though Impulse Media won the jury verdict. Talk about chutzpah! Not surprisingly, the court declined the request. US v. Impulse Media, 2008 WL 1968307 (W.D. Wash. May 1, 2008).
In another lawsuit, ASIS Internet Services, v. Optin Global, Inc., 2008 WL 1902217 (N.D. Cal. March 27, 2008; unsealed April 29, 2008), a civil plaintiff, ASIS (a serial anti-spam litigant), invoked the CAN-SPAM affiliate liability provision in its anti-spam lawsuit against 20 defendants. One defendant never showed; 18 defendants settled up (as mentioned, the typical response); and only one defendant—Azoogle—persisted in court.
Azoogle is a lead generation company for upstream marketers, and it relies on downstream affiliates to help it generate leads for its clients. Some of those downstream affiliates generate leads via spam. In this ruling, the court rejects Azoogle’s liability for spam sent by its marketing affiliates:
Although ASIS has pointed to significant evidence that Azoogle, during the relevant time period, did little to investigate the third party vendors it engaged, there is no evidence in the record from which a jury could conclude that Azoogle, in contracting with Seamless Media, made a deliberate choice not to know that Seamless Media would engage third parties to send out spam on Azoogle's behalf. The evidence cited by ASIS to establish knowledge on Azoogle's part is entirely speculative. Even assuming it is true that the Emails were sent by a single individual and that the lead was typed into a web site that was copied from Azoogle's lowrateadvisors site, this is insufficient to show that Azoogle consciously avoided knowing that the Emails would be sent. Further, while ASIS relies primarily on the allegation that Azoogle failed to adequately investigate its third-party vendors, ASIS has pointed to no evidence that if Azoogle had investigated Seamless Media prior to entering into the Insertion Order, it would have learned facts sufficient to show that Seamless Media was likely to engage in CAN-SPAM violations. There is no evidence in the record that would put Azoogle on notice that Seamless Media, or Seamless Media's vendors, obtained leads from spammers. Indeed, the only evidence on this subject is that Seamless Media had a good reputation at the time, and was obliged by its contract with Azoogle to follow the law.
Adware
Another recent affiliate liability decision is the remarkable ruling in People v. Direct Revenue LLC, 2008 WL 1849855 (N.Y. Sup. Ct. March 12, 2008), another case that did not get the attention it deserved. Disclosure note: I helped file an amicus brief in this case.
In 2006, the NY Attorney General’s office (NYAG) made the apparent decision that adware vendor DirectRevenue needed to be shut down by any means necessary, and it launched a multi-front attack on DirectRevenue. It publicly posted a website with information about DirectRevenue that had no apparent purpose other than to denigrate DirectRevenue’s reputation. It bullied DirectRevenue’s advertisers, ultimately procuring, and then releasing a hyperbolic press release about, an insignificant settlement that spooked potential advertisers away from DirectRevenue. And finally, it sued DirectRevenue directly.
The NYAG’s actions had their desired effect. Perhaps due in part to the NYAG’s campaign to close DirectRevenue down, DirectRevenue did in fact go out of business. Congratulations to the NYAG for achieving its apparent goal.
But…a small problem: the NYAG’s assessment of DirectRevenue’s legitimacy may have, in fact, been itself lawless, because the court emphatically rejected all of NYAG’s legal theories. This might be amusingly ironic if the NYAG’s anti-DirectRevenue campaign wasn’t such a chilling and crushing misuse of governmental powers.
The opinion is worth reading in its entirety, especially where the court affirms the EULA formation and limits extraterritorial liability. However, apropos to this post, the court rejected DirectRevenue’s liability for allegedly illegitimate software installations made by its affiliates, saying “petitioner has not shown that respondent should be held liable for the actions of those third parties under a theory of agency or ratification, or otherwise.” The court explains:
Dismissal is required with respect to the 22 [installations by] third parties, who petitioner concedes were independent contractors rather than agents of Direct Revenue. A principal is generally not liable for the acts of an independent contractor because of the lack of control over how the contractor's work is performed (Chainani v. Bd. of Educ., 87 N.Y.2d 370, 380-81 [1995]). Neither may the principal be charged with the conduct of even more remote subcontractors (People v. Synergy6, Inc., Index No 404027/03 [Sup Ct N.Y. Co 2006][unpublished disposition][Attorney General's action for deceptive practices and false advertising under GBL dismissed as against email marketing company where fraudulent emails were sent by company retained by agent]). Although exceptions exist, such as where the contractor was negligently retained or supervised (Saini v. Tonju Assocs., 299 A.D.2d 244, 245 [1st Dept 2002]) or where the principal has ratified the wrongful acts (Kormanyos v. Champlain Valley Fed. Sav. and Loan Assoc. of Plattsburgh, 182 A.D.2d 1036, 1038 [3d Dept 1992]), the record here does not support any grounds for departure from the usual rule.
As noted, under the SDA, Direct Revenue contractually required its distributors to obtain consent of consumers consistent with the terms of the EULA. The SDA also forbade the distributors from holding themselves out as respondent's agents. Respondent was not authorized or obligated to control their work, particularly since many of them additionally acted as distributors for various other advertisers. Although in Sotelo v. Direct Revenue, 384 Supp2d 1219 (ND Ill 2005) the court upheld a cause of action against respondent for negligent supervision of distributors, the issue arose on a motion to dismiss and the court thus restricted its inquiry to the four corners of the complaint. Notably, the court stated that it was precluded at that procedural juncture from considering respondent's evidence that the distributors were independent contractors, evidence which, as here, included the SDA.
…
The theory that respondents ratified the alleged third party misconduct also fails. The allegations that respondent had general and/or constructive knowledge of some distributors' wrongful practices are insufficient to impose liability (see, Synergy6, supra; Del Signore v. Pyramid Sec. Servs., Inc., 147 A.D.2d 759, 760-61 [3d Dept 1989][mere knowledge of litigation and complaints against security company for undue force by guards insufficient to impose liability upon hiring firm]; see also Hamilton v. Beretta USA Corp., 96 N.Y.2d 222, 237 [2001]). Moreover, it is conceded that in those few instances in which respondent obtained actual knowledge of a distributor's misconduct, it took significant steps to modify its procedures. A finding of ratification cannot be found upon such facts, notwithstanding that respondent may have benefited financially from its relationship with the distributors before remedial measures were implemented (see Synergy6, supra).
It is my understanding that the NYAG has filed a notice of appeal in this case to preserve its options, but it is still deciding if it will pursue the appeal.
Unfortunately, I’m not aware of the Synergy6 opinion being available electronically, which is a shame because it’s an interesting and relatively early rejection of the NYAG’s expansive affiliate liability doctrines. Due to that ruling (which involved email marketing instead of adware), the NYAG already had good reason to suspect that its predicate theories were dubious, which makes its decision to pursue those theories against DirectRevenue even more lamentable.
Conclusion
This post highlights two seemingly inconsistent trends. Trend #1 is that plaintiffs (private actors or government agencies) are taking very expansive positions on affiliate liability. Trend #2 is that when tested, expansive affiliate liability theories are failing in the courts. These two trends seem to be in conflict with each other. My hope is that trend #2 becomes so strong that it overrides trend #1, i.e., plaintiffs and government actors get the message that they have gone too far.
Unfortunately, in the interim, many defendants will capitulate and settle an expansive affiliate liability claim—even if it’s lawless—because it’s the cheapest path to resolution or because the precedent isn’t strong enough to ensure victory. Perhaps some defendants will realize that the trend is in their favor and will fight back accordingly. More judicial clarity about the line between permissible and impermissible behavior would benefit everyone.
It is also possible that the legal ambiguities of affiliate liability will be resolved by statute. However, despite the defendants’ string of court victories, I see the chances of legislative intervention to curtail expansive affiliate liability doctrines as nil. If anything, it’s more likely that future legislation will codify liability expansion.
For a rare in-depth analysis of affiliate liability, see Jean Noonan and Michael Goodman, Third-party liability for federal law violations in direct-to-consumer marketing: telemarketing, fax, and e-mail 63 Bus. Law. 585-596 (2008) [ABA subscription required to download].
Posted by Eric at 08:04 AM | Adware/Spyware , Derivative Liability , Marketing , Spam , Trademark | TrackBack
May 02, 2008
Spam Revisited: Virginia-style
By Ethan Ackerman
The Virginia Supreme Court revisits its First Amendment holding in Jaynes.
In what is likely a second stroke of luck for criminal spammer Jeremy Jaynes, the Virginia state Supreme Court recently granted a discretionary rehearing on the earlier 4-3 opinion. The Court limited review to First Amendment standing issues. These standing issues were the focus of skepticism in the dissent and in an earlier post on this blog.
The rehearing order is here.
This blog's earlier post discussing the ruling is here.
UPDATE 9/12/08
After granting a discretionary re-hearing, the Supreme Court of the State of Virginia reversed its earlier opinion, and Jaynes' coviction, and held the Virginia anti-spam statute unconstitutionally violates the 1st Amendment. Since the statute covers non-commercial as well as commercial speech, the Court ruled it is unconstitutionally broad. In doing so, the court concluded that its initial reading of Hicks was problematically narrow, and Jaynes properly had overbreadth standing.
Posted by Ethan Ackerman at 03:26 PM | Spam | TrackBack
April 28, 2008
47 USC 230 Trifecta of Cases--Friendfinder, e360insight, iBrattleboro
By Eric Goldman
47 USC 230 cases have been coming at such a rapid clip that I've fallen behind. In this blog post, I'll catch up on three recent cases:
Friendfinder
Doe v. Friendfinder Network, Inc., 2008 WL 803947 (D.N.H. March 27, 2008)
This case involves the publication of a false user-supplied profile on adult dating/hook-up services operated by AdultFriendfinder and Various. Fake dating profiles have been the source of a fair amount of 230 litigation; see, e.g., the Anthony v Yahoo, Landry-Bell v. Various, Doe v. SexSearch, Barnes v. Yahoo, and of course the Carafano case. The Friendfinder case involves two allegations we haven't seen before: (1) when the plaintiff complained, the sites removed the profile but displayed the following message on the profile page: "Sorry, this member has removed his/her profile," which allegedly implied that the plaintiff in fact had authorized the page initially, and (2) portions of the fake profile had been displayed on third party sites as "teasers" to advertise the adult dating services.
The court quickly dismisses the defamation, intentional infliction of emotional distress and various soft tort claims per 230, even if the defendants affirmatively reposted the profiles and even with respect to pull-down menus used to help profile building. This opinion came out before the Ninth Circuit en banc ruling in Roommates.com, but taking Kozinski's disclaimers at face value, the discussion about pull-down menus should have survived Roommates.com.
The court also says that 230 protects the site-authored announcement on the removed profile because "the allegedly tortious nature of those statements proceeds solely from the association they create between the plaintiff and the content of the profile." This might be an important standard to help future courts determine when 230 governs allegations of false marketing representations predicated on bad user info.
The court takes a less defense-favorable direction regarding the right of publicity claim. In direct conflict with the Ninth Circuit's ccBill ruling, this court says that 230 does not preempt state IP claims. Personally, I think this court got the statutory construction right and the Ninth Circuit got it wrong. As this court correctly explains, a court cannot interpolate the word "federal" into 230(e)(2) if it uses intellectually rigorous statutory interpretation.
Having left open the state IP claims, the court (also correctly, IMO) says that a right of publicity claim is an IP claim while any other invasion of privacy claim (i.e., the other three prongs of Prosser's four privacy torts) is not.
The court also survives the plaintiff's allegation of a Lanham Act false designation of origin claim with respect to the use of the false profile in the advertising teasers. But why didn't the court examine the application of 230 to this Lanham Act provision, which arguably isn't an IP claim? I think the court considered the false designation of origin claim, as applied to a false endorsement, to be equivalent to a right of publicity claim, but it would have been nice for the court to unpack this assumption.
The litigation over teaser content raises a question that's been bothering me for some time--when is republication of user-supplied editorial content (in this case, the dating profile) as teaser content on third party websites legally governed as commercial advertising? Teaser editorial content is ubiquitous, but it also serves a marketing function that could (should?) be regulated by commercial advertising restrictions such as the right of publicity. Hey, if you're looking for a paper topic, I think this issue (use of user content in teaser content as a right of publicity issue) is a good one.
More discussion about this case: CMLP, Rebecca, Jeff Neuburger, John Leonard
e360Insight
e360Insight, LLC v. Comcast Corp., 2008 WL 1722142 (N.D. Ill. April 10, 2008)
e360 is an email marketer/alleged spammer. Comcast blocks their emails from getting to Comcast subscribers. e360 sues Comcast for a variety of torts. The court sweeps all of the claims away on a judgment on the pleadings per 230(c)(2), saying that spam filtering constitutes the blocking of objectionable content contemplated by the statute. Further, agreeing with the Kaspersky case, the court says that any good faith requirement in the statute is subjective, not objective, and e360 didn't plead any evidence of subjective bad faith. Case dismissed.
This opinion adds to the burgeoning caselaw under 230(c)(2) showing that it will crunch claims by anyone upset that their communications are being filtered. As applied to an IAP like Comcast, I think this raises an interesting angle in the net neutrality debate. If you're looking for a paper topic, it seems like it would be timely to recap 230(c)(2) jurisprudence and analyze its interplay with other speech-preserving doctrines (must-carry laws, Constitutional free speech restrictions, net neutrality, consumer protection requirements of disclosure, etc.).
iBrattleboro
Mayhew v. Dunn, 580-11-07 (Vt. Superior Ct. March 18, 2008)
This is a simple and clean opinion. The defendants operate the iBrattleboro.com website. A third party posted material to the website that allegedly harmed the plaintiff. The website operators get a judgment on the pleadings. Case dismissed. This is a nice illustration of 230 working exactly as it should. Some useful color on the case from CMLP.
Posted by Eric at 10:27 AM | Derivative Liability , Publicity/Privacy Rights , Spam | TrackBack
April 21, 2008
Still Standing? Catching Up on the Jaynes Case
By Ethan Ackerman
Virginia's 1st-Amendment-deficient Spam law is still standing, but only because the Va. Supreme Court closely split over whether Jeremy Jaynes had standing to challenge it.
A cynic could dismiss the most recent ruling in this fairly well-covered and dissected criminal spamming case with the familiar legal adage - "bad facts make bad law." But cynics never read this blog...
So what happened?
Jeremy Jaynes was apparently quite the spammer, until he got caught in 2003 sending large volumes of commercial solicitations to AOL users via email messages with forged or misleading headers and From: addresses. As a result, he was charged with criminal violations of Virginia's spam laws. The initial appeal in this case was covered in an earlier post.
At the Va. Supreme Court, Jaynes brought up the same three primary challenges (lack of jurisdiction, Dormant Commerce Clause violations, and 1st Amendment overbreadth/vagueness violations) he raised at the Court of Appeals. He had the same unsatisfactory (for him) results. This previous post detailed where the Va. Court of Appeals' resulting opinion left things wanting on the First Amendment and jurisdiction front. If all was the same old-same old, however, I wouldn't be writing a separate post on the Va. Supreme Court's follow-up ruling. This opinion is a bit more rigorous, but runs into trouble (in my, and the 3 dissenters', minds) over First Amendment issues. As a result, this post is only going to focus on the First Amendment issues of the case. Spam law junkies looking for Dormant Commerce Clause, CAN-SPAM, or jurisdiction issues can read the next paragraph and then go here instead.
Hey wait? What about CAN-SPAM?
Astute readers may wonder where or if the federal anti-spam law comes into play here. The spamming in question took place in July 2003, before the passage of the effective date of the federal CAN-SPAM Act. While there's some question as to what degree this case, and other state laws on spam, could have been preempted by the federal anti-spam laws if it'd happened later, CAN-SPAM wasn't a retroactive law, and it didn't offer retroactive immunity.
On to the First Amendment (or outside it, in this case)
On appeal, Jaynes argued that the Virginia anti-spam statute swept overly broad in prohibiting some types of protected speech, in violation of the First Amendment. Virginia's particular prohibition on mislabeling or falsity in emails, commercial or otherwise, makes it particularly vulnerable to a First Amendment challenge. In fact, I'll come right out and say it: by not limiting itself to commercial emails, the law is almost certainly sweeping in emails that are protected under the First Amendment along with the unprotected fraudulent commercial speech that it can target.
There is vigorous First Amendment debate over each of the issues at play here. What degree of First Amendment protection does commercial speech have? Does commercial email get a different amount than other commercial speech? Does it matter if it's false? Misleading? Just in the headers, not in the content? Who decides? What if the emails are unsolicited, or sent in bulk? What if their headers are forged or altered? What if they're not commercial, but are still bulk? What if they're political? What if the 'altering' is just done to make the email effectively anonymous? Many spam cases at the state and federal level have turned on these distinctions. And the last issue - the scope of the First Amendment right to anonymous speech - drew a brief from the Virginia ACLU at each stage.
While the initial appellate opinion dealt unsatisfactorily with some of these issues, the Va. Supreme Court almost entirely sidestepped them. The Court found Jaynes' lacked 'standing' to even raise a First Amendment challenge to the law, and so declined to address the appeals court's findings on the merits of Jaynes' First Amendment claims. The funny thing is, in going out of its way to only decide standing and avoid a ruling on the merits, the Va. Supreme Court had to make almost all the legal and factual findings necessary to decide the merits.
A quick primer on Standing
'Standing' is a legal term of art that means it is proper for a particular person to be in court contesting something. Courts are vigilant about standing issues because most constitutions, state and federal, require that a particular person have it before they can challenge a law or bring a suit against another person. Standing decisions are also used to avoid deciding thorny issues before they're clearly at hand, or sometimes to avoid them altogether if the issue or law doesn't really apply to the person making the claim.
Take an animal lover in New York City, a wildlife watcher in Laramie, a commercial wildlife-watching guide operating in Yellowstone National Park, a wildlife biologist studying wolves at the University of Wyoming, and a wolf rancher operating a private free-range wolf farm outside of Cheyenne. Each of these people might be upset and allege harms related to a Wyoming statute that mandates the shooting of wolves. The law distinguishes between each of these categories by recognizing some and not others according to the principle of standing.
When someone is unfairly targeted by the way a law is enforced, or is actually prevented from doing something, or has been charged with committing a crime, they likely have standing to challenge the law - as it was applied to them. This is called an "as-applied" challenge to a law. It is a challenge only to the particular portion of the law applied to them in their particular facts and circumstances.
When a skateboarding youth contests her citation for loitering at the public park every time she joins up with her friends for a some skating, she's probably not alleging that the entire loitering statute is unconstitutional, or that the police can never issue a loitering ticket, but that a particular biased police officer is unfairly targeting her in a certain way that violates her First Amendment associational rights. This is an example of an "as applied" challenge.
On the other hand, in some cases a suit can be brought challenging a law outright, outside of a criminal or enforcement action. This particular head-on challenge is called a "facial" challenge to a law, and means that the law, as it is written, violates some other law or Constitutional principle. Facial challenges to a law are much less frequent precisely because many times standing is lacking. If Rosa Parks had sued Alabama over its bus segregation laws before she had ever been sent to the back of the bus, she would have had to allege that the law was unconstitutional "on its face," since it hadn't yet been "applied" to her.
Related to a facial challenge is an "overbreadth" challenge. It alleges that a partially acceptable law sweeps 'overly broad,' catching protected activities up along with those that may legitimately be restricted. A "no leafleting without a name and address on the leaflet" law might be constitutional when enforced against a commercial door-to-door vendor, but not when enforced against a political pamphleteer. These different types of challenges matter because many times whether or not a person has standing depends on what type of challenge - facial, as-applied, or overbreadth - they are bringing.
A breath-taking run through the First Amendment 'overbreadth' exception to standing rules.
As succinctly admitted by the Va. Supreme Court in Jaynes, a litigant may have standing to raise an 'overbreadth' claim against a statute even if they did not have standing to raise a facial or as applied challenge, because "the United States Supreme Court has recognized an exception to the ordinary rules of standing when Constitutional claims involve the First Amendment."
Why relax the otherwise good and useful principle of standing? If it works, it works, right? In general yes, but when it comes to speech, extra protection is a good thing, and chilling speech, even potentially, is a bad thing according to the Supreme Court. Better an occasional court case that is somewhat hypothetical than a wide-sweeping law that makes people reluctant to speak because they might step afoul of it. As the US Supreme court explained in Broadrick v. Oklahoma,
Litigants, therefore, are permitted to challenge a statute not because their own rights of free expression are violated, but because of a judicial prediction or assumption that the statute’s very existence may cause others not before the court to refrain from constitutionally protected speech or expression.
So the First Amendment "overbreadth" exception to standing serves to protect against laws that may chill speech. It's clearly a First Amendment protection device, and it's also clearly a procedural exception developed by courts. But which of those is it more like? That seemingly odd question turns out to make all the difference for Jeremy Jaynes' conviction.
A (not Constitutional?) means to a Constitutional End
If the overbreadth exception is an element of federal Constitutional law arising from the First Amendment, state (and federal) courts generally must follow it. Further, any prior Supreme Court rulings on the issue are binding on state courts as well. However, if it is just a rule of standing, albeit one that happens to protect important First Amendment interests, then state courts are generally free to apply it or reject it according to the laws of their own state. Much like setting filing fee prices, or specifying the number of days in which a motion must be filed, or whether a particular state recognizes "psychotherapist-client" privilege, standing rules can and do vary from state to state.
So is the overbreadth exception required by the First Amendment, or is it just a procedural rule that can be varied by pretty much any court or a state legislature? This kind of distinction - where a remedy or process guards a Constitutional right but (is or) isn't mandated by the Constitution - pops up in quite a few important Constitutional cases. Shockingly enough, reasonable people disagree, both in the US and in other countries with free speech laws facing similar questions.
Perhaps the most obvious US example of this distinction, and a helpful analogy, is the status of several procedural protections under the Fourth Amendment prohibition on warrantless searches. If police violate (or just plain don't get) a warrant but search a suspect or her premises anyway, does the Constitution require that any evidence seized be suppressed? Can the victim of the illegal search sue the police? The Supreme Court goes several ways depending on the question. In at least some cases, the Constitution itself provides a "Constitutional" right to sue, in other cases the suppression "remedy" or standing to sue turn on statutes or standing rules that may vary from state to state to federal law.
These types of inconsistencies seem to be creeping into overbreadth doctrine as well, with some legal scholars warning against the trend away from a Constitutional view and toward a 'mere' procedural standing view. The same challenge seems to be facing other common-law countries with free speech rights as well.
OK, OK, the answer already...
It turns out that the US Supreme Court may have already answered this particular question - or at least suggested a likely answer. In Virginia v. Hicks, even though the Court was ruling on the question of the degree to which enforcer discretion rendered a 'no loitering' statute overbroad, the Court also stated that state court standing rules, not the First Amendment or any other Constitutional considerations, determined whether the Virginia court even had to hear Hicks' overbreadth challenge. According to a brief paragraph in the unanimous majority opinion written by Justice Scalia, "Whether Virginia’s courts should have entertained this overbreadth challenge is entirely a matter of state law." The Virginia Supreme court says this answer is good enough - Virginia courts can choose whether to hear an overbreadth challenge.
