Groupion, LLC v. Groupon, Inc., 2012 WL 1655728 (N.D. Cal. May 8, 2012).

Groupion makes CRM software. Groupon is the leading online daily deals provider. A year ago, Groupion sued Groupon for trademark infringement. Last Fall, the judge denied Groupion's preliminary injunction request, signalling that Groupon could win with a summary judgment motion. Groupon followed through with the motion, which the judge granted, easily rejecting all of Groupion's contentions. The judge also rejected Groupion's cancellation request and independently ruled that Groupion wouldn't be entitled to monetary relief even if it won.

The opinion doesn't break a lot of new ground from the preliminary injunction dismissal. The court reinforces the linguistic differences between Groupion and Groupon, The court also rejects the similarity between the companies' offerings, even though Groupon added some tools (Groupon Rewards and Groupon Scheduler) that have some CRM-esque aspects. The court says "Despite the fact that Groupon now provides its business customers some information about the consumers who purchase its products through Groupon, and provides a calendaring program, the Court finds that this small potential overlap of services does not render Groupon's and Groupion's products to be related to the point that consumers would be confused as to their source."

In a footnote, the court says it's irrelevant that Google auto-corrects Groupion into Groupon:

Groupion, again without any citation to supporting evidence, argues that because searches on the Google search engine for “Groupion” produce results from “Groupon,” the companies share similar marketing channels. This argument does not assist Groupion. In addition to Groupion's fatal failure to cite to supporting evidence, the fact that a third party might suggest an alternative search based on the similarity of the spelling of Groupion and Groupon does not show that the two companies use similar means of marketing their products and services.

I defended this point about the irrelevancy of third party associations in my 2005 Deregulating Relevancy article.

It's hard to draw big lessons from a case like this, especially when there was a whiff of trademark trolling in Groupion's efforts. I have a more insightful lesson from trademark trolling coming in an imminent blog post.

[Eric's introduction: Some guest visitors to the blog need no introduction, and that surely describes Jennifer Granick (her Wikipedia page). She's cast huge shadows over cyberlaw in her various stints, including being a leading criminal defense attorney for technology crimes, an EFF attorney and director of Stanford's Cyberlaw Clinic. I'm so glad Jennifer was willing to share her unique perspective on CISPA. I have some remarks after hers. Jennifer has also posted a supplemental line-by-line commentary of CISPA.]

The Cyber Intelligence Sharing and Protection Act ("CISPA") is the latest example of a depressingly common situation in Washington DC -- well-meaning legislators unfamiliar with technology try to rush through a statute about a high-profile Internet issue (here, cybersecurity). Proponents of the bill say they want to faciliate information sharing between the federal government and the private sector. What they don't seem to understand is that existing laws already permit most kinds of cybersecurity information sharing. In their eagerness, the supporters of CISPA would undermine our existing system of accountability for sharing of private data and, by doing so, cause a number of unintended consequences that would harm both state and federal efforts to protect consumer privacy.

CISPA's Unintended Consequences: I firmly believe sharing cybersecurity information is a public good, which is why I have made a career of representing security professionals and hacker hobbyists who want to investigate and report on vulnerabilities. But CISPA (1) fails to comprehend the ways in which existing laws allow sharing, but with accountability; (2) runs roughshod over federal and state laws protecting privacy; (3) could inadvertently immunize retaliatory hack-back security techniques; and (4) creates an "inner circle" of private entities willing to share and share alike with the government, but leaves disfavored service providers in the cybersecurity dark.

(1) Current Law Does Not Interfere With Sharing for Security Purposes: The vast majority of what security professionals consider cybersecurity information is not personally identifing or protected from sharing by any law. Attack signatures, vulnerabilities, exploits and other classic computer security data are freely shareable. For the subset of data that may identify a particular individual, existing laws allow sharing. The most relevant laws, the Wiretap Act and the Electronic Communications Privacy Act, allow a provider to collect and share data for protection of the providers' rights or property. It is true that such sharing is subject to minor but long-standing privacy-enhancing conditions* which CISPA would simply dispose of.

[*FN: My line by line analysis of CISPA (link) highlights where in the text safeguards and dangers would be codified. I strongly oppose this legislation, but can envision a much better, streamlined, privacy respecting, bill that accomplishes the purported cybersecurity purpose.]

