August 09, 2010
July 2010 Quick Links, Part 1 (IP Edition)
By Eric Goldman
Trademarks
* Rebelution, LLC v. Perez, 2010 WL 3036217 (N.D. Cal. July 30, 2010). The plaintiff is a band named Rebelution. The defendant is a music performer named Pitbull who released an album "Pitbull Starring in Rebelution" without intending to reference plaintiff. No summary judgment to defendant. Wikipedia has a disambiguation page for "Rebelution."
* Southeastern Pennsylvania Transportation Authority v. Mednick Mezyk & Credo (E.D. Pa. complaint filed June 21, 2010). Interesting trademark lawsuit. A government transit authority, SEPTA, has sued personal injury lawyers for the ways they advertise that they represent plaintiffs against SEPTA. I think SEPTA has a tough argument, and they sure look thin-skinned.
* Ryan Gile: "New York New York Hotel/Casino Successfully Hijacks NewYorkNewYork.com"
* Can Chevrolet get people to stop calling it "Chevy"? Not likely.
* The latest article addressing the Trademark Use in Commerce debate: Lee Ann W. Lockridge, When Is a Use In Commerce a Noncommercial Use?, 37 Florida State University Law Review 337 (2010)
Copyright
* The Copyright Office issued new circumvention exceptions for 17 USC 1201 exceptions. The EFF breaks it down.
* MGE UPS Systems v. GE Consumer and Industrial Inc., 08-10521 (5th Cir. July 20, 2010). A significant (and possibly incorrect) ruling on 1201: “Because the dongle does not protect against copyright violations, the mere fact that the dongle itself is circumvented does not give rise to a circumvention violation within the meaning of the DMCA.”
* Mattel Inc. v. MGA Entertainment Inc., 09-55673 (9th Cir July 22, 2010). Another Kozinski bull-in-the-china-shop opinion, it is studded with important legal statements. Among the most interesting: an employee agreement purporting to assign copyrights from the employee failed when the language read more like a patent assignment. But read the whole thing.
* Teter v. Glass Onion, Inc., 5:08-cv-06097-FJG (W.D. Mo. July 12, 2010). Troubling ruling. An art gallery selling an artist’s painting does not make a fair use when making and then publishing thumbnail images of the paintings on the gallery’s website. No first sale defense for making the thumbnail images, either, although I’m not sure how the gallery can advertise the paintings for sale online without the thumbnails. The trademark infringement claim for referencing the artist’s name also survives because of the possibility the gallery looked like an authorized dealer when it wasn’t.
* We learned how much the Viacom v. YouTube ruling cost Google: $100M. Can you imagine what good things might have come if YouTube and Viacom had poured their legal fees into innovation rather than litigation? Also, this is a prime example of just how much it costs when a well-funded company (Google) decides to treat a lawsuit as bet-your-business. No way that most start-ups could have coughed up $100M for the lawyers.
* Scott v. Scribd settled. My original blog post on the case.
* Cable v. Agence France Presse, 2010 U.S. Dist. LEXIS 73893 (N.D. Ill. July 20, 2010), A professional photographer’s claim for 17 USC 1202 for removal of copyright management information survives a motion to dismiss.
* Las Vegas Sun does a thorough expose on alleged copyright troll Righthaven (look at the "related stories" too).
* Copyright enforcement mill gets caught red-handed committing copyright infringement on its website. Whoops!
* SAP has stopped contesting liability in the Oracle/TomorrowNow lawsuit.
* Miller v. Facebook, 2010 U.S. Dist. LEXIS 75204 (N.D. Cal. July 23, 2010). A software copyright registration for a literary work (i.e., the source code) was sufficient to uphold a pleading that the defense infringed the software's look and feel (i.e., an audio-visual work). My most recent post on this case.
Other IPs
* Bimbo Bakeries v. Botticelli: Bimbo Bakeries [great TM!], makers of Thomas English Muffins, gets an inevitable disclosure injunction against a departed employee who knows how to make their "nooks and crannies" and went to a rival baker. See also this post from Trading Secrets.
* Agora Financial LLC v. Samler, WDQ-09-1200 (D. Md. June 17, 2010). This case is similar to the more high-profile Barclays v. theflyonthewall case. The newsletter publisher plaintiff provides stock recommendations to its readers; the defendant republishes the tips on TipsTraders.com. The magistrate rejects a default judgment against the defendant because (1) the hot news doctrine is preempted by copyright law, and (2) even if it isn’t, the “plaintiffs’ writers’ investment recommendations are copyrightable” and therefore ineligible for hot news protection. Ruh-roh. The judge should have stopped at #1. Even the plaintiff admitted that the recommendations were uncopyrightable facts. So now what? Does this now mean everyone who republishes the recommendations is a copyright infringer?