But is this the full answer? Hicks is admittedly an on-point ruling on an overbreadth challenge. But is this really the best way to take Justice Scalia's preliminary (precatory?) statement? Concluding that state court protections of 1st Amendment rights are optional makes no sense. See Amendment 14, U.S. Constitution. Perhaps a better reading is that in Hicks, Scalia was saying that the Virginia court was free to choose whether to step above the federal constitutional overbreadth 'floor' and choose or decline to hear Hicks' overbreadth challenge because then-existing overbreadth doctrine didn't cover Hick's challenge. This 'overbreadth doctrine standing is a floor, not a ceiling' argument is perhaps the better reading.
To the State law, then...
In Jaynes, the Va. Supreme Court seized on the Hicks language in an effort to avoid admitting the Virginia spam statue is overbroad and infringes on the First Amendment. But how?
In a word, narrowly. 4-3, the state Supreme Court declined to hear Jaynes' First Amendment claims by holding that Virginia state law only required that overbreadth standing be granted to someone actually able to allege the statute in question was unconstitutional 'as applied' to them - effectively collapsing overbreadth challenges in state court into an 'as applied' challenge - at least in commercial speech cases. Of course the majority didn't couch its opinion like that, taking pains to state that the opinion preserved overbreadth standing in most cases but only denied it to those commercial actors whose speech was clearly outside of the protections the First Amendment grants commercial speech.
Wait, I thought they weren't going to decide the First Amendment issue?
There are several shortcomings with the Jaynes majority opinion. The most glaring inconsistency is the choice to decide that Jaynes' commercial speech, by virtue of its falsity or tendency to mislead, isn't the type of commercial speech entitled to First Amendment protection. The court says:
Jaynes’ commercial speech would fail the initial requirement for First Amendment review under Central Hudson Gas and Fox because it is “misleading” on its face. In that circumstance, it is reasonable not to accord the speaker of such misleading commercial speech, admittedly unprotected in its own right, standing to vicariously raise the First Amendment claims of others.
At first glance, this seems reasonable - it is, after all, a correct statement of First Amendment law under the so-called Central Hudson test. The Supreme Court's various First Amendment commercial speech tests all use truthfulness and non-deceptiveness as an initial threshold, one of the more certain principles in this somewhat varying field. Jaynes' commercial spamming rather clearly fell on the false/misleading/illegal side of the First Amendment line.
That non-controversial decision was a decision on the underlying First Amendment issue in the case, however. It is exactly what the Virginia Supreme Court majority was saying couldn't be made because Jaynes lacked standing. Jaynes petitioned the court to address the First Amendment issue of overbreadth. The Virginia Supreme Court declined, concluding "Because we hold the standing issue is dispositive, we do not address the [First Amendment merits] analysis." In other words, Jaynes lacked standing to raise a First Amendment issue, and so it would be inappropriate to rule on that First Amendment issue. But to come to that standing conclusion, the Court decided the First Amendment issue of whether Jaynes' speech was the type of speech entitled to First Amendment protection.
So what else is wrong?
The three member dissenting opinion of the Virginia Supreme Court (from p. 33 on) takes issue with the majority ruling. It does so not on the tangential issue of its internal inconsistency I raised, but head on. To paraphrase the dissent, 'you've got it wrong, there's a reason every other court, state and federal, does it the other way.' The dissent delves into the important First Amendment principle of avoiding laws with a chilling effect on speech. It reiterates that this vital principle is the reason for an exception to the general standing doctrines. The dissent emphasizes the inconsistency between state and federal law on this issue. The dissent notes, and wisely the majority previously conceded, that in federal court Jaynes would have had standing. That's not just inconsistent, the dissent notes, but it will push cases construing Virginia statutes out of Virginia courts (where they now can't be brought) and into federal courts. It's Virgina's courts' job to construe these laws, the dissent please, and Virginia courts' job to remedy them if needed.
Epilogue
As noted last time, Jaynes is out of any mandatory appeals. This Virginia Supreme Court case was a discretionary review. Any US Supreme Court case would also be discretionary. As other bloggers have noted, this case splits the general Supreme Court trends on First Amendment issues, furthering the Supremes' trend of narrowing standing, but also offering less First Amendment protection to commercial speech than the likely-more-protective current Supreme Court might.
UPDATE 9/12/08
After granting a discretionary re-hearing, the Supreme Court of the State of Virginia reversed its earlier opinion, and Jaynes' coviction, and held the Virginia anti-spam statute unconstitutionally violates the 1st Amendment. Since the statute covers non-commercial as well as commercial speech, the Court ruled it is unconstitutionally broad. In doing so, the court concluded that its initial reading of Hicks was problematically narrow, and Jaynes properly had overbreadth standing.
Posted by Ethan Ackerman at 09:44 AM | Spam | TrackBack
March 2008 Quick Links, Part I
By Eric Goldman
It's a sign of my busy March/April that I am just now posting these...
Reputation/47 USC 230
* I have a lot to say about the JuicyCampus story (AP, MSNBC, Chronicle of Higher Education). Unfortunately, I ran out of time to write a full blog post on the subject. For now, some quick thoughts about this interesting and complex situation:
- Taken to its logical conclusion, 47 USC 230 naturally enables sites to do absolutely nothing to restrict harmful speech. (I'm not saying that accurately describes JuicyCampus--I don't have enough facts to make that claim). However, that's not an unexpected failure of the statute--it's the natural consequence of the statute's design. Any concerns about the costs of unrestricted speech fora need to compared with the costs of more regulated systems. It's not clear that one result is automatically better than the other, and certainly there are costs implicit in all solutions. Sam Bayard explores this issue more.
- Sites that lack credible information will face marketplace responses regardless of any legal rules. In JuicyCampus' case, the marketplace responses include consumers deeming the site not credible, plus intermediaries (in this case, universities) may simply block access by its core users.
- Any possible legal action by the New Jersey Attorney General over JuicyCampus' facilitation of harmful speech should be unambiguously preempted by 47 USC 230--even after Roommates.com.
- The attempted legal bypass to 47 USC 230--trying to convert a negative covenant from the users in the user agreement into an actionable affirmative marketing representation by JuicyCampus--is analytically corrupt. It's also not the law, and it's been rejected in several 230 cases (Noah v. AOL comes immediately to mind). Rebecca has more to say on this issue.
- If negative behavioral covenants by users in a user agreement are actionable affirmative marketing representations that such behavior isn't occurring, then the Internet is a target-rich ecosystem because I imagine that just about every Internet company is eligible for enforcement actions.
- Isn't it typical of an enforcement action to go after the target's vendors (in this case, JuicyCampus' ad networks) and watch them instantly fold?
- This issue reminds us that a website can't promise its users anonymity if it allows anyone else (such as an ad server) to serve up portions of its page and thereby have the ability to collect the same server log data.
* Ciolli v. Iravani: The AutoAdmit lawsuits spill over into a new battleground. As I said when I first blogged on the case, this is a "very messy situation" that has only gotten messier.
* Nemet v. ConsumerAffairs.com. Another lawsuit against an online consumer review site for publishing allegedly defamatory negative critiques.
* Steinbuch v. Cutler, 2008 WL 596747 (8th Cir. Mar. 6, 2008). Steinbuch's lawsuit against Hyperion, the publisher of the Washingtonienne book, can continue in Arkansas. His other claims must proceed in Washington DC if at all.
* Washington Post: Due to the speed at which gossip moves over the Internet, "compared with the pre-Internet era, politicians are less likely than ever to survive a sex scandal with their careers intact."
* H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism, 56 U. Kan. L. Rev. 369 (2008). Prof. Holland wrote a paper I had been meaning to write! He explains how 47 USC 230 enables online communities to use a variety of self-governance structures, while a different liability regime would give communities fewer choices and thereby inhibit community formation and management.
Search Engines
* A Canadian web network called Geosign received $160M of VC money but the company was rendered worthless overnight when Google changed its policies and cut off traffic. Domainers beware!
* New book worth checking out: WEB SEARCH: MULTIDISCIPLINARY PERSPECTIVES (Amanda Spink & Michael Zimmer, eds.) (Springer 2008). A nice cross-section of essays on search engine issues from multiple disciplines.
* Need some original content to improve your SEO? You can automatically generate it through splogging, or you can pay actual humans a small amount of money to write short articles. If the cost is low enough and the SEO credit for truly original content is high enough, the latter may end up being a better economic deal.
Spam
* The FTC has lost a jury trial against Impulse Media on its theory that Impulse Media is liable for the spam sent by its affiliates. This is a pretty important decision because (1) the FTC/DOJ rarely lose at trial, (2) their expansive theories about liability for affiliate behavior may be legally incorrect, and (3) the FTC has strong-armed numerous defendants into settlements based on its theory, and future defendants now be willing to fight back.
* On that topic, Cyberheat won an early round in litigation with the FTC over its affiliate practices but has now settled up with the FTC. The settlement gives some guidance about the FTC's thoughts of how marketers should police affiliates, but the Impulse Media jury loss may undermine the teaching of this settlement.
Posted by Eric at 08:32 AM | Derivative Liability , Licensing/Contracts , Marketing , Search Engines , Spam | TrackBack
March 02, 2008
Feb. 2008 Quick Links
By Eric Goldman
Advertising
* BusinessWeek: Monetizing social networking sites isn't as easy as everyone had hoped, clickthrough rates are through the floor (0.04%!), and ad proliferation on the sites is driving users away.
* Wilbur, Kenneth C. and Zhu, Yi, "Click Fraud" (January 2, 2008). This paper appears to argue that search engines can increase their profits by failing to disclose the true rate of click fraud on their network.
* In re Miva, Inc. Securities Litigation, 2008 WL 450037 (M.D. Fla. Feb. 15, 2008). This lawsuit alleges that Miva and some associated individuals understated or misreported Miva’s reliance on click fraud, spyware and third party distributors in its public statements and thus inflated the company's stock price. Last year, the court dismissed many of the allegations but let a couple survive. In this ruling, the court dismisses a few more defendants from some statements and lets the rest of the case proceed.
* Going-out-of-business sales are often just another scam. (HT ContractsProf). Note this is completely consistent with economists’ theoretical predictions of final-period behavior of trademark owners.
* Google's stock has lost $70B in market cap in 7 weeks. Oh darn. Clickz offers some theories about why Google's clicks are declining. Could lower rates of click fraud be part of it?
* Hal Varian, Google's Chief Economist, argues that Google's marketplace success is solely due to its "secret sauce" (i.e., the advantage of learning by doing) rather than any defects in the marketplace.
Spam
* Jaynes v. Virginia (Va. Sup. Ct. Feb. 29, 2008). By a 4-3 vote, the Virginia Supreme Court upheld Jeremy Jaynes' 9 year sentence for violating Virginia’s spam law.
* Silverstein v. Experienced Internet.com, 2008 U.S. App. LEXIS 3364 (9th Cir. 2008). Ninth Circuit dismissed a CAN-SPAM lawsuit for lack of jurisdiction when the defendants attest that they didn't send the message and aren't local.
Domain Names
* NSI has been sued for its practice of grabbing pre-registration domain names based on WHOIS searches. The complaint. Good luck defending those practices, NSI!
* Two more breathy articles about the economics of domaining from the New York Times and Network World.
47 USC 230
* Johnson v. Barras, 2007 CA 001600 B (DC Superior Ct Feb. 1, 2008). Court dismisses a lawsuit against a website for republishing a defamatory story per 47 USC 230.
* Yet another doomed lawsuit against MySpace for facilitating communications between an adult male and an underage female that led to sex. Sam Bayard's comments.
Pornography
* NY Lawyer (login required): "Defense Bar Sees Growing Practice in Internet Sex Crimes"
* A federal obscenity prosecution for publishing graphic short stories (without pictures) on the Internet? As Tim Wu says, "astonishing."
* The Utah legislature is considering entering the marketplace again, this time through a certification mark program for Internet access providers who are willing to combat porn. See HB407. Of course, the Utah legislature has had terrific success in the past creating successful new business opportunities that the marketplace has overlooked.
User-Generated Content
* Nick Carr: "What we've seen happen with self-regulating communities, both real and virtual, is that they go through a brief initial period during which their performance improves - a kind of honeymoon period, when people are on their best behavior and rascals are quickly exposed and put to rout - but then, at some point, their performance turns downward. They begin, naturally, to decay." Like, I think, Wikipedia.
* Slate on the top-heavy nature of contributions to Wikipedia and Digg.
* Christian Science Monitor: Teachers Strike Back at Students' Online Pranks.
* Sam Bayard on a motion to quash in the AutoAdmit case.
Reputation
* eBay no longer lets sellers leave negative/neutral feedback for buyers. This putatively stops sellers from retaliating against buyers who leave legitimate complaints, but it also skews the database towards only positive reviews, which ultimately undercuts its credibility.
* In India, where courtships remain very brief by US standards and grooms can be paid dowries by the bride's families, there is an emerging trend for brides to hire "wedding detectives" to ferret out the scoop on grooms and whether their representations are correct.
* Funny article on being a secret shopper for Consumer Reports.
* Dan Solove's book, The Future of Reputation, is now available online for free. Ethan's review of the book.
Patents
* Six years later, eBay finally buys it now: eBay v. MercExchange settles with eBay buying out some of MercExchange's patents and licensing others.
* Mike Masnick: "Psst! Patent Examiners Do Not Scale"
Copyright
* Mike Masnick: “Why We Should All Want Politicians Who Plagiarize.”
* Do Not Resuscitate...My Copyrights (funny).
Miscellaneous
* Citizen Media Law Project has a useful discussion on getting insurance for cyberlaw risks.
* People v. Fernino, 2008 WL 382348 (N.Y. City Crim. Ct. Feb. 13, 2008) (woman violated a no-contact order when sending a MySpace message to the person).
* Mike Masnick: "We Need A Broadband Competition Act, Not A Net Neutrality Act"
* A retrospective on some of the leading dot-coms from the 1990s.
Posted by Eric at 05:32 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Marketing , Patents , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
February 12, 2008
Jan. 2008 Quick Links (Non-IP Edition)
By Eric Goldman
47 USC 230
* Doe v. SexSearch, the case absolving a website for age verification of its users, has been appealed.
* The Supreme Court denied cert in Parker v. Google. See 2008 WL 114262.
* NYT update on the Subway v. Quiznos lawsuit. I'm still waiting to see how the CCBill case affects the legal analysis.
Ripoff Report
* CMLP reported that Energy Automation Systems v. Xcentric Ventures has settled.
* A lot of people would love to take down the Ripoff Report. The latest (perhaps unexpected) opponents--the SEO crowd. See here, here and here. Definitely not a group I'd want to have gunning for me...
* Sarah Bird wrote the blog post I wanted to write: a recap of all of the litigation involving the Ripoff Report and its related entities. She updates a number of cases I've blogged about here.
Privacy
* The quest to find defendants in the AutoAdmit lawsuit has spilled over to unrelated websites whose URLs were posted to AutoAdmit, on the theory that AutoAdmit users were likely to have visited there prior to or after the links were posted. See the plaintiff's motion. This has proven to be a controversial move; see critiques from Mike Masnick and Sam Bayard.
* World Privacy Forum's Top Ten Opt Outs.
* The Privacy Rights Clearinghouse has compiled a master list of all the data breaches that have been announced.
Spam
* Venkat on 4 years of CAN-SPAM. I think the best we can say is that CAN-SPAM hasn't destroyed email as a communication tool, but I am skeptical that its significant transaction costs are outweighed by its benefits.
* Search Engine Land shows Wired that its wiki isn't spam-proof and then apologizes for it.
Marketing/Advertising
* Greg Linden predicts a dot-com crash in 2008 where a dry-up of investment capital will lead to marketing desperation: "Much like we saw after the 2000 crash, it is likely that those with little to lose will attempt scary new forms of advertising. The Web will become polluted with spyware, intrusiveness, and horrible annoyances. None of this will work, of course, and there will be lawsuits and new privacy legislation, but we will have to endure it while it lasts."
* Oddee has some vintage ads that couldn't be made today.
Blogging
* Examples of how blogging is actually increasing some companies' sales.
* Giving in to cyberspace exceptionalism, a divorce court judge ordered a husband to stop blogging about the wife. Fortunately, the judge soon realized his error and reversed course, basically throwing up his hands saying "I don't know what to do here." Garrido v. Krasnansky, No. F 466-12-06 (Vt. Fam. Ct. Jan. 14, 2008).
Miscellaneous
* Once again, Mike Masnick says what I was thinking better than I could: "Both Microsoft And Google Are Probably Best Off Shutting Up About Monopolies."
* Wired has a great article on scraping data from major Internet players, many of whom themselves use scraping-like methodologies to gather data: "But beneath all the kumbayas, there's an awkward dance going on, an unregulated give-and-take of information for which the rules are still being worked out. And in many cases, some of the big guys that have been the source of that data are finding they can't — or simply don't want to — allow everyone to access their information, Web2.0 dogma be damned."
* The FTC has cracked down (again) on a website for inadequate security. This time, the e-tailer "Life is good" promised that "all information is kept in a secure file" but a hacker got good stuff (credit card #s, etc.) anyway. The FTC pointed to several deficiencies, including (1) the retailer's failure to store the sensitive data in encrypted format, (2) inadequate efforts to identify and patch security holes, and (3) inadequate monitoring of intrusions.
* Krause v. Chippas, 2007 WL 4563471 (N.D. Tex. Dec. 28, 2007). Court says a website user was bound to the contract when "lead page" of website said "USE OF THIS SITE AND OR SERVICES OFFERED WITHIN THIS FUTURESCOM.COM SITE SIGNIFIES YOUR AGREEMENT TO THIS SERVICE AND USAGE AGREEMENT."
* An interesting British study explains the downsides of government-mandated disclosures to consumers. HT Rebecca.
* I participated in a 30 minute podcasted conversation on the Lawyer 2 Lawyer show on the topic of social networking sites.
* I have 2 copies left of my 2007 Cyberspace Law course reader. First 2 people to email me with a request and their mailing address get them. [UPDATE: Gone!]
Posted by Eric at 05:50 PM | Derivative Liability , Licensing/Contracts , Marketing , Privacy/Security , Spam | TrackBack
December 14, 2007
Oct.-Nov. 2007 Quick Links, Part 2
By Eric Goldman
Marketing/Branding
* To stimulate demand for its services, the British postal service is pointing out that snail mail is a good way to use olfactory marketing. Try to keep up with THAT, spammers! But doesn't this give new meaning to the observation that “junk mail stinks”...?
* Dunlop Tires offered a free set of tires to people who would get a tattoo of the company's logo. This tops a past promotion where they gave free tires to anyone who got tire tracks shaved into their hair. As a promotion, tattoos have an obvious advantage over hair-shaving because hair grows back. See my comprehensive post on tattoo advertising.
* As the Internet increases price competition and reduces margins in the jewelry market, diamond manufacturers are trying to prop up prices by branding their diamonds.
* Another lawsuit over the scorching-hot Hannah Montana concert tour—this time, alleging that the Hannah Montana fansite overpromised priority access to tickets.
* Anthony v. Yahoo, which involved a claim that Yahoo misled consumers of its dating service, has settled for $4M.
* I enjoyed this YouTube Video, Mr. Spam Man. Brought to mind the Spam-Free-or-Die video, which is still funny today.
Copyright
* William Patry on crazy copyright rulings against the “segOne,” a device that allows retailers showing broadcast TV to their patrons to substitute in ads sold by them instead of the ads sold by the broadcasters.
* Textile Secrets International, Inc. v. Ya-Ya Brand, Inc. (C.D. Cal. Oct. 31, 2007). 17 USC 1202 (the restriction on modification/removal of “copyright management information”) has been rarely interpreted, so this is a noteworthy case on that basis alone. This case involved the removal of CMI in offline activities. The court concludes "Court nevertheless cannot find that [1202] was intended to apply to circumstances that have no relation to the Internet, electronic commerce, automated copyright protections or management systems, public registers, or other technological measures or processes as contemplated in the DMCA as a whole."
* The Copyright Office has (finally) updated its electronic copy of Title 17.
Blogging
* David Hoffman discusses some considerations when structuring a group blogging LLC's operating agreement.
* U.S. v. Citgo Petroleum Corp., 2007 WL 4116066 (S.D. Tex. Nov. 19, 2007). An attendee at a trial blogs some of her observations about the jury. Her reward? One of the litigants can depose her as having potentially relevant information about jury impartiality. See my first-hand experience with potentially being deposed due to a blog post.
E-Commerce
* College students are ordering tires, pool tables and Winchester rifles online.
* The Canadian taxing authorities have won a victory allowing them to order eBay’s US company to disclose vast amounts of transactional data that presumably will be cross-checked against Canadian PowerSeller tax returns.
Miscellaneous
* Express Media Group, LLC, v. Express Corp., No. C 06-03504 WHA (N.D. Cal., May 10, 2007). Martin Samson's summary: "Court finds defendant, who claimed to have purchased plaintiffs' Express.com domain for $150,000 from someone who purported to be, but was not, the domain's Administrative Contact, guilty of conversion and directs defendant to return the domain to plaintiffs."
* Fallout from the Oracle v. SAP case: SAP may sell TomorrowNow, and several TN executives have been axed.
* A good use for a geolocated cellphone-mediated information service: the location of the nearest public toilet.
* Declan rallies against a federal "Do Not Track" list.
* NYT: US News & World Reports is getting into the consumer review business by aggregating third party opinions. According to the NYT, "The magazine has searched the work of dozens of automotive reviewers at newspapers and magazines, assigned a numerical value to each review (a process U.S. News describes as complex, rigorous and top secret), and then aggregated those into final scores. The Web site offers a description of each vehicle, sprinkled with snippets of quotes from those reviewers, so that it reads as much like a Zagat's restaurant blurb as something you might find in Consumer Reports."
* Don'tcensorme.com: a website for commenters who believe that their comments have been deleted by moderators on hubris overload.
* BusinessWeek: 101 Best Web Freebies.
Posted by Eric at 08:20 AM | Copyright , Domain Names , E-Commerce , Marketing , Privacy/Security , Spam | TrackBack
December 11, 2007
Facebook v. ConnectU Update
By Eric Goldman
Facebook, Inc. v. ConnectU LLC, 2007 WL 4249924 (N.D.Cal. Nov. 30, 2007) (denying sanctions); Facebook, Inc. v. ConnectU LLC, 2007 WL 4249926 (N.D.Cal. Nov. 30, 2007) (dismissing individual defendants)
You may recall the intertwined relationship between ConnectU and Facebook. ConnectU was a dorm-room project at Harvard. The students hired Mark Zuckerberg to help with the programming. Shortly thereafter, Zuckerberg started a competitive site called Facebook, instantly spawning acrimony between the parties that persists until today. Facebook is now allegedly worth $15B, ConnectU is worth a trivial fraction of that, and both parties seemed destined to pour their entire net worth into suing each other into oblivion. At the rate they are going/spending, all of the lawyers' kids will be able to afford Harvard where they can make their own "friends" in the dorms.
There are 2 main battlefronts. ConnectU and its owners are suing Facebook and Zuckerberg in Massachusetts alleging that Zuckerberg ripped off their IP. Facebook is suing ConnectU in California for allegedly harvesting user email addresses from Facebook and spamming the users with competitive exhortations. In my previous post on the Facebook v. ConnectU lawsuit, I explained how ConnectU cleaned out some of the harvesting/spam related claims.
