Technology & Marketing Law Blog: Trade Secrets Archives

Technology & Marketing Law Blog

May 03, 2013

Recap of Washington State’s Employer Social Media Password Bill

SB 5211 (passed by Senate April 27, 2013)

Both chambers of the Washington legislature passed Substitute Senate Bill 5211, and it now awaits the Governor’s signature. No Washington legislators voted against it.

Here are the key provisions:

- the bill restricts employers from (1) asking for passwords; (2) engaging in shoulder-surfing; (3) asking employees to change settings; or (4) asking employees to add them as friends;

- the statute does not define it, but uses the phrase “personal social networking account” to describe what is off limits;

- the statute contains a carve-out for employer investigations, but limits this to scenarios where employers merely request information (and not passwords) in order to investigate (1) legal violations or (2) suspicion of misappropriation by employees;

- the statute excludes employer-supplied devices, as well as intranets and other platforms “that [are] intended primarily to facilitate work-related information exchange, collaboration, or communication by employees or other workers” [Twitter!];

- finally, the statute provides for a private right of action and authorizes a court to award $500 in statutory damages and attorney’s fees.

The statute tackles the social media ownership question by excluding accounts that are “provided by virtue of the employee’s employment relationship with the employer .. [or] online account[s] paid for or supplied by the employer.” Earlier versions of the statute had more specific definitions for what constitutes a social network. One iteration also limited the private right of action.

Although I acknowledge that employee social networking activity that is private should be off-limits for employers, I still think this was a solution in search of a problem. With states’ well established failings in the era of regulating the internet, I predict this will create more problems than it will solve. Among other things, it's unclear what is covered by "social media" and equally unclear when an account is "personal" or "business"-related. (In practice they often seem mixed.) Eric delves into some of these issues in taking a look at California's social media legislation in this post: "Big Problems in California's New Law Restricting Employers' Access to Employees' Online Accounts."

Two approaches legislatures should consider taking when enacting these statutes is (1) making them only apply to prospective employees; and (2) getting rid of a private right of action or, at least, including an administrative exhaustion component. The Littler law firm has a great roundup of legislation from various states as well as some of the pitfalls these statutes may present: "Social Media Password Protection and Privacy -- The Patchwork of State Laws and How it Affects Employers" [pdf].

Other coverage on employer social media bills generally:

Littler: "Social Media Password Protection and Privacy -- The Patchwork of State Laws and How it Affects Employers" [pdf]
WIlliam Carleton: "Checking in on sate social media password laws"
Eric Meyer: "Wooooo pig sooie! Arkansas gets a workplace social media privacy law"
Lexology "Three more states hop on the social media legislation bandwagon"

[image credit: shutterstock/Andre Blais "high-tech background with targeted eye-scan"]

Posted by Venkat at 10:49 AM | Privacy/Security , Publicity/Privacy Rights , Trade Secrets

April 26, 2013

Nosal Convicted of Computer Fraud and Abuse Act Crime Despite His Ninth Circuit Win – US v. Nosal

[Post by Venkat Balasubramani, with a comment from Eric]

US v. Nosal, CR 08-0237 EMC (N.D. Cal. Mar. 12, 2013) (.pdf, denying motion to dismiss)

US v. Nosal, a case that spawned two Ninth Circuit opinions and that’s sure to involve more, just concluded at the trial court level with Nosal being convicted on charges of violating the Computer Fraud and Abuse Act. (See coverage from David Kravets here (“Hacking Trial Devoid of Hacking Awaits Jury Verdict”) and Vanessa Blum here (“Nosal Found Guilty in Trade Secret Case”.)

Judge Patel originally dismissed several of the counts that alleged the misuse of information that were accessed by individuals who were authorized to access the information. Although the 9th Circuit initially disagreed, an en banc panel agreed with this approach, ruling that criminality should not turn on the person’s intent in accessing information or employer policies. The key question is whether the defendant is authorized to access the information in question at all. Since the dismissed counts alleged people accessed information they were otherwise authorized to access but misused this information, these counts were out.

But this left some remaining counts, which involved access via password sharing. Nosal argued that the 9th Circuit’s en banc opinion in Nosal precluded these claims as well because they did not involve any “hacking” in the traditional sense, but the district court (now Judge Chen) disagreed. In a March 12th order, he said that the 9th Circuit’s discussion of the CFAA as anti-hacking was only relevant to discuss the general purposes behind the CFAA and not something by which the court intended to limit the statute. In any event, he noted that a password is a basic technological barrier to access and using someone else’s password is as much a violation of the CFAA as is breaking the password. Nosal also argued by analogy to off-line trespass, saying that accessing an office with someone else’s key is not trespass, but the court doesn’t buy this argument.

The court also addressed the parties’ argument over whether “access” for purposes of the CFAA is the act of initially logging on, or encompasses ongoing use. Defendant argued that access just involves logging on, and if someone logged on with their own password, then the access is not unauthorized. The court rejects this interpretation, saying that the scenario as alleged by the government is that someone logged on using their credentials, then handed over the computer to the person who was unauthorized who then conducted searches on the database. The court says this is functionally no different from just handing the password over and letting the other person access the database. (The court notes that it need not address the issue of whether looking over someone’s shoulder and “accessing” information falls under the statute.)

[As a sidenote, a federal district court in New York recently joined the 9th Circuit in rejecting the broader interpretation of the CFAA. Interestingly, this case also involved a recruiting business.]

It's interesting that with all the hand-wringing generated by the 9th Circuit's opinion, Nosal was convicted anyway! Eric has made this point previously, but it seems like there are always avenues open to employers to go after people who start competing businesses. Here, there was even a more narrower CFAA claim that was available after several of the claims were nuked by the 9th Circuit. Even with these claims gone, there are still plenty of claims, at least on the civil side.

Judge Chen's order, which is sure to be revisited in post-trial motions and in an appeal, grapples with the interesting issue of whether access by proxy violates the statute. Nosal's argument--that the initial access which is effected by a person is authorized and this is all that matters--is an interesting one, but one that is unlikely to get much traction in the 9th Circuit. Still, it has some appeal, since the line between logging on and letting someone access and logging on accessing the information and providing it to someone is legally thin. (It's also worth noting that this case should serve as a warning to those who share passwords.)
_______

Eric's Comment. This case baffles me. Did Nosal do something wrong? Yes, undoubtedly. Did he do something criminal? I'm not sure. Did he violate the Computer Fraud & Abuse Act? No, and it's not even close. At most, Nosal encouraged or induced a CFAA violation, but as I understand the facts, he didn't commit the CFAA violation directly. As Venkat notes--and as I outlined in my Forbes article on the CFAA--a variety of legal doctrines would have made Nosal pay for his choices. Contorting the CFAA to apply to him was unnecessary, and it's disquieting for the rest of us.
_______

Related posts:

Ex-Employee's Access/Misuse of Employer Files States CFAA Claim -- Weingand v. Harland Financial
Comments on the Ninth Circuit's En Banc Ruling in U.S. v. Nosal
Facebook Gets Decisive Win Against Pseudo-Competitor Power Ventures
Court Finds That the Value of Bartered-For Services Constitutes Loss Under the Computer Fraud and Abuse Act -- Animators at Law v. Capital Legal Solutions
No Computer Fraud and Abuse Act Violation for Access of Facebook and Personal Email by Employee -- Lee v. PMSI
9th Cir: Access of Computer in Violation of Employer's Use Policy Violates Computer Fraud and Abuse Act -- US v. Nosal (original panel opinion, vacated on rehearing)
Lori Drew Guilty of 3 Misdemeanor Violations of the Computer Fraud & Abuse Act

Posted by Venkat at 07:04 AM | Privacy/Security , Trade Secrets , Trespass to Chattels

April 04, 2013

Online Trespass to Chattels Needs Structural Reform (Forbes Cross-Post)

By Eric Goldman

In light of Aaron Swartz's tragic suicide, there has been a lot of discussion--some productive, some not--about reforming the Computer Fraud & Abuse Act (the "CFAA"). I support some of the reform proposals, but they don't go far enough. Initially, the CFAA banned hacking, but over the years, it has morphed into a general restriction against online trespass to chattels. In this post, I'll explain why--and how--the concept of online trespass to chattels should be eliminated from the CFAA and analogous state law doctrines.

The Current Law of Online Trespass to Chattels

Trespass to Chattels Offline. "Chattel" means tangible personal property, as opposed to real property like real estate or intangible assets like intellectual property. Colloquially, we often refer to chattel as our "stuff."

In the offline world, a chattel owner has the exclusive right to possess the chattel. If someone permanently takes someone else’s chattel, we call this “theft" or "conversion," and we punish it both civilly and criminally.

Chattel interferences less significant than theft/conversion, such as temporarily depriving the chattel owner of possession (e.g., taking someone else's car for a "joyride"), may be actionable as “trespass to chattel.” Trespass to chattels is a venerable doctrine (it dates back centuries), but it does not apply to all interactions with someone else’s offline chattel. The owner must show some damage from the interference. Petting someone's dog (pets are chattel) or touching someone's car with your finger may technically interfere with the chattel, but typically it's not actionable as a trespass because the chattel owner hasn't suffered any harm. The requirement that the chattel owner show some harm differs from trespass to real property, which in contrast can occur merely by a person's unauthorized presence even if the owner has experienced no other damage.

Trespass to Chattels Online. The Internet operates by passing bits of data over computer equipment, such as servers, routers and cables. All of that equipment is owned by someone. In other words, Internet data moves over a network of privately owned chattel.

Over the years, legislatures and the courts progressively have treated the unauthorized movement of data bits over someone else's chattel into a "trespass" of that chattel--an activity I'll call "online trespass to chattels." For example, many states have enacted computer crime laws that restrict unauthorized use of Internet and telecommunications equipment. In 1997, CompuServe v. Cyber Promotions, a federal district court held that sending spam to an third party’s email router constituted trespass to chattels under the common law (common law is judge-made law, not enacted by a legislature). Many subsequent courts have embraced that precedent. And over the years, Congress has progressively expanded the Computer Fraud & Abuse Act so that it has become, in effect, a federal prohibition on trespassing someone else’s Internet equipment by sending data to it or taking data from it. With respect to the CFAA and some state computer crime laws, we punish violations both civilly and criminally.

All of these legal doctrines (the CFAA, state computer crimes, common law trespass to chattels) require that the online chattel owner show that the defendant's activity was unauthorized and that the owner suffered some damage from the defendant’s use of the chattel, but the legal standards differ somewhat between the doctrines. In practice, the required damages showing is often trivial. For example, both the CFAA and California’s computer crime law count the chattel owner’s efforts to prevent the defendant’s usage as actionable damage--and in California's case, no further showing of harm to the chattel owner is required. Effectively, simply making unauthorized use of a third party's Internet-connected chattel violate the state computer crime law. Some parts of the CFAA requires a higher quantitative showing of damages, but many cases easily clear that threshold.

Rethinking Online Trespass to Chattels

Stretching the ancient doctrine of trespass to chattels to apply to Internet activities has been an experiment in law-making. Unfortunately, I think the experiment has failed completely. The CFAA and state computer crime laws initially were designed to restrict hackers from breaching computer security—a sensible objective that, as I discuss below, should be preserved. The expansion of these laws to cover all sending or receiving of data from an Internet-connected server hasn't worked for at least three reasons.

Connecting to the Internet. When a chattel owner affirmatively connects its chattel to the Internet, we might presume that the owner wants to exchange data via the Internet. Of course, not all Internet data exchanges will be welcome; the chattel owner may have security restrictions on who can access some or all of the chattel, and no website wants to be overwhelmed with bogus exchange requests (i.e., denial-of-service attacks).

Acknowledging those caveats, we ought to legally presume that Internet-connected chattel is intended to exchange data with other Internet users. If we start with this presumption, the chattel owner can “bargain” with other Internet users to restrict their usage through a contract specifying permitted and unpermitted uses. Current online trespass to chattels doctrines contemplate this bargaining process, but the laws often let websites communicate their usage restrictions on obscure web pages that most people won't see.

Chattel owners also can use technological controls, such as security measures, to restrict unwanted chattel usage. For example, websites often use “rate limits” to throttle the amount of data that can be gathered from the website during a specified time period and “IP address blocks” to restrict website access by specified computers.

Given that chattel owners can easily restrict how their Internet-connected chattel is used, they should bear the onus to take the contractual or technological steps to do so. Otherwise, society incurs significant transaction costs for individual users trying to determine their rights to interact with Internet-connected chattel, and overly protective legal doctrines create border cases where users engaged in socially beneficially conduct nevertheless unintentionally commit legal violations.

(Side note for economics buffs: the Coase Theorem says it doesn’t matter where we set the property entitlement so long as there are no transaction costs. I favor giving the entitlement to Internet users because (a) the chattel owner chose to connect to the Internet, and (b) it's cheaper for the chattel owner to bargain back for the rights).

Unintended Consequences. Online trespass to chattels now reaches scenarios far beyond the hacking scenarios, sometimes in farcical ways. Three examples of troubling applications of online trespass to chattels:

* because virtually every employee uses computers at work and some employees download company data onto their personal devices, employers now routinely assert CFAA violations against ex-employees. This illustrates the CFAA's scope creep; the CFAA wasn't designed to apply to ordinary employee activities, but sloppy and expansive drafting enables that possibility. Fortunately, courts have balked at this trend (see, e.g., Nosal and WEC). I still favor punishing rogue employees, but online trespass to chattels is not the way to do it.

* websites may assert online trespass to chattels when a third party's automated script gather information from their website (a process sometimes called “scraping” or “spidering”). Technically, search engine spiders commit online trespass to chattels when they access a website without permission, although we don’t often see cases asserting that. Instead, more typically we see anti-competition lawsuits, including efforts to thwart price competition or shut down third party developers who enhance a website's functionality (such as Craigslist's and Facebook's crackdowns).

* Lori Drew’s CFAA prosecution over Megan Maier’s suicide due to Drew’s use of a fake MySpace profile. To establish the CFAA violation, the government (unsuccessfully) argued that MySpace was the victim of Drew’s ruse because she lied to them when she created her online account. The government's theory threatened to make virtually every Internet user a criminal because Internet users routinely fib during online account registration processes.

Doctrinal Overlap. In many situations currently covered by online trespass to chattels, at least one--and often numerous--other legal doctrines already apply. For example, trade secret law already applies to employees who walk out the door with a company’s confidential information, whether the confidential information is analog or digital. Copyright law already applies to search engines republished copyrighted material they scrape. MySpace could have brought a breach of contract claim against Drew for violating its user agreement (if it cared).

Indeed, because legal doctrines already overlap so extensively, we almost never see an online trespass to chattels claim asserted on a standalone basis. Instead, an online trespass to chattels claim is usually just one of numerous legal violations asserted against the defendant. These doctrinal overlaps mean we usually don’t need online trespass to chattels either to supplement the more squarely applicable claims or to act as a “gap-filler” to plug the rare and narrow holes left by the other legal doctrines.

Reforming Online Trespass to Chattels

Lawmakers aren't very good at acknowledging when their legal experiments fail (Tim Wu discusses this point more). But if lawmakers honestly judge the results of their online trespass to chattels experiment, they should:

1) Repeal most provisions of the CFAA (that don't relate to government-run computers) and preempt all analogous state laws, including state computer crime laws and common law trespass to chattels as applied online. Note: without dealing with analogous state laws, reforming the CFAA is an incomplete solution.

2) Retain only the (A) restrictions on criminal hacking, which I would define as the defeat of electronic security measures for the goal of fraud or data destruction (and some of these efforts are already covered by other laws like the Electronic Communications Privacy Act), and (B) restrictions on denial-of-service attacks, which I would define as the sending of data or requests to a server with the intent of overloading its capacity.

3) Eliminate all civil claims for this conduct, so that only the federal government can enforce violations.

4) Specify that any textual attempts to restrict server usage fail unless the terms are presented in a properly formed contract (usually, a mandatory click-through agreement).

Obviously, these proposals are dramatic, but they are in keeping with my goal of eliminating the legal concept of online trespass to chattels. Even if we do that, chattel owners are hardly defenseless. They can still take advantage of a panoply of other legal doctrines, they can still use (properly formed) contracts to bargain back the rights from users, and they can still use technological controls. As a result, these proposed changes will end the adverse consequences from the online trespass to chattels experiment while letting chattel owners prevent socially disadvantageous online usage of their chattels.

[Photo Credit: A "Private Property" sign in a field in rural North Yorkshire // ShutterStock]

Posted by Eric at 09:21 AM | Licensing/Contracts , Search Engines , Trade Secrets , Trespass to Chattels | TrackBack

February 28, 2013

Employer Fails to State Stored Communications Act Claims Absent Allegations That Employees Interfered With Company Accounts – Castle Megastore v. Wilson

[Post by Venkat Balasubramani]

Castle Megastore Group, Inc. v. Wilson, et al., 2013 WL 672895 (D. Ariz. Feb. 25, 2013)

Castle Megastore is going after three of its former employees for their alleged breaches of contract, misappropriation of trade secrets, and related acts. Not surprisingly, the acts of the ex-employees Castle complains of involve social media.

Castle alleges that one of the defendants (Wilson) posted an image displaying Castle’s computer system to Twitter. Wilson is also alleged to have “prepared application materials to other companies that contained ‘confidential information regarding CMG, including CMG’s facilities data, [CMG’s] employees, its annual revenue, [etc.]”

One of the other defendants, Flynn, was engaged by Castle as a “social media specialist.” Castle alleges that Flynn posted a video of a “confidential [Castle] Managers’ meeting” to Vimeo, and also shared the link and password to the Vimeo account to his co-defendants. Castle also alleges that after he was terminated, Flynn “changed the password of the Facebook account he created for Castle.”

They key question is whether any of defendants’ actions violate the Stored Communications Act, which is the only federal claim alleged by Castle. If the answer to this question is no, the court can decline to exercise jurisdiction over the remaining claims and send the lawsuit to state court.

The court says that the answer to this question is no. The court says that Vimeo may or may not be an “electronic communications service” facility as defined by the Stored Communications Act, but there’s no evidence that Flynn was not authorized to access the Vimeo account (or authorize others to view it). Castle did not allege that Flynn obtained the video through unauthorized access to Castle’s Vimeo account or that he authorized others improperly to access this account. The court says:

[s]ending or using a link and password to access a personal account created on a third party website does not appear to violate the SCA.

The court also says that Castle’s bare allegations that Flynn allegedly changed the Facebook password is not sufficient to state a claim under the SCA. Again, the court says that it’s unclear that the page is even an electronic communications service under the SCA. [Castle did not bring a claim under the Computer Fraud and Abuse Act.]

Two themes recurring throughout social media ownership cases are present in this case.

First, it's not easy to slot social media assets into particular legal buckets. We've seen attempts by parties to characterize social media assets as trade secrets, tie them to trademark or publicity rights, or make all sorts of clunky attempts to fit them into existing regimes of intellectual property law, but usually it's a poor fit. And this case is no exception.

Second, there's also the recurring issue of whether accounts are private accounts or employer accounts, or as Eric has flagged before, often mixed. Here, the Vimeo account appeared personal (although the facts are taken from pleadings, so they are hardly conclusive), and the court says that there's not enough to characterize the Facebook account as a business account. Interestingly, the case highlights the possibility that preventing an employer from accessing a business account that's offered by a third party may constitute a Stored Communications Act violation.

Ultimately, the solution (at least as to the Facebook account) is to have contractual protection. While it can set expectations between the parties, it can also answer the question of whether an account is personal or business in nature. (Query as to how to best deal with this in an agreement. Should the accounts be referred to generically (e.g., any account incorporating the branding of the company) or by name?)

[image credit: Shutterstock:zozian greetings .. "bluebird sticker"]

Posted by Venkat at 07:33 AM | Privacy/Security , Trade Secrets

February 18, 2013

Facebook Posts and Twitter Invites Don't Violate Non-Solicitation Clause -- Pre-Paid Legal v. Cahill

[Post by Venkat Balasubramani with a comment from Eric]

Pre-Paid Legal Services v. Cahill, Civ-12-346-JHP (E.D. Ok. Jan. 22, 2013)

Cahill was an associate of Pre-Paid Legal Services, described by the court as a multi-level marketing company. Cahill joined and worked his way up, eventually gaining status as a Regional Manager. He executed a variety of agreements during his time with the organization. The agreements contained restrictions on his use of confidential information, as well as a non-solicitation clause:

The Regional Manager shall not . . . directly or indirectly solicit, entice, persuade or induce any individual who presently is, or at any time during such period shall be, an employee, sales associate or member of the company . . . to terminate or refrain from renewing or extending his or her employment, association or membership with the Company . . . or to become employed by or enter into a contractual relationship with Regional Manager or any business with which Regional Manager is affiliated.

Prior to leaving and joining Nerium, another multi-level marketing company that sold skin care products, Cahill called a meeting of “Elite Leaders” (high performing associates of his) and let them know he was leaving. Although he did not mention by name the name of the new company, he mentioned that anyone who was interested should email him.

After the meeting, he left. There was no allegation at this time that Cahill had access to any confidential associate or account information, but he did post information about his new company on several semi-private Pre-Paid Legal Facebook pages (pages Cahill had created to mentor his associates at Pre-Paid Legal). He did not post further to these pages, but he had been posting information about Nerium on his personal Facebook page.

Trade secrets claim: As to Pre-Paid Legal’s trade secret claim, Cahill argued that he didn't possess any trade secret information. Pre-Paid Legal made available to its supervisors various tools to analyze and track the progress of their associates, but Cahill declared unequivocally that after his departure from Pre-Paid Legal he did not have access to any of these tools. The meeting where he announced his intent to leave had occurred in the past, and the court says that it’s reluctant to issue an injunction where there is no evidence of ongoing conduct.

Non-solicitation argument: The court in a footnote rejects Pre-Paid Legal’s argument that Cahill's invitations to Pre-Paid Legal associates to join Twitter somehow violate the non-solicitation clause. The invitations were merely to join Twitter and at most, follow Cahill’s Twitter feed which did not contain information about either Pre-Paid Legal or Nerium.

The court also rejects Pre-Paid Legal’s argument that Cahill’s post on his Facebook page violated the non-solicitation clause. The court discusses two cases where courts rejected non-solicitation arguments based on online posts (Enhanced Network Solutions v. Hypersonic Technologies and Invidia v. DiFonzo) and says that Cahill’s posts in this case were even less explicit than the posts in Hypersonic and DiFonzo. Cahill touted the benefits of Nerium, and he happened to be Facebook friends with people who were still associates at his former company. But it does not follow that his Facebook posts are solicitations. The court also adds that there is no evidence that anyone actually left Pre-Paid Legal as a result of Cahill’s posts or that Cahill was trying to target any associates by posting “directly on their walls or through private messaging.”

Employers understandably want to restrict the post-employment activities of their employees and prevent ex-employees from targeting customers and current employees. Although there have only been a few decisions in this arena, courts do not appear willing to restrict social interactions between ex-employees and customers or current employees. And this makes sense. Employers can probably restrict some additional activity around the edges (e.g., posting opportunities that are targeted at customers or employees) but this would probably require very precise contractual language. This would still not result in restricting informal interactions and networking between ex and current employees and customers.

Interestingly, Pre-Paid Legal did not raise the argument that the identities of the associates were trade secret information. (This was the argument relied on the Beatport case (which is surprisingly still ongoing), but it was a stretch.)
__

Eric's Comment: This case is a microcosm of the shifting balance of power between employers and professional employees. Any employee can develop their own brand and audience in ways that eclipse the brand/audience of their employees. Interest in Cahill's work and words extended beyond his relationship with his prior employer, so naturally his audience kept following him. As employers continue to invest in employees to help them aggregate audiences, only to recognize the portability of those audiences, it seems inevitable that employers will take ever-more-desperate efforts to prevent employee portability. It's nice to see the courts rejecting these attempts. At the same time, anyone signing non-compete and non-solicitation clauses would be well-served to contemplate how those contract provisions might consider the potential for unwanted restrictions on audience development and management post-termination.