As for information protected by HIPAA, VPPA or FERPA, one would not ordinarily think such data is subject to CISPA disclosure and use, except that CISPA specifically calls out sensitive health, educational, firearms, library and bookstore records as the kind of information that private entities can be expected to disclose. Otherwise private information, including video rental records, book rentals, newspaper subscriptions, online reading or data protected by state consumer protection laws (like utility usage records) may freely be shared under CISPA, despite existing privacy rules and sharing safeguards.

(2) State Governments Should Oppose CISPA: States, especially California and New York, protect consumers and consumer privacy with statutes regulating the collection, use and disclosure of sensitive information. Such California laws include electronic surveillance statutes, Shine the Light notifications, Smart Meter utility data protection, the Financial Information Privacy Act, the Reader Privacy Act, Security of Personal Information Law and more. While a comprehensive review of state consumer protection rules that could be preempted by CISPA is beyond the scope of this blog post, it isn't hard to see how California, New York and other states might have serious, perhaps fatal, reservations about CISPA as it currently stands.

(3) CISPA Could Categorically Immunize Even Reckless, Privacy Invasive or Damaging Cybersecurity "Active Defense" Techniques. The definition of cybersecurity system is broad enough to include common "active defense" techniques like remote exploit of an attacking system in order to collect data about the attack, or denial of service attacks to take the offending system offline. For more discussion of those kinds of defenses, see this article in The Atlantic. The statute then categorically immunizes good faith use of such cybersecurity systems. So entities that recklessly use active defense or "hack back" technologies to exploit, disable or destroy attacking machines, even when those machines are innocent zombies controlled and misused by the actual attacker, have no incentive to behave responsibly.

(4) The Cybersecurity One Percent: CISPA sets up a heirarchy of network and service providers. At the bottom are those owned and operated by individuals, who get nothing out of the statute. Next are those entites the government doesn't feel like sharing with, for whatever reason--including the retaliatory motivation that the company hasn't been forthcoming with its own cybersecurity (and customer) data. At the top are the golden firms that get preferrential treatment in the form of state-of-the-art security information. The big businesses that support CISPA probably think they are going to be in the room and get the shiny apple. But CISPA instantiates inequities that the computer security community has been managing for over twenty years, problems which inevitably arise from secretive and selective distribution of important security information. See e.g. Schneier, "Full Disclosure of Security Vulnerabilities a 'Damned Good Idea" (Jan 2007); Microsoft Security Response Center: Announcing Coordinated Vulnerability Disclosure (July 22, 2010); National Infrastructure Advisory Counsel, Vulnerability Disclosure Framework (January 13, 2004); Andy Greenberg, Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees), Forbes, March 21, 2012. CISPA proponents neither understand nor address the complexities of acheiving the worthy goal of cybersecurity information sharing.
________

Comments from Eric

Many commentators have drawn parallels between CISPA and SOPA, even though they putatively address very different issues (cybersecurity and IP infringement, respectively). I'd like to unpack some of the parallels. The most obvious parallel between the two laws: who thinks up crazy shit like this? As a prize for their creative thinking, the architects of CISPA and SOPA should get a one-way ticket away from Washington DC. Two other parallels between CISPA and SOPA:

1) No use case. I never understood SOPA's use case. Only one target was named: The Pirate Bay. However, the way it was drafted, SOPA wouldn't have applied to The Pirate Bay. So if SOPA was intended to shut down The Pirate Bay but the statutory drafting didn't reach that far, then the statute lacked any clear justification--and especially no payoff that would justify its multitudinous adverse collateral consequences.

Similarly, I'm not clear what problem CISPA is designed to solve. Indeed, some have said CISPA is a solution in search of a problem. If we can't define the problem clearly and succinctly, it's a good sign that either there's no justification for the law, or (more likely) someone is gaming the legislative system for their own benefit.

CISPA and SOPA have another parallel on this front: we don't understand the use case because the proponents never thought they had to justify the statute. In SOPA's case, the copyright owners expected members of Congress to pass the law without serious questions, which almost happened. When the copyright owners have so many financially supported friends in the corridors of power, they don't need to provide specific rationales for their requests; it's simply enough that the copyright owners wanted it, and their patrons are expected to deliver the quid-pro-quo on demand.