These two latest rulings relate to the Facebook v. ConnectU lawsuit as well. In one ruling, the court dismisses three of the individual defendants (Cameron and Tyler Winklevoss and Divya Narendra) because they are not subject to jurisdiction in California. Facebook initially sued in California state court, which concluded that it lacked jurisdiction over these three individuals, a result that Facebook tried to relitigate in federal court. This court responds: "Even if the Superior Court reached an incorrect legal determination, the outcome is conclusive. Facebook 'does not now get a do-over.'"
In the other ruling, the judge rejects Facebook's claim for sanctions against ConnectU and some of the individual defendants. Facebook's argument is based on an apparent inconsistency in claims made by the defendants in the California state court and the Massachusetts court (in CA, defendants claimed that Narendra was a member of ConnectU's LLC; in Massachusetts, the defendants claimed he wasn't). The court determines that the facial inconsistency is actually reconcilable (due to a Delaware law that allows retroactive membership in an LLC combined with the different times the fact was asserted) and rejects sanctions accordingly, although the judge suggests that the Massachusetts court might feel differently about sanctions.
Collectively, these two rulings represent yet another preliminary skirmish between the parties before they reach any substantive evaluations of any of their respective claims. Given that the ConnectU v. Facebook lawsuit has been going on for 4 years, that's a lot of wheel-spinning. C'mon Facebook, throw the ConnectU folks a billion or two so that you can free up your time to focus on more pressing matters, like how to generate revenues without abusing your users' privacy.
Posted by Eric at 09:15 PM | Spam | TrackBack
December 10, 2007
Yale Reputation Economies Symposium Recap
By Eric Goldman
Reputation is a hot topic in Cyberlaw circles, so the Yale ISP conference on Reputation Economies in Cyberspace came at a propitious time. Some of my meta-observations from the talks.
1) We lack a uniformly accepted definition of reputation. During the conference, it was clear that most speakers were working with their own idiosyncratic definitions. Without a standardized definition, people can easily talk past each other.
2) Reputational systems are everywhere--FICO scores, letters of recommendation, Google PageRank, product review sites like Epinions, spam filters, employee evaluations, etc. I plan to catalog them in my next big paper. For now, Jonathan Zittrain gave two interesting examples: (1) British pubs are now taking patrons’ fingerprints and publishing a blacklist of rowdy pubgoers to other pubs, and (2) websites allow angry drivers to criticize bad drivers by license plate number.
3) We often treat reputation as a monolithic assessment (good or bad), but it is granular and contextual. Reputation systems need to reflect these nuances, and we’re seeing movement in that direction. For example, eBay is considering more granular feedback scores, which might entail different scores for product description accuracy and shipping speediness. However, increased granularity is subject to the accuracy/simplicity tradeoff—increased complexity improves accuracy but makes it more costly to participate in the system.
To overcome the accuracy/simplicity tradeoff and reduce collection costs, reputational data can be collected automatically. Bill McGeveran compared Facebook’s automatic collection of recommendations through Beacon with ratemyprofessor.com (a site I’ve critiqued before--1, 2, 3), where the communication costs discourage students from providing feedback unless they hold extreme views (i.e., love it/hate it).
Jonathan Zittrain suggested that people should be able to request that some information should not become part of their reputation. He gave robots.txt as an analogy; it is a voluntary standard that web publishers can use to keep content (that might have reputational implications) out of the search engines, which in turn significantly reduces its visibility. Although robots.txt is voluntary, it is widely followed. Jonathan thinks a similar voluntary system might be helpful for reputational data.
4) As noted by several speakers, reputation has economic value that can be converted into cash. For example, spammers have better delivery success—and thus make more money—if they can work with a high-reputation email address that is less likely to be blocked/filtered, and an seller with high feedback commands premium prices for his/her auctions. These payoffs create incentives for “bad guys” to capitalize on undeserved reputation, leading to the hijacking of high-feedback accounts and feedback-inflating activity (such the serial consummation of penny auctions) that can be used for a short but intense burst of fraud.
Bill McGeveran gave Facebook’s Beacon as another example of reputation’s selling power. In that case, Facebook and marketes are engaged in “reputational piggybacking” to get extra credit from the “recommending” user’s validation.
Because reputation has economic payoffs, we are tempted to provide property-like protections for reputation. Trademark law is an example of this in the commercial context. In contrast, with respect to individuals, damaged reputations can have significant non-economic harms that are not well-handled through property systems. Discussions about legal protection for reputations can get confusing when economic protectionism are conflated with these non-economic harms.
5) No reputational system will be perfectly accurate. Any system will have Type I and Type II errors. So how accurate must a reputational system be for it to be credible? We should assess this question by comparing a reputational system’s errors against the errors from alternative systems (or the absence of the system altogether).
A reputational system might be improved through more robust error correction mechanisms. Jonathan Zittrain gave the example of the Google News feature that allows a quoted individual to add comments right below the article. This reminded me a lot of Frank Pasquale’s asterisk proposal.
6) Reputational information is time-sensitive in that more recent reputational information is more useful to assessing reputation. Jonathan Zittrain proposed a concept of “reputational bankruptcy” where "old" information could be permanently suppressed because it is not useful to make future assessments. He analogized this to the time-based degrading of eBay’s feedback score, which segregates transactional information by date (i.e., 1 month, 6 month, all time).
More resources on this topic:
* notes from my talk
* my article on the intersection between online word of mouth and trademark law
* the collection of position papers from the event
* other recaps: the conference wiki, Jenny Ambrozek, James Grimmelmann, Aldon Hynes, Greg Lastowka, Andy Oram, Frank Pasquale (1, 2), Rebecca Tushnet (1, 2, 3, 4), Michael Zimmer
Posted by Eric at 10:27 PM | E-Commerce , Publicity/Privacy Rights , Spam , Trademark | TrackBack
November 21, 2007
Search Redirection Tool Could Be Trespass to Chattels--Burgess v. EForce
By Eric Goldman
Burgess v. EForce Media, Inc., 2007 WL 3355369 (W.D.N.C. Nov. 9, 2007)
Every now and then a consumer goes on a me-vs.-the-world bender and decides to unilaterally save society by suing everyone in sight. Burgess' anger over unwanted advertising may have sparked such a campaign. His previous appearance on the blog involved his pro se lawsuit against American Express and many other major brand names for unwanted pop-up ads. In that ruling, the court intimated that advertisers could be liable for contributory trespass to chattels.
In this companion action, Burgess sued a number of defendants for spam. The court rejects his CAN-SPAM claim for lack of standing (he doesn't qualify for the limited private causes of action).
Burgess also sued for the installation of search redirection client software, claiming it was a privacy invasion, trespass to chattels, and "illegal conduct." The defendants first tries to dismiss the claims as preempted by CAN-SPAM, but CAN-SPAM's preemption clause does not apply to generally applicable laws like privacy invasions and trespass to chattels. Nevertheless, the magistrate report (approved by the judge) dismisses the privacy invasion claim for failure to state a claim, saying:
While the undersigned shares in plaintiff's frustration with the internet and the unconscionable applications that interfere with one's use and enjoyment of technology--and at times display offensive websites--frustration of purpose is not an invasion of privacy. Further, the undersigned cannot find any North Carolina case recognizing a cause of action for invasion of privacy based on computer viruses that redirect internet searches or inquiries, or any cases that would suggest that similar such conduct in other fields would support such a claim.
The "illegal conduct" claim was also dismissed.
On the other hand, building on Burgess prior ruling in state court, this court refuses to dismiss the trespass to chattels claim. Citing to Sotelo and others, the court says that Burgess' "pro se pleadings are not a model of clarity but nevertheless suffice to state a claim for trespass to chattels. He sufficiently alleges actual possession of his computer and 'unauthorized, unlawful interference' with his use of this personal property." So the Sotelo precedent marches on, even though this court (as with the prior Burgess court) doesn't acknowledge Hamidi, Mummagraphics or the other cases that would put these expansive trespass to chattels rulings in serious doubt.
As a result, Burgess' case lives to see another day. I'm sure we haven't heard the last from him!
Posted by Eric at 02:32 PM | Adware/Spyware , Publicity/Privacy Rights , Search Engines , Spam | TrackBack
October 09, 2007
Spam Crime Loss Not Measured by Defendant's Gain--US v. Kilbride
By Eric Goldman
US v. Kilbride, 2007 WL 2774487 (D. Ariz. Sept. 21, 2007)
Kilbride and his co-defendants are porn spammers who have been convicted of obscenity charges and criminal violations of CAN-SPAM. They face very long jail sentences. Their prosecution has produced a number of interesting/groundbreaking rulings, but this post focuses on the court's discussion about sentencing for CAN-SPAM crimes.
Spam crime sentences are governed by Sec. 2B1.1, the sentencing guideline applicable to theft. In 2004 comments to the Sentencing Commission, my former Marquette colleague Michael O'Hear and I expressed some concern about this model for measuring spam losses, particularly that it would significantly overcount the harms caused by spam.
As far as I know, this is the first case discussing the measurement of harm/loss in a CAN-SPAM crime sentencing. The court does a good job evaluating the evidence. First, contrary to the fears Michael and I expressed, the judge correctly ignores any alleged harm to end user-recipients because there was no evidence these individuals suffered a pecuniary loss. Second, the court largely rejects the government's argument that the loss should be measured by the defendants' gain (over $1.1M in profits). Instead, the judge only gives credit to the evidence showing that AOL suffered less than $10,000 of "loss" from the porn spam, computed by AOL's cost to investigate complaints over the spam (the government did not present evidence for other email service providers). As Michael and I explained in our comment, I'm not even sure AOL's investigation costs should count as a loss attributable to the defendants, but at least the dollar amount is comparatively low.
So while I'm still not sure 2B1.1's loss table is the right way to measure spam harms, it's heartening to see the judge resist overcounting. At the same time, it's impossible to ignore the significant litigation costs over this issue. Porn spammers have lots of money and face long jail sentences, so it isn't surprising that they will fight vociferously over loss calculations. Perhaps there are better ways of measuring loss that would reach fair results without these heavy litigation costs.
UPDATE: The defendants were sentenced to 5 years each.
Posted by Eric at 01:19 PM | Spam | TrackBack
August 13, 2007
2007 Cyberspace Law Syllabus
By Eric Goldman
I've posted my 2007 Cyberlaw syllabus. Unlike the past few years, which were a little slow cyberlaw-wise, the past 12 months saw a lot of important developments. Let me recap some of changes I made to my reader reflecting these developments:
Additions
Copyright: I added the Cablevision case (after editing out some of the mind-numbing description of cable technology), which provides an interesting exposition on how the source of bits matters in copyright law (we'll reinforce that message with the Amazon.com "server test"). I companioned the Cablevision with the Field case to show a very different philosophy about "volitional" server activity, so I'll ask the students to see if they can reconcile the two cases.
I struggled with how to handle the Ninth Circuit's troika of Perfect 10 opinions. The opinions are long, complicated and irresolute, but it's hard to discuss one without discussing the other two. I decided to include all three but I don't feel great about that decision, given that it takes 115 pages (about 1/6 of my total reader) to work through the three cases, and I'm not sure students will come away any smarter about Ninth Circuit online copyright law after reading all three.
Trademark. I substituted the FragranceNet case for the 1-800 Contacts v. WhenU case. The 1-800 Contacts case remains a very important keyword law precedent, but as a teaching case it was just so-so. The adware subject matter increased the complexity, and it punted on the most interesting question of search engine liability. However, most of the other recent keyword law cases have been even less teachable. Fortunately, the FragranceNet case does a pretty job of recapping the 1-800 Contacts case as well as other recent decisions, and it frames the policy issues nicely. I've paired it with the Playboy v. Netscape case, which will make a good compare/contrast. However, if the Second Circuit gets off its duff, I'd be thrilled to substitute in the court's opinion in the Rescuecom appeal. (I'd be even more thrilled if the court reaches the "right" result!).
I also updated my materials to reflect the Trademark Dilution Revision Act.
230. I continue to stick by the seminal Zeran case, which remains both powerful precedent and a colorful teaching case. However, this year I added the Ninth Circuit hairball Roommates.com opinion. I really didn't want to--it's such a messy opinion--but I think for now the case represents a vitally important incursion into 230 law that any good Cyberlawyer needs to know about it (even if they don't know what to do about it). If we're lucky, perhaps the Ninth Circuit will rehear the case en banc and issue a new and more lucid opinion before I have to teach the existing opinion.
In addition, I created a new module on "blogs and social networking sites" and added the Doe v. MySpace case, a great opinion for exploring the differences between online and offline "premises."
Spam. I teach spam at the semester's end, when time is running out, so we'll see what I'm actually able to cover this year. I've added two recent cases: the Mummagraphics case, which wiped out a lot of state anti-spam laws and has a nice interplay with trespass to chattels, and the MySpace v. theglobe.com case, which has an odd contrast with Mummagraphics on the state anti-spam statutory analysis; plus it shows how online contracts can substitute for legislative rights.
Other. I added some explanatory material, including my standard dog-and-pony CLE presentations on keyword law and blog law and my brief distillation of social networking site law. I also updated the CRS on Spyware.
Other Changes
* I eliminated my standalone section on "search engines" and folded the material into the rest of the reader. I think there's pedagogical value to isolating and deeply exploring search engine issues, which is why I initially segregated the material. However, search engine issues crop up throughout the foundational material, so I'm not sure that segregation worked.
* I deleted the following material:
- Corbis v. Amazon. This was an excellent case to teach 512, but I think the ccBill case superseded it in a number of respects.
- the district court opinion in Perfect 10 v. Google, which was superseded by the Perfect 10 v. Amazon Ninth Circuit opinion.
- 1-800 Contacts v. WhenU (as discussed above)
- Alaska SB 140, which I ran out of time to discuss last year.
Deliberately Excluded
* The Utah anti-keyword advertising law represents one of the most important statutory changes of the year, but I omitted it because I anticipate Utah will modify it, and there's no point teaching a moot law.
* I skipped the Unlawful Internet Gambling Enforcement Act. I've generally shied away from teaching online gambling in Cyberlaw; the topic requires a lot of time to teach, making it hard to squeeze into a semester-long survey course. Plus, the new law is an analytical mess, so I'm not sure what the students would get out of the discussion.
* We were so excited to get the California Supreme Court's Barrett v. Rosenthal ruling, but the actual opinion doesn't add much to Zeran, so I thought it wasn't worth the time.
Posted by Eric at 07:57 AM | Adware/Spyware , Copyright , Derivative Liability , Internet History , Search Engines , Spam , Trademark | TrackBack
August 06, 2007
CAN-SPAM Defendant Awarded $111k in Fees/Costs--Gordon v. Virtumundo
By Eric Goldman
Gordon v. Virtumundo, 06-0204-JCC (W.D. Wash. Aug. 1, 2007)
I believe this ruling represents the first time that a CAN-SPAM plaintiff has been ordered to pay attorneys' fees and costs to a defendant. As a result, it's a leading example that courts can and do grow tired of bogus anti-marketing lawsuits, and perhaps it will serve as an expensive warning to CAN-SPAM plaintiffs to ensure the merits of their lawsuit.
Gordon is an uber anti-spam plaintiff, leading countless CAN-SPAM lawsuits. (Ethan blogged a little on Gordon's litigation here). As the court describes, Gordon runs a "spam business"--basically, a for-profit plaintiff litigation shop to go after spammers (the court also calls it a "litigation factory"). The court doesn't seem very impressed with this business model. Having already dismissed the lawsuit's substance, the court repeatedly rips on Gordon for bringing a junk lawsuit, saying that "The Court finds that Plaintiffs’ instant lawsuit is an excellent example of the ill-motivated, unreasonable, and frivolous type of lawsuit that justifies an award of attorneys’ fees to Defendants" and "the Court finds that the goal of deterrence is particularly relevant here. Plaintiffs should be deterred from further litigating their numerous other CAN-SPAM lawsuits now that they are aware their lack of CAN-SPAM standing."
Along the way, the court interprets the appropriate standard for awarding fees under the CAN-SPAM fee shifting provision. Informed by Gordon's litigation abuses, the court decides that the fee-shifting provision should use the more defendant-favorable "even-handed" standard when evaluating a defendant's fee requests (like it is in the copyright context) instead of the "dual standard" where the plaintiff gets a favorable review on both its fee requests and defendant's fee requests (the latter standard thus encourages plaintiffs to bring lawsuits without the fear of a loser-pays ruling). The court correctly notes that Congress really wasn't trying to enable lots of private lawsuits from CAN-SPAM, so the risk of chilled plaintiffs is appropriate in this context. As the court says, "Promotion of prolific private CAN-SPAM litigation is not what Congress intended." Thus, this ruling paves the way for CAN-SPAM defendants to request and get attorneys' fees when faced with bogus CAN-SPAM claims.
More generally, I remain frustrated that so much regulatory attention is focused on curbing marketers' abuse while comparatively little attention is given to curbing marketing plaintiffs' abuse. But make no mistake--every new anti-marketing law with a private right of action will stir up more action than some chum thrown into shark-infested waters. As I think I've mentioned before, I have a Westlaw alert set up on TCPA cases, usually triggering several alerts each week, and the amount of wasted judicial resources is stunning--there is a steady and mind-numbing stream of rulings over whether TCPA lawsuits are covered by advertising injury insurance; whether (in light of the business relationship exception) TCPA plaintiffs have enough in common to form a class; whether the TCPA preempts state law; and lawsuits where plaintiffs try to get standing to sue under TCPA provisions that are clearly specified as enforced only by the FTC or FCC. In other words, most of the rulings relate to largely procedural squabbling before the parties even get to the substance of the marketer's allegedly impermissible behavior. What a colossal waste of society's resources.
Fortunately, rulings like this one (and others I've blogged about based on anti-SLAPP and Rule 11 sanctions) suggest that plaintiffs can and do go too far and that courts won't ignore this either. But it remains to be seen how well these sanctions work at curbing litigation abuse. At minimum, I hope this award convinces Gordon that his "spam business" may not be as profitable as he initially thought.
HT: Venkat
Posted by Eric at 01:45 PM | Spam | TrackBack
August 01, 2007
July 2007 Quick Links, Part II
By Eric Goldman
Virtual Worlds
* After a remarkable run as media darlings, Second Life is now experiencing some of the inevitable backlash. Case in point: Wired's "How Madison Avenue Is Wasting Millions on a Deserted Second Life." In this respect, Second Life reminds me a little of Keen.com--both provide fantastic platforms for monetizing user-generated content, but that powerful economic platform is likely to take root primarily in the sin businesses (porn, gambling, etc.). (FWIW, Keen.com appears to have cleaned up the dial-a-porn and is now focused exclusively on dial-a-horoscopes). As a result, it will be interesting to see what happens to Second Life's numbers in response to their anti-gambling crackdown. Meanwhile, lawyers--the classic late adopters--are gushing about Second Life's potential as a business generator--an interesting counter-perspective to the Wired article.
* World Copyright Law Report: "Some residents have been using a rogue version of a program called CopyBot to make a copy of anything in the Second Life world, thus threatening to undermine the whole basis of the Second Life economy."
Wikipedia
* More marketers wake up to the value of inserting links into Wikipedia despite Wikipedia's nofollow tag. See my earlier explanation of this. Meanwhile, a Wikipedia administrator talks about what Wikipedians consider white hat practices for marketers.
* Willing to cite to Wikipedia in your legal briefs? Need some custom-tailored authority to support your argument? Edit Wikipedia to say what you want!
* Mike Godwin has become Wikimedia’s GC. You may recall that Mike and I bet about Wikipedia’s future; it appears he has raised the stakes on that bet substantially!
User Generated Content
* "GC's Client from Hell": Whole Food's CEO John Mackey pseudonymously posted about his company's stock and his competitor's stock on Yahoo Finance. The WSJ article has some of the juiciest postings. The NYT on CEO "sock puppetry."
* A restaurant owner used consumer reviews from Yelp as part of deciding to fire employees.
* Interesting interview with the pseudonymous founder of a pay-for-Diggs business.
Blogs
* The ABA Journal has entered the crowded field of blawg directories with one of their own.
* Blawgworld 2007: 77 blawgers chose their favorite posts, which were compiled into an e-book. The compilation turns out to be a great way to get noisy blawgers to promote their brilliant contributions to the e-book, which generates traffic and link love for the publisher, which in turn creates a nice delivery vehicle for sponsored content/advertising.
Miscellaneous
* Asch Webhosting, Inc. v. Adelphia Business Solutions Investment, LLC, 2007 U.S. Dist. LEXIS 52932 (D. N.J. July 23, 2007). IAP terminates customer based on complaints that customer was a spammer. Court holds that the consequential damages waiver applies, effectively negating customer's alleged damages. Rejecting the customer's argument that the termination was in bad faith, the court says: "Plaintiff’s arguments about the accuracy of the spamming complaints do not change the Court’s determination because regardless of the ultimate accuracy or veracity of the spamming complaints, defendant was entitled to rely on those complaints so long as it did so in good faith, and plaintiff has not demonstrated any bad faith by defendant." HT: Technology Law Update.
* Consumer Law & Policy Blog: "companies in two recently filed federal cases explicitly invoke [the recent Supreme Court decision in] Leegin as a justification for terminating the eBay auctions of competitors that charge lower prices online."
* Declan on whether anti-spyware vendors are screening for "fedware" (government keystroke loggers designed to capture data before it's encrypted).
Fun
* More proof that technology can save lives: During a power outage at a hospital, doctors were able to complete a surgery using the light of open cellphones.
* I’m a new fan of Oddee. Some recent posts (it helps to think about sexual connotations when interpreting the photos):
- "15 Unfortunately Placed Ads."
- "Most Unfortunate Logos Ever"
- "Unfortunate Business Names.”
Posted by Eric at 11:06 AM | Adware/Spyware , E-Commerce , General , Internet History , Marketing , Spam , Virtual Worlds | TrackBack
July 02, 2007
June 2007 Quick Links
By Eric Goldman
* Spam cases are coming at a regular clip, and it's tricky divining the latest state of the law. Two recent cases that caught my attention:
- US v. Impulse Media Group, 2007 WL 1725560 (W.D. Wash. June 8, 2007). This case involved a porn site that used affiliate marketers who didn't comply with the porn spam labeling requirements. The government argued that the advertiser should be strictly liable for this breach, but the court fairly emphatically rejected that (same as Cyberheat). But the news isn't all good for the defense, as the court also rejected its SJ motion, showing that the question of scienter about affiliate behavior remains a tough one for courts. Venkat's writeup.
- Kleffman v. Vonage Holdings Corp., No. 07-2406 (C.D. Cal. May 22, 2007). A nice complement to the Facebook v. ConnectU case, each holding that aspects of California's anti-spam laws are preempted by CAN-SPAM. In this case, the targeted behavior was the fact that the emailer may have used multiple email addresses to bypass electronic spam filters, but there wasn't anything false/deceptive about each email itself. See the BNA write-up and Venkat's writeup. I've lost track of the preemption cases, but it seems like state anti-spam laws are really getting munched after the Mummagraphics case.
* NYT on the pros/cons of captchas.
* Goodmail has expanded its pay-to-email system to Comcast, Cox, Roadrunner and Verizon.