Posted by Eric at 01:25 PM | Copyright , E-Commerce , Trade Secrets , Trademark | TrackBack
April 27, 2010
Interesting Database Scraping Case Survives Summary Judgment--Snap-On Business Solutions v. O'Neil
[Post by Venkat, with additional comments from Eric below]
Snap-on Business Solutions Inc. v. O'Neil & Assocs., Inc. (N.D. Ohio April 16, 2010) [scribd]
Snap-on is one of those cases that's great because the court canvasses the various claims that come into play in the increasingly common scenario when someone accesses a computer or network to extract data following termination of (or outside of) a contractual relationship. (The practice of extracting data from a website is commonly known as 'scraping'.) The court punts based on the existence of factual disputes, but the court's order is well worth a read just because it lays out the issues and theories.
The background facts are straightforward. Mitsubishi hired Snap-on to build a database of parts data which Mitsubishi dealers could then access online. Mitsubishi provided the underlying documents and images (parts information) to Snap-on, who converted them and built a "searchable database with linked data and images." At some point, Mitsubishi decided to move the parts database over to O'Neil, instead of Snap-on. When Mitsubishi asked for a copy of the database, Snap-on predictably declined. Snap-on told Mitsubishi that Mitsubishi could have the database, but would have to pay an extra fee. Meanwhile, O'Neil, Mitsubishi's new vendor suggested that it could extract the data from Snap-on's servers using O'Neil "scraper tool." O'Neil ran the scraping program, and used log-ins provided by Mitsubishi in the process of gathering the data. According to testimony from Snap-on, O'Neil's access of Snap-on's website caused Snap-on's website to "crash" in at least one instance.
Snap-on sued O'Neil (and interestingly not Mitsubishi) alleging Computer Fraud and Abuse Act, trespass to chattels, unjust enrichment, breach of contract, copyright infringement, and misappropriation of trade secrets.
Computer Fraud and Abuse Act: The key question on the Computer Fraud and Abuse Act claim was whether O'Neil's access of the website was "without authorization." The court held that the underlying agreement between Mitsubishi and Snap-on did not clearly resolve the question of whether Mitsubishi could authorize O'Neil to access Snap-on's website and servers and, whether even assuming Mitsubishi had this ability, Mitsubishi somehow lost it.
I think the court came to the correct conclusion on whether the access was without authorization. There's a split of authority in the employment context as to whether an employee's access to the employer's servers for the employee's own purposes constitutes "unauthorized access," but this case doesn't implicate that scenario. (Jeff Neuburger covers the 9th Circuit's recent ruling in LVRC Holdings, LLC v. Brekka, which acknowledges this split.) Here, the parties had an agreement, and the only viable argument by O'Neil on the unauthorized access issue was that Mitsubishi had authorized O'Neil to access Snap-on's computers and servers. (Since you had to log-in to access the website, O'Neil could not argue that Snap-on impliedly authorized everyone (including search engines) to access its site.) The terms of the agreement between the parties would resolve this issue and the agreement didn't provide a definitive answer, at least at the summary judgment stage.
Trespass to Chattels: Snap-on also asserted a trespass claim based on damage or temporary deprivation of the ability to use its servers. The court also declined to resolve this issue on summary judgment, finding that Snap-on presented sufficient evidence to find that O'Neil's unauthorized access caused Snap-on's servers to crash and "deprived Snap-on of their use for a substantial time.
O'Neil argued that copyright law preempts Snap-on's trespass claim. The court summarily (and in a conclusory fashion) rejects this argument, finding that Snap-on's argument seeks to protect the integrity of its computer servers, rather than its "possessory interest in the [software] or accompanying database."
Unjust Enrichment: The court finds that Snap-on's unjust enrichment claims were preempted by the Copyright Act since Snap-on failed to provide any evidence as to how the unjust infringement claims were based on rights distinct from Snap-on's rights as a copyright owner.
Breach of Contract: Snap-on also asserted a claim for a breach of its end user license agreement. The court declined to dismiss this claim based on the existence of factual dispute as to whether the parties entered the EULA and whether O'Neil breached it. Surprisingly, Snap-on's website required a log-in but only contained a statement that "[the] use of and access to the information on [Snap-on's] site is subject to the terms and conditions set out in [Snap-on's] legal statement." Snap-on did not users to check the box, acknowledging that they read and agreed to the end user terms.
Copyright Infringement: Snap-on knew it had an uphill battle on the copyright claim for a few reasons. First, much of the material (such as the images) is owned by Mitsubishi to begin with. Second, it's tough for anyone to argue that pricing and parts information is copyrightable. With this in mind, Snap-on argued that the "database structure" is entitled to copyright protection and Snap-on owned the copyrights in the structure.
The court went through the Feist analysis. In Feist, the court held that a "factual compilation is eligible for copyright if it features an original selection or arrangement of facts, but the copyright is limited to the particular selection or arrangement. In no event may copyright extend to the facts themselves." Lower courts have applied Feist and found that databases containing facts may be copyrightable. O'Neil argued that the "arrangement" or the database structure was obvious and was thus not entitled to copyright protection. The court again agrees with Snap-on that factual disputes preclude summary judgment on copyrightability and ownership.