CISPA may not been such a blatant case of rent-seeking, but it too was designed to proceed without opposition because it was part of an anti-cyberwar effort. For reasons that remain entirely unclear to me, many DC insiders apparently have convinced themselves that we are waging a surreptitious cyberwar that the bad guys are winning. Perhaps there really is a cyberwar raging behind the scenes, but evidence of a cyberwar sure hasn't leaked outside the DC insider community. This makes me wonder if maybe there's a little too much paranoia running around in DC. Or, maybe there's rent-seeking behind the efforts to hype the cyberwar threat?

Worse, to the extent CISPA is an anti-cyberwar effort, it is poorly designed for that effort. At minimum, its definitions are way too broad to address just cyberwar concerns. One of my biggest objections to CISPA is that it defines cybersecurity issues to include ordinary Internet activities such as competitive scraping and sharing of copyrighted materials. The broad sweep of the bill only reinforces the lack of a clear use case about the problem it's trying to solve.

2) Hack of the Internet's infrastructure. SOPA attacked the Internet's basic infrastructure. Putting aside the poorly conceived domain name cutoff provisions that would have undermined the DNS's stability, SOPA was designed to deputize intermediaries to resolve problems they had little financial incentive to handle carefully. The result would be a massive circumscribing of socially legitimate behavior by intermediaries asked to intervene in problems they didn't care about.

In a different way, CISPA also hacks up the Internet's infrastructure. Over the decades, we have developed a delicate system of checks and balances on the government's ability to monitor its citizens' behavior. CISPA would completely gut that system, giving the government virtually any online information it wanted whenever it wanted it without meaningful restrictions on the government's ability to misuse the information. Thus, CISPA engages in the worst kind of Internet exceptionalism by turning the Internet into an all-you-can-eat smorgasbord buffet of information for ever-curious government officials, while presumably a more robust checks-and-balance system would still be in place offline. Making the Internet worse is not what we as Internet users want!

The resulting public outcry against SOPA and CISPA demonstrates that. The public at large does not want technologically clueless members of Congress messing up the Internet's infrastructure for uncertain/unclear payoffs. We give a lot of deference to Congress to screw things up, but when it comes to wrecking the Internet, THAT'S worth fighting against.

William Charron pubished a short piece for the Berkeley Journal of Entertainment and Sports Law that caught my eye (“Twitter: A “Caveat Emptor” Exception to Libel Law” [pdf]). His central point:

Twitter’s characteristics and limitations should negate any expectation of a “reasonable reader” that Twitter is a repository or stand-alone facts and unassailable “truth.” To the contrary, Twitter is a free-for-all marketplace for stream-of-consciousness thoughts and exclamations, and for unguarded and unedited personal observations, discussion, and entertainment.

Charron highlights the difference between fact and opinion in defamation law generally, and notes that courts have historically looked to context in determining whether something is reasonably understood to be “figurative” or “hyperbolic.” According to Charron, courts have taken this approach when reviewing defamation claims based on statements in chat rooms, message boards, and blogs. As one example, Charron cites to Sandals Resorts International Ltd. v. Google, where the court noted that:

Readers give less credence to allegedly defamatory remarks published on the Internet than to similar remarks made to other similar [and in particular to] posted remarks on message boards in chat rooms [and] blogs.

Charron does account for the possibility that a Twitterer “could find a way in 140 characters . . . to libel someone,” and in these circumstances a “there should be no “automatic immunity from a claim of libel.”

__

It’s a short piece that raises interesting issues.

My read of the situation is that it’s too early to tell whether courts are more apt to view statements online (and on Twitter) as more likely to be opinion than fact. Courtney Love’s lawyers telegraphed that they would rely on a defense along these lines, but the case never went to trial so a court hasn’t squarely addressed the question and addressed some of the surrounding issues. (As reported by Eriq Gardner, the court tentatively dismissed Love's defense: "Judge Rejects Courtney Love's Defamation Theories in Twitter Lawsuit.") For other cases relying on this theory in the context of online posts, in addition to Sandals Resorts, see DiMeo v. Max and Finkel v. Dauber.

One question this raises, is: what perspective does the court use when it evaluates context and makes the determination of whether something is hyperbole or would reasonably be viewed as a statement of fact? A reasonable person who is familiar with and who uses Twitter, or someone who is not familiar with the nuances of Twitter, its shorthand, and culture? I would guess the latter, given that tweets are often publicly disseminated and reported on outside the ecosystem, but if it's the former, litigants may have their work cut out form them in educating judges on the nuances of Twitter.