Posts about social media ownership in general:

"Social Media and Trademark Law" Talk Notes
Court Denies Kravitz’s Motion to Dismiss PhoneDog’s Amended Claims -- PhoneDog v. Kravitz
An Update on PhoneDog v. Kravitz, the Employee Twitter Account Case
Another Set of Parties Duel Over Social Media Contacts -- Eagle v. Sawabeh
Employee's Claims Against Employer for Unauthorized Use of Social Media Accounts Move Forward--Maremont v. SF Design oup
Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz
Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell
Court Declines to Dismiss or Transfer Lawsuit Over @OMGFacts Twitter Account -- Deck v. Spartz, Inc.
Employee's Twitter and Facebook Impersonation Claims Against Employer Move Forward -- Maremont v. Fredman Design Group

[image credit: Shutterstock / cartoonresources - "upset at you for breaching the non-compete, of course not"]

Posted by Venkat at 09:53 AM | Licensing/Contracts , Trade Secrets

January 08, 2013

Q4 2012 Quick Links, Part 1 (IP Edition)

By Eric Goldman

Copyright

* Author’s Guild v. HathiTrust, 1:11-cv-06351-HB (SDNY Oct. 10, 2012). James Grimmelmann's take.

* Hillicon Valley: ‘Shell-shocked’ lawmakers shy away from online piracy in new Congress

* Ars Technica: Voters boot three SOPA-sponsoring Hollywood allies from Congress

* Triple Town/Yeti Town cloned game app lawsuit settles. Prior blog post.

* Righthaven, LLC v. DiBiase, 2012 WL 5868154 (D. Nev. November 16, 2012). Shawn Mangano is substituted out as counsel in this case, replaced by Michael Mushkin. Bold move by Mushkin to walk into this shitstorm.

* Ricchio v. Amazon.com Inc., No. 12-332 (E.D. Wis. Oct. 12, 2012): "I find plaintiff has failed to state a claim for copyright infringement. He alleges defendant is again allowing third-parties to sell copies of his book without plaintiff’s authorization, but he does not claim that any of the books being sold on defendant’s website are counterfeit copies. Plaintiff claims only that defendant is allowing third parties to re-sell copies of his book without compensating him. However, under the “first sale” doctrine, plaintiff is not entitled to profit from the resale of his book."

* TorrentFreak: Google Removed 50 Million “Pirate” Search Results This Year

* PeerMusic, III, Ltd. v LiveUniverse, Inc., 2:09-cv-06160-GW -PLA (C.D. Cal Oct. 9, 2012). Awarding $12,500 per song in a default judgment against lyrics website, for a total of $6.6M.

* Time: How Microsoft’s Copyright Claim Went Awry

Trademark

* Split ruling on Google’s motion to dismiss in Home Decor Center v Google. Prior blog post.

* John Crane Production Solutions, Inc. v. R2R and D, LLC, 861 F.Supp.2d 792 (N.D. Tex. March 21, 2012):

JCPS is essentially concerned about initial interest confusion. A claim for trademark infringement can be based not only on whether purchasers are confused as to the source of the product at the time of the sale, but also based on “confusion that creates initial consumer interest, even though no actual sale is finally completed as a result of the confusion.” Elvis Presley Enters., 141 F.3d at 204 (internal quotation marks and citations omitted). Some courts have concluded that the fact that purchasers are sophisticated does not foreclose a finding of initial interest confusion if products and marks are sufficiently similar. Others have held that the character of a given market, including the sophistication of potential purchasers, is enough to overcome a likelihood of initial interest confusion. Compare Mobil Oil Corp. v. Pegasus Petroleum Corp., 818 F.2d 254, 260 (2d Cir.1987) (holding there was likelihood of initial interest confusion “even though defendant's business is transacted in large quantities only with sophisticated oil traders”) with Checkpoint Sys., 269 F.3d at 285 (holding no likelihood of initial interest confusion, in part because purchasers were sophisticated and exercised high degree of care) and Rust Env't & Infrastructure, 131 F.3d at 1217 (holding no likelihood of initial interest confusion, in part because purchasers were sophisticated and market was small). Because even a sophisticated purchaser can be subject to initial interest confusion, the court will weigh this digit and the potential for initial interest confusion along with the other digits in determining whether a likelihood of confusion exists.

Yet, the plaintiff still lost the case. Why not just give up the "initial interest confusion" charade?

* Paramount Farms Intern. LLC v. Keenan Farms Inc., 2012 WL 5974169 (C.D. Cal. November 28, 2012): "Ms. Hodari testified that the Wonderful Pistachios brand has a Facebook page with almost 300,000 “likes.” While the Facebook recognition of the brand does not conclusively demonstrate actual recognition of the associated trade dress, it lends credence to the other evidence that the trade dress has become famous. Accordingly, the Court finds there remains a triable issue whether the Claimed Trade Dress is famous."

* Google's algorithmic changes are curtailing demand for domain names.

* Robert G. Bone, Taking The Confusion Out Of “Likelihood Of Confusion”: Toward A More Sensible Approach To Trademark Infringement, 106 Nw. U. L. Rev. 1307 (2012).

* Latest round in Nextdoor.com and Raj Abhyanker.

* Stipulated contempt finding in the North Face v. South Butt case.

Patents/Trade Secrets

* Project DisCo: One In Six Active U.S. Patents Pertain To The Smartphone

* NDSL, Inc. v. Patnoude, 2012 WL 6096584 (W.D. Mich. December 7, 2012): "Patnoude's November 12, 2012, generic LinkedIn invitation is not sufficient to establish that Patnoude has solicited NDSL Customers in violation of subparagraph 9.a(2). NDSL has not established that Patnoude has solicited any NDSL Customer."

* Skyhook Wireless, Inc. v. Google Inc., 2012 WL 5309755 (Mass. Superior Ct. Sept. 28, 2012). Granting summary judgment to Google.

Posted by Eric at 12:06 PM | Copyright , Domain Names , Patents , Trade Secrets , Trademark | TrackBack

Let's Stop Using the Term “Soft IP”

By Eric Goldman

You may have heard--or even used--the phrase “soft IP.” I'm not a fan of it, and I think we should retire the term.

The term "soft IP" is inherently ambiguous. Sometimes, people use "soft IP" to refer to “copyrights and trademarks;” other times, the term is intended to cover all IP other than patents--presumably publicity rights, trade secrets, etc. I especially cringe when I hear students tell me they are looking for a "soft IP" job. Typically, that's a reliable tipoff that the students don't know what kind of IP job they want; they just know they don't want to be (or aren't eligible to become) a patent prosecutor. That lack of clarity in the student's mind is rarely an asset to their job search.

I've had difficulty tracing the term's etymology. I searched several online databases looking for early uses and I found published references as far back as 1998, but my vague recollection (corroborated by others) is that the term goes back well before then.

As a term establishing a classification of IP, “soft IP” implies an antonym--presumably, “hard IP.” I don’t hear people use the term "hard IP," but given that soft IP always excludes patents, presumably patents are part of the antonym.

I can think of a few explanations for a hard/soft distinction among intellectual properties. First, patents often cover physical devices, so they often have a physical tangibility, while copyrights, trademarks and other IPs may be more intangible by comparison (even though patents protect "ideas," which is as intangible as they come).

Second, the hard/soft distinction might imply some difference in the degree of the practice's difficulty, i.e., the perception that patent law, and any associated technology, are complicated and “hard,” while other IPs are relatively easy and "soft" by comparison. People rarely articulate this relative value judgment explicitly, but I'm sure some patent practitioners believe that what they do is more challenging than the work of other IP practitioners; and I'm even more confident (because I've seen it repeatedly) that some patent practitioners feel comfortable "dabbling" in other IPs on the grounds that if they can do patents, they are well-qualified to handle other IPs.

It's true that patent prosecution requires passage of a separate bar exam, which in turn requires a technical background, so in that sense becoming a patent practitioner is "harder" than becoming an IP practitioner generally. Still, there is a certain implicit arrogance in this line of thinking.

Although I concede that patent law has plenty of arcane and baffling rules, I think patent practice is demonstrably not “harder” than other IP practices. I invite any patent practitioner--or, for that matter, any lawyer--who thinks that non-patent IP is "easy" to: walk me through 17 USC 114 (the music streaming provisions); calculate a pre-1976 copyright term duration; tell me what the term "use in commerce" means in trademark law; or walk me through the multitudinous ICANN procedures for objecting to or challenging gTLDs. And while historically the biggest bucks were in patent litigation, we're seeing big bucks across the IP spectrum, such as Oracle's $1.3B copyright damages award in the SAP case and Google's $100M+ defense costs in Viacom v. YouTube. (As I explain to my Internet Law class, $100M of legal fees is like the cost of *twenty* typical patent lawsuits!) And patent cases don't have a monopoly on hard technological questions; think about the technological sophistication to resolve Oracle v. Google, the Cablevision case or the Goforit case (just to pick three examples off the top of my head). Not only would it be condescending to say or imply that non-patent IP is "easy" or fluffy, I don't think it's remotely supportable factually.

A third hard/soft distinction is in the phrase “hard sciences,” although we rarely hear the antonym "soft sciences" (presumably social sciences). Because a technical background is required for patent prosecution, perhaps “hard IP” implicitly cross-references “hard sciences.” The thing is, there are several paths to qualify for the patent bar that don't require a “hard” science background, so that linkage would be odd.

In conclusion, I see at least three problems with the term “soft IP”:

1) It has at least two different definitions, making the term ambiguous.
2) It establishes an implicit hierarchy between different IP practices, which is potentially condescending and factually unsupportable.
3) It might imply an linkage with “hard sciences” that isn't necessarily true.

OK, so what should we use instead of the term "soft IP"? I don't have a great answer. The reality is that the IPs being lumped together under the "soft IP" appellation don't have enough commonalities to support the linkages--other than that they aren't patents. So we could use the term "non-patent IP" as the antonym to a patent practice. You probably like the term "non-patent IP" as much as I do (i.e., not much). My only other suggestion is to skip any effort to combine IPs in a single term and instead specify which IPs you are referring to. For example, if you're using "soft IP" to copyrights and trademarks, just say "copyrights and trademarks."

[I'm deliberately sidestepping the broader debate about the legitimacy of the term "IP"/"intellectual property," although I think that topic deserves additional discussion given some people's intrinsic absolutism towards "property" rights.]

Precise nomenclature is especially crucial for students in their job searches. If you aren't interested in a patent career, that's fine; but it's not a strong sales pitch to tell employers what you're *not* interested in, and the requirements and expectations of a trademark practice are quite different than a copyright practice (and different still from other IP niche practices). In reality, the best thing to students can do is to match their search criteria with the way employers structure the jobs. Few employers recruit for a "copyright" lawyer; typically, they are looking for a software licensing attorney or an entertainment attorney or an IP litigator knowledgeable in copyright law. My recommendation to students: figure out what employers are looking for, assess how the requirements of the job match against your skills and interests, and proceed accordingly. If you haven't gotten to the point where you can avoid the term "soft IP," your job search process probably still needs more cultivation, no matter how much effort you've invested in it to date.

[Photo credit: illustration depicting a sign post with directional arrows containing a choices concept // ShutterStock]

Posted by Eric at 08:51 AM | Copyright , Patents , Publicity/Privacy Rights , Trade Secrets , Trademark | TrackBack

December 19, 2012

When Will We Give Up the Charade That Numbers Are Copyrightable?--National Football Scouting v. Rang

By Eric Goldman

National Football Scouting, Inc. v. Rang, 11-cv-5762-RBL (W.D. Wash. Dec. 13, 2012)

Individual numbers aren't copyrightable, no matter how much work or judgment went into producing them. This proposition seems so obvious, I feel silly even mentioning it. A number is like a word in a sentence: it could be strung together with other elements into a copyrightable work, but standing alone, it's too small to constitute "an original work of authorship." And, of course, we're always free to reuse any number we want in our own expression.

Yet, despite this common-sense baseline, we have a burgeoning body of caselaw indicating the opposite, including this ruling--one of the cleanest cases to date articulating the proposition that a single number (e.g., "42") can, by itself, be copyrightable. The court nevertheless finds for the defendant on fair use--leaving this yucky ruling on the copyrightability of individual numbers hanging out there, just waiting for plaintiff misuse.

This case involves the rating of pro football prospects. NFS prepares a 6 page "scouting report" of each prospect, including "Player Grades," "a numerical expression representing National’s opinion of the player’s likelihood of success in the NFL." NFS provides these unpublished reports, under NDA, to 21 pro football teams at $75k/team, creating a $1.6M/year business line.

Rang blogs on the NFL draft at Sports Xchange. He wrote 8 stories about NFL prospects that referenced a total of 18 players' NFS Player Grades. The opinion doesn't explain how Rang got access to the NFS reports. NFS sued Rang and Sports Xchange for copyright infringement and trade secret misappropriation.

Citing CDN v. Kapes (one of my least favorite copyright cases of all time) and CCC v. Maclean Hunter, the court says flatly that "a numeric expression of a professional opinion can be copyrightable [because] National arrives at its grade through a weighing of subjective factors, such as personal character, leadership, and poise."

Having reached that illogical conclusion, the court then contorts the fair use analysis to avoid the logical implications of its illogical conclusion. The court says the nature of the work favors the plaintiff because the grades were unpublished; the court doesn't really consider the fact-ish nature of the works. It also says that the amount taken weighs in favor of Rang--even though he took 100% of each of the 18 grades--because he didn't include the grade range (apparently important). The court summarizes its other thoughts about fair use:

Rang’s news articles transformed National’s copyrighted material into a commentary on prospective draftees. Rang did not use the Player Grades as a focal point of his article or create a whole-sale list of Player Grades; he used them only as a jumping off point to discuss Rang’s own impressions of the player and his draft prospects....The transformative nature of Rang’s articles does not interfere with the potential market for the Scouting Reports. The Scouting Reports are still valuable to the National Football League Clubs that order them, and even if National sought to sell them to the public, Rang’s articles would not act as a market replacement.

Still, the new isn't all good for Rang. The court survives the trade secret misappropriation claim, rejecting Rang's argument that opinions can't be a trade secret.

* Regulation of Reputational Information essay
* Second Circuit Stays Hot News Injunction--Barclays v. theflyonthewall
* Republishing Third Party Ratings in Marketing Material Might Be Copyright/Trademark Infringement--Health Grades v. Robert Wood Johnson Univ. Hospital

For more on this topic, see, e.g., Justin Hughes, Created Facts and the Flawed Ontology of Copyright Law (I don't agree with its normative point) and James Grimmelmann, Three Theories of Copyright in Ratings

[Photo credit: Football player celebrates after scoring a touchdown // ShutterStock]

Posted by Eric at 09:12 AM | Copyright , Trade Secrets | TrackBack

December 04, 2012

The Problems With Software Patents (Forbes Cross-Post)

By Eric Goldman

The U.S. patent system largely treats all innovations equally, but innovation often works quite differently in different industries. In particular, the software industry differs from other major innovative industries--such as computer hardware and biotech/pharmaceuticals--in several key ways, and those differences can create (and have created) significant friction for the patent system.

Software patents have also created big--and expensive--problems for companies throughout all sectors of our economy. Pretty much as soon as they get venture financing, start-up companies are getting approached by "patent trolls" with offers they can't refuse: pay me now or pay your lawyer many times that amount to prove you don't have to pay me. And large companies, especially in the smartphone industry, are paying literally billions of dollars to acquire patent portfolios to keep those portfolios from falling into the wrong hands and with the hope that large patent portfolios will fend off competitor threats (i.e., provide the company freedom to operate its business without interference from competitors' patents).

This post is the first of a two-part series recapping a conversation we had earlier this month at Santa Clara University entitled "Solutions to the Software Patent Problem." In this post, I'll explain how innovation in the software industry differs from other industries and some of the resulting problems associated with software patents. In a subsequent post, I'll talk about possible fixes.

What's unique about software? Three main differences:

1) Software Has Short Innovation Cycles

Software iterates quickly. Most software programs, and features of those programs, have an effective commercial life of only a few years. Then, new software developments quickly render prior innovations obsolete . Contrast this with mechanical innovations, some of which may have commercial lives of decades, and pharmaceutical innovations, which may retain commercial value indefinitely.

Some implications of the short innovation cycles in the software industry:

Software Has Significant First Mover Advantages. Software innovators can recoup some of their R&D investments simply through de facto marketplace exclusivity from being the first mover. An example: assume that a particular software innovation has a two-year commercial lifecycle and it takes competitors 6 months to bring a matching product to market. In a situation like this, the first mover gets 1/4 of the maximum useful exclusivity period simply by being first to market. In some cases--many cases?--the exclusivity period provided by the first mover advantage is more than enough to motivate software R&D without any patent protection.

Software's Lifecycles End Before Patents Issue. As a practical matter, the commercial lifespan of a software program or feature (before being mooted by new innovations) is usually shorter than the time it takes the U.S. Patent & Trademark Office to resolve a patent application--a process that often takes 4 years or more. So invariably the patented innovation will be obsolete by the time the Patent Office decides if it's worthy of a patent.

2) Software Will Be Produced Without Any Patent Incentive

We principally justify patent law on utilitarian grounds: that social welfare improves by providing innovators with an economic reward in the form of a limited-term marketplace exclusivity. The utilitarian argument leads to patent's "quid-pro-quo": society gives innovators something really valuable--monopoly-like rights to exclude competition--in exchange for a number of socially valuable deliverables from innovators: investments in R&D, public disclosure of those R&D results, and eventually the unrestricted rights to replicate the innovation.

It's great when the quid-pro-quo model works as designed, but that's not always the case. One way the quid-pro-quo model breaks down is if we give up the quid (the rights to exclude) when we would have gotten the quo (the R&D investments and public disclosure) in any case. In those circumstances, society "overpays" for the innovation.

There are several reasons to believe that society overpays when it provides patent protection for software.

Copyrights and Trade Secrets Provide Adequate Production Incentives. Multiple aspects of software can qualify for copyright protection: the source code, the compiled code, the visual layout, the documentation, possibly even the aggregation of menu commands (the "structure, sequence and organization" of the software). Copyright only protects the expression of ideas, not the ideas themselves, so the ideas may be freely reused by competitors and others. However, the line between ideas and expression in copyright is hardly clear (see, e.g., my posts about EA v. Zynga and the Spry Fox v. Lolapps disputes), giving even more berth to copyrights' scope.

Trade secrets also protects software source code and sometimes other aspects of software, such as proprietary limited-distribution documentation. While trade secrets won't prevent copying of widely available software, even in that case it can still slow down the competition (and thereby extend any first mover advantage) by preventing the competitors from obtaining shortcuts to facilitate knockoffs.

Thus, even if it's not complete protection, the combination of copyright and trade secrets can provide substantial intellectual property protection for software. Historically, this combination has provided adequate incentives for the software industry. During the first several decades of the software industry--a period which saw explosive industry growth--software patents were rarely obtained and even more rarely enforced.

Software Vendors Can Restrict Competition Without Patents. Software can have substantial lock-in effects that can thwart competition without patents. For example, software users may become locked into one vendor's offerings due to proprietary file formats, the difficulty of learning/re-learning menu commands or keystrokes, a developer community that creates valuable apps specific to the software, and user investments in their own proprietary customizations (such as the infamous example of macros in Lotus 1-2-3). We might lament the competitive distortions associated with these lock-in effects, but so long as the software vendor doesn't break the law, they represent a crucial explanation for software innovation without patent incentives.

Software Gets Produced Without Any IP Incentives at All. The free and open source software community provides another example of software's quo without patent's quid. In those communities, people work collaboratively without any individual contributor getting any intellectual property protection for their contributions. In many cases, this is because the contributor has other ways of monetizing their efforts, such as offering maintenance or customization services or building a reputation for programming expertise that leads to job offers. (I explore these alternative monetization methods in my article comparing Wikipedia and the FOSS community). Further, some free and open source software contributions are purely altruistic, made without any financial expectations at all. Collectively, the free and open source software community has proven that lots of software--even large-scale enterprise-class software--will be produced without any patent incentives.

3) Other Problems

Software Gets Patented at Too High a Level of Abstraction. Stripped to its basics, software gathers, manipulates or displays data. There may be novel ways of accomplishing those goals, but the true novelty typically is limited to some arcane implementation in the software code, not the concept of gathering, manipulating or displaying data. Unfortunately, too many software patents claim protection at the highest level of abstraction (i.e., "moving data on a network"), not at a lower level like the more mundane implementation of that concept.

The result is overbroad software patents that overclaim their true novelty. The overclaiming should lead to patent application denials on numerous grounds, including failure to enable, failure to satisfy the written description requirement, and obviousness. But if the PTO doesn't aggressively screen the patents on those grounds, bogus patents get through the system. That's happened way too often.

The USPTO Mishandled Software Patent Applications. Furthermore, for a long time--a decade or more--the PTO did not adequately research the prior art applicable to software patents. Patent examiners typically focus their prior art searches on the database of existing patents. This means that when there's a watershed technological change--like the initial wave of software patent applications--the examiners don't see a lot of applicable prior art in their existing patent database. Therefore, they grant patents that don't deserve protection. Eventually the patent database becomes rich enough with prior art to reach an equilibrium, but the errors in the interim produce a batch of legacy patents that never should have issued.

Software Is Too Hard to Describe Precisely. Related to the abstraction problem, the boundaries of many software "innovations" are too hard to describe precisely. (In contrast, the specific implementation methods would be much easier to describe). Because of the semantic challenges, the resulting patents are so opaque that no one can understand what they mean. This also means that the patent owner can adopt expansive interpretations of the patent boundaries and then use the threat of patent litigation over those ambiguous borders to extract cash from potential defendants--even those who would ultimately be outside the patent's scope if they invested in challenging the patent owner.

Patent Research by Subsequent Innovators Is Too Costly. In theory, product developers can check the patent database to see if they are transgressing someone else's patents. In practice, this doesn't work in the software industry for at least two reasons. First, as mentioned, the imprecision of software patents makes it hard for developers to realize that the patent owner thinks the patent covers the developer's efforts. Second, large software programs may have millions of lines of code, while it's possible to obtain patents for functionality that can be expressed in only a few lines of code. The result is that a single software program could potentially implicate thousands, or even tens of thousands, of patents. The costs to find these patents, research their applicability, and then where appropriate negotiate licenses to even a small fraction of those patents, would vastly exceed the potential economic returns from most software applications. Thus, software developers rationally choose not to research the patent database at all and instead "fly blind."

There are even more problems with software patents, but this brief summary lays the foundation for part two of this series, where I will examine some possible solutions to the problems associated with software patents.

Posted by Eric at 11:50 AM | Copyright , Patents , Trade Secrets | TrackBack

November 19, 2012

Engaging Facebook Friends Doesn't Violate Non-Solicitation Clause--Invidia v. DiFonzo

By Eric Goldman

Invidia, LLC, v. Maren DiFonzo, 2012 WL 5576406 (Mass. Super. Ct. Oct. 22, 2012)

Let me start with a baseline proposition: we in California have it so much better than the rest of the country because employer-employee non-compete clauses are void in California. With this bright-line rule, we avoid a lot of the nonsense wrangling over non-compete clauses that's so common elsewhere. No dickering about what constitutes a competitive business. No artificial line-drawing about geography or time (is a non-compete radius of 2 miles OK? 3 miles? 4?). No overreaching efforts by employers to squelch employees' efforts to find a new job that will pay their mortgage or student loans.

This case involves an employer's attempt to enforce a non-compete and a non-solicitation clause against a hair stylist. Yes, you read that right: the employer tried to restrict where its former employee plied her scissors. Amazingly, the court doesn't say that the hair salon industry is categorically inappropriate for non-competes or non-solicitations. If anything, the court suggests the opposite, citing a 2007 opinion for the proposition that "Hairdressers are not fungible." I'm struggling to see how widespread litigation in the hair salon industry improves social welfare. Yet, apparently that's the inevitable outcome of allowing enforceable non-compete clauses in that industry, even if most lawsuits ultimately fail in court.

I'm especially interested in the court's discussion about the non-solicitation clause--a provision that might even be enforceable in California. From the court's distillation, it seems like the employer overreached quite a bit here, such as with this example:

Four days after Ms. DiFonzo resigned from Invidia, David Paul Salons, her new employer, posted a "public announcement" on Ms. DiFonzo's Facebook page, noting DiFonzo's new affiliation with David Paul....In the comment section below that post, Ms. Kaiser [a hair salon customer] posted a comment which said, "See you tomorrow Maren [DiFonzo]!"

See anything remotely resembling a solicitation here? Fortunately, the court doesn't either. Cf. Enhanced Network Solutions v. Hypersonic Technologies.

The former employer next argued "Ms. DiFonzo has become Facebook 'friends' with at least eight clients of Invidia." Overall, having hair salon employees develop social media connections with customers sounds like a positive thing as it's likely to improve customer loyalty. For example, if customers are disloyal to their hair stylist and post photos of their new haircuts, they will be outing themselves to their hair stylist. And if the hair salon employee and the customer are bona fide friends (not the fake form of friendship so rampant on Facebook), then that relationship isn't "owned" by anyone.