The court's conclusion on the copyright issue seemed the most problematic. Even if Snap-on owned some part of the underlying arrangement or database structure, did O'Neil "copy" the structure, or otherwise exercise any rights exclusive to the copyright owner? This is a tough sell. Also, on the ownership issue, I would think Mitsubishi would have a colorable argument that even if it didn't own the copyright, it should be treated as a joint owner along with Snap-on?
Trade Secrets: Finally, the court also declines to grant summary judgment on Snap-on's trade secrets claims. I'm not sure what trade secrets Snap-on is using to support its claim, and I'm skeptical that any trade secrets exist here that O'Neil misappropriated. However, given that the court declined to grant summary judgment on the other claims, it wasn't the end of the world for the court to let this claim go to the jury as well.
__
Apart from canvassing the various legal theories that come into play in this type of a factual scenario, the case also offers a few practice pointers.
First, if someone is hosting or storing data for you, it makes sense to have a provision in the agreement that allows you to get access to the data at the termination of the relationship, regardless of any contractual dispute that may arise between the parties. The party with physical access to the data will have leverage as a practical matter, and this is the type of thing contractual language should address. As a last resort, the party who may be in a position to extract the data should have an unbridled ongoing right to extract the data during the course of the relationship. The agreement should also have a notice and breach provision that would prevent the summary denial or revocation of authorization.
Second, I'm surprised there wasn't a clear ownership clause in the agreement that said Mitsubishi owns the underlying data, the database structure, and any copyrightable elements in the database. A determination by the court that Snap-on owns some copyrights in the database structure could cause problems down the road for Mitsubishi. There are many reasons why it made sense for Mitsubishi to own the data, and Snap-on doesn't have much of a business justification for owning the data because it can't use it at the termination of the relationship. As a last resort, Mitsubishi should have had a broad license to the data.
Third, the agreement should contain terms allowing Mitsubishi to authorize third parties the right to access Snap-on's servers and any copyrighted material, at least for back-up and archiving purposes.
Fourth, if you are a website that is looking to prevent scraping, ownership of the underlying data and restrictions on access (such as a log-in) help significantly. Professor Goldman's comments below highlight that scraping is problematic from a legal standpoint. However, two things that bolstered Snap-on’s claims are its ownership of the data and the fact that O’Neil accessed the site through a log-in which it wasn’t clearly authorized to use. This, coupled with the fact that Snap-on was in physical possession of the data at the termination of the relationship, pretty much put it in the driver’s seat.
Finally, Snap-on's contract formation process could have been cleaner. Where you have a situation involving access of a website for a business purpose (where the person is accessing data that they need) there's much less risk of people declining to access your website based on additional hurdles in the form of click throughs or check the box. In the consumer setting, websites often weigh certainty of contract formation against customer conversion, but this isn't really present in Snap-on's case. I guess what I'm saying in a long-winded way was that Snap-on should have implemented a mandatory, non-leaky, clickthrough, as discussed in Professor Goldman's post covering Scherillo v. Dun & Bradstreet.
____________________________
Eric's comments:
This is such a rich and interesting case that both Venkat and I wanted to cover it. I am frequently asked if scraping is legal, and the short answer is that (a) possibly not, but (b) people regularly do it anyway. This case illustrates the difficulty of doing scraping legally, and I highly recommend reading this case to anyone who thinks scraping solves a business problem they are having. If anything, this case was unusually defense-favorable because the replacement vendor (O'Neil) was scraping the customer’s (Mitsubishi’s) data at the customer’s request. Yet, because that data resided on Snap-on's servers, O'Neil is still staring down the barrel of copyright, contract, CFAA and common law trespass to chattels claims. If I were on the defense team, I'd be whipping out my checkbook and angling for a settlement, because I expect this case will not play well in front of a jury.
This case is slightly similar to a case from earlier this year that I never got a chance to blog, Edgenet v. Home Depot. In both Edgenet and this case, a big company retained an outsourced vendor to maintain and enhance an obviously unwieldy product catalog, and legal tussles ensued when the customer and vendor divorced. According to this opinion, Mitsubishi thought it had procured the IP rights to Snap-on's enhanced database, but Snap-on thought otherwise and demanded extra money to get something Mitsubishi thought it had already bought. As Venkat indicates, this reinforces the practice pointer that customers always need to have a clear exit strategy nailed down upfront whenever they enter into an outsourcing relationship.
The case is a little less clear about Mitsubishi's ability to get interim deliveries of the database pre-termination. (The case suggests that Snap-on tried to charge for this as well). As Venkat also indicates, this violates another rule of outsourcing--without a copy of its database, Mitsubishi was never in control of its fate and continuously vulnerable to Snap-on deciding to play a hold-up game.