A big contingent of Twitter uses it to banter and snark, but at the same time, it’s become a go-to source of factual information. While context is undoubtedly important, a tweet should have the capacity to defame in the same way that an email, Facebook post, or an off-hand comment does. I’m not saying that Charron is arguing for the adoption of a default rule of immunity based on opinion, but I can’t see courts going this route anyway. It would be an unwarranted case of "Twitter exceptionalism" to adopt this rule for Twitter but not for other online communications generally.

A few related points.

Defamation by Tweet raises the question of whether linking to something that is defamatory is itself defamation. I’m not aware of a definitive answer to this question, although in the pre-Twitter context, republication of a defamatory statement without sufficient qualification can be defamatory. How about defamation by Retweet? (You know there’s a reason why everyone has that “RTs don’t = endorsements" in their bio!) This is probably getting too far in the weeds, but should it matter whether someone uses the old or the new style Retweet? (It's worth noting that there's a likely Section 230 defense here.)

It’s also worth looking at the online threat cases to see whether courts have treated online threats different from off-line threats. I’ve blogged about a slew of cases involving convictions for online threats, and courts in those cases don’t seem very willing to look at the context of an alleged threat and conclude that a reasonable person familiar with the context would not have viewed the statements as threats. (See, e.g., US v. Jeffries (currently on appeal)); US v. Stock (craigslist threats) and Holcomb v. Virginia; but see US v. Cassidy ("indictment for Twitter harassment is unconstitutional")).

Finally, there's the issue of damages. Jeffrey Hermes has a great post at Citizen Media asking how we "should measure damages for defamation over social media." Pointing to the recent $13.78 million jury verdict based on "an extended campaign of [online] defamation," Jeff notes that the verdict in that case does not allow us to measure what portion was tied to reputational injury and what portion was intended to redress emotional damages. Turning to the reputational injury, he asks some interesting questions about how to evaluate damages when the defendant makes repeated defamatory statements (e.g., is there some loss of credibility to the poster who makes 100 negative posts, as opposed to 10?).

Scott v. WorldStarHipHop, Inc., 2012 WL 1592229 (S.D.N.Y. May 3, 2012)

Copyright law wasn't designed as a privacy enhancing doctrine, but sometimes plaintiffs try to repurpose copyright law anyway. This case is an interesting illustration of how copyright law might be used to reverse-engineer a right to forget, using legal tactics not dissimilar to those advocated (and later renounced) by Medical Justice. As such, this case provides an early warning sign of an emerging attack on publicly available truthful information using copyright law chicanery.

In November 2010, Scott's girlfriend and ex-girlfriend got into fisticuffs in a classroom. Scott joined in the melee and hit his ex-girlfriend multiple times. A classmate, Seymour, videotaped the altercation. Seymour then sent the video to the WorldStar website, which posted the video as "Disgraceful: College Fight In NYC Breaks Out Between A Guy, His Girl & Another Girl In Class! (Man Strong Arm's The Student. Hitting Her With Body Shots)." Unfortunately, the opinion is cryptic about whether Seymour posted the video directly or submitted the video to WorldStar for their posting--it would make a difference to the copyright analysis. The video appears to be offline now.

Then, things get really interesting. In December 2010, Seymour assigned the video's copyright to Scott. The opinion doesn't say why. It could be that Scott paid Seymour for this assignment as a cheap way to get legal control over the video; or it could be that Scott coerced Seymour into transferring the copyright to settle a lawsuit threat. Once armed with the copyright, Scott sent 512(c)(3) takedown notices to the websites hosting or linking to the video. See, e.g., this one to Twitter. Scott sent a defective takedown notice to WorldStar, which didn't respond in 12 days, at which point Scott sued. WorldStar brought a 12(b)(6) motion to dismiss. The court rejects the dismissal motion for the copyright claim and grants it for the publicity rights claim.

Copyright. WorldStar argued that Seymour granted it a license to the video before Seymour's copyright transfer to Scott, and thus Scott's acquisition of the video was subject to the then-existing license. The court rejects this argument because WorldStar didn't adequately show it had the required written license (required by 17 USC 205(e) necessary to withstand a subsequent acquisition).