Intellectual Property
* In Explorologist v. Sapient, involving the posting of a video deconstructing Uri Geller's act, the defendant is arguing (per CCBill) that 47 USC 230 preempts British copyright law.
* A rushed high school yearbook editor downloads lots of Facebook photos and adds them to the yearbook to fill space. Not a good idea!
* Techdirt: Who owns the right to license the design of military weapons to toy manufacturers?
* Marty on intellectual property protection for sexual activity.
Contracts
* A California man claims he bought a Gateway computer that never displayed text properly. Is he bound to the clickthrough agreement displayed on bootup? If this is the only way Gateway presented its contract, the answer should be no.
* At a conference at Southwestern Law School, I heard Prof. Lon Sobel talk about "idea submission" law. He illustrated the phenomenon that "where there's a hit, there's a writ": he suggested that hit TV shows produce an average of 6 "you stole my idea” demand letters. The great 1980s movie Coming to America produced 12 such letters, which resulted in 7 actual lawsuits. Interestingly, Prof. Sobel made the case (implicitly, not explicitly) that there is no separate law of "idea submissions," but rather any such doctrines are subsumed within standard contract law.
eBay
* eBay has changed its stance towards fighting counterfeiters, and it now does more policing itself.
* eBay shill bidder pays $400k to settle with NY AG.
Social Networking/Blogs
* The NCAA kicked a reporter out of the stadium for live-blogging the event. Tip to NCAA: It’s neither possible nor wise to control the flow of real-time information. Get over it. HT: Techdirt.
* Just came across this article: Stacey Schesser, MySpace on the record: The admissibility of social website content under the Federal Rules of Evidence, First Monday, volume 11, number 12 (December 2006).
* Wired: 7 MySpace sex offenders busted.
Marketing/Advertising
* AMCO Ins. Co. v. Lauren-Spencer, Inc., 2007 WL 1795970 (S.D. Ohio June 20, 2007). Insured offers jewelry from a website. Third party claims that the insured's jewelry constituted copyright infringement. Insured tenders the lawsuit to her insurance company under the advertising injury policy. Insurance company seeks a DJ of no coverage. The court says that the website constitutes advertising for the products, and so the policy applies to photos of the allegedly infringing jewelry items, even if the photos themselves were created by the insured. Observation #1: The advertising injury policy is very helpful to web businesses. Observation #2: Due to cases like this, I suspect insurance companies are reducing their willingness to offer advertising injury coverage to web businesses.
* Taylor v. XRG, Inc., 2007 WL 1816142 (Ohio App. Ct. June 21, 2007). The defendant was a vendor retained by bulk fax senders that handled consumer responses, including opt-outs from future faxes. Court held that the vendor wasn't liable for any TCPA/state anti-junk fax laws allegedly broken by the fax sender.
* Newish ad format: ads running 2 seconds in duration.
Search
* It's taken me a while to digest some of Google's new efforts. First, Google released two tools (a new toolbar button and a new personalized tab) to anticipate searchers' needs based on their past searches. Second, Google expanded its search history to incorporate all aspects of a user's searching through its services (what it calls "web history"). Meanwhile, Google has reduced its storage of personalized search data from 18-24 months to 18 months before that data gets anonymized. FWIW, I've been using Google personalized search since November 2005 (presumably, some of my data will be flushed any time now). Google has now captured almost 12,000 searches (with a high so far of 255 searches in a single day). Despite this, Google still doesn’t do a good job making predictions for me.
* Another great study from Jim Jansen (see the last one I blogged about). This one presented identical search results branded from different search engines and found that consumer ratings of relevancy varied based on the brand (Yahoo and Google came out on top). The logical inference--branding does matter to perceptions of relevancy. HT: SEL.
* Matt Cutts on the various ways humans affect Google search.
Domain Names
* Denmark's .dk TLD registry has enacted rules targeted at wiping out domainers. See here (Sec. 8.3.6).
* What's hotter than iPhones? iPhone-related domain names.
Adware/Spyware
* Declan on the latest legislative rally against spyware, the Senate's Counter SPY Act.
* The FTC issued final approval for the DirectRevenue settlement of $1.5M. Commissioner Leibowitz dissented, saying the cash payment was too light.
Online Reputations
* Avvo has filed a motion to dismiss the lawsuit over its ratings of attorneys. The motion is very heavy on the 1st amendment and very light on 230. HT: WSJ Law Blog.
* The Washington Post gushes about Reputation Defender and its competitors, without really acknowledging the value of reputational accountability or the potential for takedown/pushdown abuse.
* Entrepreneurs figured out a way to game FICO scores. Fair Isaac will try to close the loophole.
* Ed Magedson of Rip-Off Report was the victim of a vicious harassment campaign demanding that he remove complaints from the site.
* Lengthy NYT article on Wikpedia. Not much new there, but it does hint at the young age of Wikipedians, and it talks about how "pride of ownership" motivates Wikipedians.
Other
* June 26 was the 10 year anniversary of the classic Reno v. ACLU Supreme Court opinion.
* The NYT has launched a new technology blog called BITS.
Posted by Eric at 02:37 PM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , Domain Names , Internet History , Licensing/Contracts , Marketing , Search Engines , Spam , Trademark | TrackBack
June 03, 2007
May 2007 Quick Links
By Eric Goldman
Spam
* MySpace Inc. v. The Globe.com Inc., No. CV 06-3391 RGK (C.D. Cal. Feb. 27, 2007). This case has some personal interest because theglobe.com was one of my flagship clients before I left the law firm in 2000. This ruling held theglobe.com liable under CAN-SPAM, California's anti-spam law and the user agreement for spamming within the MySpace network. See the BNA writeup. Among other remarkable angles of this ruling, the court upholds the liquidated damages clause based on the anti-spam restrictions in the contract. Based on this adverse judgment, in April the parties settled for over $2.5M —basically, all of theglobe.com’s remaining cash, leaving its survival in serious jeopardy.
Domain Names
* Domainers are hot. Business 2.0 article on Kevin Ham, a major domainer who has wildcarded Cameroon's .cm TLD. NYT article on NameMedia, which owns 725,000 domains.
* From the AP: Entrepreneurs loaded up on Virginia Tech- and victim-related domain names following the massacre.
Marketing
* Broadway producer Scott Rudin was annoyed that the New York Times' website published user-submitted reviews of his play. To tweak them for doing so, the play cherry-picked some comments from the users' submissions and ran them in ads for the play with the attribution "The New York Times Online." An NYT editor objected to that attribution because it connoted an editorial judgment of the paper, rather than the paper's readers. Read the fun back-and-forth between Rudin and the editor.
* From the Washington Post: Billboards are the second-fastest growing ad category (after the Internet) due to increased traffic congestion and new digital billboard technology. And a technologist has developed eye-tracking technology that may let billboard advertisers accurately count eyeballs.
* Optima Funding, Inc. v. Strang, 2007 WL 1430699 (Cal. Ct. App. May 16, 2007). A mortgage company said it never sent unsolicited faxes or authorized anyone to do so on its behalf, but it did use lead generation companies. Strang sued Optima repeatedly in small claims court for TCPA violations. Optima struck back with a 17200 claim, basically saying that Strang was falsifying evidence to connect Optima to the faxes. In this ruling, the California Appellate Court upholds Strang's anti-SLAPP motion to strike.
* NYT: Custom postage stamps haven't really caught on. (Note: I just tested on them in my IP course exam).
* NYT: "The High Price of Creating Free Ads." Advertisers may not save any money by relying on user-generated ads. See my previous blog post about the legal costs of UGC ads.
* Rebecca discusses false advertising developments in one of our least favorite 1201 cases, Static Control v. Lexmark.
* AP: Wisconsin bar owner gets a ticket for serving Coors Light beer using a Miller Lite-branded tap. He should have known better than to cross the only major brewery still in Brewtown by serving Colorado beer.
Search Engines
* Brodsky v. Yahoo (C.D. Cal. complaint filed May 11, 2007). A stockholder derivative lawsuit against Yahoo alleging that Yahoo inflated its stock price by hyping its ad businesses. I read through the lengthy complaint and found it mostly nonsensical. For example, consider this allegation of wrongdoing: "whereas Yahoo!’s rivals were paying high-traffic vendors to route traffic through their Web sites, Yahoo! was charging large vendors for access and was dependent on that revenue to make its revenue targets, making Yahoo!’s Web site a less desirable location for vendors to drive traffic to." Huh? Search Engine Land has more.
* Google has blacklisted all term paper websites from its AdWords program. Reminds me a little of Macellari v. Carroll
Intellectual Property
* Grisman v. YouTube, Inc., C-07-2518 (N.D. Cal. May 10, 2007). Second class action lawsuit against YouTube (and third major broadside, including the Viacom lawsuit). Appears to be highly derivative of the Football Association Premier League lawsuit (see the WSJ Law Blog for more on this).
* Clark v. Amazon.com, CIV S-05-2187 (E.D. Cal. May 10, 2007). Clark published a book, sold 187 copies and gave away 234. He sued Amazon (and other online booksellers) claiming that he alone had the exclusive right to distribute the book, so their resales were infringing. Amazon responded that the resales were covered by the First Sale doctrine. Clark responded by saying that Amazon sold more copies than he sold/gave away, but that's because Clark mistakenly believed that a seller's lifetime transactions rating were all based on sales of his book. Summary judgment for Amazon.
* Like other content producers, pornographers are feeling the sting of online competition--especially due to the low barriers to entry of amateur-produced content.
* From Washingon Post: Appraisers are going to war over recycling of data they generate during appraisals, which they claim violates promises made to them. When I was guest-blogging at Concurring Opinions, I blogged on the possible IP angles of this dispute.
* BusinessWeek: "Faking out the Fakers: Faced with a tidal wave of counterfeit goods, companies are turning to secretive sci-fi technology. But crooks catch on fast." It's like the analog version of DRM.
* The USPTO's collection of aural TMs.
Miscellaneous
* Bray v. QFA Royalties LLC, 2007 WL 1306517 (D. Colo. May 3, 2007). Posting a suicide note on a private franchisee-group's website isn't grounds for termination of franchises. See Wiggin and Dana's writeup.
* Nazaruk v. eBay, Inc., 2007 WL 1417287 (10th Cir. May 15, 2007). In a non-substantive opinion, the 10th Circuit upheld the venue clause in eBay's user agreement. My post on the district court opinion.
* Washington Post article on individuals declaring "email bankruptcy," i.e., deleting everything in their in-box and starting afresh.
* To mitigate risk, the Concurring Opinions multi-contributor blog has been converted into an LLC.
* University of San Francisco has created a single page aggregating blogs from the entire USF community.
Posted by Eric at 12:59 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , Internet History , Licensing/Contracts , Marketing , Search Engines , Spam , Trademark | TrackBack
May 31, 2007
Pew 2007 Spam Survey
Pew has updated its periodic survey on user attitudes towards spam. Its conclusion:
Spam continues to plague the internet as more Americans than ever say they are getting more spam than in the past. But while American internet users report increasing volumes of spam, they also indicate that they are less bothered by it than before. Users have become more sophisticated about dealing with spam; fully 71% of email users use filters offered by their email provider or employer to block spam. Users also report less exposure to pornographic spam, which to many people is the most offensive type of unsolicited email. Spam has not become a significant deterrent to the use of email, as some observers speculated it might when unsolicited email first began flooding users’ inboxes several years ago. But it continues to degrade the integrity of email. Some 55% of email users say they have lost trust in email because of spam.
Deborah Fallows, the report writer, speculates on why users are less bothered by spam, She hypothesizes:
* users are receiving less porn spam
* users are savvier about identifying spam
* more users are using filters, hiding their email addresses and engaging in other smart practices
Interestingly, these explanations appear to be largely independent of legislative efforts to curb spam. Obviously CAN-SPAM targeted porn spam, and the FTC has brought some enforcement actions, but my gut tells me that any reduction in porn spam is due to improved technological filtering, not the law. Otherwise, it seems like technology and evolving social practices are helping users cope with spam.
Previous material on this topic:
* Spyware, the Pew Report, Anti-Terrorism Efforts and Coping with Spam
* Where's the Beef? Dissecting Spam's Purported Harms. Lamenting the passage of CAN-SPAM, I wrote:
Even if CAN-SPAM beneficially affects the flow of unwanted e-mails, any legislative solution seems inherently empty. Without legislative intervention, society will find ways to cope with spam, just as we have with other media. Meanwhile, entrepreneurs will continue to develop better tools to sort wanted and unwanted communications. Thus, more patience with the spam “problem” might have facilitated the development of superior results organically.
Posted by Eric at 11:17 AM | Spam | TrackBack
May 28, 2007
Facebook's Lawsuit Against Competitive Email Harvesting Continues--Facebook v. ConnectU
By Eric Goldman
Facebook, Inc. v. ConnectU LLC, 2007 WL 1514783 (N.D. Cal. May 21, 2007)
A universal truth of the digital era: a website displaying user email addresses will be targeted by email harvesters sweeping up those email addresses to spam the users--either to poach a competitor or to send bona fide spam. This is hardly a new phenomenon; I can't believe it's been almost a decade since eBay's competitor Onsale harvested eBay users' addresses and sent competitive spam (an action which prompted eBay to encourage users to adopt handles that weren't the users' email addresses).
Social networking sites have lots of user contact info that makes them juicy targets for the harvesters, so they have had to be particularly vigilant against spammers. In this case, Facebook sued a competitive social networking site, ConnectU, for a harvesting/spam attack. (This isn't the only battlefront between the parties; in separate litigation, ConnectU claims that Facebook stole ConnectU IP). In this ruling, ConnectU moves to dismiss Facebook's claims, with limited success.
The most interesting ruling relates to California Penal Code 502. If you haven't looked at this statute recently, you'll be amazed at its breadth and the fact that it provides for civil remedies in the penal code. The operative provision here restricts "Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network." Apparently, ConnectU provided a tool that enabled Facebook users to provide ConnectU with their login credentials, which ConnectU then used to grab data from Facebook's servers. (I tested on very similar facts in my 2006 Cyberlaw exam--see Q2). The court has no problem saying that, as alleged, ConnectU knew it was accessing Facebook's servers and took data without Facebook's permission. There have been other 502 rulings in California, but this ruling reminds us of the statute's scope and its utility as an anti-trespass doctrine.
The court also dismisses (with a grudging leave to amend) Facebook's various anti-spam statutory claims. First, the court holds that Cal. B&P 17529.4 and 17538.45 are both preempted by CAN-SPAM. I've lost track of all of the state anti-spam preemption cases, but I think it's significant that the court casually wiped these two California statutes off the books. Second, the court dismisses Facebook's federal CAN-SPAM claim because Facebook didn't allege that ConnectU's emails contained false/misleading header info. (Even if there was falsity, the Mummagraphics court suggests it would have to be material to be actionable).
Posted by Eric at 09:35 AM | Internet History , Spam | TrackBack
May 02, 2007
Utah's "Don't Email the Kids" Registry a "Financial Failure"
By Eric Goldman
A couple of years ago, Utah and Michigan adopted laws creating "don't email the kids" registries (called the "Child Protection Registry"--see Utah's and Michigan's). These laws allow parents to register email addresses held by kids and requires marketers sending email/spam that's inappropriate for kids to check the registry and screen out the kids' addresses.
Policy-wise, these laws are broadly appealing. First, everyone hates spam, so anything that might reduce spam is ipso facto a good thing. Second, this law is designed to protect kids from Internet evils—a politician’s nirvana!
However, I don’t think either of these rationales (reduce spam or protect kids) capture the real reason why these laws were enacted. Instead, I suspect pure-and-simple economic opportunism. In practice, the law is just an email tax. Legitimate companies concerned about legal compliance will pay to check the registry, creating a stream of new tax revenues mostly generated from out-of-staters. (Naturally, illegitimate spammers won’t comply with the law under any circumstance). You can imagine how politicians would eagerly leap at the opportunity to get a couple farthings' tax on email traffic. CA-CHING!
Meanwhile, only one company--Unspam, a for-profit company--operates a "don't email the kids" registry. I can imagine how this could be a great sales pitch to generate demand for Unspam’s services: Hey legislators, enact the law, generate new tax revenues on email traffic, you get an economic windfall, we get a cut, and EVERYONE WINS!
Despite this seductive pitch, we’ve learned that the "don't email the kids" laws are riddled with problems. For example, mechanically Unspam's registry doesn’t try to authenticate that registered emails are associated with kids, turning the registry into an across-the-board do-not-spam registry (something I think isn’t good policy). The law also suffers from the sheer illogic of trying to erect geographic borders on email traffic; a federal district court didn't agree with this concern, but we may not have heard the final word on this point.
Plus, there's the challenge of protecting the privacy of kids' email addresses in the database. As Wendy Davis of MediaPost reported last Fall:
It's now come to light that several weeks ago, a state employee in Utah released the e-mail addresses of four minors to the Email Sender and Provider Coalition. That gaffe occurred even though Unspam--the private agency managing the list--said it was inconceivable that the list would ever be divulged. "Even if ordered by a court or held at gunpoint, there is no feasible way that I, any Unspam employee, or any state official could provide you even a single address that has been submitted for compliance by any sender," Prince reportedly said in an affidavit.
WHOOPS!
Even more problematically, according to the Salt Lake Tribune, the law has been a "financial failure": the law was projected to bring $3-6M in revenues to the state, but gross revenues have been $187,224, split 80% to Unspam and 20% to Utah—netting Utah a grand total of $37,445. Worse, the law has cost Utah a lot of money, including the following directly attributable expenses:
* $58,000-a-year in prosecutorial fees (estimated cost in original law--not sure if this money has been spent)
* $75,000-a-year for a full-time Department of Commerce investigator (estimated cost in original law--not sure if this money has been spent)
* $100,000 for a private lawyer to defend the law in court (under a contract that could cost up to $200,000). Utah undertook this expense only after Unspam incurred $70,000 of defense costs itself and then cried “no mas,” although the Salt Lake Tribune article indicates that during pre-passage discussions, Unspam may have suggested that it would solely bear the defense costs.
I'm sure this law imposes other "soft" costs throughout the Utah governmental system, plus there are the transaction costs and deadweight losses inherent in any tax. But ignoring these indirect costs and evaluating the law strictly on a cash basis, this law still looks like a bad economic decision for Utah.
There is a meta-lesson here: legislatures rarely can add to state coffers via Internet regulation. Unfortunately, Utah hasn’t yet internalized this lesson despite two highly visible failures. First, in 1995, Utah enacted a digital signature law designed to capture a little piece of the e-commerce pie by becoming the safe haven for digital signature vendors--but there were no takers, so the law sat on the books unused for a decade before Utah repealed the law last year. Second, Utah tried again with this "don't email the kids" law and appears to have struck out financially as well.
Amazingly, despite these precedents, Utah keeps trying! Its latest attempt to get a little Internet gravy is the Utah Trademark Protection Act, where Utah plans to tax (mostly out-of-state) keyword advertisers. As Sen. Eastman told BNA, “Utah can be the trademark registration capital of the country, just as Delaware is the incorporation capital.” Not only would the registration fees flow back to Utah and perhaps to a Utah-based registry vendor such as Unspam (which expressed some interest in bidding on the registry contract), but Sen. Eastman thinks the law may stimulate demand for Utah’s trademark lawyers. However, there are good historical reasons to believe that the Utah Trademark Protection Act isn’t likely to fulfill these dreams of prosperity. This is yet another good reason for the Utah legislature to reconsider the law.
Posted by Eric at 03:23 PM | Content Regulation , Internet History , Spam , Trademark | TrackBack
May 01, 2007
April 2007 Quick Links
By Eric Goldman
* Rebecca blogs on CollegeNET, Inc. v. XAP Corp., 2007 WL 927946 (D. Or. March 26, 2007), where a jury awarded $4.5M in damages under 43(a) because the defendant had a privacy policy saying it wouldn't disclose personal information to third parties "without the user's express consent and direction," but when users affirmatively said “yes” to "Are you interested in receiving information about students loans and financial aid?," the defendant sold the name to a third party. This is the right result because the combination of the two statements--we won't disclose to third parties, and a lack of pronouns about who would send the information about loans/financial aid—clearly imply that the information would come only from the defendant. However, it would have been easy to avoid this result! As the court points out, the defendant could have added one more line to the privacy policy ("If you ask for more info on loans/financial aid, we may provide your name to third parties") or pronouns to the call-to-action ("Are you interested in receiving information about students loans and financial aid from us or selected third party vendors?"). While the result is right, the damages sure seem high.
* Claria has taken its PersonalWeb tool out of beta. This tool creates a personalized navigation page for consumers by inferring their preferences rather than requiring them to proactively customize the personalization, which only 10% of users did.
* From BusinessWeek: To capture interest in a hot story, media entities buy keywords like "Virginia Tech massacre" immediately following tragedies.
* MailChannels' technology deliberately introduces latency into its server's handshakes, effectively creating a slow lane for spammers.
* Internet Archive v. Shell has settled. John O. may have more thoughts on this.
* Latest evidence that consumers don't always want to have their say: less than 0.2% of visits to YouTube and Flickr are for the purpose of uploading content.
* Todd J. Hollis' lawsuit against dontdatehimgirl.com has been dismissed for lack of jurisdiction. Unfortunately, the court deliberately sidestepped the 47 USC 230 issue, which would have been a simple way to clear the docket permanently.
* BusinessWeek article on how dictionary-makers are struggling to sort through the proliferation of new well-known words via the web.
* A historian raises some quality concerns about Google's book scanning efforts. I think the metadata issue is particularly serious, as many people will expect Google's metadata to be accurate and will cite it accordingly. HT Rebecca.
* Lawsuit over a botched tattoo. Whoops! Speaking of bad-idea tattoos, check out my archive post on tattoo advertising.
* New York councilman wants to ban "menu spam."
* Thyroff v. Nationwide Mutual Insurance Co., No. 41, 2007 N.Y. LEXIS 264 (N.Y. Mar. 22, 2007), holding that electronic records are protected by a state law against "conversion." This is certainly consistent with some precedent, such as Kremen v. Cohen, 325 F.3d 1035 (9th Cir. 2003) saying that domain names can be converted, but this broad holding seems plainly wrong. With respect to copyrightable electronic records, federal copyright law should preempt state anti-conversion laws. What am I missing?
* Some items that made me laugh this month:
- Dilbert on crowded trademark namespaces
- Comedy Central has the amazing story of My-T-Boy, the cute branded character who lapsed into the public domain
- Marge Simpson googles herself and doesn't like what she sees from the satellite image of her home. Very funny!
Posted by Eric at 06:20 PM | Derivative Liability , Licensing/Contracts , Marketing , Privacy/Security , Spam , Trademark | TrackBack
April 07, 2007
When Congress Giveth, is the Dormant Commerce Clause Taken Away?--Free Speech Coalition v. Shurtleff
by Ethan Ackerman
Free Speech Coalition, Inc. v. Shurtleff, 2:05CV949DAK (D. Utah March 23, 2007)
Why do courts seem eager to use CAN-SPAM's preemption language to give state email laws a free pass from the Dormant Commerce Clause?
Utah's courts and legislatures are earning some scrutiny lately. Seems like the general meme in Salt Lake City is to write laws that pretty clearly reach outside the Wasatch and Cottonwood valleys and touch stuff all over the internets. While some lawyers (like the state legislature's drafting counsel) are trying to reign things in, a recent Utah federal District Court ruling seems to be whipping the horses on.