Finally, Invidia argued that it had an unprecedented wave of 90 customer cancellations after DiFonzo left. The court says:

[Invidia argued that] Facebook "is a significant channel of communication between Invidia and its clients."...If these 90 clients are accustomed to communicating with Invidia through Facebook, they are probably Facebook-sawy enough to locate Ms. DiFonzo's Facebook page after she left Invidia. So long as they reached out to Ms. DiFonzo and not vice versa, there is no violation of the non-solicitation provision of the Agreement.

This gets to the heart of the problems with employers' efforts to squelch competition by their former employees in any customer-facing job. Ultimately, non-compete clause are designed to reduce customers' ability to choose the professional service providers they want. If customers of a hair stylist are loyal enough to seek out her Facebook page, that's the marketplace working exactly as it should, and overreaching non-compete/non-solicitation clauses only distort that market.

[Photo Credit: "Beautiful Young Hairdresser" // Shutterstock]

Posted by Eric at 09:52 AM | Licensing/Contracts , Trade Secrets | TrackBack

October 08, 2012

Q3 2012 Quick Links, Part 1 (Trademarks/Domain Names, Patents, Trade Secrets)

By Eric Goldman and Jake McGowan

Trademarks/Domain Names

* AdAge: “Consumers Don’t Really Know Who Sponsors the Olympics.” This reminds us that trying to protect against "sponsorship confusion" is futile. For example: 16% believed Google sponsors the Olympics; and of those, 60% feel more positively towards Google because of that (factually faulty) perceived sponsorship.

* Suntree Technologies, Inc. v. Ecosense Intern., Inc., 2012 WL 3832458 (11th Cir. Sept. 5, 2012):

"Because Suntree failed to present evidence of an intent to mislead or confuse, or of actual confusion, we need not reach the question whether initial interest confusion is actionable in the Eleventh Circuit"

You know where I stand on that question!

* Diller v. Barry Driller, Inc. 2012 WL 4044732 (C.D. Cal. Sept. 10, 2012):

Defendants have not successfully parodied Plaintiff and they cannot defeat likelihood of confusion on that basis. First, nothing on Defendants' website itself sets up the “clear distinction” required by Dr. Seuss between Plaintiff on the one hand and “Barry Driller” on the other to convey to the reasonable viewer that the use of “Barry Driller” is a parody of Plaintiff. Second, even if a parody of Plaintiff, Defendants are using “Barry Driller” purely commercially as a source identifier to sell their internet-streaming television service, and their use therefore falls within the Lanham Act, as in White. Finally, as in Doughney, when a visitor initially sees the “barrydriller.com” domain name, he or she does not see any other information to suggest that the website might be a parody of Plaintiff."

* Teachbook gives up against Facebook and renames itself TeachQuest. Prior blog post.

* Lens.com v. 1-800 Contacts (Fed. Cir. Aug. 3, 2012):

"LENS mark is used only in connection with the sale and transportation of contact lenses via the Internet. Although the ordering service is facilitated through software, the record does not indicate that consumers have any reason to be aware of any connection between the LENS mark and Lens.com’s software."

Prior blog post.

* If you're selling domain names that have been blocked by Google, you really ought to disclose that. Then again, if you’re buying domain names, you really should ask about that.

* More Congressional questions about ICE’s domain name seizures.

* The Saudi government objects to numerous new gTLD proposals on moral grounds.

Patents and Trade Secrets

* Judge Posner: Why There Are Too Many Patents in America

* The proposed SHIELD Act, Saving High-tech Innovators from Egregious Legal Disputes. It’s a proposal to monkey around with fee-shifting in patent law to suppress trolling. One of the many topics at our November conference, Solutions to the Software Patent Problem.

* American Chemical Society v. Leadscope: Ohio Supreme Court Affirms $26.5 Million Award [to the Defendant] for Malicious Trade Secret Litigation.

* Bloomberg BNA (BNA paywall): "A review and analysis of the more than 120 [Economic Espionage Act] prosecutions suggests that neither government, nor industry is doing enough to protect against the theft of trade secrets by foreign entities and unscrupulous competitors. The Department of Justice must substantially increase the number of EEA prosecutions if the EEA is to truly serve as a deterrent against thefts."

* Protecting American Trade Secrets and Innovation Act of 2012. A proposal to create a federal civil cause of action for trade secret misappropriation, including a provision for ex parte seizures. I don't know who's advocating for something as ridiculous as this, but we need vigilantly guard against unneeded and dangerous expansions of trade secret law.

* Solicitor General decides not to file appeal in United States v. Nosal. Prior blog post.

* Wired: Incompetent or Shrewd? 7 Tech Companies That Leaked Their Own Secrets

Posted by JakeMcGowan at 02:13 PM | Domain Names , Patents , Trade Secrets , Trademark | TrackBack

July 28, 2012

4th Circuit Limits the Reach of the Computer Fraud and Abuse Act – WEC Carolina Energy Solutions v. Miller

[Post by Venkat Balasubramani, with comments from Eric]

WEC Carolina Energy Solutions LLC v. Miller, et al., 2012 WL 3039213 (4th Cir.; July 26, 2012)

We’ve blogged about the Computer Fraud and Abuse Act being stretched by plaintiffs in civil (particularly employment) cases. The Ninth Circuit in Nosal recently gave the statute a more limited interpretation, although it left some things unclear. (Here's our blog post on the Nosal en banc panel opinion: "Comments on the Ninth Circuit's En Banc Ruling in U.S. v. Nosal.") The Fourth Circuit recently followed Nosal’s approach and went one step further. Both of these rulings make it much more difficult for employers to use the Computer Fraud and Abuse Act against departing employees.

Miller worked at WEC. He resigned and made a proposal to a WEC customer on behalf of WEC's competitor, Arc Energy Services. WEC alleged that Miller used WEC proprietary information when he made this presentation and that, at Arc’s direction, he downloaded these materials before he left WEC.

Like most companies, WEC had a policy in place that restricted employees from misusing confidential information and trade secrets. The policy prohibited employees from using WEC information without authorization and also prohibited them from downloading the information to their personal computers. The key question was whether use of information in violation of the policy--but which was obtained from a computer that Miller was otherwise authorized to access--violated the access “without authorization” or “exceed[ed] authorized access” provisions of the CFAA.

The court notes the differing schools of thought on this issue, including the narrower interpretation embraced by the Ninth Circuit in Nosal. Given the CFAA is a criminal statute that also provides for a civil cause of action, the court says it should be construed strictly and courts should avoid interpretations “not clearly warranted by the text” (so potential defendants get fair warning that their conduct is unauthorized). Looking to the dictionary definition of “authorization” and the CFAA’s definition of “exceeds authorized access,” the court says that (1) without authorization refers to a situation where someone is not authorized to access a computer and accesses it, and (2) exceeds authorized access refers to when someone:

Has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access. . . . Notably, neither of these definitions extends to the improper use of information validly accessed.

WEC pushed the position embraced by the original Nosal panel (that was subsequently vacated on rehearing) that inclusion of the word “so” in the definition of exceeds authorized access referred to the manner of access. Under this theory, if you violate a company policy when you use information, you have accessed the information “in a manner” that you are not authorized to do so. The Fourth Circuit says this conclusion is a “non sequitur.” In any event, the Fourth Circuit says that the Ninth Circuit’s en banc decision abandoning this approach made more sense.

The Fourth Circuit actually goes one step further and says that although Miller and the other defendants downloaded the information to their personal computers (which is arguably a “manner of access” expressly not authorized under WEC’s network policy and may even under the Nosal en banc panel's approach be enough to state a claim), even this is insufficient to state a cause of action under the CFAA. The Fourt Circuit says that inclusion of the word “so” in the definition of “exceeds authorized access” could just be a connector or included for emphasis, and doesn’t necessarily indicate an intent to prohibit the manner of access. Given that this is a criminal statute, the court is reluctant to construe it in a way that creates liability where the language is not 100% clear. (The court also notes that Nosal’s approach—that focuses on the manner of access—would capture the well intentioned employee who has no fraudulent intent but happens to download materials to his or her personal computer in order to work from home.)

The court also expressly rejects the “cessation-of-agency” theory espoused by the Seventh Circuit. Under this theory, if you use the network in breach of your implied duties, or you technically violate the policy and therefore are no longer authorized to utilize your employer’s network, your ongoing access of your employer’s network is in violation of the CFAA. The court says that this approach would suck in “millions of ordinary citizens” who happen to check Facebook or sporting event scores while at work.
_____

As the court acknowledges at the end of its opinion, this basically (mostly) shuts the door on employers using the Computer Fraud and Abuse Act against employees. While acknowledging that the decision will "likely will disappoint employers hoping for a means to rein in rogue employees," the court notes that employers are not necessarily out of luck. They have a panoply of other claims available to them, including misappropriation of trade secrets, conversion, tortious interference, and civil conspiracy.

I'm not a Court watcher, but the CFAA cases were long thought to have been likely candidates for Supreme Court review, given the differing interpretations of the Circuit courts. I would think this case makes the possibility of such review even more likely.

I'm curious about how this case affects the availability of a CFAA claim in the scraping context. I thought the court's comment about the viability of a CFAA claim where an employee is authorized to access a computer or network but not necessarily authorized to access certain categories of information left things somewhat unclear. Is the court talking about technical restrictions on the access to information or a policy-based restriction? Obviously the latter approach still leaves some room for employers to limit authorization for the access to information by certain employees and bring CFAA claims when these employees access such information.
_____

Eric's Comments

1) This case answers one of the open questions from the Nosal case: was Nosal limited to criminal CFAA prosecutions, or would it extend to civil cases as well? Following in Nosal's footsteps, this court interprets the civil CFAA claim narrowly in light of the statute's criminal angle. This bodes well for reining in the CFAA's footprints across all types of CFAA cases, not just employment cases.

2) Overall, this case illustrates how the CFAA wasn't designed for the employment context, and especially not for an era when many employees have company-issued computing devices (computers, laptops, tablets, PDAs, cellphones, etc., etc.). Like Nosal, this court implicitly rejects the argument that the CFAA automatically regulates the workplace simply because everyone uses company-supplied technology as part of their ordinary work patterns.

3) As a result, although plaintiff lawyers will keep pleading CFAA in employment cases for years, I think we're nearing the end of the CFAA as a standard claim in employer lawsuits against ex-employees.

4) While that may be good news, readers should pay close attention to the Protecting American Trade Secrets and Innovation Act of 2012. Perhaps the bill will go nowhere, but if it does, it would be a major step towards creating a general purpose federal cause of action for trade secret misappropriation. So as the CFAA wanes in importance in the employment context, a new federal trade secret claim ultimately could eclipse it.
_____

Other coverage:

Fourth Circuit: Computer Use Policies Don't Create CFAA Liability (Tom O'Toole)

Posted by Venkat at 09:14 AM | Privacy/Security , Trade Secrets , Trespass to Chattels

July 04, 2012

H1 2012 Quick Links, Part 1 (Trademarks/Domain Names, Patents, Trade Secrets, IP)

By Eric Goldman

[Eric's note: I had an incredibly busy travel schedule since late March. My destinations included Akron, NYC, Seattle, Concord (NH), Boston, Chicago, Vancouver, the California Channel Islands (a blog post is coming later this week about that trip on my Goldman's Observations blog), San Diego, Houston, Belgium (a blog post is coming about that trip too, eventually), Lansing (MI), Healdsburg (CA), Napa, Berkeley and Northridge. It's been great for my frequent flier miles and lousy for my ability to maintain my "quick links," which ballooned to hundreds of items over the past 4 months. As a result, I'm going to be posting the backlog over the next few days and then reassessing how I approach blogging these second-tier items to develop a more sustainable system. As always, thanks for reading.]

Trademarks/Domain Names

* Another trademark case turns on relative search engine placement: Hasbro, Inc. v. Asus Computer International, Inc., CV 11-10437 PSG (C.D. Cal. March 23, 2012):

Hasbro points to the fact that a Google search for “optimus prime tablet” picks up Asus’s “Transformer Prime” tablet, a search for “Transformer prime” causes Amazon to search its own site for “Asus transformer prime,” and that a search for “transformers prime” returns “several Asus hits and Transformers Prime hits.”…According to Hasbro, this “overlap in search results is bound to cause confusion.”…The Court disagrees. First, for the most part, the Google search for “Transformer Prime” returns results related to Asus’s products, while the results generated by the “Transformers Prime” search relate to Hasbro’s animated series…. Second, although the “Transformers Prime” Google search results offered by Hasbro show hits relating to the Transformers Prime animated series and the Eee Pad Transformer Prime tablet, Hasbro makes no argument that these products are related…. Furthermore, any concern that a consumer using Hasbro’s mark to search for Hasbro’s product might be confused by a results page that shows both Hasbro’s and Asus’s product is ameliorated when the sources of the respective products are clearly identified…. The nature of Asus’s product also supports this finding, as buyers of high-end computer products are even less likely to be flummoxed by search engine results than the general population.

* John Crane Production Solutions, Inc. v. R2R and D, LLC, 2012 WL 951723 (N.D. Tex. March 21, 2012): "even a sophisticated purchaser can be subject to initial interest confusion...The court finds that the purchasers of fiberglass sucker rods exercise a high degree of care and sophistication in making their purchases. This factor weighs heavily in favor of a finding of no likelihood of confusion." Another example of IIC’s irrelevancy to a case's ultimate outcome.

* Fancaster, Inc. v. Comcast Corp., 2012 WL 815124 (D.N.J. March 9, 2012). Abandoning a trademark doesn’t divest the trademark owner of ACPA standing for past statutory damages. Prior blog post.

* Two Plus Two Pub., LLC v. Boyd, 2012 WL 724678 (D. Nev. March 1, 2012). The domain name twoplustwopoker.com constituted an ACPA violation of plaintiff's "Two Plus Two" trademark in publishing poker-related materials. Prior blog post.

* Ron Paul drops unmasking effort. Prior blog post.

* Bogoni v Gomez, 2011 WL 6957599 (S.D.N.Y. Dec. 28, 2011) and Bogoni v. Gomez, 2012 WL 745548 (S.D.N.Y. Jan. 6, 2012). Man wins cybersquatting claim against a “friend” who registered his name as a domain name and then tried to sell it back to him. NY Times coverage.

* John Ottaviani reports on a lawsuits against JC Penney for buying keyword ads triggered by brand name of goods it didn’t sell.

* Update on the Lens.com v. 1-800 Contacts antitrust lawsuit. Prior blog post.

* Spanish keyword advertising ruling goes against the defendant.

* Facebook is now claiming trademark rights in "Face" and "Book" in its Statement of Rights and Responsibilities (SRR).

* Facebook’s lawsuit against Faceporn dismissed for lack of jurisdiction. Prior blog post.

* NY Times: Nutsonline.com switched to Nuts.com at a very high price, yet traffic and sales plummet for months.

* Gibson v. Bordelon, 2011 WL 7763787 (N.D. Tex. October 31, 2011). A para-trademark case. A Texas statute prevents usage of a combination of the word “Texas” in conjunction with the words “Workers' Compensation” or “Workers' Comp.” This may prevent a lawyer from running a website/blog at the domain name “texasworkerscomplaw.com.”

Patents

* Washington Post: “In the smartphone market alone, $15-20 billion has already been spent by technology companies on building defenses, says Stanford Law School professor Mark Lemley…. Lemley estimates that more than $500 million has been squandered on legal fees.”

* Twitter's Innovator's Patent Agreement. WSJ coverage. An interesting idea. I see this as much more about recruiting new engineers than about reforming the entire patent ecosystem. As such, it’s a potentially very effective differentiator, even if Twitter never actually files for patents under the scheme.

Note the alternative: Twitter could simply not file for the patents at all. The fact that Twitter will still seek patents, while voluntarily defanging them, is a damning indictment of the patent system. Twitter clearly doesn't want the patents to restrict competitive imitation, but it's still spending tens of thousands of dollars per patent on the hope that the patents might help it achieve freedom to operate. This phenomenon is one of the reasons we're holding our "Solutions to the Software Patent Problem" conference at SCU in Fall (registration now open!).

* Wired takes a look at how the Nortel patents have been deployed for trolling.

* Brad Burnham: The Freedom to Innovate

* Patent “troll” is going after city bus systems. Who pays for this? Taxpayers.

* TechCrunch: Facebook countersues Yahoo for patent infringement using a patent by an employee now at Yahoo.

* Inside Higher Ed: Universities don’t want to talk about their relationships with Intellectual Ventures.

* Hollywood Reporter: U.S. Patent Examiner Cites Borat's Famous Swimsuit in Rejecting Claimed Invention

Intellectual Property and Trade Secrets

* Bill Gallagher, Trademark and Copyright Enforcement in the Shadow of IP Law. An interesting ethnographic study of how IP lawyers ply their craft.

* Everything you need to know about the Trans-Pacific Partnership (TPP) and IP

* From the USPTO: Intellectual Property and the U.S. Economy: Industries in Focus

* From the White House: IPEC 2011 Annual Report on Intellectual Property Enforcement

* Trade Secret Litigator: Non-compete restricting on-air radio personalities from working at other nearby radio stations doesn’t restrict them from broadcasting via Internet radio.

* WSJ: Litigation battles over the Pepsi cola formula.

Posted by Eric at 10:03 AM | Patents , Trade Secrets , Trademark | TrackBack

June 04, 2012

"Hot Topics in Internet Law" Talk Slides

By Eric Goldman

This weekend I presented on "Hot Topics in Internet Law" at the San Francisco IP Law Association's Spring Seminar in Healdsburg. My talk slides. A few photos from the trip. As I've mentioned before, I find "hot topics" talks unusually challenging to prepare--they take much more time than normal talks, they are hard to organize, and they have a high risk of preemption by prior speakers. In addition to quick coverage of a number of topics, I focused on 5 broader topics (I only addressed 3 in the time I had):

* intermediary deputization
* consumer reviews
* social media account disputes
* trolling
* new gTLDs

Posted by Eric at 02:24 PM | Copyright , Derivative Liability , Domain Names , Publicity/Privacy Rights , Trade Secrets , Trademark | TrackBack

May 29, 2012

Google Wins Trade Secret Lawsuit Over Ill-Fated Coffee Meeting--Booloon v. Google

By Eric Goldman

Booloon, Inc. v. Google, Inc., 2012 WL 1898937 (Cal. App. Ct. May 25, 2012)

Qin Zhang is a technology entrepreneur and an attorney (meaning she's joined the illustrious--and burgeoning--club of lawyers-as-plaintiffs who have sued Google). Zhang claims to have developed language processing technology with applications to search. A mutual acquaintance introduced Zhang to Nick Mote, a Google engineer on the advertising side.

As you may know, Google has a big divide between its advertising and search business units. Google does a number of things to insulate the search business from the advertising business, so the fact that Mote works in advertising means that he should be "walled off" from the search engineers. The strength of this wall proves decisive in this case.

In June 2008, Zhang, Mote and others met for a fateful "coffee." The opinion doesn't definitively explain the parties' expectations going into the coffee meeting. It appears that Zhang thought the coffee was a sales pitch to Google (she did a product demonstration), while Mote thought he was doing a favor casually shooting the breeze with an emerging entrepreneur (Mote sent Zhang some academic citations after the coffee). The opinion doesn't mention that anyone at the coffee signed any written NDAs, a conspicuous omission given that NDAs are the "Silicon Valley Handshake"--although, surprisingly, it wouldn't matter to this ruling even if NDAs were signed. Zhang claims Mote orally agreed to maintain confidentiality and further claims Mote blabbed confidential information disclosed at the coffee to Google's search team, which subsequently implemented features that presumably violated Zhang's trade secret rights.

In support of a motion for summary judgment, Google introduced the following declarations:

* Mote declared he didn't disclose any substantive discussion from the coffee to anyone else at Google until after the legal threats emerged, and specifically that he didn't discuss the meeting with Google employees on the search side.
* declarations from several Google engineers that everything in local search and people search was 100% home-brewed and that Mote had no influence on the product development decisions.

OK, so now what? Zhang said she disclosed confidential information to a Google engineer and that Google ripped her off. Mote and Google say that Mote never further disclosed anything from the meeting and none of its product decisions in search were influenced by Mote or the information he received. Sounds like a typical trade secret he-said/she-said dispute. Superficially, this sounds like it can't be resolved on summary judgment, and the matter should go to trial to let the jury decide who they believe.

But there's a whiff of trade secret trolling underlying Zhang's lawsuit, as evidenced by (among other things) the unspecific/conclusory definitions of what Zhang considered to be confidential information, her desire to stake a claim to Google's fortune based on an informal coffee with a rank-and-file engineer, the long list of junk causes of action Zhang asserted, the fact that Zhang as lawyer-plaintiff is representing herself and did so sub-optimally (e.g., presenting an incomplete trial record to the appellate court), and the non-existent written NDA. So instead of holding this case over to a jury, the court does an atypical burden shift. Saying that Google provided evidence of its internal search-advertising divide (a completely self-serving assertion), the burden shifted to Zhang to introduce admissible evidence that in fact Mote spilled the beans to his search co-workers. Unable to do so, Zhang gets kicked out of the courtroom.

As a matter of trade secret law, I think the court's treatment is a little glib. As a policy matter, though, I think the court's result is spot-on. Trade secret plaintiffs should have to do more work than just alleging the following formula: meeting with company employee + disclosure of unspecified confidential information + similarities in resulting product development. If simply following that formula in a complaint is enough, trolly trade secret plaintiffs have some pretty strong tools to extract cash from honest businesses.

At the same time, it's hard not to think Mote's willingness to have coffee with Zhang was a well-meaning rookie mistake. We should live in a society where friends help out other friends over coffee, but the combination of our society's propensity to litigate (especially law school JDs!) and pliable trade secret doctrines convert such meetings into litigation-bait. As the saying goes, no good deed goes unpunished. My guess is that further requests to Mote to meet for coffee are now met with a link to this opinion. It's sad that we can't just "talk" to each other any more.

Mote could have done better by defining the expectations going into the coffee. I'm reminded of the scene from Grosse Pointe Blank when Blank and Grocer have a business "meeting" over breakfast, carefully eyeing each other as they lay down their guns (hidden in a paper bag and napkin, respectively). Every time we get together for a coffee, we need to establish the ground rules about what weapons are allowed to the meeting, and we have to make a pact to lay down our weapons. Whenever I have an ambiguous business meeting (like someone asking for "my perspectives" on their situation that might really be a fishing expedition for free legal advice), I have a long list of standard disclaimers that I run through at the meeting's beginning so that there's no confusion about confidentiality. Lawyers are more sensitive to these concerns than engineers due to our professional responsibility, but being upfront in a business meeting about what's confidential (and what isn't) is just good hygiene.

Ideally, any non-confidentiality understandings would be in writing. Alternatively, Google engineers can simply refuse off-site coffee meetings and invite all business-related discussions to the Googleplex. Among the many advantages: visitors to Google have to sign a lengthy and onerous NDA walking in the door that could have provided some cover here. If nothing else, that agreement almost assuredly says that any confidential disclosures to Google must be in a writing marked confidential. Given that Zhang didn't give any written materials to Mote at all, the standard contract restriction would have given the judges another way to exit the litigation.

Posted by Eric at 07:13 AM | Search Engines , Trade Secrets | TrackBack

May 10, 2012

An Unmasking Effort Gets Gutted Some More – Art of Living Foundation v. Does

[Post by Venkat Balasubramani]

Art of Living Foundation v. Does, 10-cv-05022-LHK (N.D. Cal.; May 1, 2012)

I posted earlier about the Art of Living Foundation’s (AOLF) efforts to unmask online critics (posting psueudonymously as ‘Skywalker’ and ‘Klim’). In early rulings, the court rebuffed AOLF’s efforts. AOLF originally brought defamation and trade secrets claims. The court held that any allegedly defamatory statements were protected opinion, and that AOLF failed to identify trade secrets with particularity. The court also stayed discovery of defendants’ identities, finding that the balance of equities favored the preservation of anonymity. (Here's my prior blog post on the case: "Spiritual Group's Attempt to Unmask Online Critics Goes South.")

AOLF filed an amended complaint, dropping the defamation claims but adding claims for copyright infringement. The amendment also specified the allegedly misappropriated trade secrets. With respect to the copyright claim, AOLF alleged that republication of certain “lesson plans” by the Doe defendants constituted copyright infringement and misappropriation of trade secrets.

In a further development in this lawsuit, the court granted the Does’ request to dismiss the copyright claims. The trade secrets claims largely survive, although the court notes that they aren’t the strongest.