When Mitsubishi finally decided to go with Plan B and retain O'Neil as Snap-on's replacement vendor, a series of poor judgments followed. Mitsubishi decided it was too expensive to have O'Neil replicate the work Snap-on had done, and Mitsubishi apparently decided it was too expensive to pay Snap-on for the one-time delivery from its database. But what did Mitsubishi expect--that Snap-on expected to be paid for delivering the data but would acquiesce to free scraping? Snap-on seems to have made it clear that its business model included payment for getting Mitsubishi data out of Snap-on's database, so Mitsubishi had to know that any alternative courses of action were dicey.
Then O'Neil, presumably trying to be helpful, offered the scraping option. Any lawyer in the process should have kiboshed the idea on the spot. Instead, Mitsubishi gave O'Neil some login credentials in apparent violation of the Snap-on agreement. This reminded me of the Oracle v. SAP lawsuit, which is not going to end well for SAP.
The scraping process did not go well, either. It appears the scraping tool was misconfigured because it allegedly caused enormous traffic spikes that ultimately crashed the site at least once (and maybe twice). Even if the court follows the more restrictive Hamidi approach to common law trespass to chattels requiring damage to computer system resources, this qualifies. Snap-on blocked the scraper's IP address, so O'Neil offered to continue using a different IP address (a big no-no in my guide to "legitimate" scraping) but only if Mitsubishi signed an indemnity agreement...which Mitsubishi signed. What??? Are you kidding me??? It's hard to wave a bigger red flag of problems ahead than to have a vendor say that it will only continue if it gets an indemnity agreement. Fortunately for O'Neil, the indemnity agreement may mean that O'Neil won't be writing checks when the jury says nyet; unfortunately for O'Neil, the indemnity agreement won't help if the feds decide to bring a criminal CFAA prosecution. Snap-on blocked the second IP address, O'Neil stopped scraping, and Snap-on decided to sue.
Where were the lawyers in this process? I'm shocked that Mitsubishi's lawyer didn't shoot down the initial scraping proposal. Scraping was a classic engineer's solution to a legal problem. But even if the lawyer never got a chance to speak up then, surely lawyers got involved when O'Neil tendered the indemnity agreement to Mitsubishi. That they didn't put their foot down then blows my mind. Given Snap-on's delays, it appears that Snap-on might not have even sued if O'Neil hadn't reinitiated scraping via a second IP address, so the indemnity agreement should have given Mitsubishi and O'Neil enough time and warning to realize that the engineering solution had failed and it was time to seek a legal solution.
As Venkat recaps, the legal rulings are fairly straightforward given our standard understandings of scraping law. However, they illustrate that despite its ubiquity, scraping may not be legally defensible when challenged in court--even, in this case, when Mitsubishi was trying to retrieve "its own" data.
Finally, this case is a microcosm of the broader IP battles over product catalog and taxonomical data. See my notes from my 2007 talk about IP rights in taxonomies. I don't have a solution to these IP battles, but I continue to wonder about the social benefits we could obtain if a global product catalog existed that everyone could freely use.
Posted by Venkat at 09:50 AM | Copyright , E-Commerce , Licensing/Contracts , Trade Secrets
August 10, 2009
Nursing Student's Blog Post Doesn't Support Expulsion--Yoder v. University of Louisville
By Eric Goldman
Yoder v. University of Louisville, 2009 WL 2406235 (W.D. Ky. Aug. 3, 2009). Yoder's initial complaint.
Nina Yoder was a University of Louisville nursing student. She posted a blog post to MySpace entitled "How I Witnessed the Miracle of Life” that describes her first-hand observations from a school assignment to go watch a patient-mother giving birth. The blog post now appears to be set to private, but you can see a PDF of it, and the opinion quotes the full text for your reading pleasure. This blog post and the resulting imbroglio sparked a lot of discussion. For more background, see this page with some of the source correspondence (and over 100 comments) and this thread from a nursing students' blog with about 250 comments.
Even if Yoder’s blog post was intended to be tongue-in-cheek, I can see why the blog post was so controversial. As just one example, the blog post repeatedly refers to newborn babies as "creeps." The court does not have kind words to describe the blog post, calling it "vulgar," "distasteful," "offensive," "crass and uncouth," and an "abject failure" as an attempt at humor. My personal take is that the blog post was, at best, ill-advised. I really can't imagine when I would want to work with a nurse who calls my baby a "creep," even if in jest, and (as discussed below) the amount of detail Yoder disclosed about her patient shows a reckless disregard for the confidentiality we expect from medical professionals.
When University of Louisville nursing school administrators discovered the post, they expelled Yoder from the nursing program on the grounds that she violated two contracts: the student honor code and a confidentiality agreement. Given how damaging Yoder's post was to the University's nursing school (after reading it, I suspect few patients would agree to let student nurses observe their treatments), I understand this impulse. However, the administrators’ decision to have two uniformed police officers at the termination meeting (because Yoder had separately blogged about her support of the Second Amendment) and to frisk her for weapons seemed a little over-the-top.