The Free Speech Coalition, a trade association of "adult" publishers and marketers, has been tackling Utah's Child Protection Registry on several legal fronts for some time, and the challenges have received some coverage (see, e.g., here and here). A recent ruling in the case upholding the Utah act on several fronts has enough interesting tidbits to merit several entries, so this entry will focus on just one - the rather unique results from the intersection of preemption doctrines and the CAN-SPAM Act's preemption safe harbors.
The Harbor that Swallowed the Doctrine?
The District Court denied the Free Speech Coalition's request for a preliminary injunction of the Utah act. Contrary to the Coalition's assertions, the judge said the Utah act did not violate the Dormant Commerce Clause because it was authorized by Congress in the CAN-SPAM act. Several amici supported this argument, including the US Department of Justice and (perhaps somewhat self-interestedly) unspam, the for-profit operator of the Utah registry.
We’ve covered the Dormant Commerce Clause here before. Briefly, the Dormant Commerce Clause (DCC) constitutionally constrains some state laws, but it does not apply when federal law affirmatively authorizes those state laws. The rationale? Congress, not the states, can regulate interstate commerce - but Congress can, if it wants to, delegate its power to the states to do what they couldn't otherwise do.
Judge Kimball says that’s what happened here. Due to CAN-SPAM, he said that "Congress has expressly allowed states to regulate commercial email" by choosing not to preempt some types of state laws related to email. By creating safe harbors for some state laws, Congress effectively immunized them from DCC challenges. Judge Kimball bolstered this conclusion by citing to the similar holding in Beyond Systems v. Keynetics, which also rejected a DCC challenge against a Maryland anti-spam law on the grounds that it was covered by CAN-SPAM's safe harbor.
So why the trend away from applying the DCC? Prior to CAN-SPAM, a court had to evaluate whether a state law impermissibly burdened out-of-state commerce, and no medium is more interstate—and even international—than the Internet. Certainly the judge wasn't declining to apply a rigorous DCC analysis because it was too much work - Judge Kimball did the analysis in a belt-and-suspenders alternate holding. What magical flick of Congress' pen all of the sudden relieves a judge from evaluating the Constitutionality of a state law?
The judges in both Beyond Systems and Free Speech Coalition may be correct that state regulation explicitly authorized by federal law isn't susceptible to a DCC challenge, but it's a big jump to say that this Utah law was explicitly authorized by CAN-SPAM. To reach this conclusion, a court must pile several suspect conclusions on top of each other.
Strictly speaking, Congress didn't explicitly authorize either the Utah or Maryland acts. Instead, it referred to a class of anti-spam laws generally in the CAN-SPAM act. That's not a big deal. Congress can’t easily enumerate every unpreempted state law, and it’s impractical to have Congress update the safe harbor every time a new state law is passed or an existing one is amended. But that's also the Achilles heel of preempting state laws by general reference - we can't really tell if Congress intended to preserve a state law that wasn't even written, or was subsequently amended, when Congress drafted the safe harbor. Thus, in my opinion, the prudent approach is to construe the authorization very narrowly.
In this case, the Utah law only arguably fits into a CAN-SPAM safe harbor. CAN-SPAM has two relevant safe harbors for (1) anti-deception email-only laws, and (2) non-email-specific computer crime laws. He said the Utah act may not fit in the first category but fit into the second category of computer crime laws.
However, to reach this conclusion, the Judge had to wrestle with an internal contradiction: the Utah Act had to relate to spam to qualify for CAN-SPAM’s preemption from DCC analysis, yet the court had to simultaneously say that the law was not email-specific enough that it qualified for the non-email-specific safe harbor.
The likely analytical error here is that CAN-SPAM's preemption safe harbor intentionally sweeps wide beyond email - it's trying not to preempt any laws that don't relate to email. But that same breadth shouldn't act as a DCC shield too. Congress wasn't actually affirmatively blessing certain state email laws. It was merely acknowledging that some state laws might apply to lots of behavior (including email) that Congress would have no problem with. By rough analogy, a federal insurance law might preempt some, but not all, state insurance laws. Unrelated state insurance fraud laws would almost certainly NOT be preempted by the federal law, but that shouldn't excuse those state fraud laws from a DCC analysis.
___
Eric's Comment: I just want to reinforce one point in Ethan's analysis. Based on a straight reading of the CAN-SPAM statute, it is fairly clear to me that CAN-SPAM's exclusion for state computer crime laws meant only medium-neutral laws. Thus, a state email-only crime--like Utah's law here--should be preempted by CAN-SPAM. Otherwise, as Ethan points out, the exception effectively eliminates all preemptive effect of CAN-SPAM because states can freely enact any anti-spam laws--even those that conflict with CAN-SPAM or with other states' laws-- so long as the states attach criminal sanctions to the restrictions. It's possible Congress just screwed this up massively, but for now, my hypothesis is that Congress drafted the preemption language properly and it's this judge who screwed up.
Posted by Ethan Ackerman at 11:12 AM | Spam | TrackBack
March 12, 2007
Affiliate Spam Liability is Fact Question--US v. Cyberheat
By Eric Goldman
U.S. v. Cyberheat, Inc., 2007 WL 686678 (D. Ariz. March 2, 2007)
This case deals with one of the great unresolved Cyberlaw questions: when is an online advertiser liable for the downstream behavior of its media outlets? This question is so important because advertising fuels the Internet economy, both the good--such as the great social benefits produced by ad-supported search engines--and the bad--such as unwanted spam and pernicious spyware. Accordingly, it is critical that advertiser liability policy be set very carefully. Set correctly, bad spam/spyware could dry up. Set incorrectly, the Internet ecology could be destroyed.
Typically, consumer protection advocates favor strict liability for online advertisers. Thus, regardless of advertiser scienter, advertisers should have absolute liability for running ads via unwanted adware or spam. On the plus side, such a theory would probably have the desired benefit of cutting off the flow of advertising to spam and adware.
On the minus side, strict liability for online advertisers also would reduce online advertising across-the-board. Advertisers don’t want the additional liability, nor would they want to spend the time/money to monitor downstream behavior. Perhaps more importantly, I am not aware of any equivalent liability on the part of offline advertisers, so strict liability for online advertisers would represent a type of cyberspace exceptionalism that would likely direct dollars away from online advertisement back to offline advertising.
Interestingly, we have surprisingly little law involving online advertiser liability for media outlets. Statutorily, advertiser liability was enacted in CAN-SPAM and the Utah/Alaska anti-adware laws, but I'm not aware of other statutes. From a case law standpoint, there is surprisingly little precedent. Two relatively recent spam cases, Fenn and Hypertouch, have implicitly rejected strict liability for advertisers (the Fenn case dealt with Utah's anti-spam statute, not CAN-SPAM); in both cases, the advertiser’s use of a contract prohibiting advertising by spam was sufficient to cut off liability for downstream behavior. The Cyberheat case pointed to another case I hadn’t caught before, the Fare Deals v. World Choice Travel.com case, 180 F. Supp. 2d 678 (D. Md. 2001), which also rejected advertiser liability (in that case, for ads running on a website that allegedly infringed trademarks). Finally, there was the recently hyped settlement between the NY Attorney Generals' office and three adware advertisers. However, it's hard to divine much precedent from a settlement, and the chicken-scratch settlement terms imply that the defendants didn't settle because they were quaking in their boots over their legal liability.
(There are other cases, and I haven't done a complete regression to validate this point--but I trust the point is clear that the case law is scrappy and defense-favorable).
The dearth of relevant case law makes the newest case on the topic, US v. Cyberheat, so interesting. The FTC went guns ablazin’ after a porn website for spam sent by its affiliates that allegedly violated CAN-SPAM, arguing under the terms of the statutory advertising liability provision that the advertiser is strictly liable for these spam or should be liable under an implied negligence theory (the case doesn’t use the term “implied negligence,” but the term is designed to characterize the FTC's theory that the facts so clearly establish negligence that the defendant should be liable without any further showing about its mental state).
This tussle over the appropriate scienter requirement appeared to overwhelm the judge, and we get a pretty garbled opinion in response. However, we get one clear statement here: the judge unambiguously rejects strict liability for the affiliate's behavior. Instead, after chasing his tail articulating various vicarious liability/respondeat superior/agency theories, the judge concludes that the advertiser is liable for the affiliate spam only if the advertiser had sufficient knowledge of and control over the affiliates' behavior.
But...how much knowledge and control is sufficient? I have no idea, and frankly, I don't think the judge does either. However, let's look at the facts alleged by the FTC that weren't sufficient to win summary judgment:
* the advertiser didn't have a significant screening process for retaining affiliates
* the advertiser didn't ask affiliates if they planned to do email marketing
* the advertiser had an agreement prohibiting spam but terminated affiliates slowly/inconsistently even when the advertiser received consumer complaints about an affiliate's behavior
* when the advertiser terminated affiliates, it didn't always terminate multiple accounts held by the same affiliate
* the advertiser provided web hosting, marketing and promotional tools to affiliates, including (I believe) serving up the porn images displayed in the emails when opened
The advertiser's principal counterarguments were that it had its contract restriction against spam and that the affiliates were independent contractors. (It was unclear to what extent the advertiser disputed the other facts alleged by the FTC).
So this case will go to trial to determine the advertiser's knowledge/control and whether it acted reasonably under these circumstances. While the FTC might still win this case, this ruling nevertheless must be a sobering wake-up call that the government can't simply allege that liability follows ad dollars and expect to win.
More commentary on this case: Venkat and Reasonable Basis.
Posted by Eric at 03:42 PM | Adware/Spyware , Derivative Liability , Marketing , Spam | TrackBack
March 01, 2007
February 2007 Quick Links
By Eric Goldman
* The California Highway Patrol (which, for reasons unclear to me, has investigatory power here) has concluded that the Angelides campaign did not break any laws when they reverse-guessed URLs on Schwarzenegger's website and found an unrestricted page with a video of the Gov wondering about Assemblywoman Bonnie Garcia's "hot'' temperament because of her mixture of "black blood'' and "Latino blood'' and referring to Assembly Republicans as a "wild bunch." The CHP did recommend that Schwarzenegger's team tighten up their website security. Silly reminder: if you really want keep information a secret, don't put it on a website without password protection.
UPDATE: Greg Haverkamp points me to this document, which explains that the CHP has enforcement power over Penal Code 502 violations involving state computers. Interesting. In my mind, I see Erik Estrada revving up his PowerBook to bust some baddies...
* Voda v. Cordis Corp., 2007 WL 269431 (Fed. Cir. Feb. 1, 2007). Patent owner can't litigate infringement of foreign patent rights in US court as part of supplemental jurisdiction over a US patent infringement claim. Patry's writeup.
* NYT on how YouTube indirectly motivates teens to deliberately do stupid things just for the opportunity to post them and perhaps get notoriety. I had a first-hand observation of this when I trolled through YouTube looking for a Listerine commercial that I might show in class while teaching a case involving Listerine. A search for the word "Listerine" in YouTube produces video after video of people doing stupid things with Listerine, like eating big stacks of their breath film or snorting the breath spray and then writhing in pain. Watching video after video of people repetitively doing stupid stunts, I felt like shouting to these people: "IF YOU'RE GOING TO DO SOMETHING STUPID ON YOUTUBE, AT LEAST BE ORIGINAL!"
* From Steve Bryant at eWeek: Shannon Stovall sues Yahoo for including her photo in Yahoo's welcome email, claiming Yahoo violated her rights of publicity/privacy to the tune of $10M compensatory damages and $10M punitive damages.
* Digg users may mark content they don't agree with as "spam." The most recent example is Danny Sullivan's post on SEO, which got Dugg and then was eliminated when anti-SEO Digg users flagged it as spam. If a website defers content grading to its users, it has to trust that they are reporting their feedback accurately. If they aren't, the whole user grading process breaks down. And speaking of breakdowns, there is an active secondary market for Digg votes--check out how Annalee Newitz bought front page placement on Digg for about $100.
* The always-colorful Chris Hoofnagle has released a new paper, "The Denialists' Deck of Cards: An Illustrated Taxonomy of Rhetoric Used to Frustrate Consumer Protection Efforts." By his standards, I suspect I've dealt a full house with some of my rhetoric! Now, I wonder if he's going to create a complementary deck for bogus rhetorical tactics used by consumer protection "advocates"?
* From the EFF: "Debbie Foster, a single mom who was improperly sued by the RIAA back in 2004 for file sharing, has won back her attorneys' fees." Capitol Records v. Foster, No. 04-1569-W (W.D. Okla. Feb. 6, 2007). Unfortunately, that hasn't stopped the plaintiff from advancing nonsense arguments in the case, including the specious argument that a computer owner is automatically responsible if third parties use the computer to infringe copyrights. Fred at the EFF rightly debunks this argument.
* Wikipedia article: "Wikipedia is Failing." Your perspective about success or failure may be influenced by the impressive traffic gains that Wikipedia is experiencing--Wikipedia is now one of the top 10 most trafficked websites. Most of that traffic is coming from Google.
* Doe v. Josef Silney & Assoc., No 07-04167CA15 (Fla. Cir. Ct. complaint dated Feb., 13, 2007). Golfer Fuzzy Zoeller sues an alleged vandal of his Wikipedia page for defamation and related torts. Fortunately, he left Wikipedia out of the suit. However, he only knows the IP address of the person who modified the page, and that IP address is registered to the defendant. Is owning the IP address enough to establish liability? Or is this like an RIAA blunderbuss sue-first, ask-questions-later approach? It seems like the lawsuit should have been against a Doe, with a subpoena to find out who actually edited the page using that IP address.
* US v. Twombly, 2007 U.S. Dist. Lexis 12664 (S.D. Cal. Feb. 22, 2007). A spammer challenges some criminal provisions of CAN-SPAM as vague and overbroad, but the judge has no problems reading the statute to facilitate sending spammers to the slammer. Venkat's writeup.
* CDT groks (and mostly bashes) a variety of online kid-protection bills proposed in Congress.
* From the NYT: Nancy Pelosi posted some videos from C-SPAN to her blog. The Republicans immediately attack her for "pirating" the videos. Turns out that those videos were actually recorded by the government, so they are in the public domain. Whoops! The Republicans had to issue a mea culpa retraction. However, Nancy did grab a C-SPAN-owned video elsewhere which she had to take down. If our legislative leaders can't figure out what video they can recycle, how in the world can less-trained lay people do so? Patry has more.
* A bearish view on domain name speculation from CircleID. I share the sentiment that domain names don't matter, so domaining and typosquatting strike me as a short-term arbitrage opportunity that inevitably will be mooted by a variety of forces. Thus, the idea of paying 40 or 60 years worth of revenue for a domain name is laugh-out-loud funny to me.
* The Long Tail notes that some brands, trying to build a more esoteric image, try to hide their ownership by mainstream mass-market brands, a phenomenon he calls "brand dis-synergy." Examples: Dagoba Organic Chocolate, Joseph Schmidt, Cacao Reserve and Scharffen Berger chocolates (all owned by Hershey) and Converse (owned by Nike).
* Veritas busted for manufacturing revenues via round-tripping with AOL (Veritas bought AOL ads and AOL bought Veritas software; each at inflated prices).
* What does "or" mean? According to the 8th Circuit, it can mean "and." Ken Adams is on the case.
* Ricky Hoggard Holman, a 18 year old high schooler in Sudbury, Canada, correctly blogged all 24 of the American Idol finalists. How? Online research, such as researching the MySpace pages of contestants and emailing their MySpace friends. He also talked to some of the booted final 40 contestants, a few of whom broke their punitive-laden confidentiality agreement to dish some dirt. Maybe he wasn't studying, but clearly he's learned a few things about the power of good old-fashioned research. (The article says he's a straight A student, so he clearly can balance many things). Nice job, Ricky!
Posted by Eric at 12:03 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , Licensing/Contracts , Marketing , Patents , Privacy/Security , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
February 06, 2007
Ezor on Email Blocklists
By Eric Goldman
Jonthan Ezor has posted a short paper (10 pages + endnotes), Busting Blocks: Appropriate Legal Remedies For Wrongful Inclusion In Spam Filters Under U.S. Law, to SSRN. This article deals with thorny issues created by email blocklist services, although he focuses specifically on volunteer organizations. The article discusses an email marketer's recourse for incorrectly being listed as a spammer on a spam blocklist, including defamation and intentional interference with prospective business relationship claims, as well as the limits of those claims under 230(c)(1) and 230(c)(2). He concludes that blocklist vendors should use objective criteria, should have an appeals process to correct mistaken listings, and should be surgical in blocklisting IP addresses. He also concludes that vendors should be:
held to professional standards of conduct, including objectivity, reasonable care, and (to the extent their activities cause harm) accountability. The alternative, relying on their good faith and internal procedures, is no longer acceptable, given how critical e-mail has become.
The issues raised by blocklist services are complex, and they span a variety of rating services online, including spyware filters, Google's PageRank and eBay's feedback forum. On the one hand, filters are simply in the opinion "industry," and they add significant value by centralizing behavior monitoring because it's too expensive for each of us to independently form our own opinions.
On the other hand, by ceding control to filter vendors, we have to trust that these vendors will make good choices. There have been plenty of examples where filter vendors have made questionable choices--the RBL was notorious for being arbitrary and unresponsive, but I've heard plenty of complaints from software vendors upset by their characterizations as adware/spyware and even more complaints from websites unhappy about the operation of Google's PageRank filter. So the centralization of opinion formation can have significant private (and perhaps social) costs if done poorly, and I'm not entirely clear that the market for centralized opinions is particularly efficient.
Thus, opinion vendors can have a lot of power but may not be fully accountable for wielding that power unwisely. Despite this, I favor the production of such opinions, so from a legal standpoint, I think filters should be broadly protected for their choices. On the other hand, we as consumers of filters need to be vigilant about the filters we trust.
Posted by Eric at 10:43 AM | Adware/Spyware , Derivative Liability , Spam | TrackBack
February 02, 2007
January 2007 Quick Links
By Eric Goldman
* Marketers (including Microsoft) are paying authors to write Wikipedia entries. Surprised?!
* Also on the topic of Wikipedia and marketers, Wikipedia has tagged all of their pages NOFOLLOW so that there's no way a marketer or website can get PageRank credit from inserting a link in Wikipedia. A reporter emailed me to ask "Do you think this move staves off the potential demise you have predicted?" My response: "No. This was actually raised in the comments to my initial post on the topic in Dec. 2005. Two points: (1) People who recycle Wikipedia content on their own site (such as Answers.com) may not use the nofollow attribute, so there still may be a PageRank payoff by inserting links on Wikipedia pages. (2) More importantly, marketers may want Wikipedia traffic directly (rather than the indirect boost in search engines). Wikipedia is already highly placed in the search engines, so it is a big traffic source in its own right."
* Speaking of my prediction of Wikipedia’s future, NPR picked up on it.
* Now that MyBlogLog is owned by Yahoo and thus increasing its traffic, Greg Linden reports that it's getting spammed.
* I previously reported that ICANN was thinking about retiring some TLDs. The first casualty? .um (for US Minor Outlying Islands, such as the Midway and Johnston Atolls), which got chucked because the registry operator didn't want to continue operating it and there were no registrations in the TLD.
* "The Search Tax: Are Search Engines Leeches?" This article discusses the role of search engines as intermediaries between consumers and marketers, able to charge marketers for access to consumers (hence, the "tax" reference). The article also discusses the value of buying trademarked keywords:
What's difficult for marketers to swallow, however, is the clear evidence the search engines (and affiliate marketers with good organic rank on brand terms) have the power to insert themselves between the consumer and the brand, even when consumers clearly have an interest in the brand (as indicated by their search query containing the brand or trademark).
Marketers' temptation may be to refuse to pay for brand keywords, sticking instead to the generic keywords that are also clearly aimed at any given target audience. In every case we've tested (and I have tested many and will likely test many more), that would be a mistake, even when the marketer has high organic rank on his brand. The results of every test we've executed indicate the incremental gain received when paying for traffic on a brand term has a very high net ROI (define) because: [1] Significant additional screen real estate on the SERP is gained. [2] The total control over title and description allows for greater offer control. [3] Top positions on one's brand usually aren't very expensive due to the engines' relevance algorithms. [4] The ability to control and tune the landing page results in a conversion rate percentage in many cases is higher for the combined pages than for one alone.
* We might consider the contrast between the prior post and this one: "Should Google Pay Off Brand Owners With Cut Of Keyword Sales?"
* Brand advertisers resist using Google because Google doesn't allow third party ad serving technology. But compare a BusinessWeek article reporting that big brands are buying up CPC inventory and pricing out small- and medium-sized advertisers.
* Google revised its algorithm to eliminate most of the famous Googlebombs (like "miserable failure"). Danny's recap. Google hasn't specified details, but I'm assuming that Google has somehow reduced the weight given to anchor text.
* A search engine marketer predicts the death of SEO with the emergence of personalized search. I agree! (HT: Greg Linden).
* eBay is blocking the auction of virtual assets due to the "legal complexities" of such sales. Because of its differentiated EULA, Second Life virtual assets can still be auctioned. The News.com article suggests that these transactions will move from eBay to other trading fora. Even so, this might inhibit the liquidity of these secondary market transactions, which could reduce the return of virtual asset speculators.
* According to Jakob Nielsen, about 1/2 of online giftcard recipients either junked their email notification or didn't trust it (i.e., thought it was phishing).
* HER, Inc. v. Re/Max First Choice, LLC, 2007 WL 43747 (SD Ohio Jan. 5, 2007). Competitor 1 registers domain names containing Competitor 2's trademarks, Competitor 2's principals' names and the principals' home address and phone number. The domains roll over to Competitor 1's website. Competitor 1 then sends a couple of gripe spam to Competitor 2's employees from some of the registered domain names bashing Competitor 2's business practices. The court isn't sympathetic, granting a PI based on ACPA and trademark infringement. While this type of competitor-bashing isn't permissible (and, frankly, registering domain names with the target people's home address and phone number is bizarre), Competitor 1 should have been able to find ways to deliver the same content without running afoul of the law.
* Google has lost an appeal at the OHIM in Europe over the rights to use the trademark "Gmail" for its email services.
* Does a "lactivist's" t-shirt saying "the other white milk" infringe the Pork Board's trademark in "the other white meat"? No, and what a dumb question!
* The RipOffReport.com has appeared on this blog several times (see here and here, among others). The Phoenix New Times (the local Phoenix alternative weekly) runs a lengthy and interesting story about the Ripoff Report and its principal, Ed Magedson. Worth reading.
Posted by Eric at 02:08 PM | Domain Names , E-Commerce , Licensing/Contracts , Marketing , Search Engines , Spam , Trademark , Virtual Worlds | TrackBack
January 24, 2007
Anti-Spammer Wins 230 Defense--Pallorium v. Jared
By Eric Goldman
Pallorium v. Jared, G036124 (Cal. Ct. App. Jan. 11, 2007)
This case is another 230 defense win (using the rarely used 230(c)(2) provision) protecting anti-spammers for their efforts to combat spam.
Jared published a list of IP addresses for open relays so that others could use this as a blocklist. Pallorium's IP addresses got added to the list, and Jared allegedly refused a request to remove the IP addresses. So Pallorium sued Jared.