Copyright claims: AOLF did not present any evidence that one of the two defendants was involved in any way in republishing the lesson plans, or related notes, so this defendant (Klim) is awarded summary judgment. Skywalker, the second Doe defendant, admitted to posting the text of the lesson plans on his blog. Although he wasn’t entitled to summary judgment on the same basis as Klim, he challenged AOLF’s ownership of the copyrights at issue.

The court finds that the registration certificate presented by AOLF was not prima facie evidence of ownership (because the registration was obtained more than five years after publication). The court goes on to find that the AOLF entity that brought the copyright claim was not the owner of the copyrighted material. There’s an Indian AOLF entity, and one of the declarations let slip that the lesson plans at issue were created “for the benefit of the Art of Living Foundation in India with the understanding that the Art of Living Foundation in India would own [all of the rights to the lesson plan].”

AOLF (US) also tried to argue that the Indian entity assigned the US entity the copyright, but AOLF (US) failed to produce any written record or an assignment, or even that such a writing existed. Even a confirming email would have been plenty, but for whatever reason AOLF (US) was unable to muster evidence on this point.

Trade secrets claims: Defendants continue to batter away at AOLF’s trade secrets, but the court finds that AOLF made the minimal necessary showing that its teaching methods: (1) have independent economic value and are not generally available; and (2) are the subject of reasonable confidentiality restrictions. In particular, AOLF came forward with evidence that although the teaching methods were drawn on “conventional concepts and terminology of Hindu mysticism,” AOLF “incorporate[d] many additional and novel elements.” With respect to confidentiality, AOLF alleged that it required its teachers to sign confidentiality agreements. Although the court expresses some skepticism about the overall merits of AOLF’s trade secrets claims, those claims are sufficient to move forward at this time. However, the court does include language in its order inviting defendants to move for summary judgment on the issue of whether AOLF’s information is truly a trade secret, or indistinguishable from general knowledge of the public or those skilled in the relevant field. The court also raps AOLF on the knuckles for trying to take a third bite at the designation of trade secrets apple. AOLF already submitted an amended designation of trade secrets and sought to amend this designation again. The court says that although it will allow the amendment, this is the last time (“the court puts [AOLF] on notice that this is its final opportunity to amend its trade secret designation with particularity”).

Finally, the court grants the motion to strike as to Klim, finding that AOLF put forth no evidence that Klim was involved in any way in the alleged dissemination of AOLF trade secrets.

SLAPP fees: Finally, the court grants defendants' request for fees as to the defamation/trade libel claim. Although AOLF amended its complaint and dropped the defamation and trade libel claims, there was no evidence that AOLF achieved its goals with respect to these claims through other means. AOLF’s amendment of its complaint to exclude the defamation and trade libel claims was “tantamount to a voluntary dismissal.” (Defendants brought a motion to dismiss and a motion to strike and the court earlier granted the motion to dismiss but declined to reach the merits of the motion to strike.) End result: defendants can seek fees for dismissal of the defamation and trade libel claims.
_____

This is another example of how things can go wrong when someone tries to squelch speech online. Granted, in countless other cases, these types of claims would have resulted in default judgments without anyone batting an eye, but the Does were represented by counsel (and both Public Citizen and EFF appeared as amici). As a result, the balance of power changed significantly. (It also helps to have a thoughtful judge—in this case Judge Koh—who takes a close look at the issues and seems mindful of the speech implications of the judge's rulings.)

It’s interesting that AOLF’s efforts to unmask the Does were premised in part on AOLF’s copyright claims. These turned out to be insufficient at the end of the day. Courts routinely grant requests to unmask Doe defendants when copyright claims are involved, but this ruling is a reminder that judges should take a close look at those requests, even when the other side may not be represented by counsel. For another example, see Maximized Living v. Google.

Finally, the court’s order makes a reference to how many times the webpages containing the alleged trade secrets were viewed: 147 and 351 in July and August 2010, respectively (before the pages were removed in response to a takedown request sent to WordPress). Given the cloud around AOLF’s copyrights and the multiple entities involved (the takedown request was sent from Vyakti Vikas Kendra India), one wonders about the propriety of the takedown requests. But setting this aside, these statistics raise the question of whether AOLF’s significant expenditure of fees to squelch criticism of it was even remotely worth it. (I would be shocked if their answer today was “yes”.) Compare Pitale v. Holstine.

Given the court’s ruling on the fees issue, and its hints around the strength of AOLF’s trade secrets claims, this case should quickly head towards a settlement. The big question is whether everyone will just go their separate ways, or if AOLF will be writing a check to the Does (or their counsel).

Posted by Venkat at 01:37 PM | Content Regulation , Copyright , Privacy/Security , Trade Secrets

April 25, 2012

MySpace Profile and Friends List May Be Trade Secrets (?)--Christou v. Beatport

By Eric Goldman

Christou v. Beatport, LLC, 2012 WL 872574 (D. Colo. March 14, 2012). The complaint. The Justia page.

[I’ve mentioned before that sometimes blog posts get stuck. This is one of those posts. I initially drafted the post a month ago discussing only the court’s opinion, but the opinion is so opaque and confused that I wasn’t satisfied. I rewrote the post after reviewing the complaint, but I'm still not sure either the opinion or this post make much sense.]

Beatport is a leading online retailer of electronic dance music for DJs. Roulier is a principal of Beatport. Christou is a dance club entrepreneur in Denver. Roulier worked with Christou for a while, then Roulier split off and formed his own dance club in Denver. There are a variety of allegations of Roulier's bad dealings, but this opinion primarily focuses on Christou's antitrust allegations that Roulier leverages Beatport's market leadership in electronic dance music retailing to get top DJs to book at Roulier's dance club instead of Christou's dance clubs. Some more background on those allegations.

The antitrust discussion is pretty interesting, but I'm more interested in the trade secret claims over MySpace pages.

Now, I freely confess that I don't really understand how MySpace worked. I rarely went there, and when I did, I found it baffling. This opinion reflects that I'm not the only person baffled by MySpace's operations.

With respect to the MySpace profiles, the plaintiffs allege that they "secured the profiles through web profile login and passwords." This is a garbled allegation. I believe the plaintiffs are alleging that Roulier impermissibly logged into the MySpace profile management area after he left Christou’s employment; by doing so, presumably Roulier could see information that was only displayed to the accountholder, and Roulier could send messages to account followers. But because profiles are normally thought of as the public-facing side of a social media account, it’s confusing to talk about “securing profiles” through passwords, and the plaintiff’s unhelpful framing undermines the rest of the discussion.

Specifically with respect to the list of MySpace friends, two prima facie elements require the court to "look at whether the alleged misappropriator could have obtained the same information from a public directory or another source outside of the plaintiffs' business"--a key point of disagreement. The court says:

The names themselves, readily available to the public, are not the important factor. The ancillary information connected to those names cannot be obtained from public directories and is not readily ascertainable from outside sources, and thus this militates in favor of trade secret classification.

Well, if the public directory is the plaintiff's own MySpace page that anyone--including competitors--may freely browse and mine, doesn't that kind of end the trade secret analysis? See Sasqua v. Courtney, reaching that conclusion without the angst of this opinion. Assuming that Roulier logged into the profile information page, what "ancillary information" could he see, and why is it relevant here?

Also with respect to the friends list, another factor asks if the list is easily duplicated. The court doesn't understand the implications here either:

Given adequate time and effort, Mr. Roulier could most likely duplicate or nearly duplicate the list of MySpace friends that SOCO had developed. However, this would involve individually contacting thousands of individuals with friend requests, and it is by no means clear that all of those individuals would grant Beatport permission to contact them.

This appears to conflate two concepts: (1) is it possible to copy a MySpace profile's friends list without violating any trade secrets, where the answer apparently is clearly yes, and (2) is it possible to contact each person who follows the ex-employer’s MySpace profile without violating trade secrets, which depends on MySpace’s technical operation and anti-spam mechanisms. If Roulier can simply direct-message each follower to invite them to follow his new venture, then there’s not a trade secret problem; if MySpace only allowed direct messages to people who were already following a profile (as Twitter does), then the court’s assertion is clearer.

Finally, the misappropriation assertion is also ambiguous:

Plaintiffs have alleged a public use of the misappropriated trade secrets, i.e., the promotion of Beatport via plaintiffs' MySpace page and friends.

What the plaintiff apparently is trying to say is that Roulier allegedly logged into an account that was off-limits to him (his former employer’s account) and sent messages promoting his new venture to his ex-employer’s followers. But that’s hardly clear in the court’s odd characterization.

In the end, the court finds the plaintiff’s trade secret misappropriation allegations survive a motion to dismiss. If Roulier did in fact log into his ex-employer’s account to post messages promoting Beatport, then perhaps some trade secret violation did occur. However, I don’t think that violation is either a misappropriation of the "profile," the “account” or the “friends list.” Instead, the case would be so much clearer if the plaintiffs had treated the login credentials as the trade secret rather than the MySpace account associated with those credentials. Protecting a social media account as a trade secret, especially the friends list, is goofy at best; it’s a much more natural fit for trade secret law to protect the keys that control access to a social media account—and the keys' concomitant ability to communicate with followers of that account. So I think this ruling is unnecessarily garbled because the court was presented with a clumsily-framed issue. I’m keeping my fingers crossed that any subsequent rulings will do a better job dividing between the unauthorized post-employment account access and claiming trade secrets in things like publicly available lists of social media friends.

FWIW, I tested on a very similar fact pattern in last year’s Internet Law exam. The exam and answer outline. Interestingly, the plaintiffs didn’t appear to allege any Computer Fraud & Abuse Act claim or analogous state computer crime claim. Perhaps such a claim would be futile after Nosal, but those doctrines played a central role on my exam.

One last point: like many of the other lawsuits over social media accounts or friends lists, I wonder how this lawsuit makes financial sense. It's probable that the litigation is being driven more by bad blood than economics. Consider, for example, this subsequent order by the judge (emphasis added):

ORDER granting 152 Motion to Clarify/Reconsideration Re: Order Dated March 23, 2012 151 . The Court grants an extension for defendants to reply to #144 to April 13, 2012. On review of the pending motions, the Court finds that the length of briefs filed by the parties, particularly by the defendants, is unreasonable to an extreme. For example, the one pending dispositive motion, defendant's motion for summary judgment [#148] is 82 pages long and is supported by 676 pages of exhibits. The mere volume makes it likely that the motion will be denied. The Court requests that plaintiffs' response be short and focus solely on whether there is a genuine issue of material fact in dispute that requires a trial. If that can be shown, motion #148 will be denied. Defendants' motion to exclude Phillips is 62 pages long. Defendants' motion to exclude Freedberg is 51 pages long. The supplemental motion for sanctions is 44 pages long. Plaintiffs too have been unable to avoid this verbose jousting. For example, plaintiffs' response to #122 is 39 pages long, and their response to #137 is 42 pages long. That is no way to persuade a court, and I now see that my attempt in my practice standards to let lawyers alone and to avoid artificial restrictions on briefs does not work with these parties and lawyers. I do not have the time to devote hours upon hours sorting through the reams of paper being exchanged in this nasty fight between Mr. Christou and Mr. Roulier. Henceforth, neither party may file a motion or a brief longer than 20 pages, with the exception of defendants' reply to #144 which is limited to 10 pages. No more extensions absent very good cause. No more motions unless the lead counsel for the parties have met, face to face, and made a good faith attempt to resolve the dispute.

When a judge issues a public bitchout like this to the lawyers, it's a pretty good sign they're doing something wrong. In my experience, a "win at any cost" approach almost always results in a big loss for everyone.

Posted by Eric at 09:25 AM | Trade Secrets | TrackBack

March 08, 2012

Jan.-Feb. 2012 Quick Links, Part 2 (Trademarks, Patents, Trade Secrets, Innovation Edition)

By Eric Goldman

Trademarks

* Naked Cowboy v. CBS, 2012 WL 592539 (S.D.N.Y. Feb 23, 2012). The court rejects the trademark claim for CBS buying "Naked Cowboy" keyword advertising to promote the YouTube video for lack of use in commerce, citing Merck v. Mediaplan, which I thought was dead after Rescuecom. CBS's reference to "Naked Cowboy" in its YouTube video title was a non-trademark use. Rebecca's coverage.

* Lovely Skin, Inc. v. Ishtar Skin Care Products, LLC, 2012 WL 379930 (D. Neb. Feb. 6, 2012). Lovely Skin sued Livelyskin for trademark infringement. Livelyskin claimed unclean hands because Lovely Skin bought Livelyskin as keyword ad triggers. The court refuses summary judgment and holds the issue over for trial.

* Neeley v. NameMedia, Inc., 2012 WL 470155 (8th Cir. February 15, 2012). Affirming dismissal of this odd case.

* Paul Keating rips a UDRP ruling over hardwareresources.org.

* Louis Vuitton sent an ill-advised and condescending cease & desist letter to University of Pennsylvania's IP students for using a parody LVMH logo to promote their fashion law conference. UPenn told LVMH to pound sand. Law.com coverage. Jonathan Pink’s analysis (with a funny Star Wars reference).

* TechCrunch: New Trademarkia Feature Exposes Biggest Trademark Bullies; Apple, Zynga Among Top Five

* Trademark Reporter published my remarks about trademark law's past/future. Prior blog post.

Patents

* Who's most excited about Facebook's IPO? Patent lawyers!

* Is Microsoft laying down its patent weapons?

* We've just hired a new patent professor at SCU, Brian Love. In an op-ed, he explains why university patent portfolios are a bad deal for everyone--including the university!

Trade Secrets

* Aqua Connect, Inc. v. Code Rebel LLC, No. 2:11-cv-05764-RSWL-MAN (C.D. Cal. Feb. 15, 2012). User downloaded trial software and agreed to a EULA restricting reverse engineering. The user reversed engineered anyway. The court dismissed the trade secret misappropriation claim, but the breach of contract claim remains.

* SocialApps, LLC v. Zynga, Inc., 2012 WL 381216 (N.D. Cal. February 6, 2012). Lawsuit that Zynga ripped off app developer mostly survives a motion to dismiss.

* All Things D: Raj Abhyanker (of Trademarkia infamy) dropped his idea theft suit against Nextdoor.

* Salon: The Internet makes magic disappear.

Innovation

* My colleague Kyle Graham has posted a really interesting article on how tort law responds to technological innovations: "Of Frightened Horses and Autonomous Vehicles: Tort Law and its Assimilation of Innovations"

* NYT: Apple's success has translated into manufacturing jobs overseas. As Steve Jobs answered to Pres. Obama when asked about getting those jobs into the US, “Those jobs aren’t coming back.” Instead, as we transition to a knowledge economy, the US has to develop a skilled labor force that can add enough value to justify the high cost-of-living here.

* William M. Fischer, The Utah Bioprospecting Act of 2010: (Unintentional) State-Level Implementation of the United Nations Convention on Biodiversity, Journal on Telecommunications & High Technology Law, Winter 2012. Prior blog post.

* NYT: Bell Labs as an exemplar of the value of "slow" development cycles. Some of its strengths: face-to-face interactions of cross-disciplinary teams of experts, a building designed to get people to encounter each other, an emphasis on applied research, physical proximity of researchers to the manufacturing facilities to facilitate two-way learning, and sufficiently long innovation timelines.

* WSJ: Target is trying to fight showrooming by having manufacturers create Target-specific brands, a technique that has worked to curb price comparisons in some categories, like mattresses and tires. Will Target's move lead to product proliferation? Or will some entrepreneur simply help link the retailer-specific items so that they can be easily price-compared? FWIW, I rarely worry about price comparison at Trader Joe's, even with respect to private-labeled goods, because they have repeatedly proven to me that they give me good value. If Target isn't working to ensure good value for consumers from product differentiation, I don't see how their move will help.

Posted by Eric at 09:36 AM | Patents , Trade Secrets , Trademark | TrackBack

January 11, 2012

An Update on PhoneDog v. Kravitz, the Employee Twitter Account Case

[Post by Venkat Balasubramani]

PhoneDog v. Kravitz, No. C 11-03474 MEJ (N.D. Cal.) (Amended Complaint) (Motion to Dismiss) (PhoneDog Opposition) (Kravitz's Reply)

In November, the court allowed PhoneDog’s claims against Kravitz for conversion and trade secrets to proceed. ("Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed.") In its initial order, the court rejected PhoneDog's interference with economic advantage claim because it was muddled and didn't clearly specify what economic relationship PhoneDog alleged Kravitz allegedly interfered with.

PhoneDog filed an amended complaint, clarifying its economic interference arguments (or trying to at least). Kravitz moved to dismiss the amended claims. I've linked to the pleadings above. PhoneDog claims that it had an economic relationship with the followers of Kravitz’s Twitter account, so Kravitz taking the account disrupted this relationship. PhoneDog also claims this affected its relationship with “existing and prospective advertisers” on PhoneDog’s website. Finally, PhoneDog argues that Kravitz interfered with its economic relationship with CNBC and Fox News by continuing to contribute to programs on these channels after he left PhoneDog. Regardless of how the court rules on the economic interference claims, the conversion and trade secrets claims will continue (for now).

For what it’s worth, although I don't know the precise contours of economic interference claims under California law, PhoneDog’s claims look tenuous--especially the one about the disruption of economic relationship between PhoneDog and the followers of Kravitz’s Twitter account. In the usual scenario, there's no real economic relationship between an account and followers. People follow because they are interested in information. It's not like anyone is charging their followers--i.e., typically there's no money changing hands between an account and followers. (I assume some sort of direct economic relationship (or expectation) is required to bring a claim, but the court's order isn't overly specific on this point.) Another thing to consider is that the account/follower relationship is dynamic. If people don't like what they hear from an account or they don't like a change in voice, they can unfollow, instantly and at no cost. The core of the economic value, if any, is in the ongoing content and the voice. PhoneDog also argued Kravitz continuing to use the Twitter account was a disruption of its relationship with advertisers, but I'm skeptical that PhoneDog will be able to show that advertisers on its website cared about the Twitter follower numbers. It may be true that traffic to the website diminished and and as a result PhoneDog generated less revenues from advertising, but that shouldn't amount to Kravitz's interference with PhoneDog's relationship with its advertisers.

After the court initially ruled on Kravitz’s motion to dismiss, another court (in Pennsylvania) issued its order in the LinkedIn case (Eagle v. Morgan). That order didn't cleanly resolve the claims over ownership of the LinkedIn account, but it does take a pretty dim view of the economic interference claim based on Dr. Eagle’s continued use of her LinkedIn account. (“Edcomm failed to point to “one potential contract that would . . . have materialized” absent Eagle’s alleged interference.”) As WSJ’s Law Blog notes, Kravitz filed a copy of this ruling as supplemental authority and requested the court to take judicial notice of it. Interestingly, in Eagle, the court notes that a password can’t be a trade secret because it’s not something that a competitor can derive economic value from. This should be equally applicable to PhoneDog’s argument that Kravitz misappropriated trade secrets by continuing to use the Twitter account. A Twitter account shouldn’t be a trade secret. But the court already allowed the claim to go forward, and Kravitz is going to have to raise this in a summary judgment motion.

I previously expressed some skepticism about PhoneDog’s case, but I’m even more skeptical now. I also question whether it was really in PhoneDog's interest to sue Kravitz over this. Was it really worth PhoneDog's expenditure of energy and fees to try to get back the Twitter account? Also, public sympathies have mostly tilted towards Kravitz. Kravitz has experienced a media bonanza as a result of this lawsuit and has gotten (mostly favorable) press coverage in a variety of different outlets, including the New York Times. Kravitz continues to Tweet, and he has taken a few opportunities to poke PhoneDog over its claim that each follower was worth $2.50 per month. His Twitter bio even says “People are not property. Love over gold.” People overall seem sympathetic to Kravitz’s side of the story. Someone even set up a “Save Noah” website and Twitter account. The net result of PhoneDog's lawsuit so far is a personal branding bump for Kravitz.

I’m not seeing a clear parth to victory for PhoneDog here (and more likely I’m guessing the case settles), but in the unlikely event PhoneDog wins control over the Twitter account, it will be interesting to see if the followers unfollow the account en masse.

Other coverage:

Before Dispute over Twitter Account, a Fight Over LinkedIn (WSJ Law Blog)
A Dispute Over Who Owns a Twitter Account Goes to Court (NYT)

Previous posts:

Another Set of Parties Duel Over Social Media Contacts -- Eagle v. Sawabeh
Employee's Claims Against Employer for Unauthorized Use of Social Media Accounts Move Forward--Maremont v. SF Design Group
Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz
Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell
Court Declines to Dismiss or Transfer Lawsuit Over @OMGFacts Twitter Account -- Deck v. Spartz, Inc.

Posted by Venkat at 09:45 AM | Marketing , Trade Secrets

January 03, 2012

Nov.-Dec. 2011 Quick Links, Part 2 (Extended IP Edition)

By Eric Goldman

Copyright

* Costco v. Omega (E.D. Cal. Nov. 9, 2011). On remand after the disappointing non-result from the Supreme Court in this case, the district court gives Costco a decisive win, holding that Omega engaged in copyright misuse:

Omega concedes that a purpose of the copyrighted Omega Globe Design was to control the importation and sale of its watches containing the design, as the watches could not be copyrighted. Accordingly, Omega misused its copyright of the Omega Globe Design by leveraging its limited monopoly in being able to control the importation of that design to control the importation of its Seamaster watches.

The net effect is that Costco violated copyright law's importation clause but Omega's copyright misuse makes the importation not actionable. This is one of the most significant copyright misuse decisions we've seen. Assuming it goes to the Ninth Circuit again, it will be interesting to see what they do with it. If this latest ruling stands, Omega's legal hack will be decisively shut down; and other manufacturers trying to use copyright to control their channels for non-copyrightable articles will want to reevaluate their approach.

* The Righthaven debacle continues to wind towards its messy but inevitable conclusion. Some of the items from the last couple months that caught my attention:

- Every time Righthaven's lawyers whine about opponents' unfair litigation tactics, I'm dumbstruck by the duplicity.

- Stephens Media dropped its efforts to contest that Democratic Underground made a fair use by republishing a newspaper article excerpt.

- Righthaven v. Wolf: "The Court admonishes Mr. Mangano regarding his lack of civility. The motion for reasonable attorney's fees in the amount of $32,147.50 and costs of $1,000.85 is GRANTED."

- Righthaven LLC v. Newsblaze LLC, 2011 WL 5373785 (D. Nev. Nov. 4, 2011). Yet another dismissal for lack of standing.

- the auction for Righthaven.com is going on right now. Current high bid is $1,900.

* C-70/10, Scarlet Extended SA v. Societe Belge des auteurs, compositeurs et editeurs (SABAM) (ECJ Nov. 24, 2011). Some interesting quotes from an ECJ opinion:
- "EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal downloading of files"
- "The filtering system would also be liable to infringe the fundamental rights of its (Scarlet's) customers, namely their right to protection of their personal data and their right to receive or impart information"
- “E.U. law precludes an injunction made against an Internet service provider requiring it to install a system for filtering all electronic communications passing via its services, which applies indiscriminately to all its customers, as a preventive measure, exclusively at its expense, and for an unlimited period”

* Brownmark Films LLC v. Comedy Partners, 2011 WL 6002961 (E.D. Wis. Nov. 30, 2011): In awarding a fee shift to defendants, "the Court finds that Brownmark's legal positions were also objectively unreasonable, and thus their position was frivolous. To this Court, there is little that could justify the plaintiff's stated view that the South Park version was not parody....given the transformative nature of the use and the lampooning Brownmark's original received, there is ample reason to believe that South Park's use would have greater spurred the market for the original. In the internet era, with information freely and quickly accessible, viewers interested in South Park's version could turn to the internet to find a copy of the original. And any confusion over which version was the original could be supplied to online viewers through a statement at the video's web page. For all of these reasons, the Court finds that Brownmark was objectively unreasonable in its position that South Park's use was not fair." Wendy Davis' writeup.

* Carolyn Wright, a/k/a PhotoAttorney, who helps photographers enforce their copyrights, got side-swiped in a misguided enforcement action and had her photo site mistakenly taken offline by a DMCA takedown notice (not surprisingly, GoDaddy was in the middle of this).

* UC Berkeley revamps its policies about student note-taking and recordings of classes. It seems a little odd to encourage faculty members to be sending 512(c)(3) takedown notices freely. James Grimmelmann has more criticisms.

* Gibson v. Amazon (C.D. Cal. Sept. 8, 2011). The court rejected a copyright infringement case against Amazon, Urban Dictionary and others. Gibson is appealing to the Ninth Circuit.

* RIAA is in pre-litigation enforcement mode against ReDigi for reselling digital files.