In this ruling, the court reverses the school's expulsion, holding that the school incorrectly interpreted the contracts. The main ruling relates to the contracts' requirement that Yoder not disclose patient confidential information. The defendants allege that the blog post disclosed "the following identifying information about the birth mother: the number of her children; the date that she was in labor; her behaviors; the treatment that she underwent (an epidural); her reaction to labor (vomiting); and the reactions of her family." The court says that none of this information was personally identifiable to the patient or her family because the post "does not disclose the birth mother's name, address, social security number, or the like. It does not disclose her age, race, or ethnicity. The Blog Post does not contain ‘financial’ or ‘employment related information’ about the birth mother. It does not disclose where she was in labor."
Well, the court is correct about the non-identifiable nature of the disclosures if you only consider the four corners of the blog post. No one could use the blog post to identify the mother or her family without relying on additional information. Nevertheless, the court's rationale is completely off-base. I’m confident that any savvy investigator could combine the blog post with other data sources and quickly identify the mom with a high degree of certainty, even if the investigator would rely only on easily obtainable published information. Just knowing the baby’s exact birthdate and limiting the inquiry to the Louisville area immediately limits the pool of possible women to a few hundred. Knowing that the child was the mom's third baby should narrow that restricted pool further. Thus, the court was clearly wrong when it said, categorically, "the Blog Post does not contain information that could possibly lead to the discovery of the birth mother's identity" (italics added). The first person who emails me the correct identity of the patient in question can, as their reward, choose a slinky from my special slinky stash.
As a result, this court's ruling illustrates the false distinction between personally identifiable and non-personally identifiable information. (The same issue arose in the recent Johnson v. Microsoft case declaring that IP addresses are not personally identifiable.) Paul Ohm has an important paper coming out on de-identification that should end this distinction permanently. The ability to combine multiple data sources makes it possible to uniquely identify data subjects even if each individual data source does not enable identification on its own. Especially in light of the healthcare context, this judge was way too charitable to Yoder on this point.
The court also says that Yoder did not violate a "professionalism" requirement in the school’s honor code because the blog post "was not created or used in any professional context." This is analogous to the K-12 school discipline cases (all uncited) where the principal disciplines a student for a blog post made off-campus. Clearly school administrators can reach too far into private conduct when meting out discipline, but again I think the judge is being very charitable here. Yoder was blogging her personal observations about a professional experience she had in a hospital, under confidentiality agreements, while doing her schoolwork. By this reasoning, any post that Yoder wrote in her personal time would not trigger the professionalism code, but given the subject matter of this post, this issue probably warranted more careful treatment.
Having said that, I totally agree with the judge's ultimate conclusion to reinstate Yoder. Although her post raised all kinds of yellow and even red flags about her judgment, the school had a wonderful teaching opportunity to explain/reinforce all kinds of lessons about the professional responsibility of a nurse (like, don't call patients' babies "creeps," even in jest). I think they didn’t capitalize on that opportunity by applying a one-strike rule to Yoder.
An update on Yoder's saga from the Chronicle of Higher Education.
Posted by Eric at 10:12 AM | Content Regulation , Trade Secrets | TrackBack
April 28, 2009
Promatek Redux: Software Consultant Enjoined from Metatag Usage and Other TM References--Deltek v. Iuvo
By Eric Goldman
Deltek, Inc. v. Iuvo Systems, Inc., 2009 WL 1073196 (E.D. Va. April 20, 2009). The Justia page.
Every year in Cyberlaw, I teach Promatek v. Equitrac, a Seventh Circuit metatags case from 2002 noteworthy for its multiple litigant and judicial errors typical of a cyberspace freakout case. Among the many mysteries of the case is how the court treats the fact that Equitrac advertised that it provided servicing of Promatek's equipment. The court says that Equitrac was free to say that, but it couldn't say it in the metatags...for reasons that I still don't understand.
Today's case raises similar issues to the Promatek case, and the resolution isn't much clearer. Deltek sells complex cost-accounting software. Iuvo includes three former Deltek employees who started a business providing consulting about Deltek software and other Deltek software-related services. Iuvo's websites advertise the fact that it provides servicing for Deltek software, but Deltek apparently doesn't like that or, apparently, the competition (not surprising because Iuvo was allegedly undercutting Deltek's price). Thus, Deltek launches a multi-prong attack on Iuvo, including claims that the site infringes its trademarks, the former employees misappropriated Deltek trade secrets, and the former employees violated their non-compete agreements.