Jared defended on 47 USC 230(c)(2)(B), which says "No provider or user of an interactive computer service shall be held liable on account of...any action taken to enable or make available to information content providers or others the technical means to restrict access to material [that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable]." This rarely used provision suggests that filtering software vendors should not be liable for their filtering judgments, so on its face it looks like a useful defense here.
Pallorium attacked the 230 defense on 3 grounds:
1) Jared wasn't an ICS provider/user. Following the rationale of a long string of courts, the court rejects this by saying that publishing content via a web server accessible to multiple users makes him an ICS provider.
2) The statute does not protect blocking decisions based on a server's status as an open relay. The court rejects this by saying that so long as Jared deemed the content subjectively objectionable, his judgments were protected even if they were overinclusive.
3) Jared didn't provide "technical means to restrict access." The court says that Jared's system of automatically checking if a server was an open relay qualified as a technical means.
I wouldn't say that I was persuaded by the judge's explication on these three points, but the judges reached the right result. I think it's pretty clear that 230(c)(2) protects filtering judgments, and Jared was squarely in that sweet spot as a filtering database provider.
HT: Declan at News.com.
Posted by Eric at 09:58 PM | Derivative Liability , Spam | TrackBack
December 15, 2006
Top Cyberlaw Developments of 2006
By Eric Goldman and John Ottaviani
[Eric’s Note: I will be in Israel for the rest of the year. So while it’s a little premature to publish an end-of-the-year recap, this may be my last post for the year. John O. has the keys to the blog in my absence, so please keep coming back to see what he has to say. I’ll see you in 2007!]
For several years, we have developed a list of the top 10 Internet IP cases in the previous year (see the 2005 list). While we hope to continue that tradition, this year had a number of noteworthy Cyberlaw developments that seemed worth cataloging...and besides, who doesn’t like top 10 lists?
Before we get into the list, some developments we deliberately left off the list:
* National Federation for the Blind v. Target. Some have claimed that this case requires websites to comply with the ADA. At best, this overreads the case. The case reasoning only applies to entities that tightly integrate their websites with their physical retail stores. As a result, it should not apply to pure e-commerce sites, online content publishers or physical retailers that do not integrate their stores with the website.
* Grokster trial court ruling on remand. In September, the trial court held that StreamCast induced infringement. While the Grokster Supreme Court ruling was the Cyberlaw event of 2005, StreamCast’s loss on summary judgment was a non-event as the Supreme Court practically ordered the district court to rule for the plaintiffs.
* Congress’ failure to act on topics such as adware regulation and network neutrality. Keeping Congress from regulating the Internet is always noteworthy, but it can be hard to grasp the significance of non-events.
With those caveats in mind, our vote for the top 10 Cyberlaw developments of 2006:
#10: KinderStart v. Google.
Every online marketer wants a better search engine ranking, and if necessary, they’ll go to court to get it. After losing a lot of free Google traffic, KinderStart sought to restore its placement with a broad legal attack on Google’s ranking methodology. If a legal attack on search engine algorithm ever succeeds, expect to see a litigation tsunami from online marketers willing to invest in lawyers instead of SEM/SEO. Fortunately, they won’t succeed. In July, the judge dismissed KinderStart’s claims with a leave to amend; the ruling on KinderStart’s amended complaint is imminent, but its prognosis is also dim. This means that search engines can continue to manage their algorithms to maximize relevancy for consumers, rather than having judges tell them how to build their algorithms.
#9: EU Convention on Cybercrime.
The US ratified this treaty in August, joining a number of other countries to combat international cybercrime. However, this treaty may have unexpected and adverse procedural and substantive consequences. Procedurally, Declan believes that the treaty means that “Internet providers must cooperate with electronic searches and seizures without reimbursement; the FBI must conduct electronic surveillance ‘in real time’ on behalf of another government; U.S. businesses can be slapped with ‘expedited preservation’ orders preventing them from routinely deleting logs or other data.” Substantively, the EFF believes that the treaty allows US citizens to be prosecuted for breaking foreign country’s laws even if the behavior isn’t illegal in the US. Thus, they say “the Cybercrime treaty would introduce not just one bad Internet law into America's lawbooks, but invite the enforcement of all the world's worst Internet laws.” We’re not experts in international law, and it’s possible that these predictions overstate the substantive legal effect of signing an international treaty. Nevertheless, to the extent that the Cybercrime treaty removes some legal “borders” from enforcement on the borderless Internet, it is an important development.
#8: Click Fraud settlements.
The topic of click fraud just will not go away. The legal risks associated with it—potentially billions of dollars worth—cast a shadow over search engine valuations. Thus, when Google settled its past click fraud liability for <$90 million (of which only $30 million was out-of-pocket cash) and Yahoo settled its past liability for advertising credits plus $5 million of out-of-pocket cash, champagne corks popped throughout the Silicon Valley.
#7: Search Engines and Privacy (Gonzales v. Google; AOL Search Data leak).
John Battelle calls search engine logs the “database of intentions,” and lots of people would like to know more about searchers’ intentions—including law enforcement or the government thirsty to know more about its citizens. For example, in summer 2005, the DOJ asked Google to hand over lots of search data as part of the DOJ’s efforts to defend the Child Online Protection Act. Unlike the other search engines (who received similar requests), Google fought back—putatively to protect its users’ privacy, although Google was also concerned about engineers’ workloads and protecting Google’s trade secrets. In March, Google and the DOJ battled to a draw, with the judge issuing a Solomonic ruling that gave the DOJ some data (but not very much). This ruling caused the issue to fade a little until August, when AOL released a huge chunk of search engine log data in an effort to provide researchers with a useful dataset. Although the data was putatively anonymized, some enterprising reporters used the data to identify some searchers based on their search terms. AOL quickly backtracked and some heads rolled at AOL, but lawsuits are pending and the issue of search engines and privacy remains very, very hot. We guarantee that it will resurface in 2007.
#6: Trademark Dilution Revision Act.
The TDRA isn’t specific to the Internet, but it routinely arises in Internet trademark cases. For a while following the Moseley Supreme Court decision, dilution became somewhat of an afterthought. The TDRA revives dilution as a viable claim, so we expect plenty of litigation over dilution in Internet trademark cases in the future. However, the TDRA’s more rigorous definition of famous marks may restrict the impact of the revitalized dilution theory.
#5: Omega Travel v. Mummagraphics.
In a relatively short opinion in November, the Fourth Circuit undid three years of state anti-spam legislative activity, virtually eliminated one of the anti-spam litigants’ favorite CAN-SPAM provisions (the prohibition on forged headers) and (by extending the California Supreme Court’s Intel v. Hamidi holding to the Fourth Circuit) limited anti-spammers’ claims for common law trespass to chattels. A hat trick of wins for email marketers.
#4: Unlawful Internet Gambling Enforcement Act of 2006.
This law forces payment systems to starve Internet gambling sites of cash. While the law’s poor drafting makes it a litigator’s dream, we don’t expect a lot of litigation interpreting it. Instead, financial services will likely interpret the law conservatively, proactively cutting off money flows to even potentially legitimate sites. So even if the law’s legal requirements are unclear, the law will change the complexion of Internet gambling.
#3: Keyword Triggering and Trademark Law.
This year, five cases addressed the topic of trademark liability for using trademarked keywords to trigger ads:
* Edina Realty—advertiser’s purchase of trademarked keyword was a trademark use in commerce but plaintiff did not get SJ on likelihood of confusion. The case subsequently settled.
* Merck—directly contradicting Edina Realty, the Merck court said that an advertiser’s purchase of trademarked keyword was not a trademark use in commerce. In a subsequent rehearing, the court emphasized that it really meant to reject the Edina Realty case.
* 800-JR Cigar—search engine selling trademarked keywords made a trademark use in commerce, but plaintiff did not win SJ on likelihood of confusion.
* Rescuecom—search engine selling trademarked keyword did not make a trademark use in commerce. This case is noteworthy because it extended the landmark Second Circuit 1-800 Contacts v. WhenU case from its adware context to the search engine context. This case is on appeal to the Second Circuit (disclosure: Eric expects to file an amicus brief on behalf of Google in that case).
* Buying for the Home—an advertiser’s purchase of trademarked keyword was a trademark use in commerce, but in a counterclaim, the plaintiff’s purchase of the defendant’s keyword was excused as nominative fair use.
Given the inconsistency of these rulings, there’s really not much to say except that this topic will remain hot in 2007…
#2: Search Engines and Copyright.
While everyone was obsessing about Google Book Search, there was a troika of important Google copyright cases from early 2006: Field (Google’s “cache” function), Perfect 10 (image search) and Parker (Google Groups/Usenet). Field was a dream ruling for Google; they couldn’t have done better if they had written the opinion themselves. It adopted five different rationales why Google wasn’t liable for putting copyrighted works in Google’s misnomered “cache,” including the provocative conclusion that Google lacks volition when it delivers copies out of Google’s “cache.” The Parker case showed the power of the Field precedent, because the judge repeatedly rejected the plaintiff’s arguments with cites to the Field case. On the other hand, the Perfect 10 case resulted in a dangerous loss for Google, putting its image search function at legal risk (and, by implication, threatening many other core search engine functions). Looking at the Field and Perfect 10 cases side-by-side, there is no way to reconcile the Field and Perfect 10 cases regarding Google’s volition (the Perfect 10 case doesn’t even address the concept). The Perfect 10 case is on appeal to the Ninth Circuit (along with two other Perfect 10 cases involving Visa and ccBill), so maybe the Ninth Circuit will resolve the inconsistency. If the Ninth Circuit upholds the district court ruling in Perfect 10 v. Google, this could have significant ramifications for the basic operation of search engines.
#1: Barrett v. Rosenthal.
Since the Internet’s beginning, plaintiffs have sought to hold intermediaries liable for user content. However, since 1996, these efforts have run into the 47 USC 230 brick wall, as interpreted by the Zeran case, which held that 230 preempts both publisher and distributor liability. However, two appellate courts—both in California—expressly disagreed with Zeran and held (as opposed to ruminating in dicta) that 230 does not preempt distributor liability: the Grace case, which the California Supreme Court later depublished, and the Barrett case. In this opinion, the California Supreme Court overturns those cases, embraces Zeran as California law, and emphatically slams the door on plaintiffs’ attempts to plead around 230. Without either the Grace or Barrett cases to cite, plaintiffs are left only with precedential scraps—some law review literature and some caselaw dicta—in their efforts to hold intermediaries liable. Despite this, no doubt that plaintiffs will keep trying, but eventually courts will have to consider Rule 11 sanctions when plaintiffs raise tired arguments that were rejected over nine years ago.
Posted by Eric at 11:39 AM | Copyright , Derivative Liability , Search Engines , Spam , Trademark | TrackBack
December 03, 2006
"Junk Mail is Alive and Growing"
By Eric Goldman
Many people thought the era of cheap electronic communications would spell doom for junk mail because of the cost advantages of printing and distributing electronic solicitations over dead trees solicitations. But instead, over the past year, marketers sent 114 billion pieces of direct mail--up 15% from five years ago. So what's going on? Some theories:
* Consumers hate telemarketing and spam but are more tolerant of junk mail
* Telemarketing and email laws have driven marketers to less regulated marketing media (a process I call intermedia selection; it's a manifestation of cross-elasticities of demand between marketing media)
* Junk mail isn't subject to the equivalent of email blocklists or filtering.
* Junk mail can be effectively combined with marketing in other media to create an integrated multi-exposure marketing package
* Websites that form relationships with consumers are increasing their offline communication to them
* Junk mail still works. People respond to it--the DMA claims a 2.15% response rate across-the-board, which sounds lousy but is pretty good compared to other marketing media
Posted by Eric at 12:35 PM | Marketing , Spam | Comments (1) | TrackBack
November 29, 2006
Nov. 2006 Quick Links
By Eric Goldman
My monthly roundup of noteworthy tidbits:
* Yesmail, an email outsource vendor, was busted by the FTC under CAN-SPAM for failing to honor opt-out requests because Yesmail's incoming email filters blocked those opt-out requests as spam. This strikes me as a particularly messy technological dilemma--even email outsource vendors need spam filters, but if those filters nab opt-out requests, the FTC isn't showing any sympathy. So it looks like email outsource vendors will need to use less vigilant spam filters or find some way to direct opt-out requests to a non-filtered email server.
* Best Western Int'l Inc. v. Doe, No. 06-1537 (D. Ariz. Oct. 24, 2006): griper defeats trademark infringement and dilution claims due to the lack of "use in commerce in connection with goods or services." (HT: BNA's E-Commerce and Tech Law Blog).
* Simmons v. Florida, SC04-2375 (Fla. Sup. Ct. Nov. 16, 2006). Very troubling ruling from Florida upholding the criminal conviction of a defendant for disseminating harmful to minors material online. First, breaking with an unbroken string of cases dating back to 1996, it upholds the state law prohibiting the dissemination of harmful to minor materials over the Internet from a Constitutional challenge. In the past, these laws uniformly have been struck down under the First Amendment or the Dormant Commerce Clause (or both). Second, the statute applies only to email, but it was used to bust someone communicating via instant message. These types of technology-specific statutes create these odd silos that create too much ambiguity. Declan's writeup.
* McDonald's is seeking a patent on using a "sandwich delivery tool" to deliver filling (like ham) to a "bread component." This could be the greatest thing since sliced bread!
* From Greg Linden's blog: Google surveys its users and they say they want more results per page. So Google tests a search results page with 30 results/page. The result? A 20% drop in traffic! Note that a 10-result page takes 0.4 seconds to load, while a 30-result page takes 0.9 seconds, so the working theory is that an extra 0.5 second latency deterred a lot of searching. This may give a little insight into why Google is fighting so hard on net neutrality. If Google does get relegated to a slow lane, it may lose lots of searches.
* A band called Bones registers a MySpace account at http://www.myspace.com/bones and, over the course of 2 years, accrues 2,100 friends. Fox, the owner of MySpace, decides that it would prefer to have that URL for its TV show Bones, so it boots the band and puts up a page for the TV show. Can Fox do this legally? It all depends on the contract (but I'm skeptical that the contract was this broad). For some background on taking virtual assets, see my prior discussion on the sex.com litigation and account ownership in virtual worlds. In any case, Fox relented and gave the URL back to the band. But this is a good reminder that, if you care about your web presence, don't build up goodwill in a URL controlled by someone else.
* FTC busts Guidance Software for inadequate security. According to Internet News: Guidance's privacy policy said it "takes every precaution to protect our users' information," "your information is protected both online and offline" and it protected data "with the best encryption software in the industry – SSL." Yet, Guidance suffered a security breach that resulted in the leak of 4,000 credit card numbers; and the breach wasn't detected for 3 months. I'm not entirely sure what to make of this--was this enforcement action based solely on overstatements in the privacy policy, or was it based on poor security practices regardless of the privacy policy? My vote is that it's the latter based on the BJ's Wholesale Club precedent.
* A consumer group filed a complaint against Zillow for doing a lousy job of providing valuation estimates. While Zillow's estimates may be poor, this complaint raises some troubling concerns about the liability associated with any web-based price estimate service. Could developments in this matter affect Google's PageRank as a valuation of the worth of web pages?
* Ted Leonsis, vice chair of AOL, didn't like the search results when he vanity searched. So he vowed to improve his Google profile, launching a high volume blog that helped drive preferable results to the top of the list. My advice to Ted: enjoy the favorable placement while it lasts; you're only one Googlebomb away from disappointment.
* We are generally conditioned to think that every searcher gets the same search results for the same search. This model is progressively breaking down due to personalized search and other innovations. A catalog of reasons why search results vary for searchers. I eagerly await the time when courts recognize this fact when dealing with search engine cases!
* A DoubleClick study claims that 30% of consumers admitted that they sometimes click on banner ads, but 61% of consumers said that at least sometimes they made a mental note of the advertisers and followed up with them later. If true, this means that banner ads generate a lot more value than is measured by clicks alone. However, I wonder if this result should be chalked up to the "talk is cheap" category?
* It's like a well-worn joke: if you'll believe that, I've got a bridge to sell you. But no joke: they may be selling the Golden Gate Bridge--well, at least, corporate sponsorships for it. Of course, the bridge is so iconic that a brand owner could get significant goodwill from being associated with it. On the other hand, it's the world's leading suicide destination; not exactly the best corporate tie-in for many brands.
* According to one anti-spam vendor, "9 out of 10 emails now spam." At this rate, pretty soon it will be 11 out of 10 emails.
Posted by Eric at 11:47 AM | Content Regulation , Marketing , Patents , Privacy/Security , Search Engines , Spam , Trademark | Comments (4) | TrackBack
November 22, 2006
Fourth Circuit Rejects Anti-Spam Lawsuit--Omega World Travel v. Mummagraphics
By Eric Goldman
Omega World Travel, Inc. v. Mummagraphics, Inc., No. 05-2080 (4th Cir. Nov. 17, 2006)
Wow, what a huge ruling on spam from Judge Wilkinson in the Fourth Circuit! People--even judges--hate spam so viscerally that it's almost impossible to imagine an email marketer winning a lawsuit. Yet, the Fourth Circuit hands a big win to email marketers with 3 major rulings:
1) CAN-SPAM preempts Oklahoma's anti-spam law, because the "falsity and deception" exclusion to CAN-SPAM's preemption only covers fraud or other types of tortious misrepresentation, not garden-variety falsity or deception. Thus, at minimum, state anti-spam laws can't be used to pursue spammers for immaterial falsity or deception. Dozens of states have reenacted anti-spam laws post-CAN-SPAM relying on the "falsity and deception" standard. This ruling casts significant doubt on the enforceability of most of those reenactments. (See, e.g., this speculation that North Carolina's anti-spam law is now preempted).
2) Errors in the defendant's headers were "immaterial" and thus not actionable under CAN-SPAM. Specifically, "the messages’ header information incorrectly indicated that the e-mails originated from the server "FL-Broadcast.net," and [] the messages’ "from" address read cruisedeals@cruise.com, although that e-mail address was apparently non-functional" but the court says that these mistakes are immaterial because the "e-mails at issue were chock full of methods to "identify, locate, or respond to" the sender or to "investigate [an] alleged violation" of the CAN-SPAM Act."
3) A common law trespass to chattels claim fails when the plaintiff only alleges nominal damages. Specifically, the court says that "Mummagraphics failed to submit any evidence that the receipt of eleven commercial e-mail messages placed a meaningful burden on the company’s computer systems or even its other resources" (cite to Hamidi). This finding is consistent with the recent trend to reject privacy-related lawsuits for lack of cognizable damages (see, e.g., In re JetBlue, Bell v. Acxiom and Key v. DSW). However, as far as I can recall, this is the first time a court has used Intel v. Hamidi to reject an anti-spam lawsuit for lack of email-attributable damages.
Unquestionably, the defendants benefited from having made a reasonably good faith effort to comply with CAN-SPAM, even if they didn't dot every i and cross every t. But even if they tried to be good actors, they are still allegedly spammers, which makes this result an amazing hat trick for the defendants--no liability under the Oklahoma state anti-spam law, CAN-SPAM or common law trespass to chattels. As Fourth Circuit precedent, surely this opinion will take some wind out of the sails of anti-spam plaintiffs.
Hat tip to Venkat for catching this. Venkat says:
The decision is important for one simple reason: anti-spam lawyers (and plaintiffs) often advance the exact arguments advanced by the plaintiff in this case. Lawyers on the other side know these arguments lack merit, but do not have any court decisions to back them up. As a result, a vicious settlement cycle results. This case probably represents the start of the tide turning in the other direction.
Check out Venkat's post for some other interesting analysis of the case.
UPDATE: Dan Solove weighs in, saying "The 4th Circuit holding makes the very narrow and ineffective CAN SPAM law even more narrow and ineffective."
Posted by Eric at 11:24 AM | Spam | Comments (1) | TrackBack
November 03, 2006
October 2006 Quick Links
By Eric Goldman
* All the media wants to do is talk about Google. All Google, all the time. Three major pieces in the span of three days: The NYT on lawsuits against Google. The WSJ on Google's hiring practices. The Washington Post on Google's culture.
* William Slawski discusses some of Google's patent applications for technologies to minimize trademark liability for keyword-triggered ads. A new patent application (with Google's senior trademark counsel listed as an inventor!) was recently published entitled "Automated screening of content based on intellectual property rights." The patent application generally provides a system for bouncing ads that might be infringing. It's interesting that Google wants to patent this system to keep competitors from using it--Google already stands alone among the major search engines in continuing to permit unrestricted competitive keyword buys.
* Randall Stross on how venture capitalists like to invest their money within a 20 minute drive--one of the reasons why the Silicon Valley community is self-reinforcing. Even now, with fancy virtual technology, geography still matters--a lot.
* I've previously blogged on the dark side of consumer-generated content--that it can be a huge liability trap for unsuspecting consumers. And if consumers ever figure this out, we'll see the supply of consumer-generated content dry up. On that note, a negative peer review of a doctor led to a judgment of $142M against the reviewer, $32M against his colleagues, and $161M against the hospital. The judge haircut this down to "only" $23M, with only $12M coming from the reviewing doctor. With numbers like that, all of us are going to keep our mouths shut!
* Like we couldn't see this train wreck coming. Utah passes a law that kids' email addresses can be registered on a do-not-spam list. Whoops, the registry divulged some of these email addresses--gee, thanks for the help protecting the kids from porn spam.
* BusinessWeek has an important article on the impossibility of getting accurate metrics of online activity. If you are drafting web contracts, you as the lawyer absolutely need to clarify whose numbers will govern the contract (and, if the vendor's number controls, you may want to specify the methods for counting).
* CNET has a goldmine of emails and other documents from the HP pretexting scandal. Great fodder for real-life cautionary tales.
* Pinnacle was busted for running a Ponzi scheme. It turns out that Pinnacle had run ads in major publications like Newsweek and the WSJ. So the WSJ Law Blog surveys 2 experts--are newspaper publishers liable for fraudulent ads provided by their advertisers? Answer: No.
* Los Angeles Boy Scouts can earn a "Respect Copyright" activity patch. See the patch here.
* Braver v. Ameriquest Mortgage Co., CIV-04-1013-W (W.D. Okla. Oct. 20, 2006). Spammer generates mortgage leads, including one from an Oklahoma resident, and resells to defendant mortgage lead broker, who in turn flips the leads to Ameriquest. Mortgage lead broker is based in SC and sued in OK. Court grants broker's motion to dismiss for lack of jurisdiction. For more on the plaintiff's multi-year quixotic legal quest, see here.
* A now-familiar story. Teens party hard. Someone snaps photos and posts to MySpace. School finds out and disciplines partiers. The twist? The school only disciplined the female partiers, leading to a sexual discrimination lawsuit.
* Politicians are being Google-bombed by opponents to advance material critical of them.
Posted by Eric at 10:16 PM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Search Engines , Spam , Trademark | TrackBack
October 11, 2006
Article on Regulating Marketing--A Coasean Analysis of Marketing
By Eric Goldman
Eric Goldman, A Coasean Analysis of Marketing, 2006 Wis. L. Rev. __ (forthcoming).