* The Zynga-Vostu litigation settled.

* Ars Technica: Warner Bros: we issued takedowns for files we never saw, didn't own copyright to

* Megaupload brought a 512(f) suit against UMG for wrongfully taking down a promotional video. The complaint. The contract. James Grimmelmann's comments.

* The economics of the record label-online music site deals look very, very bad for the music sites.

* Techdirt: Congressional Research Service Shows Hollywood Is Thriving

* David v. CBS complaint. Tertiary infringement re-redux: Download.com sued again for secondary copyright infringement for distributing LimeWire and BitTorrent clients.

* A Singapore newspaper sued Yahoo News for copyright infringement.

* An analysis of the Trans Pacific Partnership (TPP).

Trademark

* 1-800 Contacts, Inc. v. Lens.com, Inc., 2011 WL 5403368 (D. Utah Nov. 4, 2011). The court denies 1-800 Contacts' motion for post-judgment relief based on newly discovered evidence. This case could be a textbook case of trademark bullying--remember, 1-800 Contacts has spent well over $650k on this case and Lens.com made $20 (not a typo) of profit directly from its keyword ads based on 1-800 Contacts' trademarks. Prior blog post.

* Speaking of trademark bullying, does an "Eat More Kale" t-shirt infringe any IP rights that Chik-fil-A has in "Eat Mor Chikin"? See the 2011 C&D letter, the 2006 C&D letter and the 2006 C&D response. I assume most kale eaters don't overlap with Chik-fil-A consumers. But, Paul Levy explains why there should be a pox on both parties' houses.

* Lovely Skin, Inc. v. Ishtar Skin Care Products, LLC., 2011 WL 6055489 (D. Neb. Dec. 6, 2011). In a trademark lawsuit, the defendant asked for:

REQUEST NO. 32: All documents referring or relating to purchasing of keywords, “Ad Words,” “sponsored links,” or other advertisements for search engines and any efforts to achieve search prominence on search engines, including but not limited to Your purchase, or consideration to purchase, the name “Lively Skin” or the URL www.livelyskin.com.

REQUEST NO. 37: Documents referring or relating to communications with Google to purchase “lively skin” and “livelyskin.com” as keywords or “Adwords.”

The court says (cites omitted):

In support of its motion to compel, Ishtar states that Lovely Skin's production of documents in response to these requests are “deficient for two reasons.” First, the Google information lacks the dates that the keywords were used, which are necessary to establish “(1) whether Lovely Skin's marks had achieved secondary meaning when Ishtar entered the market; and (2) the extent of Lovely Skin's inequitable use of the term “livelyskin” in its keyword advertising campaigns.” Second, Ishtar claims that as a result of its recent Internet searches, Ishtar has learned that “Lovely Skin possesses additional information regarding keyword purchases made by Lovely Skin through other search engines.” The Court finds that the information sought by Ishtar is relevant to its affirmative defenses of the claims made against it by Lovely Skin.

* Partners for Health and Home, L.P. v. Seung Wee Yang, 2011 WL 5387075 (C.D. Cal. Oct. 28, 2011):

Defendants have infringed Plaintiff's Perma–Life trademark by each of the following acts, taken either individually or as a whole:

a. Registering the domain www.perma-life.co.kr and using it to promote their competing Pearl Life cookware;

b. Applying the metatags “perma life” and “permalife” to the website at www.perma-life.co.kr through which they sold their competing Pearl Life cookware;

c. Applying the term “permalife” as visible video tags (indexes) on videos promoting Pearl Life cookware which they posted on the Internet at video sharing websites YouTube (www.youtube.com) and Tag Story (www.tagstory.com), and on the “blog” site Daum (www .daum.net).

d. Purchasing the term “permalife” as an Internet search engine advertising keyword to direct Internet users to their website at www.pearllife.com at which they advertised their Pearl Life cookware.

* Foreword Magazine Inc. v. Overdrive Inc., No. 10-1144 (W.D. Mich. Oct. 31, 2011). Offering to sell a domain name after getting a C&D can't be introduced as evidence of bad faith in the resulting ACPA suit.

* Weather Underground v. Navigation Catalyst (E.D. Mich. Nov. 9, 2011). Typosquatters' liability for ACPA violations must be evaluated on a domain name-by-domain name basis, not based on the defendant's entire portfolio; and ACPA bad faith cannot be established on a "willful blindness" standard.

* iYogi Holding Pvt. Ltd. v. Secure Remote Support, Inc., 2011 WL 6291793 (N.D.Cal. Oct. 25, 2011). A default judgment against a competitor who created fake reviews bashing the plaintiff.

* Fordham sent a trademark demand letter to Texas Wesleyan for using the acronym "CLIP" to describe its IP center, which garnered derision from many other IP professors. The demand letter (currently set to private; I'm trying to fix that).

* Multi-Time Machine v. Amazon complaint. A watch manufacturer sues Amazon for trademark infringement based on Amazon's internal search engine's results.

* Night Owl Games v. Zynga complaint. Another game developer seeks a declaratory judgment against Zynga over the -ville trademark, this time "Dungeonville."

* Harvard spikes a Yale t-shirt making fun of it.

* Rebecca provides three updates on Southern Snow Manufacturing Co. v. Sno Wizard Holdings, Inc. (see my prior blog post on the case): insurer had duty to defend, a baffling battle over false trademark marking, and a further rejection that metatags matter.

Patents/Trade Secrets

* The Trade Secret Litigator: The America Invents Act: What Will the Impact of the New Patent Law's "Prior Commercial Use" Defense Have on Trade Secret Protection?

* Coca-Cola turns the vault for its secret formula into a tourist attraction.

* The producers of the Bachelor/Bachelorette sued Reality Steve for inducing show participants to leak spoilers. Reality Steve’s response.

* Are strict limits on e-discovery coming for patent cases?

* All Things D reports on Abhyanker v. Benchmark Capital, an idea theft lawsuit against a VC fund involving the entrepreneur who also is behind Trademarkia.

Posted by Eric at 01:05 PM | Copyright , Domain Names , Evidence/Discovery , Patents , Trade Secrets , Trademark | TrackBack

December 28, 2011

Another Set of Parties Duel Over Social Media Contacts -- Eagle v. Sawabeh

[Post by Venkat Balasubramani]

Eagle v. Morgan, 11-4303 (E.D. Pa.; Dec. 22, 2011)

Background: Dr. Linda Eagle, who holds a Ph.D. in communication and psychology, teamed up with Clifford Brody and founded Edcomm. They were later joined by Davi Shapp. Eagle maintains a reputation in the field of “banking training,” and has “cultivated relationships with thousands of individuals and organizations.” In October 2010, Sawabeh Information Services entered into an agreement with Eagle, Brody, and Shapp to purchase Edcomm. Sawabeh proposed to retain the three as executives, but abruptly terminated them in June 2011. This prompted a flurry of litigation.

The Lawsuits: Eagle sued the principal of Sawabeh and others working in concert with them (in Pennsylvania), alleging that defendants improperly accessed and continued to use Eagle’s LinkedIn account. Defendants turned around and asserted counterclaims, alleging that Eagle misappropriated a telephone number that had been assigned to Edcomm and improperly caused AT&T to transfer this number to Eagle personally. Defendants also asserted that Eagle misappropriated a laptop, as well as the LinkedIn “connections” associated with Eagle’s LinkedIn account (which defendants allege was maintained by Edcomm for the Edcomm's benefit).

In a separate lawsuit (in the Southern District of New York), Sawabeh asserted securities fraud and breach of contract claims against Eagle, Brody, and Shapp, alleging that the principals failed to disclose Edcomm’s obligation to make a substantial severance payment to Brody, and further failed to disclose that Edcomm transferred all of its IP to Brody in an earlier transaction. In this lawsuit, the court recently denied a motion to dismiss brought by defendants. (Sawabeh v. Brody, et al., 11-civ-4164 (S.D.N.Y.; Dec. 16, 2011).) [For some unknown reason, the courts don't seem to have a problem with the maintenance of two separate lawsuits arising out of the same transaction. I would have thought that consolidation was a no-brainer here.]

The parties have widely divergent views on the background facts, so it's hard to assess the viability of the claims. For example, Edcomm alleges that it created and maintained LinkedIn accounts for its employees, and as a matter of policy, employees were expected to turn over their LinkedIn accounts when they left Edcomm. Eagle disagrees, but also has to contend with a very unhelpful fact: Eagle committed the ultimate no-no and provided her LinkedIn password to someone at Edcomm.

(For what it’s worth, this looks like the account in question. The court entered a TRO prohibiting defendants from accessing the LinkedIn account. The order expired of its own accord, and none of the filings in the docket reflect any additional action by the parties with respect to this issue. Although it’s hard to tell, judging from the account, it looks like Eagle continues to use the account and defendants likely agreed to not interfere with this usage.)

Motion for Judgment on the Pleadings as to the Counterclaims:

Computer Fraud and Abuse Act: The CFAA claim was premised on Eagle’s alleged improper access of Edcomm’s AT&T account and misappropriation of Edcomm’s number. The claim is somewhat strange in that it doesn’t really identify what computer Eagle gained “unauthorized access” to. The court seizes on this and says that, in simpler terms, the counterclaims allege Eagle walked into an AT&T store and convinced AT&T to transfer Edcomm’s number to her--this does not involve the "access" of any computers. Along the way, the court also tackles the issue of whether Edcomm sufficiently alleges damages, and whether Eagle’s access was truly “without authorization” because she was once an employee of Edcomm and ostensibly had authorization to access the account. As to damages, the court says that Edcomm’s allegation that it suffered loss of business relationships as a result of Eagle’s transfer of the number does not count towards the jurisdictional threshold (“Nothing in these allegations avers any loss related to the impairment or damage to a computer or computer system, any remedial costs of investigating or repairing computer damage, or costs incurred while the computers were inoperable.").

Trade Secrets: The trade secret claim had a fatal weakness in that it was premised on information that obviously was not a trade secret: (1) the AT&T account information, and (2) the identities of clients and instructors. Eagle persuasively argued that Edcomm’s website disclosed the identity of more than 1,000 clients and the instructor identities were publicly available on their LinkedIn profiles. The court also says that the AT&T account information could not be a trade secret because it doesn’t have any “independent economic value” that would be of use to competitors. The arguably valuable asset in question is the telephone number, and there’s nothing secret about this.

Conversion: The conversion claim was premised on Eagle’s retention of a laptop allegedly belonging to Edcomm. The court allows this claim to proceed.

Misappropriation: The misappropriation claim can either be misappropriation of a trade secret or misappropriation of an “idea.” The court says that the misappropriation based on trade secrets must fail based on the court’s conclusion that Edcomm failed to specify any protectable trade secrets. The court however declines to dismiss the “misappropriation of an idea” claim. The parties had conflicting allegations as to whose investment generated the content on the LinkedIn account. Given these conflicting allegations, the court declines to grant judgment on the pleadings on the misappropriation claim.

Tortious Interference: The court dismisses the remaining claims. Edcomm asserted that Eagle interfered with the contract between AT&T and Edcomm, but the court says that Edcomm failed to adequately allege specific intent and damages. Eagle cared about the number, and the contractual relationship between AT&T and Edcomm was incidental to the number (it's unclear this was terminated anyway). Edcomm also argued that Eagle interfered with relationships with prospective clients, but the court dismisses this claim on the basis that Edcomm’s allegations were speculative. Edcomm failed to point to “one potential contract that would . . . have materialized” absent Eagle’s alleged interference. (The court declines to dismiss an unfair competition claim but this claim piggybacks on the misappropriation claim.)
__

The dispute raises interesting issues, and as with PhoneDog, OMGFacts, and Maremont cases, illustrate the difficulty of neatly categorizing social networking accounts and the goodwill in those accounts. The obvious question is whether the parties had an agreement addressing Eagle’s competitive efforts and use of her contacts. Judging by the fact that the parties did not mention any contractual terms, it’s fair to say that there was no written agreement dealing with Eagle’s competitive activities. This is somewhat surprising, given that Edcomm was acquired, and to the extent the the key assets in the acquisition were human resources, the parties should have had an agreement in place addressing Eagle's post-acquisition competitive activities.

It looks like the vagaries of Pennsylvania law may have made it harder to bring a conversion claim based on the phone number (the court footnotes that conversion claims are limited to tangible personal property), but at least one court has held that phone numbers can be subject to conversion claims. (Can a Telephone Number Be the Subject of a Conversion Claim?, discussing Staton Holdings, Inc. v. First Data Corp, 2010 U.S. Dist. LEXIS 48688 (N.D. Tex. May 11, 2010).) Given the current rules on phone number portability, to the extent they are freely transferable, it seems like phone numbers are increasingly similar to domain names, which can form the basis of conversion claims.

The fight over the LinkedIn account was probably the most interesting, but there is little discussion about the fact that LinkedIn terms restrict usage of log-in credentials to the person who created the account. (Eagle's sharing, and Edcomm's access likley violated LinkedIn's terms, as a technical matter.) Also, LinkedIn distinguishes between “company accounts” and “personal accounts.” Personal accounts seem by design to be akin to resumes, and while it makes sense for someone to be restricted from exploiting their contacts for competitive purposes, the personal accounts don’t lend themselves to use by the company. Neither the court nor the parties focuses on this. As an afterthought, my instinct is that parties are often misdirecting their energies with fights over “who owns contacts.” Contacts are personal, and particularly in the social networking context, I would think it would be difficult for one person to take advantage of another person’s contacts. I could see Edcomm sending out a spam message to Eagle’s LinkedIn contacts, announcing that Eagle is no longer with the company and prospective customers should contact Edcomm directly, but apart from this, is it really realistic for Edcomm to continue to exploit Eagle’s contacts?

Although it's tough to say since the case is at the initial stages, the lawsuit in Pennsylvania seems like a small part of the overall dispute, which includes the litigation in the Southern District of New York. In the Southern District case, Sawbeh alleges fraud on the part of Eagle and her cohorts; if the fraud and misrepresentation claims are successful, they will likely dwarf the effect of the battle over the LinkedIn contacts and phone number. Any victory that is achieved in the Pennsylvania litigation may turn out to be pyrrhic, depending on how the New York litigation pans out.

Posted by Venkat at 10:52 AM | Licensing/Contracts , Trade Secrets , Trespass to Chattels

November 10, 2011

Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz

[Post by Venkat Balasubramani]

PhoneDog v. Kravitz, 2011 WL 5415612 (N.D. Ca.; Nov. 8, 2011)

Another day, another post-employment dispute over a social media account.

In this case, Noah Kravitz worked for PhoneDog, which is an "interactive mobile news and reviews web resource." Kravitz worked as a reviewer and video blogger. He used the "@PhoneDog_Noah" twitter account, and it amassed approximately seventeen thousand followers. When he left, PhoneDog asked for the account "back" but he demurred, instead changing the account handle from @PhoneDog_Noah to "@noahkravitz". PhoneDog sued, asserting claims for (1) misappropriation of trade secrets, (2) interference with economic advantage; and (3) conversion.

Trade secret claim: Kravitz argued that there was no "trade secret" information, because the followers of the account are not secret and are publicly discernable. The passwords he argued merely allow an individual logging on to the account to view the publicly known follower information. He also argued that PhoneDog did not adequately safeguard the password information and treat is a trade secret. The court punts on the issue and says:

PhoneDog has sufficiently described the subject matter of the trade secret with sufficient particularity and has alleged that, despite its demand that Mr. Kravitz relinquish use of the password and Account, he has refused to do so. At this stage, these allegations are sufficient to state a claim. Further, to the extent that Mr. Kravitz has challenged whether the password and Account followers are trade secrets and whether Mr. Kravitz's conduct constitutes misappropriation requires consideration of evidence beyond the scope of the pleading.

Economic advantage claim: The court rejects the interference with economic advantage claim, saying that PhoneDog's allegations were muddled on this issue. It was unclear as to whether PhoneDog was saying Kravitz interfered with PhoneDog's relationship with account followers or with its subscribers or consumers more generally. The court also says PhoneDog failed to connect the dots with respect to any harm based on advertiser relationships, or even any economic harm generally. [I hope PhoneDog was not making a claim based on its vicarious relationship with followers of the @PhoneDog_Noah Twitter account--we all know how tenuous social media relationships are!]

Conversion: The court declines to dismiss the conversion claim, saying that PhoneDog alleged it had the right to possession over the account, and "the nature of that claim is at the core of this lawsuit and cannot be determined on the present record."

This is the scenario that many people speculated about when Rick Sanchez left CNN--would Sanchez get to keep his Twitter account? ("Who 'Owns' A Twitter Account: Employer Or Employee?") Sanchez ultimately kept the account and changed the name. (See: "Ex-CNN anchor Sanchez keeps his Twitter account, changes the name.") I don't think this decision does much to move the needle either way, as it punts on the bulk of the issues.

I end up somewhat skeptical on both of PhoneDog's remaining claims.

Was the password really a trade secret? Is an account's follower list a trade secret? Social media account information does not fit nicely within the trade secret box. "Customer lists" historically were a classic trade secret, but when customer lists are now published publicly and capable of being mined, does that concept go away? Even if the list were public, could anyone "download" the list? Could Noah have contacted the list any other way than through the account that he's supposed to turn over? What if Noah had posted a "goodbye" tweet saying "follow me at [new account name]"? With respect to the conversion issue, the court's analysis was disappointingly brief. It's interesting that, in this case, PhoneDog has its own Twitter account and this particular account was one set up specifically for Kravitz--it's not as if he took the company's one and only Twitter account. One other claim you often see discussed in this context is a trademark-based claim. Kravitz likely averted these by changing the name of the account, and presumably removing any PhoneDog branding elements.

The takeaway is to have a written agreement that governs this issue! I blogged about a case last month where a court resolved a social media/account ownership issue in favor of the employer, relying on a written agreement. ("Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell.")

A somewhat interesting aspect of the dispute arose over the value of the Twitter account and followers, which was relevant to the issue of whether PhoneDog's claim for damages got over the $75,000 hurdle. (It had to satisfy the $75,000 jurisdictional threshold for diversity jurisdiction.) PhoneDog said it suffered $340,000 in damages. The account had 17,000 followers, "which according to industry standards, are each valued at $2.50." [I must admit that this caused an eyeroll.] PhoneDog said this translated into a monthly damage amount of $42,500 "for each month that [Kravitz] used the account." Kravitz on the other hand said that Twitter followers have discretion to subscribe or unsubscribe and therefore this valuation was suspect. He also argued that the value in any Twitter account "comes from . . . efforts in posting tweets and [an] individual's interest in following . . . not from the account itself." According to him, there's no evidence that an account even with a significant number of followers has any ongoing value. The court does not resolve this issue, instead finding that PhoneDog alleged enough to get over the $75,000 jurisdictional threshold. These arguments really made me wonder whether the parties were spending money on the dispute in excess of the assets they were fighting over. As in many business break ups, emotions tend to run high. This was surely a contributing factor. This case has mediation written all over it.

Posted by Venkat at 07:13 AM | Licensing/Contracts , Trade Secrets , Trespass to Chattels

November 09, 2011

Employers Demanding the Right to Remotely Wipe Employees' Phones?

By Eric Goldman

I got the following email from one of my students (I edited a little to increase the anonymity):

Recently, my spouse's company announced that it is going to implement a new policy regarding those employees using their mobile devices to check company email. These phones are personal phones, and not provided by the company. What they are proposing is that my spouse sign a release that states that the Company has the right to remotely wipe the phone (restoring it to factory settings) if they feel that any of their trade secrets have been compromised, or if the spouse loses/misplaces the phone.

My problem with this is that these are personal phones with personal information not connected to her work. Does her company have the right to wield such power, or is this over doing it?

This was the first time I'd ever heard of such a provision. Has this become a new standard, or is this company over-the-top hyper-protective of its trade secrets?

As an employee, I would not sign such a release. Further, if I were the employer, I would be reluctant to rely on the release, even if signed, to actually wipe a former employee's phone. If the employee challenged the wipe in court, I would imagine many judges would be reluctant to enforce the release, motivating them to look for reasons not to do so. If nothing else, there's a major due process problem (in the equity sense, not the legal sense). The company is the judge, jury and executioner without ever proving trade secret misappropriation, and carrying out the remote wipe could cause catastrophic data losses for the employee (and possibly for a subsequent employer). This just seems like a bad idea all around.

Please email me if you've seen a provision like this in the field before or if you know of any cases/statutes that address the situation. In the email, let me know if I can repost your email here.
_____

UPDATE: I got this response: "For what it is worth, my firm has a similar policy, though as far as I know it is only enforced technologically (by installation of remote management software) rather than by written agreement. Of course, we can opt out by using a firm-provided blackberry instead of checking work email on our personal phones; perhaps mitigating the sting somewhat."

UPDATE 2: Another response: "These are fairly common provisions to ensure the ability to protect company/client secrets if the phone is lost. Like your other commenter said, these agreements only are usually required for personal devices only when they are allowed as an option to company-provided devices. In that instance, you consent to the wipe in exchange for the convenience of carrying around only one device instead of two. The interesting legal question comes when the firm only pays for email, but retains the contract with the service provider, where you can get a Quon-like situation and potentially a claim against the company for accessing phone records even though they’re not paying for it (recall that the 9th Circuit’s SCA portions of Quon were not part of the Supreme Court’s opinion). But something to think about when you give your company access to your device."

Eric's additional thought: I'm still not seeing how the ability to remote-wipe the company-provided device prevents the leakage of trade secret info. I assume there are still ways to move trade secret information off the device...? I know some companies have developed blocking technology to prevent data leakage through forwarding emails and downloading to flash drives, and I assume this blocking technology would be on the company-issued device. But I have been skeptical that such blocking technology works very well.

UPDATE 3: Another response:

I know some employers believe they are making this 'enforceable' by requiring that the security settings be set on the phone in such a way that they can do the wipe (and effectively the employee hands the security PW of one's personal phone over to one's employer -- which to me is even more dangerous than the notion of letting them wipe it).

It does seem rather silly though in a day when many of us have our entire phone content backed up regularly, either on our home computer or now on iCloud or its equivalents -- and I know of no wiping system that would reach out to those backup copies. (And, since virtually all of our workplace emails are set up with a web-based reader anyway, or some other connection that bypasses the hyper-security of a direct connection to Exchange or whatever might be used, it's all kind of moot in the end.)

Yours is the first example I'd heard of a piece of paper on top of it all -- although I'm not surprised to hear of such. The 'policy' such as it is was often ad hoc created by the IT group, or at best a policy of the company without necessarily getting a firm OK from the employee for the right to mess up his whole life to protect the purported trade secrets. And, to be clear, apart from this piece of paper, I've been seing this going on for many years -- essentially about the time BlackBerry introduced the ability to do such a thing.

Regardless, I've seen the consequences personally when I left my last job, where I had a personal phone (albeit one I had reimbursed by the employer) that was mixed use -- job and personal -- and the realization that as I left the only way to do it was to have it all wiped out. In new job I've gone the inconvenient path of carrying the work-owned BlackBerry, which is 100% work, and my own personal smartphone, which is 100% me. And, in doing so, I've actually discovered a new joy -- There are many times I now leave the work phone at home, and I have a little more control over my life as a result as I'm not being pinged by workers 24/7. (They don't all necessarily know I'm not paying attention, which is even better.)

UPDATE 4: Another response:

This is probably more common than you might think because remote wipe of phones is a standard feature that comes with Microsoft Exchange these days. I've worked at Hewlett-Packard, Microsoft and Amazon, and all of them were set up to where they could remotely wipe your phone via Exchange if you set it up to work with corporate e-mail, regardless of whether or not the phone was personal or company owned.

In my employment contracts, there was usually a clause that said that if I put company data on a device that I personally own, that the company has the right to audit and remove data from said machine, but I have no clue how enforceable that might be....Since I work with a lot of source code for my profession, this doesn't seem that unreasonable to me.

UPDATE 5: Another response:

Such policies and the technology that enables them have become commonplace in large enterprises. Most businesses see such a policy as a trade off for not allowing the employee to use his phone for work at all. In other words, they allow the employee to use their personal phones for work purposes, but require that they submit to searches and remote wiping. Not only is there an element of trade secret protection, but also the issue of breach notification for loss of personal information under state breach notification laws, GLBA, or HITECH.

In fact, there are some applications out there that create a sandbox environment for the employer’s email, calendar, and other information and only allow partial deletion. Good for Enterprise is one such solution, though there are others. However, as you can imagine, there are a lot of issues to work through. The application on these devices can collect location information, IP address, unique device id, etc. Additionally, there are issues with employees giving consent for these types of policies in the EU. Though not impossible, most EU Data Protection Authorities view consent in workplace as coerced, therefore, not freely given. (more on that in the Article 29 Working Party documents WP48, WP114, and WP187)

When I looked into this issue, I did a brief search for cases on this issue but I was not able to find any. There are no statutes that I am aware of that would be directly on point.