With respect to the trademark claims, the defendants assert "fair use" (more precisely, nominative use). The court isn't convinced, in part because of the implied affiliation from Iuvo's references to Deltek's trademarks, even though the websites had an appropriate disclaimer of any relationship. Citing the doctrinally confused Axiom case, the court relies on the same implied-affiliation grounds for the metatags, saying "This use of Deltek's trademarks as metatags may cause a consumer to believe that Iuvo is affiliated or related to Deltek and may therefore constitute an improper attempt to trade on the commercial value associated with the marks." However, no one who understands metatags believes this statement is in the least bit credible.
Ultimately, the court crafts a split-the-baby injunction, restricting Iuvo:
from using in the "www.iuvosystems.com" website the phrases "Deltek Upgrade", "We Provide Deltek Solutions" and "Technology Consultants With Deltek Experience"; from using as metatags for any website associated with the Defendants' business activities any Deltek trademarks or trade names including, but not limited to, "Deltek Costpoint," "Deltek Time Collection," "Deltek Install," "Deltek Hosting" and "Deltek Consulting" and from using the web domain names "www.installdeltek.com" and "www.installdeltek.net."
Although the injunction is relatively narrow, it is still obviously problematic. First, the blanket restriction on including Deltek in the metatags makes no sense. See the Welles case. Second, I don't immediately see anything wrong with the phrase "installdeltek" in the domain name if Iuvo acts as a systems integrator and, in fact, installs Deltek software (a point I believe Deltek contested). Finally, I'm struggling to see what's wrong with the phrase "Technology Consultants with Deltek Experience," which seems completely accurate in describing both the former Deltek employees' experience as well as the company's accumulated experience.
Three observations about the case:
1) I hate metatag cases!
2) This is yet another example that the nominative use defense isn't very robust.
3) It's interesting that the court declined to issue an injunction based on the trade secret and non-compete claims, so Deltek's only victory came from its trademark claims. This is a good example of trademark's power to restrict competition, even when other anti-competition legal doctrines fail, and even when the competition may be in the consumers' best interest.
Posted by Eric at 09:31 AM | Trade Secrets , Trademark | TrackBack
April 12, 2009
Q1 2009 Quick Links, Part 4
By Eric Goldman
Security
* Massachusetts Data Security regulations were amended.
* In Facebook v. Power.com, Facebook brought another lawsuit to block extraction of user data from the site (similar to the Facebook v. ConnectU lawsuit). Venkat, Masnick, News.com, NYT, Justia. In this case, I wonder if Facebook has adequately distinguished between Power.com's behavior and the operation of its own "Find a Friend" service that taps into third party email servers to extract email addresses. Power.com’s response.
* Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. Jan. 7, 2009). IP infringement isn't a cognizable harm under the Computer Fraud & Abuse Act.
Adware/Spyware
* Who says Valentine's Day is just a Hallmark holiday? Sales of spyware and other tools to track cheating SOs also increase around Valentine's Day.
* Susan Brenner on the Cybercrimes Treaty and the US's decision not to criminalize possession of malware as required by the treaty.
Venture Capital
* BusinessWeek: Silicon Valley innovation is being stifled by VCs who only want to make small bets, not big bets. But VC investing is faddish, so the wind might change tomorrow.
* $600M of VC investments in virtual worlds.
Contracts
* Burcham v. Expedia, Inc., 2009 U.S. Dist. LEXIS 17104 (E.D. Mo. Mar. 6, 2009). Buyer was bound to user agreement even though he argued (without any evidence) that someone else established the account he used. This dovetails nicely with the broad reading of who is bound by an online user agreement; see my discussion in the Lori Drew case. Jeff Neuburger's writeup. Aside: I wonder if Expedia will be insulated by 47 USC 230 for the allegedly wrong description of amenities if they got the description of the hotel from third parties. For an analogous result involving the binding of users who didn't agree to the initial contract, see CoStar Realty Information, Inc. v. Field, 2009 WL 841132 (D. Md. March 31, 2009).
* Fractional Villas Inc. v. Tahoe Clubhouse, No. 08cv1396 (S.D. Cal. Feb. 25, 2009). Citing the RMG case, the court says that merely visiting a site may be sufficient to bind visitors to a browsewrap. However, in this case, there was insufficient evidence that the defendant had ever visited the site.
* Cherny v. Emigrant Bank, 2009 U.S. Dist. Lexis 2486 (March 12, 2009). Latest case that breach of privacy policy isn’t actionable unless there are actual damages. Venkat’s writeup.
* A stat I fully believe: "studies have shown that more than half of all companies cannot even locate signed copies of 10% or more of their contracts." The Zen Master asks: if both parties think they have entered a contract but neither can find a copy, do they have a contract? (this has really happened to me before).
Taxes
* Amazon v. New York and Overstock v. New York (N.Y. Sup. Ct. Jan. 12, 2009). Kudos to New York for finally figuring out a way to break the Internet and defeat the Internet Tax Freedom Act by treating Amazon Associates as traveling salespeople for sales tax collection purposes. I imagine every state in the country will jump on this bandwagon, at which point some e-tailers will kill their affiliate program and others will end up imposing sales tax collection nationwide.