In 2001, I had a career-altering epiphany while I was working at Epinions (this is the topic that prompted me to consider becoming a full-time academic). Epinions was morphing from a content generation engine (generating consumer reviews of products and services) into a shopbot where a core value proposition was to refer users to vendors to consummate transactions. As we made this transition, I realized that we were really entering the attention broker business. We aggregated consumer attention, principally from search engine referrals, using copyrighted content (the consumer reviews) as marketing to capture consumer attention. We then redirected that attention to vendors for our economic benefit. To the extent we bought the consumer's attention (say, through paid search listings), we were just in the attention arbitrage business (i.e., we wanted to sell the attention for more than we paid to buy it).
As a result, I realized that we competed against every other attention broker, including adware vendors (who were nascent in 2001), spammers, and every other marketing intermediary. But I couldn't resolve an underlying question--what gave us (or anyone) the right to broker a consumer's attention? Who "owned" attention, and when was it permissible to profit from someone else's attention?
It took me 5 years and 8 complete rewrites to complete my paper, A Coasean Analysis of Marketing, that answers these questions. This was one of the hardest things I've ever done professionally. It was truly a labor of love!
Part of my difficulty is that I ultimately realized that "attention" wasn't the real issue (and, in fact, it was distracting me). Instead, "attention brokering" is really a matching problem--marketers and consumers want to match with each other, but the matching process is costly. In particular, the key challenge is that consumers incur costs to express their preferences, a problem exacerbated by rising data glut.
Thus, the only sustainable solution allows consumers to express and manage their preferences at a near-zero cost. This will require a technological, not legal, solution, and the technology will look a lot like what we currently call adware and spyware. In turn, we may be doing ourselves a disservice if our efforts to regulate adware and spyware inhibit the development of technology that provides improved marketer-consumer matching in an information overload environment.
Certainly, many of these themes will be familiar to blog readers. However, this article ties together numerous threads that I've addressed on an ad hoc basis and, for the first time, lays out my vision comprehensively. Thus, I hope you'll take a look at it. I welcome your comments and thoughts.
Some discussion about the article from around the blogosphere:
* Peter Huang's comments
* Frank Pasquale's comments
* Conglomerate Junior Scholars Workshop comments (including responses to Peter's and Frank's comments)
* Daniel Solove's comments
The abstract:
Consumers claim to hate marketing - mostly, because they get too much unwanted marketing. In response, regulators develop medium-by-medium marketing suppression regulations. Unfortunately, these ad hoc solutions do little to satisfy consumers, and dynamic technologies and business practices quickly render them moot. Instead of continuing this cycle, there would be some benefit to developing a cross-media marketing regulatory scheme.
However, any holistic solution must be predicated on a clear rationale for regulating marketing. The most common justification is that marketing imposes a negative externality on consumers, but this argument ignores the private and social welfare created by marketing and can lead to cost overinternalization and marketing undersupply.
The Coase Theorem also suggests that social welfare improves by reducing the costs of matching marketers with interested consumers. To achieve this, consumers need a low cost but accurate mechanism to manifest their preferences. This Article shows that typical regulatory and marketplace solutions do not provide effective mechanisms.
Instead, marketer-consumer matchmaking will improve from technology that will automatically infer consumer preferences and use these inferences to filter incoming marketing and seek out wanted content. This technology is rapidly emerging, but regulation of surreptitious monitoring devices (like adware and spyware) may inadvertently block the development of this socially-beneficial technology. As a result, current regulatory overreactions to developing technology may counterproductively foreclose social welfare improvements
Posted by Eric at 11:33 AM | Adware/Spyware , E-Commerce , Marketing , Privacy/Security , Search Engines , Spam | TrackBack
October 09, 2006
Must Websites Comply with the ADA (and State-Law Equivalents)? National Federation of the Blind v. Target
By Eric Goldman
National Federation of the Blind v. Target Corp., No. C 06-01801 (N.D. Cal. Sept. 6, 2006)
This case got a fair amount of attention when it first came out, so I'm a little late to this party. However, I think there were some key points from this case that got overlooked.
Must Websites Comply with the ADA?
To the limited extent addressed by the precedent, websites have not been obligated to comply with the ADA (or similar anti-discrimination laws). See, e.g., Access Now v. Southwest Airlines; Noah v. AOL. This is because the laws apply to physical spaces, not virtual spaces. This opinion breaks with the precedent by denying a motion to dismiss by target.com. Thus, this case could stand for the proposition that websites may be required to comply with the ADA.
However, I think this opinion is substantially narrower than that. The court says that target.com may be tightly integrated with Target's physical stores to the point where the inability to use the website may interfere with blind people's ability to fully enjoy the physical stores. (On that front, FN 4 is telling: "It appears from a review of the website in question—which the court notes is not in evidence but nonetheless does raise some questions—that Target treats Target.com as an extension of its stores, as part of its overall integrated merchandising efforts.")
Thus, this reasoning should only apply to "bricks 'n' clicks" retailers who have both physical and online stores and integrate the two. Thus, the reasoning does not apply to pure e-commerce retailers with no offline stores or to web publishers of any sort. It should also exclude retailers who completely separate their online and offline stores.
(Having said that, it's a no-brainer that businesses should try to accommodate blind visitors to their websites; not only are blind visitors a valuable market segment, but it's the right thing to do).
In any case, the court just refused a motion to dismiss. As a result, Target's ultimate liability remains to be determined. It may be noteworthy that the judge denied the motion for a preliminary injunction despite the favorable legal ruling to the plaintiff.
Must Websites Comply with State-Level ADA Equivalents?
I think the even more important ruling in this case relates to the dormant commerce clause (DCC). Based on the DCC, Target tried to dismiss claims under some California state laws that overlap the ADA. This is not a new issue on the Internet--there is a pretty good list of DCC cases, but with an odd split. In one line of cases, I believe every court that has opined on state anti-Internet porn laws have deemed them invalid under the DCC. In contrast, most other courts, especially those involving anti-spam laws, have upheld state Internet regulation from DCC challenges.
Here, Target argues that the CA ADA-equivalents will have an extraterritorial effect by forcing Target to change its website even for non-CA residents. Judge Patel breezily dismissed this argument, saying that Target should just build a CA-specific website to comply with CA law. She continued:
Pataki asserts that someone who puts content on the internet has “no way to determine the characteristics of their audience . . . [such as] age and geographical location.” Pataki, 969 F. Supp. at 167. This is simply incorrect. It is common practice for websites for entities operating in multiple countries to have a single site that directs customers to different versions based upon language. Websites can determine the location of a user from information they provide, such as a credit card number, or from the internet service provider an individual uses. It may, or may not, be prohibitively expensive for a website to tailor its content based on the location of its users, but it is certainly technically feasible.
It's true that this is technically feasible, but that's hardly insightful. Other than outcomes that break the laws of physics, anything is possible with the proper application of time and money. But this argument misses two critical points.
First, applying CA law here to require Target to display an interstitial page to request geographic information from web visitors may regulate the interaction between two entities not resident in CA. (This is harder to see when Target chooses to do business generally in CA, but consider this argument in the context of the Alaska anti-adware law where I believe no adware vendor is resident in Alaska but they still must ask non-Alaskan residents for geographic information due to the Alaska law.) This is exactly the kind of extraterritorial effect that the DCC should preclude. This is also a place where the Internet is just different from offline circumstances because of an implicit tautology: the laws require websites to authenticate visitors to determine if these visitors trigger the website's requirement to comply with the law--thus, the laws required the websites to take certain steps even in the circumstances where the laws don't apply because the interaction is between two non-residents. (Which is almost certainly true in 99%+ of adware downloads putatively governed by "ask geography before downloading" requirement of the Alaska anti-adware law).
Second, and more importantly, this would be a terrible policy result. It's hard to imagine the counterfactual Internet where every website visitor is bombarded by interstitials or pop-ups from every website requesting geographic information before they can proceed to see the website's contents. This would be a horrible user experience that would inhibit the seamless floating from website to website that characterizes the web's link economy. We just won't go across websites as freely as we do today. Also, some users would be uncomfortable with providing geographic information to the website. (Some users provide this geographic information unwittingly through their IP addresses, but many do not).
The battle over geographic authentication rages on, and this case's pithy analysis doesn't do much to advance our understanding. Nevertheless, it gives us another important data point that our days of being able to browse the web without constant self-reporting of geography may be numbered. Personally, if that comes to pass, I'll miss the Internet the way it is today.
Posted by Eric at 02:50 PM | Adware/Spyware , Content Regulation , E-Commerce , Spam | TrackBack
October 01, 2006
Sept. 2006 Quick Links
By Eric Goldman
Some stories that caught my eye in September:
* Digg users are gaming the Digg algorithm. Greg Linden's take. Naturally, Digg is fighting back by tweaking its algorithm to reduce the effect of gaming and preserve some editorial integrity to its results. Hmm...this sounds familiar. As I've argued, users inevitably will game algorithms, websites will tweak the algorithms, and the cycle will repeat infinitely. It is the Law of Algorithms. For a user revolt/algorithmic assault that I "enjoyed" first hand, see here.
* Rebecca blogs on "mocketing," the process where brand owners pay people to parody their brands, and its potential implications for trademark law.
* Starbucks emails employees a coupon for a free drink and encourages them to forward the email coupons on to friends and family. A few trillion emails later, Starbucks realizes that it made a horrible mistake and dishonors the coupons. Now, they're staring down a $114M class action lawsuit. See the coupon and more details here. Practice pointer for marketers: NEVER EVER encourage email recipients to forward the emails on to friends and families, especially if some benefit putatively will attach. It's a sure-fire way to become an instant urban legend, and some variation of these emails will still be making the forwarding rounds in the year 2525. Tsan offers some more practice pointers.
* BusinessWeek recaps the social science literature on how eBay sellers can maximize revenues. Recommendations based on the literature: set low starting prices; don't use reserves; use photos; don't flood the market; spell check; use hype; hold longer auctions; watch the auction's ending time; don't overcharge for shipping; and avoid negative feedback.
* About 1 of every 2 searches involves "pogo-sticking" (reviewing a search results page, investigating a search result and back-buttoning to the search results page). Yet more social science demonstrating the junkiness of the initial interest confusion doctrine--consumers have figured out how to investigate search results and back out if they are not relevant.
* In a default judgment, an Illinois judge ordered UK-based Spamhaus, one of the email blocklist maintainers, to pay e360 Insight LLC $11.7M in damages for blocklisting them and to post a note acknowledging that they aren't spammers. However, it remains unclear how e360 can enforce this ruling.
* Google lost a Google News copyright case in Belgium. For a critical view of this case, see Ross Dunn's take. Google's official statement.
* Lengthy NYT article on Marshall, TX, with the second-largest patent docket in the country. Why? Fast trials, plaintiff-favorable results (78% pro-plaintiff instead of a national average of 59%), and Texas-sized damages. More on Marshall as patent litigation capital available here.
* AOL has been sued for its release of search data. Danny's take. Two things: (1) I can't see the ECPA claim at all. A search request is a communication between party A (searcher) and party B (search engine). There's no ECPA violation when either A or B discloses the contents of that communication. However, I think search engines make their life harder when they take the position that they make the factually unsupportable argument that they are just passive conduits between searchers and web publishers (see Field v. Google). (2) the complaint takes the position that AOL is continuing to disseminate the search data because it continues to display search results linking to the data. I think this argument has lost all credibility in the copyright arena; it seems equally bogus here.
* A three year old kid knows how to "buy it now."
* NYT on "orphan brands"/"dormant brands" and efforts to license and revive these brands.
* The US officially joined the Council of Europe (COE) Convention on Cybercrime. It becomes effective Jan. 1, 2007.
* My colleague Tyler Ochoa explains the fallacies of Huntington Beach's trademark claims for the phrase "Surf City USA."
Posted by Eric at 11:07 AM | E-Commerce , Marketing , Patents , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
September 18, 2006
Nails, Coffins, Spam, and the Dormant Commerce Clause?
By Ethan Ackerman
Have the state spam laws that survived CAN-SPAM finally fought off Dormant Commerce Clause and preemption challenges? Yes, they have, but not for the reasons you might think...
The ‘net was awash with news articles last week trumpeting that the nation’s first felony spamming conviction had been upheld. Prolific North Carolina spammer Jeremy Jaynes lost an appeal in the Virginia Court of Appeals of his nine year conviction for violating Virginia’s criminal anti-spam law.
Jaynes’ attorney promised an appeal of the intermediate court’s ruling, though this decision represented the last mandatory review, so any additional judicial review is now discretionary.
Jaynes alleged the Virginia criminal anti-spam law was an unconstitutional violation of the Dormant Commerce Clause and the First Amendment. Finally, Jaynes challenged the jurisdiction of Virginia courts to convict him over emails that were initiated in North Carolina. These three arguments – the Dormant Commerce Clause, the First Amendment, and jurisdiction – have fairly consistently been plans A, B & C in any challenge to state spam laws, and I’ve blogged about some of them before.
I think plans A & B in an alleged commercial spammer’s legal defense (the Dormant Commerce Clause and First Amendment challenges) have now taken enough hits to be declared at least in the coffin, if not dead. Why? In the case of the Dormant Commerce Clause, it isn’t the slow accretion of adverse cases swaying the tide of legal thinking (as with First Amendment cases), but an intuitively and legally obvious reason I explain below. While plans A&B lay near death, courts (much like they have been doing for the last 200-plus years) are still struggling with notions of jurisdiction. As a result, plan C (resisting the jurisdiction of an out-of-state court) looks to remain a source of continued litigation between spammers and those who would sue them.
First Amendment Claims
I’d hoped that this post could include just a quick, cursory review of the First Amendment argument that Jaynes would make and the court would correctly shoot down before moving on to the meatier Dormant Commerce Clause and jurisdictional issues. As it turns out, I can’t do that. At fault: Virginia’s slightly unusual anti-spam law that seems to apply to both commercial and non-commercial email. Apparently I’m not the only one who thought the usually dead issue of a First Amendment challenge may well be alive in this case, either. While I still think that properly constructed state anti-spam laws can easily survive a First Amendment challenge, let’s see what’s going on with this particular one...
In his defense, Jaynes alleged that the Virginia criminal anti-spam statute was a facially unconstitutional violation of the First Amendment, as it impermissibly regulated some types of anonymous non-commercial speech. Jaynes, along with supplemental briefing by the ACLU of Virginia as amicus solely on this issue, pointed out that such content-based restrictions require strict judicial scrutiny, with its test for a narrowly tailored means to achieve an end that must be a compelling state interest.
At this point in a "standard" anti-spam prosecution, the plaintiff or state would respond that protecting citizens, ISPs and networks from the well-documented scourge of spam is a compelling state interest and point to studies and legislative findings, and courts would agree with them. That seems to be what happened in the Jaynes case, as well. No one was really arguing against the idea that controlling spam constitutes a "compelling state interest," it was the "narrowly tailored means" that caused problems. On the issue of "narrowly tailored," plaintiffs in a "standard" case would argue that in only addressing misleading commercial speech, the category with the least First Amendment protection, the law was narrowly tailored around common types of ‘more-protected’ speech like political or religious speech, and the additionally limitation of ‘misleading’ regulated even less, only covering that thin slice of speech where the state’s interest in protecting consumers and commerce was strongest.
The ACLU and Jaynes argued that the Virginia act was not narrowly tailored in that it was not limited to commercial speech, and even worse, that it effectively precluded anonymity (an important, recognized First Amendment value) by criminalizing false headers regardless of commercial or non-commercial status. Reading the Virginia statute, the ACLU and Jaynes seem to be on to something. Unlike many other state anti-spam laws that are restricted to unsolicited commercial email, the Virginia statute addresses unsolicited bulk email - apparently regardless of its commercial or non-commercial nature.
The Jaynes Court seems to agree with the ‘standing’ and ‘standard of review’ aspects of the argument, correctly recognizing that Jaynes can assert "facial" unconstitutionality - that it may be unconstitutional to some, even if the act is constitutional as applied to him. Unfortunately, the court then seems to misapprehend (or the ACLU and Jaynes didn’t clearly and persuasively make) the second half of the argument about being narrowly tailored.
Instead, the court seemed to read the statute as requiring that some type of trespass be achieved as a result of the header falsification, as though a misrepresented header was presented, password-like, to allow access to a computer network – much like many computer fraud statutes prohibit. Perhaps the near proximity of the statutes in the Virginia Code confused the court? The Court’s opinion goes on for several pages, correctly espousing and illuminating the (correct, but not actually raised) principle that the First Amendment doesn’t sanction trespass. The court seems to labor under the impression that Jaynes got ‘access’ to AOL’s email network by falsifying his headers and that he wouldn’t have such access but for the falsifications. As a result, several interesting legal and technical questions are left unexplored or unanswered. Is the Virginia statute, targeting emails based on their "bulk" status rather than commercial nature, still narrow enough to survive strict scrutiny? Does the prohibition on false or misleading apply to preclude anonymity as a practical matter, or just make it harder? Would that make a difference for First Amendment purposes?
Preemption Claims
Part of Jaynes’ case is worth noting for what it doesn’t contain – a preemption argument. Most other spam cases arising under state laws since the passage of the federal CAN-SPAM Act have at least alleged federal preemption as a defense against the state law. The uniform result of those cases -- holdings that recognize CAN-SPAM expressly preserves some types of state spam laws -- probably drove Jaynes away from this losing argument and toward more viable defenses instead.
Preemption claims argue that federal law, either explicitly or as a practical result, governs the details of a subject to such a degree that it must be regarded as the controlling law on a subject. With CAN-SPAM’s enactment in 2003, another text-book example of federal preemption was born. Indeed, the Act contained comprehensive definitions, it detailed offenses and standards and labeling and safe harbors, and it even had explicit language preempting state laws. It also, however, ‘saved’ state anti-spam laws from preemption to the extent they complied with a preemption "exception." This exception, which says CAN-SPAM preempts state law "except to the extent that any such [law] prohibits falsity or deception in any portion of a commercial electronic mail message...", saves at least part of most every state’s anti-spam laws, because most state anti-spam laws focus on fraudulent messages or fraudulent header information.
Even before Jaynes’ case, defendants were beginning to give up on the preemption argument. The BSI v. Keynetics defendant didn’t try a direct preemption argument, conceding that preemption exception made that argument fruitless, but instead artfully argued that the state statute was preempted by CAN-SPAM because the specific fraud pleading provisions of the Federal Rules of Civil Procedure (FRCP) applied. The Keynetics defendant argued, and the judge rejected, the idea that non-compliance with FRCP brought the state law claim out of the CAN-SPAM exception it might otherwise enjoy. The judge held that the case was sufficiently pleaded, and compliance or non-compliance with the FRCP was not a preemption issue, but really just a simple FRCP pleadings issue. Insufficient pleadings would result in a failure for FRCP reasons, not some artfully twisted extension to the unrelated issue of preemption.
Dormant Commerce Clause Claims
Jaynes argued the often argued (but seldom won) theory that the Dormant Commerce Clause prevented state spam regulations that have the effect of regulating interstate commerce, arguing that the U.S. Constitution’s Commerce Clause doctrine precluded states from doing this. The court quickly rejected this notion, applying a test the Supreme Court has identified for Dormant Commerce Clause challenges. As the Virginia law regulated evenhandedly between in-state and out-of-state companies, both in appearance and in practice, the court applied the Pike balancing test and found that the impacts on interstate commerce were minimal (only complying with the law’s prohibition on false/misleading headers) compared with the benefit to Virginia consumers. Like the oft-cited Heckel court cases and other spam cases before this, the Virginia court recognized that these "truth in labeling" provisions hardly could be said to "burden" commerce, emphasizing that compliance was actually easier than non-compliance, and the results (less fraudulently-headered spam) would, if anything, benefit commerce.
While I’ve suggested that everything so far in this analysis is by-the-book, I should note that some cases and legal scholars have a slightly more expansive Dormant Commerce Clause jurisprudence than this cut-and-dried Pike balancing test. Not surprisingly, this more expansive view is frequently adopted by spammer defendants. This argument relies on bleeding the "extraterritorial effect" aspect of the Dormant Commerce Clause test into the heightened scrutiny standard appropriate for state laws that are discriminatory.
Instead of looking only to ensure that the statute was not written with the discriminatory intent or effect of covering wholly extraterritorial conduct, this expansive view operates on the principle that, separate from intent, statutes that could or do have wholly extraterritorial effects are assumed invalid. This camp rejects the notion that it should just boil down to a balancing test, and espouses the broader notion that an additional threshold test for wholly extraterritorial effect, independent of and in addition to the threshold "discriminatory intent or effect" test, is appropriate.
This "two threshold tests" camp is supported by local and national court cases that use language from Commerce Clause jurisprudence suggesting a second separate test. Perhaps the high-water mark for this camp is found in Healy v. The Beer Institute, where the Supreme Court adopted choice bits of language from prior opinions to hold that "A statute that directly controls commerce occurring wholly outside the boundaries of a State exceeds the inherent limits of the enacting State’s authority and is invalid regardless of whether the statute’s extraterritorial reach was intended by the legislature." A great contemporary example of applying this standard is American Booksellers v. Dean, where the 2nd Circuit held Vermont anti-indecency law invalid because it had the effect of regulating some wholly extraterritorial Internet conduct.
One interesting subset of this "two thresholds" argument – perhaps one that takes it a step too far – is the argument that in requiring extraterritorial actors to even perform an inquiry into each state’s laws – to see whether each law is applicable, where email recipients are located, and any conditions of compliance – a state has impermissibly burdened interstate commerce. Just having to check other states becomes a burden. The Jaynes court, as have most other courts addressing spam laws, embraced the Pike-only camp’s logic and rejected this "checking is a burden" notion. The Jaynes and Heckel courts pointed out that that "discovery burden" isn’t the tested burden, but rather the appropriate burden to test is what it takes to comply with the law – compliance only "requires" refraining from mislabeling email headers.
This "extraterritorial actors making an inquiry is a burden" argument seems a bit weak to me (and others) for several additional reasons - not the least of which is that it seems inconsistent with the Supreme Court’s own Pike test. The Pike test seems to contemplate that some state impact on interstate commerce is acceptable, and so attempts to erect a "per se" invalidity rule for anything with interstate effect seem inconsistent with Pike accepting such impacts. There is another inconsistency with this expansive view and the Pike test: If inquiring is onerous, it only gets more onerous as more states pass laws on the subject, and so a law that on its own merits passed the Pike balancing test might later become unbalanced due only to the fact that additional states have passed laws on the same subject, no matter how similar or consistent.
The "checking is a burden" subset of the "two threshold tests" camp of Dormant Commerce Clause jurisprudence has become somewhat of a straw man argument for those espousing a blended "Pike-only" balancing test. The Jayne court, like the Heckel court and most every other court upholding state anti-spam laws, focused most of its arguments on refuting the "checking is a burden" argument, without significantly addressing other legitimate concerns (Does it or doesn’t it regulate wholly extraterritorially?) elaborated on by the "two threshold tests" camp. In some cases, like Heckel’s, the statute was intentionally written to be limited to activities within the state. Other statutes, like the Virginia statute, have no limiting language of any type. The Virginia court could have perhaps at least addressed these inconsistencies rather than embrace a wholesale adoption of the logic of a case that turned out to have entirely different factual and legal circumstances.