UPDATE 6: Another response: "I was at a firm that did this and never thought it was a big deal. My firm gave attorneys two options for mobile devices: you could get a firm-owned Blackberry or receive your firm email on your own personal Blackberry/iPhone. If you brought your own device you agreed to allow them to remote wipe it if you reported the device as lost. I understood the intent to be preventing accidental release or discovery of confidential client information, not to prevent attorneys from deliberately leaking info; there were plenty of other ways to do that if someone wanted. I considered it a useful policy, since if I lost my phone I would want my information deleted anyway. (For what it's worth, when I left they didn't bother to/remember to wipe my phone.)"

Eric's response: I wonder if lawyers acquiesce to this concept more willingly because we are so attuned to the protection of client confidences anyway.

Posted by Eric at 09:52 PM | Trade Secrets | TrackBack

October 15, 2011

Q3 2011 Quick Links, Part 5

By Eric Goldman

See the other quick links posts in this series:

* Q3 2011 Quick Links, Part 4
* Q3 2011 Quick Links, Part 3
* Q3 2011 Quick Links, Part 2 (Trademarks/Domain Names Edition)
* Q3 2011 Quick Links, Part 1 (Copyright Edition)

Trade Secrets

* Congressional proposal to add a private cause of action to the federal Economic Espionage Act. David Almeling supports the general idea. My take from an email list:

I don't understand the incremental value of a federal private cause of action beyond the current state laws for the described situations. I also wonder if this is the beginning of the end for federal deference to state regulation of trade secrets. If the amendment get adopted, it would be entirely logical to see the restrictions relaxed over time to make it into a general-purpose private right of action for any trade secret misappropriation. For an analogous regulation, see the significant expansion of the CFAA over the past quarter-century, and especially the growing number of cases involving CFAA violations because former employees continued to access their former employees' hardware (and, presumably, misappropriate trade secrets).

* Mattel's lawsuit against MGA over the Bratz dolls has gone sour for Mattel in a big way. It was hit with another $225M in damages, bringing the amount it owes MGA to $310M. Oops.

* Probation for two individuals in the first lost iPhone prosecution, but no charges against Gizmodo. Yet, somehow, Apple apparently lost yet another "priceless" iPhone prototype at a bar.

Patents

* Bessen et al, The Private and Social Costs of Patent Trolls:

In the past, non-practicing entities (NPEs) — firms that license patents without producing goods — have facilitated technology markets and increased rents for small inventors. Is this also true for today’s NPEs? Or are they “patent trolls” who opportunistically litigate over software patents with unpredictable boundaries? Using stock market event studies around patent lawsuit filings, we find that NPE lawsuits are associated with half a trillion dollars of lost wealth to defendants from 1990 through 2010, mostly from technology companies. Moreover, very little of this loss represents a transfer to small inventors. Instead, it implies reduced innovation incentives.

* Joe Mullin is blogging again on patent matters, especially NPE issues! From his blog, check out his co-blogger's post on Innovatio, which is sending licensing demands to hundreds of companies who are offering industry-standard wi-fi to consumers.

E-Commerce

* After tossing its CA affiliates aside like rag dolls, Amazon and CA struck a deal on sales taxes that reinstated its CA affiliates (1, 2).

* Businesses using Groupons may be getting lower Yelp reviews.

* Dan Ariely deconstructs online retailers and websites to show how they are using psychological forces to get us to do what they want.

* Earll v. eBay, 5:11-cv-00262-JF (N.D. Cal. Sept. 7, 2011). eBay could be exposed to claims under the Disabled Persons Act and the Unruh Act.

* Foley v. JetBlue Airways (N.D. Cal. Aug. 3, 2011). Federal aviation law preempts California law regarding disability accessibility to airline website.

* Weinstein v. eBay. StubHub wins an anti-scalping case under New York law.

* NYT: Good example of how a properly managed consumer review website can improve marketplaces.

Contracts

* David Stebbins is at it again. He sued Google to enforce his purported $500 billion arbitration win. The magistrate recommended dismissing the case as frivolous. Stebbins sued Microsoft too; see the long interview with him and a link to his video.

* Davis v. Avvo, 8:10-cv-02352-JDW-TBM (M.D. Fla. Sept. 13, 2011). Forum selection clause in Avvo’s user agreement upheld.

* Fusha v. Delta Airlines (D. Md. Aug. 30, 2011). Venue selection clause in check-the-box user agreement upheld.

* TradeComet.com LLC v. Google, Inc., 2011 WL 3100388 (2nd Cir. July 26, 2011): "a district court is not required to enforce a forum selection clause only by transferring a case pursuant to § 1404(a) when that clause specifies that suit may be brought in an alternative federal forum. Rather, in such circumstances, a defendant may seek to enforce a forum selection clause under Rule 12(b)."

A separate summary order upheld the applicability of Google's forum selection clause against TradeComet. The court says Google's clause doesn't overreach because "Google unquestionably holds a ‘special interest’ in making sure that it is not subject to suit in numerous different fora for claims arising from its agreements with over a million advertisers."

* Marso v. United Parcel Service, Inc., No. 09 CVS 2582 (N.C. App. Ct. Sept. 20, 2011). UPS required customers to go through a mandatory clickthrough agreement on computers in its store, but...

plaintiff asserts that defendant's employee entered the information into the computer, and that "[n]o one advised [plaintiff], orally or in writing, about any UPS Tariff, waybill, or service guide," or advised him that he could request a copy of the same….plaintiff suggests by his argument that he did not assent to the terms of service identified in the UPS Tariff, which would limit defendant's liability for the fraudulent cashier's check collected by defendant upon delivery of plaintiff's package to Mr. Thompson, and instead asserts that he formed an oral contract with defendant's employee which obligated defendant to be liable to plaintiff for $12,145.00 without limitation. Thus, there appears to be a genuine issue as to whether plaintiff assented to be bound by the limiting terms of the UPS Tariff, and whether defendant presented plaintiff with actual or constructive notice of the terms set forth by the UPS Tariff.

* Truong v. eBay, Inc., 2011 WL 3716999 (Cal. App. Ct. Aug. 24, 2011). This is a busted eBay Motors transaction where eBay warned the winning buyer not to complete the transaction and the seller sued for tortious interference with contract:

eBay raised the immunity provision of the federal Communications Decency Act (47 U.S.C. § 230). As appellant pointed out to the trial court, and as that court ruled, the pertinent provision of that statute makes the law applicable to an action taken by an internet service provider to restrict access to or availability of material that is obscene, harassing, “or otherwise objectionable.” The conduct alleged against eBay was not editing or policing content of items posted on its marketplace, but interfering with a contract. (See 47 U.S.C. § 230(c)(2)(A).) eBay does not urge this ground in its respondent’s brief.

* Added to my RSS feed: The Tech Contracts Blog by David Tollen.

Miscellaneous

* ABA Journal on electronic service of notice.

* James Grimmelmann's Internet Law casebook.

* On TWiL in late August, I discussed privacy and MP3Tunes with Denise Howell, Evan Brown and David Snead. The recording.

* Top 15 most popular "Damn You Auto Correct" postings of all time. Hilarious.

* Good news: I will receive the 2011 "IP Vanguard Award" (in the Academic/Public Policy category) from the California State Bar's IP Section.

Posted by Eric at 07:02 AM | E-Commerce , Licensing/Contracts , Patents , Trade Secrets | TrackBack

August 04, 2011

Idea Submission Case Revived Against MySpace--Riggs v. MySpace

By Eric Goldman

Riggs v. MySpace, Inc., 2011 WL 3020543 (9th Cir. July 25, 2011)

Riggs created a popular MySpace page, only to have MySpace delete it twice. Not pleased by that turn of events, for years Riggs has been doggedly pursuing a lawsuit against MySpace pro se. Two years ago, the district court unceremoniously bounced her lawsuit relying, in part, on a novel reading of 47 USC 230(c)(1). The Ninth Circuit upheld the 230 ruling on appeal:

The district court properly dismissed Riggs’s negligence and gross negligence claims, arising from MySpace’s decisions to delete Riggs’s user profiles on its social networking website yet not delete other profiles Riggs alleged were created by celebrity imposters, because these claims were precluded by section 230(c)(1) of the Communications Decency Act. See Fair Hous. Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1170-71 (9th Cir. 2008) (en banc) (“[A]ny activity that can be boiled down to deciding whether to exclude material that third parties seek to post online is perforce immune under section 230.”).

Another Roommates.com citation for the defense. But, as I explain in my prior blog post, I think this should have been a 230(c)(2) dismissal, not a 230(c)(1) dismissal.

The court also rejected her claim for “promissory fraud breach of contract claim” (whatever that means) for lack of cognizable damages.

However, in an unexpected turn, the court revived her idea submission claim (an implied-in-fact contract breach) "because Riggs alleged in her First Amended Complaint at paragraph 120 that she told the News Corporation’s executive’s assistant that she wanted to “sell” her ideas before she disclosed them." That's a pretty weak allegation made to a person who may lack proper authority to promise anything, so the court seemed mighty generous to Riggs in reviving the case. Nevertheless, this is consistent with California's amorphous idea submission doctrines. They can be a nice end-run to survive motions to dismiss because, by definition, the parties are likely to dispute the facts in an implied-in-fact contract. Sadly, the Ninth Circuit recently expanded the idea submission doctrines in the Larry Montz case (mentioned here), so expect more weak idea submission claims to get further in litigation than they should.

Although the idea submission claim wasn't really a workaround to 47 USC 230, I think this case bears some parallels to Barnes v. Yahoo. In both cases, 47 USC 230 emphatically closed some doors to plaintiffs, but squishy state law doctrines opened other doors for the plaintiffs. It's a good reminder why 47 USC 230 works so well. Because it has so few exceptions, it ends cases cold. Fluffy doctrines like promissory estoppel and implied-in-fact contracts make it hard for judges to cleanly end cases early.

Eriq Gardner's story on the case.

Posted by Eric at 05:18 PM | Derivative Liability , Licensing/Contracts , Trade Secrets | TrackBack

June 06, 2011

April-May 2011 Quick Links, Part 3

By Eric Goldman

Search Engines

* Google is working on a deal with the DOJ over illegal pharmaceutical ads and has set aside $500M for fines. Some background on the problem. Google isn’t the only search engine with problematic pharmaceutical ads. Will the other companies be getting the DOJ’s call too?

* Kevin Kelly: "This is the great gift of the free web. It has made some goods so cheap to acquire -- like answers, encyclopedia facts, directions, weather reports, recommendations -- that we generate entirely new realms of activity by doing far more of them. More is different. We ask so many more questions than before that this ask-and-answer is something new. Have you ever wondered where all our questions were before search engines? We didn't even bother to ask them."

* Vitaly Borker, who tried to game Google’s algorithm by seeking out bad consumer reviews, will be going to prison.

* Google won ALM's Best Legal Department in 2011. This article has a great inside look at Google’s legal department and how it makes decisions.

* More winners and losers from Google's algorithmic update.

* Latest antitrust enforcement challenge for Google: South Korea.

* More search censorship in Argentina. The ruling in Spanish.

* Yahoo changed its search log retention period from 3 months to 18.

* Market America is appealing its court loss to Google to the Third Circuit. Most recent blog post.

* Apple jiggers with the ranking algorithm for apps in its app store.

* CNET: “Bing head says 'traditional search' is dying.”

* Realcomp II, Ltd v. FTC, 11a0084p.06 (6th Cir. April 6, 2011). A monopolistic real estate electronic network violated antitrust laws when it provided only limited syndication of real estate listings subject to non-standard brokerage fee arrangements. Implications for Google?

* JC Penney’s 90 day timeout from Google for black hat SEO appears to be over.

* Gord Hotchkiss: “Why Results Quality Is So Important to Search Engines”

Privacy and Security

* Facebook tried to conduct a whisper campaign to bash Google on privacy. That backfired. Steven Levy: “Facebook’s Stealth Attack on Google Exposes Its Own Privacy Problem.” Danny Sullivan: “How Facebook Enables The Google Social “Scraping” It’s Upset About.”

* Not everyone loves the WSJ “What They Know” series.

* Kate Kaye of ClickZ on which of the half-dozen Congressional privacy bills the ad industry should favor.

* WSJ: Schmidt: Google Trying to Simplify Privacy Policies, but Lawyers Get In the Way.

* Less than 1% of Firefox users are using Do Not Track TPLs.

* Third party misuse of an open wifi leads to an unhappy wake-up call for the wifi owner.

* FTC gets $3M settlement from Playdom for COPPA violations. Among other purported defects, Playdom asked kids their ages and purported to bounce underage kids, but gave those kids the option to proceed just by checking a box rather than obtaining verifiable parental consent.

* An IP address can now pin down your location to within a half mile.

* The Sony Playstation hack of 70M member records will probably make my year-end list of top 10 Internet law developments. This event will be horking the law for the better part of a decade.

* EFF on how the Kerry-McCain privacy bill would preempt state law.

* Apple tried to squash the Mac Defender malware in its latest operating system release, but didn't get very far. Microsoft has made such benevolent dictatorship decisions before as well.

Publicity Rights and Trade Secrets

* Reality TV show participants were sued for prematurely revealing the show's outcome (in a lawsuit over the show's alleged failure to pay). See my first year Contract Law problem on maintaining secrecy in reality TV shows.

* Stars on the red carpet grant an implied license to their publicity rights in photos taken there.

* Basketball player Chris Bosh sues the mother of his child to prevent her from appearing in a reality TV show “Basketball Wives.”

* Larry Montz v. Pilgrim Film and Television, 08-56954 (9th Cir. May 4, 2011). In an idea submission case, “We again hold that copyright law does not preempt a contract claim where plaintiff alleges a bilateral expectation that he would be compensated for use of the idea, the essential element of a Desny claim that separates it from preempted claims for the use of copyrighted material.” The panel also reversed the district court conclusion that a “breach of confidence” claim was preempted.

* Many publicity rights complaints over Facebook's "Sponsored Stories": Fraley v. Facebook; JN v Facebook; and EKD v. Facebook. Filings in the Cohen v. Facebook case: motion to dismiss and supplemental brief on 47 USC 230.

* Litigation over Donald Trump’s licensing of his name to home developers. Interesting issues about a trademark licensor’s liability for a licensee’s activity and liability by endorsers for bum offerings.

* MGA spent $130M in its legal battle with Mattel.

Posted by Eric at 07:19 AM | Privacy/Security , Publicity/Privacy Rights , Search Engines , Trade Secrets | TrackBack

March 01, 2011

Jan.-Feb. 2011 Quick Links, Part 3 (Trademarks, Domain Names and Trade Secrets Edition)

By Eric Goldman

Trademarks and Domain Names

* From my perspective, the Department of Homeland Security (DHS) domain name seizures are one of the US government’s top 5 all-time worst assaults on the Internet’s integrity. DHS’s ICE division is grabbing domain names—the virtual equivalent of printing presses—citing half-baked legal theories and poorly researched factual claims without any advance notice or adversarial proceedings. This is exactly what we expect our government won’t do.

Yet, I haven’t seen a proportionate blowback. Why aren’t affected domain name owners suing the government for improperly seizing their printing presses? (This takes me back to the 2-decade-old Steve Jackson Games case and the EFF’s founding). Why aren’t there Congressional hearings asking DHS to defend its behavior? Where aren’t other parts of the administration forcing DHS to justify itself? Why aren’t judges pushing DHS to do a better job of demonstrating their cases on an ex parte basis? I’m a little baffled why there hasn’t been a revolt against the DHS’s baldfaced abuse of government power. I confess I’m part of the problem in that I haven’t grabbed the pitchforks either, but I’m not sure how I can best help. If you have any thoughts, I’d welcome them.

A linkwrap on this topic:

- Techdirt raises some general questions.
- One of the DHS affidavits. Techdirt deconstructs it.
- Sen. Wyden seems like our only legislator paying attention.
- Wendy Seltzer explores the due process problems.
- An ICE representative tried to defend its actions, with no success.
- Another 18 names seized.
- In a crackdown aimed at child porn, DHS took down 84,000 websites "by mistake." This is exactly the kind of “mistake” that would not happen if due process were followed and speech restrictions were subject to adversarial proceedings.
- EFF on what the repeated DHS screwups teach us about the "wisdom" of COICA:
- Techdirt: “ICE Boss: It's Okay To Ignore The Constitution If It's To Protect Companies”

* Private Career Training Institutions Agency v. Vancouver Career College (Burnaby) Inc., 2011 BCCA 69 (BC Ct. App. Feb 11, 2011): "The burden was on the appellant to satisfy the judge that there were reasonable grounds to believe that the respondents’ use of keyword advertising was actually or potentially misleading. He found as a fact that the appellant had not established that the respondents’ keyword advertising was actually or potentially misleading. He stated that the appellant had not persuaded him that the respondents’ use of its competitors’ names in keyword advertising “could...lead a student astray or into making a harmful error of judgment”. There was evidence to support those findings."

* NY S953: New York is trying yet again to ban domain name sales to terrorist groups. My prior blog post.

* Kim v. Coach: class action suit for Coach sending trademark takedown notices to eBay for the resales of legitimate goods. AP story.

* Joe Mullin recaps our efforts to crack open the Rosetta Stone v. Google joint appendix.

* LinkedIn allows ad targeting by company name. Competitive poaching, anyone? Will they be the newest defendants in keyword ad lawsuits?

* Rebecca covers an interesting and complicated dispute over a comparable drug being linked to a patented drug in a pharmaceutical reference database, with some parallels to keyword advertising.

* The Supreme Court denied certiorari in the latest appeal in Moseley v. V Secret Catalogue Inc. Prof. McCarthy on the ruling for which certiorari was sought.

* Law.com: Digital Chocolate and Zynga Settle over 'Mafia Wars'

* Ford sues Ferrari for naming one of its race cars "F150" in celebration of Italy's 150th anniversary of unification.

* Subway seeks to trademark "footlong."

* Las Vegas Sun: Double Down Saloon v. Double Down Lounge.

* Technolawyer tries to enforce a trademark in “SmallLaw.”

* Fleischer Studios v. AVELA (9th Cir. Feb. 23, 2011). The Ninth Circuit says that the Betty Boop character is in the public domain. This is quite a remarkable opinion, but I particularly call your attention to the discussion about trademarks and merchandising (cites omitted):

Even a cursory examination, let alone a close one, of “the articles themselves, the defendant’s merchandising practices, and any evidence that consumers have actually inferred a connection between the defendant’s product and the trademark owner,” reveal that A.V.E.L.A. is not using Betty Boop as a trademark, but instead as a functional product. Just as in Job’s Daughters [a 1980 9th Circuit case the majority cites even though it wasn't cited by either party or the district court], Betty Boop “w[as] a prominent feature of each item so as to be visible to others when worn . . . .” A.V.E.L.A. “never designated the merchandise as ‘official’ [Fleischer] merchandise or otherwise affirmatively indicated sponsorship.” Fleischer “did not show a single instance in which a customer was misled about the origin, sponsorship, or endorsement of [A.V.E.L.A.’s products], nor that it received any complaints about [A.V.E.L.A.’s] wares.”...“The name and [Betty Boop image] were functional aesthetic components of the product, not trademarks. There could be, therefore, no infringement.”

The court goes on to discuss Dastar:

If we ruled that A.V.E.L.A.’s depictions of Betty Boop infringed Fleischer’s trademarks, the Betty Boop character would essentially never enter the public domain. Such a result would run directly contrary to Dastar.

I applaud the majority opinion's spirit, and this could be quite a revolutionary opinion if it truly sets Ninth Circuit precedent. However, I’ve repeatedly criticized the Ninth Circuit for making up the rules panel-by-panel (I know I'm not the only one), and I suspect this is just another one-off. Kate Spelman thinks this is a good case for en banc review (I agree).

* WSJ: A quick survey of major legal issues in franchising law.

* Meth Lab Cleanup LLC v. Spaulding Decon, LLC, 2010 WL 5572397(D. Idaho Oct. 25, 2010): "the mere fact that resulting harm from the alleged confusion over the contents of the parties' websites may be incurred by an Idaho company is not sufficient to show that Spaulding “directed” its conduct toward Idaho."

* Walgreens is elevating the profile of its house-branded products.

* Index of WIPO UDRP Panel Decisions

* Oddee: 12 Hilarious Knock-off Fails

Trade Secrets

* Has the original Coca-Cola recipe leaked out?

* Reality Blurred: The producers of Survivor sue over leaked information about the upcoming season, but they drop the suit once they learn the leak source.

* David S. Almeling et al, A Statistical Analysis of Trade Secret Litigation in State Courts

Posted by Eric at 01:44 PM | Domain Names , E-Commerce , Internet History , Trade Secrets , Trademark | TrackBack

January 02, 2011

Nov.-Dec. 2010 Quick Links, Part 5

By Eric Goldman

Taxes

* Amazon.com, LLC v New York State Dept. of Taxation & Fin., 2010 NY Slip Op 07823 (N.Y. App. Div. Nov. 4, 2010). A NY appellate court rejected Overstock's/Amazon's facial challenges to "affiliates tax" but revived the as-applied challenge. The court distinguishes between "solicitation" of business for Amazon (collection obligation imposed) and passive advertising for Amazon (no collection obligation), but doesn't clearly explain why Amazon affiliates are engaged in solicitation and not passive advertising. Among other things, the court says [I reordered quotes]:

An advertisement in a newspaper is clearly not solicitation, as it is geared to the public at large. Likewise, the maintenance of a Web site which the visitor must reach on his or her own initiative is not, under the statute, or the advisory opinions, a solicitation. On the other hand, the targeting of a potential customer by the transmission of an e-mail is no different from a direct telephone call or a mailing to a customer. Both constitute active initiatives by a party seeking to generate business by pursuing a sale...When a representative can only receive compensation for an actual sale, it is much more likely that the representative will actually solicit, rather than passively maintain a Web site.....Nevertheless, we remand for further discovery so that plaintiffs can make their record that all their in-state representatives do is advertise on New York-based Web sites.

Although I think the court's analysis is wrong, it is not fatal to affiliate programs. For example, it seems like Amazon could fix its program by (1) prohibiting email marketing by affiliates, or (2) moving to a CPC model for affiliates.

* Colorado FYI Sales 79:

"If such retailers have total annual gross sales in Colorado of $100,000 or more, such retailers must: Provide notice with each purchase (the “transactional notice”). The transactional notice must:
• State that the retailer does not collect Colorado sales or use tax.
• State that the purchase is not exempt from Colorado sales or use tax merely because it is made over the Internet
or by other remote means.
• State that State of Colorado requires Colorado purchasers to file a sales or use tax return at the end of the year
for all taxable Colorado purchases that were not taxed, and pay tax on those purchases
• The notice must be easily seen and located near the total price.”

Miscellaneous

* Ars Technica on the Comcast/Level 3 spat. Is it a Net Neutrality red flag or a garden-variety peering disputes?

* Putting an end to one of the most over-hyped stories of the year, Craigslist shut down its adult services category globally.

In an unrelated development, Craigslist got a $6M+ judgment against ezadsuite.com, which "developed, advertised, and sold software programs to automate posting ads on Craigslist’s website and utilized other automated devices and related services meant to circumvent Craigslist’s security measures." This is one of those doctrinally troubling rulings that I choose to ignore because it's a default judgment. See the magistrate report and the judge's adoption.

* Latest NYT article hand-wringing about cyberbullying. WaPo has a myth-busting article on bullying.

* Specht v. Google, 2010 WL 5288154 (N.D. Ill. Dec. 17, 2010). Google wins a trademark battle over the term "Android." Some interesting parts:
- "on its own, the use of a domain name or e-mail address to identify an Internet host computer does not constitute a bona fide use in commerce. The use of a website address containing a trademark is not the same as use of the mark."
- "The androiddata.com website served as a remnant of a closed business. A "ghost site" such as this is not a bona fide use in commerce that can prevent the abandonment of a mark. The cost is small to maintain a domain name registration and host a several-page promotional website without e-commerce functionality, such as that which Plaintiffs contend existed at androiddata.com....Allowing a mark owner to preserve trademark rights by posting the mark on a functional yet almost purposeless website, at such a nominal expense, is the type of token and residual use of a mark that the Lanham Act does not consider a bona fide use in commerce."

* Oklahoma HB 2800: Executors can take over web accounts of the deceased.