* Pitt County v. Hotels.com, L.P. (4th Cir. Jan. 14, 2009), Online travel aggregators aren't "retailers" (as referenced in the statute) for purposes of collecting local hotel occupancy taxes.
General
* Some interesting cyberspace exceptionalism developments involving cases where paper presentation may be different from electronic presentation of the exact same content. In Smith v. Under Armour, Inc., 2008 WL 5486764, web payment confirmations displayed on-screen are not "printed" within the meaning of the Fair and Accurate Credit Transactions Act. Accord Smith v. Zazzle.com, Inc., 2008 U.S. Dist. LEXIS 101050. See generally this Proskauer recap. In Saulic v. Symantec Corp., a California law prohibiting data collection with credit card sales was held inapplicable online.
* Sudduth v. Donnelly, 2009 WL 918090 (N.D. Ill. April 1, 2009). Plaintiff got stiffed on his eBay transaction and sued eBay for 1983 equal protection and conspiracy claims as well as a Title VI civil rights claim. Because eBay isn't a state actor, however, the court dismissed eBay.
* My colleague Steve Diamond is blogging every detail of the battle for SAG's soul over at his new blog, King Harvest. For example, he summarizes the travails of the Screen Actor's Guild.
* Oddee: 10 Geekiest T-Shirts. I own a t-shirt that says "I'm Blogging This" (a gift from a former student) and a mug that says "Vegetarian Blogger" (gift from a colleague).
* Oddee: 15 Most Unfortunate Town Names. I think Licking County should have been a contender.
* Is there any better sign of Cyberlaw's maturity than the publication of Internet Law in a Nutshell
* Oddee: 12 Most Ridiculous Lawsuits. I welcome your nominations for the most ridiculous Internet lawsuits of all time. I hope to write that up some day.
* Happy birthday, Gmail! Best email software I've ever used. The battles over Gmail privacy seem so...2004!
Free Stuff
* The Ninth Circuit recently updated its website...with RSS feeds!
* Nolo Press' "NDAs for Free." Potentially useful site.
* I have one extra copy of my Fall 2008 Cyberspace Law course reader. First person to send an email with their mailing address gets it. [CLAIMED]
Posted by Eric at 12:03 PM | Adware/Spyware , E-Commerce , Licensing/Contracts , Privacy/Security , Trade Secrets , Virtual Worlds | TrackBack
April 26, 2006
Employee Blogging Risks
By Eric Goldman
A couple of weeks ago, I spoke at the North Carolina Journal of Law & Technology's symposium called "Attack of the Blog: Legal Horrors in the Workplace." (I definitely did not pick the name!) In the morning, I spoke about the risks that companies face when their employees blog. I see blogging as a subset of Internet communications generally, so I'm not sure these risks are limited to blogging. Nevertheless, the following risks are possible:
Non-Legal Risks
* Employee relations risk. A personal dispute between employees could be taken online, triggering a flame war or exposing the personal dispute to a broad audience within and outside the company.
* Customer relations risk. Employees could make disclosures that undermine customer confidence in the company's products by revealing too much about the company's inner workings or by disparaging the company's products. Employees could also oversell customers by making overstated claims about the products.
* Reputational risk. Employees might make personal disclosures about other employees/stakeholders that degrade the overall public perception of the company.
Legal Risks
* Admissions. Blog posts could be party admissions. Even if not, they could be adverse evidence introduced in litigation.
* Trade Libel. Employees could actionably disparage competitors' products.
* Disclosure of Non-Public Information. There are several ways that employees could convert non-public information into public information in ways that have legal significance.
- If the company is publicly traded, these disclosures may manipulate the stock price or constitute securities fraud
- Employees could undermine the company's position by tipping off competitors about plans in the works. If the employee publishes company trade secrets to the blog, in most cases that information will be irretrievably lost as a trade secret.
- Employees might disclose third party trade secrets, which could lead those third parties to bring a trade secret misappropriation claim.
- Employees might disclose patentable information that jeopardizes the company's ability to obtain a patent using that information. For example, a blog post should start the 1 year clock ticking under 102(b). Similarly, if the foreign patent applications have not yet been filed, the blog post should negate the company's ability to seek foreign patents on the published information. This is a real gotcha that may catch some unsuspecting companies.
Conclusion
Just to be clear, I'm not convinced these risks are all that serious. The emergence of blogs might lower the guard or caution of employees, but all of these risks would exist even without blogs, and most employees will make good choices. Even so, some employees will make poor choices, and thus companies who are concerned about employee blogging might choose to address blogging as part of an overall policy on Internet usage or disclosure of company information. At the same time, employee blogging can be a significant asset to the company, so companies might look at employee blogging as an resource to nurture rather than risky behavior to squelch.