I’ve walked through these different camps of Dormant Commerce Clause jurisprudence, and their sub-camps, and failings of each, to bring a new conclusion to the reader -- the Dormant Commerce Clause will almost never matter in spam cases brought after CAN-SPAM. Legal theorists may welcome the competing ideologies and policy implications (Pike supports state authorities in the federalist debate, the "two thresholds" camp facilitates national market uniformity, and so on back and forth...) but the legal landscape for everyone else now faces a not-so-dormant Commerce Clause.
The "Active" Commerce Clause
Metaphors of nails in coffins aside, the CAN-SPAM Act put quite a lid on the Dormant Commerce Clause debate surrounding state spam laws – it just seems someone forgot to tell the lawyers. No longer do courts need to worry about extraterritorial application interfering with an interstate market, or whether such an examination should be a part of a balancing test or its own independent threshold test. Congress has spoken. And where federal legislation exists, the Dormant Commerce Clause should recede, no? Looking to see if there is federal law on the issue is actually the first step in determining whether a court should begin a Dormant Commerce Clause analysis or instead initiate a preemption analysis under the Commerce Clause and preemption jurisprudence. If contemporary Commerce Clause jurisprudence had to be put in Boolean form, it would go roughly like this: If federal law, then preemption analysis, else Dormant Commerce Clause analysis.
Court decisions after the CAN-SPAM Act have given recognition to CAN-SPAM’s stance on state spam laws, but mainly in the context of preemption debates, not ‘active’ Commerce Clause analysis. The BSI v. Keynetics court was perhaps the first to do so clearly when it rejected the argument that the Internet was so inherently interstate that the Dormant Commerce Clause required exclusively federal law:
"This Court need not dwell on this argument. While perhaps interesting from an academic standpoint, it is clear that Congress itself, in enacting CAN-SPAM, specifically reserved to the States, as will be discussed presently, authority to regulate certain aspects of Internet activity."
But then, seemingly inconsistently, the Keynetics court in the next paragraph dove into an as-applied Pike balancing discussion under Dormant Commerce Clause principles. What gives? Was the court just shooting down the "two threshold" camp in favor of the "Pike-only" camp? Perhaps, but more likely, the Court thought that CAN-SPAM merely sanctioned state laws, and didn’t completely remove the need for a Dormant Commerce Clause analysis. Or perhaps it was taking the belt-and-suspenders approach and addressing each argument?
I would suggest that contemporary Commerce Clause jurisprudence dictates that the presence of actual federal law explicitly sanctioning the presence of concurrent state law on the same subject matter should displace Dormant Commerce Clause analysis. At most, analysis should be limited to the related issue of whether the law was applied outside the state’s jurisdictional reach. I think that the common (almost universal) tactic of arguing against spam laws on Dormant Commerce Clause grounds has created something of a self-perpetuating response. Courts have addressed the issue and there is at least some precedent on both sides of each argument, so everyone (plaintiffs, defendants, and Courts) cite it and repeat it and maybe even elaborate on it. If they approached it fresh, I have little doubt courts would proceed down the standard Commerce Clause/preemption analysis ‘path’ and recognize that Congress and the President did, in fact, sanction these state laws.
I suspect that as courts escape from the habitual rut of Dormant Commerce Clause analysis, they will hold, as did the Jaynes Court, that:
"Congress, in enacting CAN-SPAM, expressly accorded the States the right to regulate false and misleading e-mail transmissions. 15 U.S.C. 7707(b)(1). If Congress itself was satisfied that supplementary state legislation would impose no undue burden on interstate commerce, this Court can hardly presume to tell Congress it is wrong.’"
And actually stop right there.
Jurisdiction Claims
The Jaynes case seems ripe for detailed Constitutional analysis of the reach and scope of a court’s power to subject out-of-state actors to its own state’s criminal law, as well as a conflicts and choice of law analysis occasioned by an admittedly dual-state-act with differing substantive law. Out-of-state actor jurisdiction and the extraterritorial applicability of a law with regards to internet activity are both exciting due process issues even without any extraterritoriality tests under the Dormant Commerce Clause.
Unfortunately for legal scholars and doubly unfortunately for Mr. Jaynes, the Virginia Court of Appeals really punts on this issue, giving a scant three pages to the issue, far less than the eight pages of First Amendment discussion. Even worse, the Court’s conclusion is the sweeping statement that "a person may be charged in the place where the evil results, though he is beyond the jurisdiction when he starts the train of events of which the evil is the fruit."
This expansive and vague holding was justified with only one citation to a U.S. Supreme Court case, in a subject ripe with precedent. The Virginia Court of Appeals justified this assertion from an old (1950) civil enforcement case arising under Virginia’s securities laws and narrowly upheld by the U.S. Supreme Court. In that case, Travelers Health Assn v. Virginia, while explicitly declining to rule on the issue of general jurisdiction or the enforceability of any judgments, the Supreme Court found sufficient specific jurisdiction for the state agency to issue a cease and desist order. The Virginia Court of Appeals went on to cite other state courts for support of the idea that an act can be criminally prosecuted where its impact is felt, rather than the site where it was committed, but hardly acknowledged the multitude of Virginia cases stating the opposite rule (that the locus of the crime is where it is committed) or any of the many cases, both federal and state, developing which rule should apply. Verizon v. Ralsky was the only other spammer jurisdiction case cited, not for its thorough ‘due process assertion of jurisdiction’ analysis, but primarily for the assertion that spam to addresses ending in "@aol.com" necessarily have to pass through AOL’s (Virginia) servers.
The appropriateness of jurisdiction is critical to so many spam cases, and it is often one of the most fact-intensive and case-by-case analyses. It is disappointing that the Court of Appeals addresses it so slightly and in passing, especially in a criminal case where the defendant’s due process rights are at risk.
Criminal Issues
As this post just suggested, it does matter that Mr. Jaynes is being charged with a criminal violation of Virginia’s anti-spam laws. He faces 9 years in prison, either two or four times the national average state sentence, depending on whether it is compared to ‘time sentenced’ or ‘time served.’ As a Virginia felony convict, Mr. Jaynes does not face the option of parole, and so his sentence is closer to four times the average - an average that includes mostly violent or repeat offenders. As indicated above, claims asserting lack of jurisdiction bear heightened scrutiny because the liberty interest being deprived is not just potentially money, but actual deprivation of Mr. Jaynes’ physical liberty. Perhaps CAN-SPAM’s criminal provisions should have explicitly preempted state criminal law?
Posted by Ethan Ackerman at 11:01 AM | Spam | TrackBack
September 07, 2006
Adware, Spam and Some of My Other Favorite Topics
By Eric Goldman
There has been a flurry of interesting legal developments in the last few days:
* The plaintiffs voluntarily and unilaterally dismissed (with prejudice) Simios v. 180solutions, one of several putative class actions against adware vendors. See the 180solutions press release.
* The Battaglia v. DirectRevenue lawsuit, another of the putative class actions against adware vendors, has preliminarily settled. As David Fish points out, the settlement offers very little additional value for consumers beyond the settlement in the Sotelo case. Plaintiff's counsel gets $45,000--a pretty small payday for a case like this.
* The FTC case against Enternet Media has reached a stipulated order/settlement, including a $2M+ payment to the FTC. Enternet Media allegedly was one of the companies flashing banner/pop-up ads warning that your computer was infected and they would help; when users took advantage of their "help," they allegedly installed a bunch of harmful software onto users' computers.
* Jaynes v. Virginia, 2006 WL 2527678 (Va. App. Ct. Sept. 5, 2006). Virginia's intermediate appellate court upheld Virginia's harsh anti-spam law against both jurisdictional and First Amendment challenges. I believe Ethan Ackerman will guest-blog a more thorough analysis of this case soon. For now, Venkat has a thoughtful discussion. According to the Washington Post, Jeremy Jaynes will appeal the appellate ruling. If he can't overturn the ruling, he's facing an incredible 9 years in jail.
* Lands' End, Inc. v. Remy, 2006 WL 2521321 (W.D. Wis. Sept. 1, 2006). An affiliate registers some typosquatted domain names as a way of "diverting" consumers through those URLs to get the affiliate commission. The court denies the defendants SJ on the ACPA, fraud and breach of contract claims, but they do get SJ on the false advertising claim. Rebecca has the recap.
* According to Reuters, Bertelsmann is paying $60 million to settle Vivideni's lawsuit over Bertelsmann's investment in (and support of) Napster. (It's not clear how this settlement relates to Vivendi's acquisition of BMG). This lawsuit was particularly interesting because it tested the boundaries of investor liability for investing in copyright-infringing companies (a liability normally we expect to be precluded by the corporate veil). John O's discussion of some previous rulings in this case. Note that Bertelsmann was not the only investor-defendant in the case, so it may still be ongoing.
* The lawsuit over the fictional status of James Frey's putatively non-fiction book A Million Little Pieces has preliminarily settled. Buyers can get a full refund, but only if they jump through some significant hoops (like sending in an actual part of the book or packaging, plus a sworn statement that the purchaser would not have bought the book if they knew it was partially fiction). The publisher's liability is capped at $2.35M, which includes refunds, attorneys' fees and a donation to charity. Note that the publishers had offered rescission earlier in the case, but some plaintiffs were seeking compensation for their lost time/attention. It appears the publisher successfully limited its liability to rescission, and by making the barriers high enough, the publisher won't even have to make rescissions across-the-board.
Posted by Eric at 10:43 AM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , Spam , Trademark | TrackBack
April 13, 2006
Advertiser Not Liable for Spam--Hypertouch v. Kennedy-Western University
By Eric Goldman
Hypertouch, Inc. v. Kennedy-Western University, No. 3:04-cv-05203-SI (N.D. Cal. Mar. 8, 2006)
This is another in a series of CAN-SPAM lawsuits filed by Hypertouch, which apparently has entered the CAN-SPAM plaintiff business. I blogged on one of Hypertouch's other lawsuits here.
In this case, Hypertouch claims that emails promoting an online educational institution, Kennedy-Western University, violated a long list of CAN-SPAM provisions. The two principal issues in this case are: (1) does Hypertouch qualify as an "Internet access service" for purposes of having standing to privately enforce CAN-SPAM?, and (2) if Kennedy-Western didn't initiate the emails, did Kennedy-Western have the requisite scienter to be liable for procuring the illegal email services?
Definition of Internet Access Service
The statute defines "Internet access service" as a service that enables users to access content or services over the Internet. There's no question that Hypertouch runs email servers, but there is a factual dispute about exactly what Hypertouch does. Kennedy-Western alleges that Hypertouch has no customers; Hypertouch claims to have 120 email accounts, many of which is provides at no charge.
Still, Hypertouch's allegation seems to leave open a key question: are any of these accounts used by third parties/non-employees? The distinction is critical because if all of Hypertouch's email services are used by employees, then Hypertouch is similarly situated to every company that gives employees email accounts. Under that reading, then, virtually every employer can be a private plaintiff under CAN-SPAM.
The other reading--the one I think Congress meant--is that an IAS provides email or connectivity to third party non-employees. Thus, if a company is in the business of providing email services to the public (even if the number of customers is small, and even if the company provides email accounts for free), then it should have a private right of action under CAN-SPAM. If the company merely provides email accounts to employees, then I think Congress did not intend to create a private right of action under CAN-SPAM. Note that these employers may still have recourse under the CFAA, common law trespass to chattels, any surviving state anti-spam laws, and various state computer crime laws.
The court sidesteps this entire distinction, merely saying that CAN-SPAM's private cause of action exists even if the IAS provides free email accounts and even if the IAS does not provide services other than email. All of this is true but, I think, misses the fundamental question.
Did Kennedy-Western "Procure" the Illegal Emails?
The spams at issue were sent by a variety of email marketers. Kennedy-Western claims that it didn't know these third parties were spamming. Instead, Kennedy-Western presented evidence that it had policies restricting spam and had monitored its marketing agents. On this basis, the court says that Kennedy-Western had sufficiently produced evidence that it lacked the requisite scienter.
Hypertouch could have adduced evidence to defeat the summary judgment motion, but the court says that Hypertouch didn't introduce any concrete evidence of Kennedy-Western's scienter. Instead, Hypertouch only made a conclusory allegation of knowledge, and this was further undercut by Hypertouch's admission in a deposition that Hypertouch had no evidence of Kennedy-Western's knowledge that spam was being sent on its behalf. Accordingly, Kennedy-Western wins summary judgment on knowledge, defeating the CAN-SPAM claim.
Conclusion
This case reaches an outcome consistent with Fenn v. Redmond Venture, a 2004 Utah state court case (under Utah's state anti-spam law) where the defendant defeated the claim simply by showing that it had an anti-spam policy. In that case, the anti-spam policy was dispositive, while in this case the plaintiff might have been able to overcome the policy with sufficient evidence of knowledge from other sources. However, once again this shows the benefit to advertisers of having an anti-spam/anti-illegal-adware provision in their advertising contracts.
Also, this case is another datapoint in the running dialogue about when advertisers are liable for the acts of their media partners. In this respect, anti-spam laws generally (and CAN-SPAM in particular) are a little unusual because they statutorily enact advertiser liability provisions. In contrast, I've yet to find another medium where advertisers are clearly liable for the acts of their media vendors. Yet, with rulings like this and the Fenn case, defendants might be encouraged that courts will carefully evaluate advertiser liability even when there's a statute creating such liability. From a defense standpoint, this is good news.
Brian McWilliams' comments on the Hypertouch case.
Posted by Eric at 10:51 AM | Derivative Liability , Marketing , Spam | Comments (1)
March 23, 2006
NY Enforcement Actions for Reselling Emails in Breach of Privacy Policy
By Eric Goldman
Gratis Internet runs several websites that promise free stuff (like free iPods) in exchange for consumers signing up for subscription trials. The trials are initially free but then convert to paid subscriptions. The idea is that many consumers will either like the subscriptions or be duped into keeping the subscriptions against their will. For an example of how even very intelligent people can be trapped by these free trials, see my colleague Christine's story (and the update).
Along the way, Gratis made a variety of privacy promises to consumers. Of specific relevance here, Gratis promised that it would never resell the consumers' email addresses. However, as it turns out, Gratis allegedly may have done precisely that.
If so, this should be a fairly straightforward legal problem. The false privacy policy should constitute unfair/deceptive trade practices and false advertising, and both the government and consumers should have causes of action (although, see In re JetBlue about possible limits in the consumers' cause of action). In this case, Spitzer announced today that his office is going after Gratis for violation of New York's consumer protection laws. This makes sense.
More interesting to me is Spitzer's action against Datran Media, one of the buyers of email addresses from Gratis. Last week, Spitzer's office announced a settlement with Datran that included a $1.1 million check.
Note that Datran didn't breach the privacy policy directly; it allegedly purchased and used tainted email addresses. Ordinarily, there's no such thing as contributory contract breach, but we might think of this as analogous to receiving stolen property. Perhaps with the requisite level of Datran's scienter, they should in fact bear responsibility for buying and using "hot goods." If the scienter standard is high enough, then it's hard to quibble with the action.
But I think there's a more fundamental lesson to learn. This case reinforces that it's very hard to legitimately buy/sell email addresses. At minimum, I think buyers need to do thorough diligence of the email addresses' origins, and it's hard to find legitimate email addresses that were completely acquired without restriction on transfer or resale. Then, under CAN-SPAM, the email addresses have to be filtered out for any opt-outs that the buyer has received in the past. And then, it's hard to get bulk emails through the email service providers/IAPs, especially if the sender can't claim some type of relationship with or authorization from the recipients.
All told, I just don't understand how legitimate companies think that email addresses can be flipped like commodities. The practice may never have been legitimate, but I see it as a completely dead practice today.
UPDATE: Dan Solove weighs in on the case. I generally agree with Dan's analysis, except that I think we need to know more about Datran's scienter. This result is defensible only if the scienter level was high enough.
UPDATE 2: Chris Hoofnagle calls the case "one of the biggest cases for consumer privacy ever."
Posted by Eric at 01:31 PM | Derivative Liability , Licensing/Contracts , Marketing , Privacy/Security , Spam | Comments (3)
March 12, 2006
Do-Not-Contact Registries Proliferating?
By Eric Goldman
There has been a groundswell of action at the state level to implement do-not-contact registries of various kinds. Two of particular note:
1) Don't-spam-my-kid Registries. Two states (Utah and Michigan) already have laws enabling do-not-spam registries for kids' email addresses. Now, according to BNA (registration required), six more states are considering hopping on the bandwagon (including Wisconsin)--despite the FTC's public announcement that it thinks these registries are a bad idea, plus the pending lawsuit against Utah's registry.
I have yet to see how the implementation authenticates that the registered email address is actually used by a kid. Without that authentication, these registries have the potential to be backdoor across-the-board do-not-email registries. If so, draping the do-not-email registries in the "protect the kids" flag inhibits robust discussion about the real effects of the registry.
2) Don't-junk-mail-me Registries. At least 3 states (Missouri, New York and Illinois) have introduced laws to create do-not-mail registries analogous to the very popular do-not-call registries. For reasons that I've not entirely understood, the delivery of junk mail is lightly-regulated compared to telemarketing and email marketing. Perhaps that is ready to change. In my Coasean Analysis of Marketing paper, I will point out the policy deficiencies of "do-not-contact" registries generally, so I find the possible proliferation of such registries troubling.
Posted by Eric at 08:03 AM | Marketing , Spam | Comments (4)
March 04, 2006
San Francisco Presentation, March 15 12:30 pm
By Eric Goldman
I'm presenting my latest article, A Coasean Analysis of Marketing, at University of San Francisco on March 15. The talk is free and open to the public.
Although the title suggests that the talk will be heavy on economics theory, I'm giving a "economics-free" version of the talk. As an added incentive, I suspect the Q&A will be fun as audience members hammer me for my pro-spam, pro-adware arguments.
Details
What: "A Coasean Analysis of Marketing," alternatively titled "Regulating the Distribution of Marketing"
When: Wednesday, March 15, 12:30-1:30 pm
Where: University of San Francisco School of Law, 2130 Fulton Street, San Francisco. (Official university directions). Go to Kendrick 102.
How: RSVP to Julia Dunbar [jtdunbar@usfca.edu]
Cost: Free
If you're in the Bay Area, it would be a delight to see you there!
Posted by Eric at 08:00 AM | Adware/Spyware , Marketing , Spam
February 06, 2006
Checking Your Spamming Burdens at the Dormant Commerce Clause/Juisdiction Doors?
An update on the disjointed state of state spam law cases
By Ethan Ackerman
Despite the passage of the federal CAN-SPAM Act in 2003, state spam laws continue to be enforced by states, and it appears private litigation under them continues unabated as well. State attorneys in Virginia and Washington, Maryland law students and Microsoft are just a few examples of recent plaintiffs using state spam laws. In covering these suits, mainstream press reporting seems to, for the most part, correctly explain that state anti-spam laws aren't entirely preempted by the federal CAN SPAM act. So with six (or in some cases, seven) years on the books and multiple court cases enforcing them, why are bloggers still asking, news outlets reporting, courts still ruling both ways on, and lawyers still not answering, the following questions: How and when do state anti-spam (and related state 'internet protection') laws violate the 'Dormant' Commerce Clause of the US Constitution, and when do state courts have jurisdiction over out of state spammers?
The Appeals March On...and off, and left, and right.
Recently, the US Supreme Court passed up its second (but certainly not last) opportunity to clarify the extent to which state laws may regulate an admittedly interstate problem - spam. State appellate courts (which generally must take appeals at the intermediate level) can't just 'decline certiorari,' and so they are turning out more and more opinions on the issue. But more doesn't look to be the same as 'clearer.' Maryland, for instance, has modeled its state spam laws after Washington state's laws, and its intermediate appellate court recently released an opinion vigorously supporting the reach and constitutionality of the state's law. This opinion, MaryCLE v First Choice Internet, stands in marked contrast to Beyond Systems v. Realtime Gaming, where Maryland's highest court, the Court of Appeals, came to the opposite result on very similar facts six months earlier. If appeals courts in the same state aren't going the same way, can we expect any different results nationwide?
Back in Washington state, the grandfather of dormant commerce clause cases, Washington v. Heckel, generated yet another opinion - this time by an intermediate court of appeals - further addressing the Dormant Commerce Clause and standards of proof under the Washington statute. Essentially fleshing out the conclusions the Washington state Supreme Court had earlier reached in the case, the intermediate court reaffirmed both the Dormant Commerce Clause soundness and the appropriateness of Washington court jurisdiction in the case.
These same two issues (Jurisdiction and the Dormant Commerce Clause) were the main entanglements in Maryland's MaryCLE and Beyond Systems, and while MaryCLE found that jurisdiction was OK and the statute survived the Commerce Clause, Maryland's highest court found it had no jurisdiction over the out-of-state defendant, and so did not even address the commerce clause issue. What make the Maryland cases significant are their different conclusions on what are very similar fact situations. In both cases, the defendant allegedly directed another company to do the actual emailing, but was sued as the person who directed or controlled the emailing. While admitting to ordering the sending of emails, and providing the lists of email addresses, the MaryCLE defendant company alleged it had no way of knowing they would go to Maryland residents. The MaryCLE court found this no barrier, and held that directing the sending of email to many commercial email addresses is itself sufficient to establish jurisdiction in Maryland, especially when the state statute imputed knowledge if state location is available from email domain registrars. Relying heavily on three similar cases (each helpfully explained on pages 20-22), the Maryland court found jurisdiction to be no problem either, even though there was a question as to whether any activity even took place in Maryland. In an effort to be comprehensive, the Court rejected four contrary (but not that different) opinions in footnote 21.
The Beyond Solutions court (Maryland's highest) was not so quick to find a connection between the defendant and the person who sent the email because, unlike MaryCLE, the defendant argued there was none. While the emails in question allegedly linked to a website controlled by the defendant, and the URLs included an 'affiliate ID' that allegedly corresponded to the actual sender - who stood to receive referral fees from the defendant - the defendant alleged it was not the sender and had no control over the emails sent. This strenuous denial, and the fact that the defendant had no other connections to Maryland sufficient to establish general jurisdiction, led the Maryland Court of Appeals to dismiss the case for lack of jurisdiction. A three-person minority of that court dissented, recognizing that the sublicensing agreements and shell-companies the defendant operated under, and the affiliate programs alleged, were similar to the types of liability-hiding and obfuscating spammers often engaged in. The dissenters would have at least allowed discovery sufficient to establish whether the defendant did have a relation to, or control over, the actual sender.
What's worth watching next?
As the cases under these laws continue to be decided, clarity will hopefully develop. Where can we look for the next step in the mix? Washington and Utah may be good starts. A Washington federal court is currently deciding one of several suits filed by Washingtonian James Gordon under that state's spam laws, and several of his cases have survived defendants' motions to dismiss. Federal court opinions on state spam law constitutionality are still relatively rare, and may be somewhat less biased toward their own state law, making this an important area to watch.
While not strictly a spam law, Utah's Child Protection Registry Act creates a heavily criticized, age-restricted 'do-not-email-list.' Several free-speach groups have organized to challenge the law, which has also drawn amicus support from the EFF and marketing groups. This well-organized direct challenge has no esily-vilified defendant spammer and may lead to clearer standards because of this. Possibly most importantly, this case may clarify some of the strong questions over the constitutionality over 'check-before-you-send'-style email laws.
Posted by Ethan Ackerman at 06:59 PM | Derivative Liability , Spam