* In theory ending another one of the year's most overhyped stories, the Borings got $1 for their trespass claim against Google. Previous blog coverage (1, 2, 3).

* Reuters: “A Reuters Legal analysis found that jurors' forays on the Internet have resulted in dozens of mistrials, appeals and overturned verdicts in the last two years.” Previous blog coverage.

* The Starwood v. Hilton Hotels corporate espionage lawsuit has settled. I tested this dispute on my IP course last year (see the exam and sample answer).

* California State Bar Standing Committee on Professional Responsibility and Conduct Opinion No. 2010-179:

Whether an attorney violates his or her duties of confidentiality and competence when using technology to transmit or store confidential client information will depend on the particular technology being used and the circumstances surrounding such use. Before using a particular technology in the course of representing a client, an attorney must take appropriate steps to evaluate: 1) the level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security; 2) the legal ramifications to a third party who intercepts, accesses or exceeds authorized use of the electronic information; 3) the degree of sensitivity of the information; 4) the possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product; 5) the urgency of the situation; and 6) the client’s instructions and circumstances, such as access by others to the client’s devices and communications.

* Another ill-conceived California law: large companies have to disclose on their websites their efforts to reduce slavery and human trafficking in their supply chains. Are you kidding me???

* Fun with Google Books Ngram viewer: cyberlaw vs. other terms; but different results when the terms are capitalized.

* Inside Higher Ed: "professors ‘caught on tape’ is a growing genre, and some think it could have a chilling effect on academe."

* HuffPost: You're Out: 20 Things That Became Obsolete This Decade.

* Tell your favorite male bloggers (besides Venkat and me, of course) how you really feel about their strengths.

Posted by Eric at 07:54 AM | E-Commerce , Marketing , Privacy/Security , Trade Secrets | TrackBack

September 24, 2010

Availability of Client Data on LinkedIn, Facebook, and Google Sinks Trade Secrets Claim -- Sasqua Group v. Courtney

[Post by Venkat with a brief comment from Eric]

Sasqua Group, Inc. v. Courtney, 2010 WL 3613855 (E.D.N.Y. Aug. 2, 2010)

Background: Sasqua Group and its principal (Tors) ran a executive search consulting firm for professionals in the financial services industry. They work with "a small group of high-caliber clients, including . . Barclays Capital, The Royal Bank of Scotland, Nomura American Holding, Inc. . . . " In 2000, Sasqua took on Lori Courtney (Tors's niece) as a consultant. Sasqua claimed that Courtney ran the day-to-day affairs of Sasqua and lacked experience when she came to work for Sasqua. Courtney's version differed.

In 2008, Tors and Courtney negotiated but did not enter into a partnership agreement and continued to work together. [If this isn't a red flag for a dispute in the future, I'm not sure what is.] Courtney continued to work with Sasqua under a consulting agreement which was renewed annually. In 2009, despite the lack of a partnership agreement, Tors and Courtney started sharing profits and expenses of Sasqua. In early 2010, Courtney resigned from Sasqua and formed Artemis Consulting. Within the week, three Sasqua recruitment consultants advised Sasqua that they were leaving to work for Courtney at Artemis. Tors contacted Sasqua clients to let them know of Courtney's departure, and one of the clients (Standard Charter) told Tors that it already know what was going on. Predictably unhappy, Tors sued Courtney and Artemis. Sasqua asserted a variety of claims, but sought an injunction to prevent Courtney's communication with Sasqua's "client contacts" (i.e., particular individuals at companies who were in charge of hiring companies such as Sasqua and Artemis).

The Court's Decision: Since Sasqua did not have a non-competition or a non-solicitation agreement with Courtney, it was left to rely on a trade secrets claim based on its client list. This claim did not fare well.

The key issue the court focused on was whether the information sought to be protected as a trade secret was known outside the business or readily ascertainable. Courtney argued that the information Sasqua sought to protect was freely available, or available with little efforts through using sources such as LinkedIn, Facebook, and Google:

virtually all capital markets personnel have their contact information on Bloomberg, LinkedIn, Facebook or other publicly available databases, including the firm's own media advertising.

Sasqua argued that it developed database software which kept track of client contacts and preferences. Unfortunately for Sasqua, Courtney was adept at finding information on the internet, and her in-court demonstration of how to find out information that Sasqua claimed was a trade secret seemed to have impressed the court:

Courtney . . . described a . . . process that she would utilize if she were approached by a foreign exchange trader who was looking for a position at Nomura and if she were starting from scratch. Going to Google first this time, Courtney typed in the phrase "global head of FX in Nomura." Approximately 72,400 hits came up, the first of which was entitled "Nomura Appoints Head of Fixed Income Research." . . . Courtney next went to Bloomberg.com . . . Doing a search on Bloomberg, Courtney was able to find the direct phone number for Gladwin at Nomura's offices in London, the London address itself and Gladwin's direct e-mail address. The Bloomberg site also allows the user to send an instant message to Gladwin . . . .

Courtney also explained how such a search could be conducted on LinkedIn, which she described as being "like Facebook but for business" and as being more searchable than Bloomberg "because people put their whole profile on LinkedIn."

The court also credits her testimony on the availability of contact information and professional details on the internet:

[i]t used to be years ago, that people were very protective about their resumes and personal information because no one ever wanted their employer to get wind that they were looking for another job . . . [now] everyone . . . puts it out there for the world to see because people want to be connected now. People want to know - - people want the recruiters knowing who they are and how to find your information and how to find them if they have a good opportunity.

Sasqua argued that although contact information for certain decision-makers may be readily ascertainable, things like the chain of command, placement preferences, and histories were not. The court held that Sasqua failed to put forth evidence in support of this. Additionally, the court sided with Courtney on the issue of whether Sasqua undertook reasonable measures to protect the secrecy of the alleged trade secrets. Courtney submitted a declaration from Sasqua's computer technician that Sasqua actually misappropriated the client list from its prior employer and that Sasqua was "extremely lax" in its efforts to safeguard the data.

___

In the modern era where professional networking on the internet is the norm, things like client lists will become increasingly difficult to protect as trade secrets. If the information you are seeking to protect as a trade secret is available on the internet (and the defendant can access it with clean hands), you're going to have an uphill battle. (But see Hirel Connectors, Inc. v. United States, 2004 U.S. Dist. LEXIS 31036 (C.D. Cal. Jan. 23, 2004) ("This Court declines to hold that information that becomes publicly available on the Internet can never be a trade secret under California law.").) Also, as more information that may fall into the trade secrets category is in electronic form, efforts to protect its secrecy will be important. Allowing employees at the company to freely access information that a party later claims is a trade secret will put the party in an awkward position.

Additional coverage: 3 Geeks and a Law Blog ("Thanks to LinkedIn, Your Client Database May Not Be a Trade Secret").
______

Eric's comment: This case reminds me a lot of the classic trade secret case Gary Van Zeeland Talent, Inc. v. Sandas, 84 Wis. 2d 202 (1978). In that case, Van Zeeland took in a young apprentice Sandas, taught him the business (in that case, booking bands at music venues) and then saw Sandas leave only to go into competition with his former mentor. As Sandas walked out the door, he grabbed a list of contacts at the various music venues. Ultimately the court concludes that the information wasn't protectable as a trade secret because it would be simple to recreate that list. This was back in the 1970s, when in fact it was comparatively hard to put together contact lists. In the digital age, where people and businesses publish detailed profiles implicitly describing what they are looking to buy and sell, it will become increasingly harder for many businesses to claim their contacts/customer lists as trade secrets.

Posted by Venkat at 10:24 AM | Trade Secrets

August 09, 2010

July 2010 Quick Links, Part 1 (IP Edition)

By Eric Goldman

Trademarks

* Rebelution, LLC v. Perez, 2010 WL 3036217 (N.D. Cal. July 30, 2010). The plaintiff is a band named Rebelution. The defendant is a music performer named Pitbull who released an album "Pitbull Starring in Rebelution" without intending to reference plaintiff. No summary judgment to defendant. Wikipedia has a disambiguation page for "Rebelution."

* Southeastern Pennsylvania Transportation Authority v. Mednick Mezyk & Credo (E.D. Pa. complaint filed June 21, 2010). Interesting trademark lawsuit. A government transit authority, SEPTA, has sued personal injury lawyers for the ways they advertise that they represent plaintiffs against SEPTA. I think SEPTA has a tough argument, and they sure look thin-skinned.

* Ryan Gile: "New York New York Hotel/Casino Successfully Hijacks NewYorkNewYork.com"

* Can Chevrolet get people to stop calling it "Chevy"? Not likely.

* The latest article addressing the Trademark Use in Commerce debate: Lee Ann W. Lockridge, When Is a Use In Commerce a Noncommercial Use?, 37 Florida State University Law Review 337 (2010)

Copyright

* The Copyright Office issued new circumvention exceptions for 17 USC 1201 exceptions. The EFF breaks it down.

* MGE UPS Systems v. GE Consumer and Industrial Inc., 08-10521 (5th Cir. July 20, 2010). A significant (and possibly incorrect) ruling on 1201: “Because the dongle does not protect against copyright violations, the mere fact that the dongle itself is circumvented does not give rise to a circumvention violation within the meaning of the DMCA.”

* Mattel Inc. v. MGA Entertainment Inc., 09-55673 (9th Cir July 22, 2010). Another Kozinski bull-in-the-china-shop opinion, it is studded with important legal statements. Among the most interesting: an employee agreement purporting to assign copyrights from the employee failed when the language read more like a patent assignment. But read the whole thing.

* Teter v. Glass Onion, Inc., 5:08-cv-06097-FJG (W.D. Mo. July 12, 2010). Troubling ruling. An art gallery selling an artist’s painting does not make a fair use when making and then publishing thumbnail images of the paintings on the gallery’s website. No first sale defense for making the thumbnail images, either, although I’m not sure how the gallery can advertise the paintings for sale online without the thumbnails. The trademark infringement claim for referencing the artist’s name also survives because of the possibility the gallery looked like an authorized dealer when it wasn’t.

* We learned how much the Viacom v. YouTube ruling cost Google: $100M. Can you imagine what good things might have come if YouTube and Viacom had poured their legal fees into innovation rather than litigation? Also, this is a prime example of just how much it costs when a well-funded company (Google) decides to treat a lawsuit as bet-your-business. No way that most start-ups could have coughed up $100M for the lawyers.

* Scott v. Scribd settled. My original blog post on the case.

* Cable v. Agence France Presse, 2010 U.S. Dist. LEXIS 73893 (N.D. Ill. July 20, 2010), A professional photographer’s claim for 17 USC 1202 for removal of copyright management information survives a motion to dismiss.

* Las Vegas Sun does a thorough expose on alleged copyright troll Righthaven (look at the "related stories" too).

* Copyright enforcement mill gets caught red-handed committing copyright infringement on its website. Whoops!

* SAP has stopped contesting liability in the Oracle/TomorrowNow lawsuit.

* Miller v. Facebook, 2010 U.S. Dist. LEXIS 75204 (N.D. Cal. July 23, 2010). A software copyright registration for a literary work (i.e., the source code) was sufficient to uphold a pleading that the defense infringed the software's look and feel (i.e., an audio-visual work). My most recent post on this case.

Other IPs

* Bimbo Bakeries v. Botticelli: Bimbo Bakeries [great TM!], makers of Thomas English Muffins, gets an inevitable disclosure injunction against a departed employee who knows how to make their "nooks and crannies" and went to a rival baker. See also this post from Trading Secrets.

* Agora Financial LLC v. Samler, WDQ-09-1200 (D. Md. June 17, 2010). This case is similar to the more high-profile Barclays v. theflyonthewall case. The newsletter publisher plaintiff provides stock recommendations to its readers; the defendant republishes the tips on TipsTraders.com. The magistrate rejects a default judgment against the defendant because (1) the hot news doctrine is preempted by copyright law, and (2) even if it isn’t, the “plaintiffs’ writers’ investment recommendations are copyrightable” and therefore ineligible for hot news protection. Ruh-roh. The judge should have stopped at #1. Even the plaintiff admitted that the recommendations were uncopyrightable facts. So now what? Does this now mean everyone who republishes the recommendations is a copyright infringer?

Posted by Eric at 01:25 PM | Copyright , E-Commerce , Trade Secrets , Trademark | TrackBack

April 27, 2010

Interesting Database Scraping Case Survives Summary Judgment--Snap-On Business Solutions v. O'Neil

[Post by Venkat, with additional comments from Eric below]

Snap-on Business Solutions Inc. v. O'Neil & Assocs., Inc. (N.D. Ohio April 16, 2010) [scribd]

Snap-on is one of those cases that's great because the court canvasses the various claims that come into play in the increasingly common scenario when someone accesses a computer or network to extract data following termination of (or outside of) a contractual relationship. (The practice of extracting data from a website is commonly known as 'scraping'.) The court punts based on the existence of factual disputes, but the court's order is well worth a read just because it lays out the issues and theories.

The background facts are straightforward. Mitsubishi hired Snap-on to build a database of parts data which Mitsubishi dealers could then access online. Mitsubishi provided the underlying documents and images (parts information) to Snap-on, who converted them and built a "searchable database with linked data and images." At some point, Mitsubishi decided to move the parts database over to O'Neil, instead of Snap-on. When Mitsubishi asked for a copy of the database, Snap-on predictably declined. Snap-on told Mitsubishi that Mitsubishi could have the database, but would have to pay an extra fee. Meanwhile, O'Neil, Mitsubishi's new vendor suggested that it could extract the data from Snap-on's servers using O'Neil "scraper tool." O'Neil ran the scraping program, and used log-ins provided by Mitsubishi in the process of gathering the data. According to testimony from Snap-on, O'Neil's access of Snap-on's website caused Snap-on's website to "crash" in at least one instance.

Snap-on sued O'Neil (and interestingly not Mitsubishi) alleging Computer Fraud and Abuse Act, trespass to chattels, unjust enrichment, breach of contract, copyright infringement, and misappropriation of trade secrets.

Computer Fraud and Abuse Act: The key question on the Computer Fraud and Abuse Act claim was whether O'Neil's access of the website was "without authorization." The court held that the underlying agreement between Mitsubishi and Snap-on did not clearly resolve the question of whether Mitsubishi could authorize O'Neil to access Snap-on's website and servers and, whether even assuming Mitsubishi had this ability, Mitsubishi somehow lost it.

I think the court came to the correct conclusion on whether the access was without authorization. There's a split of authority in the employment context as to whether an employee's access to the employer's servers for the employee's own purposes constitutes "unauthorized access," but this case doesn't implicate that scenario. (Jeff Neuburger covers the 9th Circuit's recent ruling in LVRC Holdings, LLC v. Brekka, which acknowledges this split.) Here, the parties had an agreement, and the only viable argument by O'Neil on the unauthorized access issue was that Mitsubishi had authorized O'Neil to access Snap-on's computers and servers. (Since you had to log-in to access the website, O'Neil could not argue that Snap-on impliedly authorized everyone (including search engines) to access its site.) The terms of the agreement between the parties would resolve this issue and the agreement didn't provide a definitive answer, at least at the summary judgment stage.

Trespass to Chattels: Snap-on also asserted a trespass claim based on damage or temporary deprivation of the ability to use its servers. The court also declined to resolve this issue on summary judgment, finding that Snap-on presented sufficient evidence to find that O'Neil's unauthorized access caused Snap-on's servers to crash and "deprived Snap-on of their use for a substantial time.

O'Neil argued that copyright law preempts Snap-on's trespass claim. The court summarily (and in a conclusory fashion) rejects this argument, finding that Snap-on's argument seeks to protect the integrity of its computer servers, rather than its "possessory interest in the [software] or accompanying database."

Unjust Enrichment: The court finds that Snap-on's unjust enrichment claims were preempted by the Copyright Act since Snap-on failed to provide any evidence as to how the unjust infringement claims were based on rights distinct from Snap-on's rights as a copyright owner.

Breach of Contract: Snap-on also asserted a claim for a breach of its end user license agreement. The court declined to dismiss this claim based on the existence of factual dispute as to whether the parties entered the EULA and whether O'Neil breached it. Surprisingly, Snap-on's website required a log-in but only contained a statement that "[the] use of and access to the information on [Snap-on's] site is subject to the terms and conditions set out in [Snap-on's] legal statement." Snap-on did not users to check the box, acknowledging that they read and agreed to the end user terms.

Copyright Infringement: Snap-on knew it had an uphill battle on the copyright claim for a few reasons. First, much of the material (such as the images) is owned by Mitsubishi to begin with. Second, it's tough for anyone to argue that pricing and parts information is copyrightable. With this in mind, Snap-on argued that the "database structure" is entitled to copyright protection and Snap-on owned the copyrights in the structure.

The court went through the Feist analysis. In Feist, the court held that a "factual compilation is eligible for copyright if it features an original selection or arrangement of facts, but the copyright is limited to the particular selection or arrangement. In no event may copyright extend to the facts themselves." Lower courts have applied Feist and found that databases containing facts may be copyrightable. O'Neil argued that the "arrangement" or the database structure was obvious and was thus not entitled to copyright protection. The court again agrees with Snap-on that factual disputes preclude summary judgment on copyrightability and ownership.

The court's conclusion on the copyright issue seemed the most problematic. Even if Snap-on owned some part of the underlying arrangement or database structure, did O'Neil "copy" the structure, or otherwise exercise any rights exclusive to the copyright owner? This is a tough sell. Also, on the ownership issue, I would think Mitsubishi would have a colorable argument that even if it didn't own the copyright, it should be treated as a joint owner along with Snap-on?

Trade Secrets: Finally, the court also declines to grant summary judgment on Snap-on's trade secrets claims. I'm not sure what trade secrets Snap-on is using to support its claim, and I'm skeptical that any trade secrets exist here that O'Neil misappropriated. However, given that the court declined to grant summary judgment on the other claims, it wasn't the end of the world for the court to let this claim go to the jury as well.
__

Apart from canvassing the various legal theories that come into play in this type of a factual scenario, the case also offers a few practice pointers.

First, if someone is hosting or storing data for you, it makes sense to have a provision in the agreement that allows you to get access to the data at the termination of the relationship, regardless of any contractual dispute that may arise between the parties. The party with physical access to the data will have leverage as a practical matter, and this is the type of thing contractual language should address. As a last resort, the party who may be in a position to extract the data should have an unbridled ongoing right to extract the data during the course of the relationship. The agreement should also have a notice and breach provision that would prevent the summary denial or revocation of authorization.

Second, I'm surprised there wasn't a clear ownership clause in the agreement that said Mitsubishi owns the underlying data, the database structure, and any copyrightable elements in the database. A determination by the court that Snap-on owns some copyrights in the database structure could cause problems down the road for Mitsubishi. There are many reasons why it made sense for Mitsubishi to own the data, and Snap-on doesn't have much of a business justification for owning the data because it can't use it at the termination of the relationship. As a last resort, Mitsubishi should have had a broad license to the data.

Third, the agreement should contain terms allowing Mitsubishi to authorize third parties the right to access Snap-on's servers and any copyrighted material, at least for back-up and archiving purposes.

Fourth, if you are a website that is looking to prevent scraping, ownership of the underlying data and restrictions on access (such as a log-in) help significantly. Professor Goldman's comments below highlight that scraping is problematic from a legal standpoint. However, two things that bolstered Snap-on’s claims are its ownership of the data and the fact that O’Neil accessed the site through a log-in which it wasn’t clearly authorized to use. This, coupled with the fact that Snap-on was in physical possession of the data at the termination of the relationship, pretty much put it in the driver’s seat.

Finally, Snap-on's contract formation process could have been cleaner. Where you have a situation involving access of a website for a business purpose (where the person is accessing data that they need) there's much less risk of people declining to access your website based on additional hurdles in the form of click throughs or check the box. In the consumer setting, websites often weigh certainty of contract formation against customer conversion, but this isn't really present in Snap-on's case. I guess what I'm saying in a long-winded way was that Snap-on should have implemented a mandatory, non-leaky, clickthrough, as discussed in Professor Goldman's post covering Scherillo v. Dun & Bradstreet.
____________________________

Eric's comments:

This is such a rich and interesting case that both Venkat and I wanted to cover it. I am frequently asked if scraping is legal, and the short answer is that (a) possibly not, but (b) people regularly do it anyway. This case illustrates the difficulty of doing scraping legally, and I highly recommend reading this case to anyone who thinks scraping solves a business problem they are having. If anything, this case was unusually defense-favorable because the replacement vendor (O'Neil) was scraping the customer’s (Mitsubishi’s) data at the customer’s request. Yet, because that data resided on Snap-on's servers, O'Neil is still staring down the barrel of copyright, contract, CFAA and common law trespass to chattels claims. If I were on the defense team, I'd be whipping out my checkbook and angling for a settlement, because I expect this case will not play well in front of a jury.

This case is slightly similar to a case from earlier this year that I never got a chance to blog, Edgenet v. Home Depot. In both Edgenet and this case, a big company retained an outsourced vendor to maintain and enhance an obviously unwieldy product catalog, and legal tussles ensued when the customer and vendor divorced. According to this opinion, Mitsubishi thought it had procured the IP rights to Snap-on's enhanced database, but Snap-on thought otherwise and demanded extra money to get something Mitsubishi thought it had already bought. As Venkat indicates, this reinforces the practice pointer that customers always need to have a clear exit strategy nailed down upfront whenever they enter into an outsourcing relationship.

The case is a little less clear about Mitsubishi's ability to get interim deliveries of the database pre-termination. (The case suggests that Snap-on tried to charge for this as well). As Venkat also indicates, this violates another rule of outsourcing--without a copy of its database, Mitsubishi was never in control of its fate and continuously vulnerable to Snap-on deciding to play a hold-up game.

When Mitsubishi finally decided to go with Plan B and retain O'Neil as Snap-on's replacement vendor, a series of poor judgments followed. Mitsubishi decided it was too expensive to have O'Neil replicate the work Snap-on had done, and Mitsubishi apparently decided it was too expensive to pay Snap-on for the one-time delivery from its database. But what did Mitsubishi expect--that Snap-on expected to be paid for delivering the data but would acquiesce to free scraping? Snap-on seems to have made it clear that its business model included payment for getting Mitsubishi data out of Snap-on's database, so Mitsubishi had to know that any alternative courses of action were dicey.

Then O'Neil, presumably trying to be helpful, offered the scraping option. Any lawyer in the process should have kiboshed the idea on the spot. Instead, Mitsubishi gave O'Neil some login credentials in apparent violation of the Snap-on agreement. This reminded me of the Oracle v. SAP lawsuit, which is not going to end well for SAP.

The scraping process did not go well, either. It appears the scraping tool was misconfigured because it allegedly caused enormous traffic spikes that ultimately crashed the site at least once (and maybe twice). Even if the court follows the more restrictive Hamidi approach to common law trespass to chattels requiring damage to computer system resources, this qualifies. Snap-on blocked the scraper's IP address, so O'Neil offered to continue using a different IP address (a big no-no in my guide to "legitimate" scraping) but only if Mitsubishi signed an indemnity agreement...which Mitsubishi signed. What??? Are you kidding me??? It's hard to wave a bigger red flag of problems ahead than to have a vendor say that it will only continue if it gets an indemnity agreement. Fortunately for O'Neil, the indemnity agreement may mean that O'Neil won't be writing checks when the jury says nyet; unfortunately for O'Neil, the indemnity agreement won't help if the feds decide to bring a criminal CFAA prosecution. Snap-on blocked the second IP address, O'Neil stopped scraping, and Snap-on decided to sue.

Where were the lawyers in this process? I'm shocked that Mitsubishi's lawyer didn't shoot down the initial scraping proposal. Scraping was a classic engineer's solution to a legal problem. But even if the lawyer never got a chance to speak up then, surely lawyers got involved when O'Neil tendered the indemnity agreement to Mitsubishi. That they didn't put their foot down then blows my mind. Given Snap-on's delays, it appears that Snap-on might not have even sued if O'Neil hadn't reinitiated scraping via a second IP address, so the indemnity agreement should have given Mitsubishi and O'Neil enough time and warning to realize that the engineering solution had failed and it was time to seek a legal solution.

As Venkat recaps, the legal rulings are fairly straightforward given our standard understandings of scraping law. However, they illustrate that despite its ubiquity, scraping may not be legally defensible when challenged in court--even, in this case, when Mitsubishi was trying to retrieve "its own" data.

Finally, this case is a microcosm of the broader IP battles over product catalog and taxonomical data. See my notes from my 2007 talk about IP rights in taxonomies. I don't have a solution to these IP battles, but I continue to wonder about the social benefits we could obtain if a global product catalog existed that everyone could freely use.