Posted by Eric at 08:05 PM | General , Patents , Trade Secrets
December 07, 2005
Keeping C&D Letters Confidential
By Eric Goldman
An all-too-familiar story. A famous celebrity takes her clothes off in a private outdoor space (in this case, Jennifer Aniston goes topless in her backyard). The paparazzi captures the event for posterity and profit. Celebrity finds out and unleashes a bulldog lawyer on the case. Lawyer writes a cease and desist letter to potential publisher with stern warnings about republishing the photos. The cease-and-desist letter hits the Internet. (In all likelihood, the photos will hit the Internet too, but to my knowledge we haven't gotten that far yet).
Here's the twist that triggers this blog post. The lawyer's letter says no less than 3 times that the C&D recipient may not publish the cease-and-desist letter:
* the letter is titled at the top "confidential legal notice/not for publication"
* the second sentence says "This is a confidential legal notice...and may not be published or disseminated in any way."
* the last paragraph reads: "This letter is a confidential legal communication and is not for publication. Any publication, dissemination or broadcast of any portion of this letter will constitute a breach of confidence and a violation of the Copyright Act, and You are not authorized to publish this letter in whole or in part absent our express written authorization."
These brouhahas never seem to end up well for anyone. Let's deconstruct the situation.
Jennifer Aniston
Jennifer Aniston should have known better. I recognize this may sound a little heartless; after all, she was in her own home and her lawyer alleges that the photographer was a mile away using an incredibly high-powered telephoto lens. If true, no question she should have had a reasonable expectation of privacy.
However, I believe that in practice, the rules are simply different for the top 1,000 most famous people in the world. For these celebrities, certain activities (nakedness, friskiness, ingesting) in a potentially observable place are never consequence-free, regardless of what the law says or the celebrity wants.
In this case, an afternoon of topless sunbathing at home has the consequence of a multi-month multi-continent pitched legal battle that, in all likelihood, will be futile (i.e., the pictures will almost certainly irrevocably hit the Internet). I'm not saying this is a good outcome, but it's an inevitable result in this era. This has to be on the minds of the world's most famous celebrities at this point.
The Paparazzi
If the photographer really did use a telescopic lens to take pictures of someone's backyard from a mile away and then tried to resell the photos, I'm fairly comfortable that there will be legal redress.
The Lawyer and the Smoking Gun
Some people complain that lawyers can't communicate very well, but good news here--we have no problem understanding what this lawyer wanted. He did not want to see this letter posted to the Internet. Yet, there it is, on the Smoking Gun in all its glory.
There are some problems with the lawyer's desire. How can a lawyer claim that a cease-and-desist letter is a confidential communication? In general, sending the letter to a third party without any confidentiality assurances should blow any legal confidentiality protections. The lawyer's redundant declarations doesn't change the analysis one iota (if anything, repeating these statements to bloggers will invariably lead to the opposite outcome). So, on its face, I don't see how the confidentiality demands/instructions are anything more than hyperbolic and low-efficacy scare tactics.
The copyright issue is more complex. The letter should qualify as an original work of authorship, and posting the letter online should violate at least 2 of the 106 rights (reproduction and distribution).
But is there some legal defense that nevertheless permits the reposting of C&D letters? The most obvious one is fair use, but fair use analyses are always tricky. For a good example in a relevant context, consider how Google deals with C&D letters it receives. At the Yale Regulating Search conference, a Google representative explained that Google turns over all 512(c)(3) demand letters to ChillingEffects.org because (a) Google wants the letters to see the light of day, (b) Google feared that publishing the letters would be an unexcused infringement, and (c) Google thinks that ChillingEffects.org's republication of the letters would be protected by fair use.
Can this be right? Google can't republish the letter but a third party can? ChillingEffects.org changes the fair use analysis in two ways: first, it's a non-profit actor, and second, it does add some commentary to the letter. But this seems like a silly formalistic solution. (I'll note that the Aniston C&D letter recipient apparently took the same approach, handing the letter off to the Smoking Gun, who added some light commentary).
C&D letter recipients shouldn't have to go to such extremes. Senders of C&D letters should be accountable for their actions. They seek legal redress and the letters themselves are legally significant (i.e., they could create the basis for willfulness determinations; they may be the basis for the recipient seeking a declaratory judgment). To fully understand what is taking place in the field, information about these C&Ds has to enter the public discourse. And simply reporting the receipt of a C&D isn't enough--to understand the letter and its potential impacts, external observers have to read the precise words used.
Therefore, I would strongly favor a statute that exculpates C&D letter recipients from republishing the letter. Because such a statute is unlikely, I am hoping the courts will create a defacto per se fair use exclusion for republishing C&D letters. Meanwhile, kudos to the Smoking Gun for not letting the repeated exhortations keep the letter off the Internet.
Finally, I suspect some readers of this post got here on the mistaken hope of seeing the pictures in question (or others of a similar nature). If you made it this far with that expectation, I'm sorry to disappoint.
Posted by Eric at 11:28 AM | Copyright , Trade Secrets | Comments (8)