Posted by Venkat at 09:50 AM | Copyright , E-Commerce , Licensing/Contracts , Trade Secrets , Trespass to Chattels

August 10, 2009

Nursing Student's Blog Post Doesn't Support Expulsion--Yoder v. University of Louisville

By Eric Goldman

Yoder v. University of Louisville, 2009 WL 2406235 (W.D. Ky. Aug. 3, 2009). Yoder's initial complaint.

Nina Yoder was a University of Louisville nursing student. She posted a blog post to MySpace entitled "How I Witnessed the Miracle of Life” that describes her first-hand observations from a school assignment to go watch a patient-mother giving birth. The blog post now appears to be set to private, but you can see a PDF of it, and the opinion quotes the full text for your reading pleasure. This blog post and the resulting imbroglio sparked a lot of discussion. For more background, see this page with some of the source correspondence (and over 100 comments) and this thread from a nursing students' blog with about 250 comments.

Even if Yoder’s blog post was intended to be tongue-in-cheek, I can see why the blog post was so controversial. As just one example, the blog post repeatedly refers to newborn babies as "creeps." The court does not have kind words to describe the blog post, calling it "vulgar," "distasteful," "offensive," "crass and uncouth," and an "abject failure" as an attempt at humor. My personal take is that the blog post was, at best, ill-advised. I really can't imagine when I would want to work with a nurse who calls my baby a "creep," even if in jest, and (as discussed below) the amount of detail Yoder disclosed about her patient shows a reckless disregard for the confidentiality we expect from medical professionals.

When University of Louisville nursing school administrators discovered the post, they expelled Yoder from the nursing program on the grounds that she violated two contracts: the student honor code and a confidentiality agreement. Given how damaging Yoder's post was to the University's nursing school (after reading it, I suspect few patients would agree to let student nurses observe their treatments), I understand this impulse. However, the administrators’ decision to have two uniformed police officers at the termination meeting (because Yoder had separately blogged about her support of the Second Amendment) and to frisk her for weapons seemed a little over-the-top.

In this ruling, the court reverses the school's expulsion, holding that the school incorrectly interpreted the contracts. The main ruling relates to the contracts' requirement that Yoder not disclose patient confidential information. The defendants allege that the blog post disclosed "the following identifying information about the birth mother: the number of her children; the date that she was in labor; her behaviors; the treatment that she underwent (an epidural); her reaction to labor (vomiting); and the reactions of her family." The court says that none of this information was personally identifiable to the patient or her family because the post "does not disclose the birth mother's name, address, social security number, or the like. It does not disclose her age, race, or ethnicity. The Blog Post does not contain ‘financial’ or ‘employment related information’ about the birth mother. It does not disclose where she was in labor."

Well, the court is correct about the non-identifiable nature of the disclosures if you only consider the four corners of the blog post. No one could use the blog post to identify the mother or her family without relying on additional information. Nevertheless, the court's rationale is completely off-base. I’m confident that any savvy investigator could combine the blog post with other data sources and quickly identify the mom with a high degree of certainty, even if the investigator would rely only on easily obtainable published information. Just knowing the baby’s exact birthdate and limiting the inquiry to the Louisville area immediately limits the pool of possible women to a few hundred. Knowing that the child was the mom's third baby should narrow that restricted pool further. Thus, the court was clearly wrong when it said, categorically, "the Blog Post does not contain information that could possibly lead to the discovery of the birth mother's identity" (italics added). The first person who emails me the correct identity of the patient in question can, as their reward, choose a slinky from my special slinky stash.

As a result, this court's ruling illustrates the false distinction between personally identifiable and non-personally identifiable information. (The same issue arose in the recent Johnson v. Microsoft case declaring that IP addresses are not personally identifiable.) Paul Ohm has an important paper coming out on de-identification that should end this distinction permanently. The ability to combine multiple data sources makes it possible to uniquely identify data subjects even if each individual data source does not enable identification on its own. Especially in light of the healthcare context, this judge was way too charitable to Yoder on this point.

The court also says that Yoder did not violate a "professionalism" requirement in the school’s honor code because the blog post "was not created or used in any professional context." This is analogous to the K-12 school discipline cases (all uncited) where the principal disciplines a student for a blog post made off-campus. Clearly school administrators can reach too far into private conduct when meting out discipline, but again I think the judge is being very charitable here. Yoder was blogging her personal observations about a professional experience she had in a hospital, under confidentiality agreements, while doing her schoolwork. By this reasoning, any post that Yoder wrote in her personal time would not trigger the professionalism code, but given the subject matter of this post, this issue probably warranted more careful treatment.

Having said that, I totally agree with the judge's ultimate conclusion to reinstate Yoder. Although her post raised all kinds of yellow and even red flags about her judgment, the school had a wonderful teaching opportunity to explain/reinforce all kinds of lessons about the professional responsibility of a nurse (like, don't call patients' babies "creeps," even in jest). I think they didn’t capitalize on that opportunity by applying a one-strike rule to Yoder.

An update on Yoder's saga from the Chronicle of Higher Education.

Posted by Eric at 10:12 AM | Content Regulation , Trade Secrets | TrackBack

April 28, 2009

Promatek Redux: Software Consultant Enjoined from Metatag Usage and Other TM References--Deltek v. Iuvo

By Eric Goldman

Deltek, Inc. v. Iuvo Systems, Inc., 2009 WL 1073196 (E.D. Va. April 20, 2009). The Justia page.

Every year in Cyberlaw, I teach Promatek v. Equitrac, a Seventh Circuit metatags case from 2002 noteworthy for its multiple litigant and judicial errors typical of a cyberspace freakout case. Among the many mysteries of the case is how the court treats the fact that Equitrac advertised that it provided servicing of Promatek's equipment. The court says that Equitrac was free to say that, but it couldn't say it in the metatags...for reasons that I still don't understand.

Today's case raises similar issues to the Promatek case, and the resolution isn't much clearer. Deltek sells complex cost-accounting software. Iuvo includes three former Deltek employees who started a business providing consulting about Deltek software and other Deltek software-related services. Iuvo's websites advertise the fact that it provides servicing for Deltek software, but Deltek apparently doesn't like that or, apparently, the competition (not surprising because Iuvo was allegedly undercutting Deltek's price). Thus, Deltek launches a multi-prong attack on Iuvo, including claims that the site infringes its trademarks, the former employees misappropriated Deltek trade secrets, and the former employees violated their non-compete agreements.

With respect to the trademark claims, the defendants assert "fair use" (more precisely, nominative use). The court isn't convinced, in part because of the implied affiliation from Iuvo's references to Deltek's trademarks, even though the websites had an appropriate disclaimer of any relationship. Citing the doctrinally confused Axiom case, the court relies on the same implied-affiliation grounds for the metatags, saying "This use of Deltek's trademarks as metatags may cause a consumer to believe that Iuvo is affiliated or related to Deltek and may therefore constitute an improper attempt to trade on the commercial value associated with the marks." However, no one who understands metatags believes this statement is in the least bit credible.

Ultimately, the court crafts a split-the-baby injunction, restricting Iuvo:

from using in the "www.iuvosystems.com" website the phrases "Deltek Upgrade", "We Provide Deltek Solutions" and "Technology Consultants With Deltek Experience"; from using as metatags for any website associated with the Defendants' business activities any Deltek trademarks or trade names including, but not limited to, "Deltek Costpoint," "Deltek Time Collection," "Deltek Install," "Deltek Hosting" and "Deltek Consulting" and from using the web domain names "www.installdeltek.com" and "www.installdeltek.net."

Although the injunction is relatively narrow, it is still obviously problematic. First, the blanket restriction on including Deltek in the metatags makes no sense. See the Welles case. Second, I don't immediately see anything wrong with the phrase "installdeltek" in the domain name if Iuvo acts as a systems integrator and, in fact, installs Deltek software (a point I believe Deltek contested). Finally, I'm struggling to see what's wrong with the phrase "Technology Consultants with Deltek Experience," which seems completely accurate in describing both the former Deltek employees' experience as well as the company's accumulated experience.

Three observations about the case:

1) I hate metatag cases!

2) This is yet another example that the nominative use defense isn't very robust.

3) It's interesting that the court declined to issue an injunction based on the trade secret and non-compete claims, so Deltek's only victory came from its trademark claims. This is a good example of trademark's power to restrict competition, even when other anti-competition legal doctrines fail, and even when the competition may be in the consumers' best interest.

Posted by Eric at 09:31 AM | Trade Secrets , Trademark | TrackBack

April 12, 2009

Q1 2009 Quick Links, Part 4

By Eric Goldman

Security

* Massachusetts Data Security regulations were amended.

* In Facebook v. Power.com, Facebook brought another lawsuit to block extraction of user data from the site (similar to the Facebook v. ConnectU lawsuit). Venkat, Masnick, News.com, NYT, Justia. In this case, I wonder if Facebook has adequately distinguished between Power.com's behavior and the operation of its own "Find a Friend" service that taps into third party email servers to extract email addresses. Power.com’s response.

* Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. Jan. 7, 2009). IP infringement isn't a cognizable harm under the Computer Fraud & Abuse Act.

Adware/Spyware

* Who says Valentine's Day is just a Hallmark holiday? Sales of spyware and other tools to track cheating SOs also increase around Valentine's Day.

* Susan Brenner on the Cybercrimes Treaty and the US's decision not to criminalize possession of malware as required by the treaty.

Venture Capital

* BusinessWeek: Silicon Valley innovation is being stifled by VCs who only want to make small bets, not big bets. But VC investing is faddish, so the wind might change tomorrow.

* $600M of VC investments in virtual worlds.

Contracts

* Burcham v. Expedia, Inc., 2009 U.S. Dist. LEXIS 17104 (E.D. Mo. Mar. 6, 2009). Buyer was bound to user agreement even though he argued (without any evidence) that someone else established the account he used. This dovetails nicely with the broad reading of who is bound by an online user agreement; see my discussion in the Lori Drew case. Jeff Neuburger's writeup. Aside: I wonder if Expedia will be insulated by 47 USC 230 for the allegedly wrong description of amenities if they got the description of the hotel from third parties. For an analogous result involving the binding of users who didn't agree to the initial contract, see CoStar Realty Information, Inc. v. Field, 2009 WL 841132 (D. Md. March 31, 2009).

* Fractional Villas Inc. v. Tahoe Clubhouse, No. 08cv1396 (S.D. Cal. Feb. 25, 2009). Citing the RMG case, the court says that merely visiting a site may be sufficient to bind visitors to a browsewrap. However, in this case, there was insufficient evidence that the defendant had ever visited the site.

* Cherny v. Emigrant Bank, 2009 U.S. Dist. Lexis 2486 (March 12, 2009). Latest case that breach of privacy policy isn’t actionable unless there are actual damages. Venkat’s writeup.

* A stat I fully believe: "studies have shown that more than half of all companies cannot even locate signed copies of 10% or more of their contracts." The Zen Master asks: if both parties think they have entered a contract but neither can find a copy, do they have a contract? (this has really happened to me before).

Taxes

* Amazon v. New York and Overstock v. New York (N.Y. Sup. Ct. Jan. 12, 2009). Kudos to New York for finally figuring out a way to break the Internet and defeat the Internet Tax Freedom Act by treating Amazon Associates as traveling salespeople for sales tax collection purposes. I imagine every state in the country will jump on this bandwagon, at which point some e-tailers will kill their affiliate program and others will end up imposing sales tax collection nationwide.

* Pitt County v. Hotels.com, L.P. (4th Cir. Jan. 14, 2009), Online travel aggregators aren't "retailers" (as referenced in the statute) for purposes of collecting local hotel occupancy taxes.

General

* Some interesting cyberspace exceptionalism developments involving cases where paper presentation may be different from electronic presentation of the exact same content. In Smith v. Under Armour, Inc., 2008 WL 5486764, web payment confirmations displayed on-screen are not "printed" within the meaning of the Fair and Accurate Credit Transactions Act. Accord Smith v. Zazzle.com, Inc., 2008 U.S. Dist. LEXIS 101050. See generally this Proskauer recap. In Saulic v. Symantec Corp., a California law prohibiting data collection with credit card sales was held inapplicable online.

* Sudduth v. Donnelly, 2009 WL 918090 (N.D. Ill. April 1, 2009). Plaintiff got stiffed on his eBay transaction and sued eBay for 1983 equal protection and conspiracy claims as well as a Title VI civil rights claim. Because eBay isn't a state actor, however, the court dismissed eBay.

* My colleague Steve Diamond is blogging every detail of the battle for SAG's soul over at his new blog, King Harvest. For example, he summarizes the travails of the Screen Actor's Guild.

* Oddee: 10 Geekiest T-Shirts. I own a t-shirt that says "I'm Blogging This" (a gift from a former student) and a mug that says "Vegetarian Blogger" (gift from a colleague).

* Oddee: 15 Most Unfortunate Town Names. I think Licking County should have been a contender.

* Is there any better sign of Cyberlaw's maturity than the publication of Internet Law in a Nutshell? [Amazon Affiliates link]

* Oddee: 12 Most Ridiculous Lawsuits. I welcome your nominations for the most ridiculous Internet lawsuits of all time. I hope to write that up some day.

* Happy birthday, Gmail! Best email software I've ever used. The battles over Gmail privacy seem so...2004!

Free Stuff

* The Ninth Circuit recently updated its website...with RSS feeds!

* Nolo Press' "NDAs for Free." Potentially useful site.

* I have one extra copy of my Fall 2008 Cyberspace Law course reader. First person to send an email with their mailing address gets it. [CLAIMED]

Posted by Eric at 12:03 PM | Adware/Spyware , E-Commerce , Licensing/Contracts , Privacy/Security , Trade Secrets , Virtual Worlds | TrackBack

April 26, 2006

Employee Blogging Risks

By Eric Goldman

A couple of weeks ago, I spoke at the North Carolina Journal of Law & Technology's symposium called "Attack of the Blog: Legal Horrors in the Workplace." (I definitely did not pick the name!) In the morning, I spoke about the risks that companies face when their employees blog. I see blogging as a subset of Internet communications generally, so I'm not sure these risks are limited to blogging. Nevertheless, the following risks are possible:

Non-Legal Risks

* Employee relations risk. A personal dispute between employees could be taken online, triggering a flame war or exposing the personal dispute to a broad audience within and outside the company.

* Customer relations risk. Employees could make disclosures that undermine customer confidence in the company's products by revealing too much about the company's inner workings or by disparaging the company's products. Employees could also oversell customers by making overstated claims about the products.

* Reputational risk. Employees might make personal disclosures about other employees/stakeholders that degrade the overall public perception of the company.

Legal Risks

* Admissions. Blog posts could be party admissions. Even if not, they could be adverse evidence introduced in litigation.

* Trade Libel. Employees could actionably disparage competitors' products.

* Disclosure of Non-Public Information. There are several ways that employees could convert non-public information into public information in ways that have legal significance.

- If the company is publicly traded, these disclosures may manipulate the stock price or constitute securities fraud
- Employees could undermine the company's position by tipping off competitors about plans in the works. If the employee publishes company trade secrets to the blog, in most cases that information will be irretrievably lost as a trade secret.
- Employees might disclose third party trade secrets, which could lead those third parties to bring a trade secret misappropriation claim.
- Employees might disclose patentable information that jeopardizes the company's ability to obtain a patent using that information. For example, a blog post should start the 1 year clock ticking under 102(b). Similarly, if the foreign patent applications have not yet been filed, the blog post should negate the company's ability to seek foreign patents on the published information. This is a real gotcha that may catch some unsuspecting companies.

Conclusion

Just to be clear, I'm not convinced these risks are all that serious. The emergence of blogs might lower the guard or caution of employees, but all of these risks would exist even without blogs, and most employees will make good choices. Even so, some employees will make poor choices, and thus companies who are concerned about employee blogging might choose to address blogging as part of an overall policy on Internet usage or disclosure of company information. At the same time, employee blogging can be a significant asset to the company, so companies might look at employee blogging as an resource to nurture rather than risky behavior to squelch.

Posted by Eric at 08:05 PM | General , Patents , Trade Secrets

December 07, 2005

Keeping C&D Letters Confidential

By Eric Goldman

An all-too-familiar story. A famous celebrity takes her clothes off in a private outdoor space (in this case, Jennifer Aniston goes topless in her backyard). The paparazzi captures the event for posterity and profit. Celebrity finds out and unleashes a bulldog lawyer on the case. Lawyer writes a cease and desist letter to potential publisher with stern warnings about republishing the photos. The cease-and-desist letter hits the Internet. (In all likelihood, the photos will hit the Internet too, but to my knowledge we haven't gotten that far yet).

Here's the twist that triggers this blog post. The lawyer's letter says no less than 3 times that the C&D recipient may not publish the cease-and-desist letter:

* the letter is titled at the top "confidential legal notice/not for publication"
* the second sentence says "This is a confidential legal notice...and may not be published or disseminated in any way."
* the last paragraph reads: "This letter is a confidential legal communication and is not for publication. Any publication, dissemination or broadcast of any portion of this letter will constitute a breach of confidence and a violation of the Copyright Act, and You are not authorized to publish this letter in whole or in part absent our express written authorization."

These brouhahas never seem to end up well for anyone. Let's deconstruct the situation.

Jennifer Aniston

Jennifer Aniston should have known better. I recognize this may sound a little heartless; after all, she was in her own home and her lawyer alleges that the photographer was a mile away using an incredibly high-powered telephoto lens. If true, no question she should have had a reasonable expectation of privacy.

However, I believe that in practice, the rules are simply different for the top 1,000 most famous people in the world. For these celebrities, certain activities (nakedness, friskiness, ingesting) in a potentially observable place are never consequence-free, regardless of what the law says or the celebrity wants.

In this case, an afternoon of topless sunbathing at home has the consequence of a multi-month multi-continent pitched legal battle that, in all likelihood, will be futile (i.e., the pictures will almost certainly irrevocably hit the Internet). I'm not saying this is a good outcome, but it's an inevitable result in this era. This has to be on the minds of the world's most famous celebrities at this point.

The Paparazzi

If the photographer really did use a telescopic lens to take pictures of someone's backyard from a mile away and then tried to resell the photos, I'm fairly comfortable that there will be legal redress.

The Lawyer and the Smoking Gun

Some people complain that lawyers can't communicate very well, but good news here--we have no problem understanding what this lawyer wanted. He did not want to see this letter posted to the Internet. Yet, there it is, on the Smoking Gun in all its glory.

There are some problems with the lawyer's desire. How can a lawyer claim that a cease-and-desist letter is a confidential communication? In general, sending the letter to a third party without any confidentiality assurances should blow any legal confidentiality protections. The lawyer's redundant declarations doesn't change the analysis one iota (if anything, repeating these statements to bloggers will invariably lead to the opposite outcome). So, on its face, I don't see how the confidentiality demands/instructions are anything more than hyperbolic and low-efficacy scare tactics.

The copyright issue is more complex. The letter should qualify as an original work of authorship, and posting the letter online should violate at least 2 of the 106 rights (reproduction and distribution).

But is there some legal defense that nevertheless permits the reposting of C&D letters? The most obvious one is fair use, but fair use analyses are always tricky. For a good example in a relevant context, consider how Google deals with C&D letters it receives. At the Yale Regulating Search conference, a Google representative explained that Google turns over all 512(c)(3) demand letters to ChillingEffects.org because (a) Google wants the letters to see the light of day, (b) Google feared that publishing the letters would be an unexcused infringement, and (c) Google thinks that ChillingEffects.org's republication of the letters would be protected by fair use.

Can this be right? Google can't republish the letter but a third party can? ChillingEffects.org changes the fair use analysis in two ways: first, it's a non-profit actor, and second, it does add some commentary to the letter. But this seems like a silly formalistic solution. (I'll note that the Aniston C&D letter recipient apparently took the same approach, handing the letter off to the Smoking Gun, who added some light commentary).

C&D letter recipients shouldn't have to go to such extremes. Senders of C&D letters should be accountable for their actions. They seek legal redress and the letters themselves are legally significant (i.e., they could create the basis for willfulness determinations; they may be the basis for the recipient seeking a declaratory judgment). To fully understand what is taking place in the field, information about these C&Ds has to enter the public discourse. And simply reporting the receipt of a C&D isn't enough--to understand the letter and its potential impacts, external observers have to read the precise words used.

Therefore, I would strongly favor a statute that exculpates C&D letter recipients from republishing the letter. Because such a statute is unlikely, I am hoping the courts will create a defacto per se fair use exclusion for republishing C&D letters. Meanwhile, kudos to the Smoking Gun for not letting the repeated exhortations keep the letter off the Internet.

Finally, I suspect some readers of this post got here on the mistaken hope of seeing the pictures in question (or others of a similar nature). If you made it this far with that expectation, I'm sorry to disappoint.

Posted by Eric at 11:28 AM | Copyright , Trade Secrets | Comments (8)

Search

Archives

Recent Entries

May 03, 2013

Recap of Washington State’s Employer Social Media Password Bill

April 26, 2013

Nosal Convicted of Computer Fraud and Abuse Act Crime Despite His Ninth Circuit Win – US v. Nosal

April 04, 2013

Online Trespass to Chattels Needs Structural Reform (Forbes Cross-Post)

February 28, 2013

Employer Fails to State Stored Communications Act Claims Absent Allegations That Employees Interfered With Company Accounts – Castle Megastore v. Wilson

February 18, 2013

Facebook Posts and Twitter Invites Don't Violate Non-Solicitation Clause -- Pre-Paid Legal v. Cahill

January 08, 2013

Q4 2012 Quick Links, Part 1 (IP Edition)

Let's Stop Using the Term “Soft IP”

December 19, 2012

When Will We Give Up the Charade That Numbers Are Copyrightable?--National Football Scouting v. Rang

December 04, 2012

The Problems With Software Patents (Forbes Cross-Post)

November 19, 2012

Engaging Facebook Friends Doesn't Violate Non-Solicitation Clause--Invidia v. DiFonzo

October 08, 2012

Q3 2012 Quick Links, Part 1 (Trademarks/Domain Names, Patents, Trade Secrets)

July 28, 2012

4th Circuit Limits the Reach of the Computer Fraud and Abuse Act – WEC Carolina Energy Solutions v. Miller

July 04, 2012

H1 2012 Quick Links, Part 1 (Trademarks/Domain Names, Patents, Trade Secrets, IP)

June 04, 2012

"Hot Topics in Internet Law" Talk Slides

May 29, 2012

Google Wins Trade Secret Lawsuit Over Ill-Fated Coffee Meeting--Booloon v. Google

May 10, 2012

An Unmasking Effort Gets Gutted Some More – Art of Living Foundation v. Does

April 25, 2012

MySpace Profile and Friends List May Be Trade Secrets (?)--Christou v. Beatport

March 08, 2012

Jan.-Feb. 2012 Quick Links, Part 2 (Trademarks, Patents, Trade Secrets, Innovation Edition)

January 11, 2012

An Update on PhoneDog v. Kravitz, the Employee Twitter Account Case

January 03, 2012

Nov.-Dec. 2011 Quick Links, Part 2 (Extended IP Edition)

December 28, 2011

Another Set of Parties Duel Over Social Media Contacts -- Eagle v. Sawabeh

November 10, 2011

Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz

November 09, 2011

Employers Demanding the Right to Remotely Wipe Employees' Phones?

October 15, 2011

Q3 2011 Quick Links, Part 5

August 04, 2011

Idea Submission Case Revived Against MySpace--Riggs v. MySpace

June 06, 2011

April-May 2011 Quick Links, Part 3

March 01, 2011

Jan.-Feb. 2011 Quick Links, Part 3 (Trademarks, Domain Names and Trade Secrets Edition)

January 02, 2011

Nov.-Dec. 2010 Quick Links, Part 5

September 24, 2010

Availability of Client Data on LinkedIn, Facebook, and Google Sinks Trade Secrets Claim -- Sasqua Group v. Courtney

August 09, 2010

July 2010 Quick Links, Part 1 (IP Edition)

April 27, 2010

Interesting Database Scraping Case Survives Summary Judgment--Snap-On Business Solutions v. O'Neil

August 10, 2009

Nursing Student's Blog Post Doesn't Support Expulsion--Yoder v. University of Louisville

April 28, 2009

Promatek Redux: Software Consultant Enjoined from Metatag Usage and Other TM References--Deltek v. Iuvo

April 12, 2009

Q1 2009 Quick Links, Part 4

April 26, 2006

Employee Blogging Risks

December 07, 2005

Keeping C&D Letters Confidential