This reinforces the importance of the facts around how WorldStar obtained the video. The opinion doesn't indicate if Seymour clicked through a mandatory non-leaky clickthrough agreement. If WorldStar used a mandatory non-leaky clickthrough agreement, then I'd argue (per UETA/E-Sign) that in fact there was a written license agreement in effect before the Seymour-Scott transaction. However, for WorldStar's argument to work, the license would need to be irrevocable. Otherwise, even if the license survived the acquisition, Scott can simply revoke the license post-acquisition. So while I think most UGC websites will have a "written" license sufficient to withstand the 205(e) attack, I think most UGC websites also don't have strong enough EULA provisions about retaining UGC once posted to avoid this attack. Note that users' rights to remove the videos they uploaded might be located in either the EULA or privacy policy, so both documents would need to be reviewed to reach a conclusion.

WorldStar also argued that Scott sent a defective 512(c)(3) takedown notice, and thus it never got the requisite knowledge of infringement. However, WorldStar didn't argue that it requested Scott resubmit a compliant notice as possibly required by 512(c) (given the nature of the alleged notice defects), and thus WorldStar can't get a 12(b)(6) dismissal on this point.

Publicity Rights. Scott's New York state publicity rights claim fails because Scott didn't allege WorldStar used the video for advertising purposes, and WorldStar's other activities were protected under the state law's newsworthiness exception. While dismissal is the right outcome, relying on the newsworthiness exception is a little disquieting. The newsworthiness exception applies often in content lawsuits (see, e.g., Parisi v. Sinclair and the trademark case BidZirk v. Smith) but not always. See Fraley v. Facebook as an example of how the newsworthiness exception has its limits. A much better grounds for dismissal would be the lack of commerciality in the video; Seymour had no obvious commercial interest in the video, and WorldStar had no more commercial interest in the video's "editorial content" than an ad-supported newspaper has a commercial interest in its editorial content.

Implications. This lawsuit provides a protocol for folks trying to suppress truthful negative information--acquire the copyrights to the content containing the unwanted information, and then use the newly created threat of copyright infringement to force that information off the Internet. While this is a disconcerting protocol, it probably won't work in all circumstances. For example, the protocol probably works better for visual/aural content than purely textual content because (a) people need to see/hear some things with their own eyes/ears, and (b) it's much easier for others to extract and repeat textual information without running afoul of copyrights. Nevertheless, the post-publication acquisition protocol works even better than Medical Justice's now-retired pre-publication acquisition approach because it doesn't rely on legally dubious pre-assignments of not-yet-extant works, plus it can be activated only in response to specific problematic content. Thus, we need to vigilantly monitor the ecosystem for potential abuses of this protocol.

UGC sites (and especially review sites) could undercut the protocol by restricting users' ability to take down content in response to legal duress. Ripoff Report famously provides its authors with no power to delete their reviews, an aggressive and sometimes questionable move that does avoid the problems identified here. If a blanket restriction on users' editing/deleting of their own content is too strong, UGC sites could limit this attack by restricting editing/deleting if the author assigns/transfers the copyright in the work, i.e., a kind of springing conditional irrevocability to the user's license to the UGC site if the user transfers the copyright. I doubt many UGC sites will undertake such an effort now, but if we see widespread misuse of the protocol, UGC sites should undertake more drastic measures to preserve their sites' integrity.

For more on the social values that this protocol threatens, see my essay on the Regulation of Reputational Information.

K-Beech, Inc. v. Does 1-37, CV 11-3995 (E.D.N.Y.)
Malibu Media, LLC v. Does 1-26, CV 11-1147 (E.D.N.Y.)
Malibu Media, LLC v. Does 1-11, CV 11-1150 (E.D.N.Y.)
Patrick Collins, Inc. v. Does 1-9, CV 11-1154 (E.D.N.Y.)

Order & Report & Recommendation (May 1, 2012)

A trio of bit torrent plaintiffs were smacked around (somewhat brutally) by a federal judge in New York last week. The order addressed requests for early discovery filed by plaintiffs in three separate copyright lawsuits involving approximately 50 Doe defendants. It also addressed the requests of Doe defendants to quash subpoenas which were issued in a fourth action after the plaintiff obtained leave to issue early discovery.

The order is scathing and takes more than a few shots at K-Beech’s “rambling motion papers [that] often lapse into the farcicial.”

End result: the court dismisses one case in its entirety, and cuts the remaining three cases down to one Doe defendant, finding that joinder is improper.

Here is a summary of the key points in the court’s order:

1. An IP address does not conclusively identify an infringer: the court says that unlike in a university setting or in earlier times, these days, given the proliferation of wi-fi, the fact that someone’s IP address was connected to allegedly infringing activity does not mean that the person whose IP address was used is the infringer. (“[A] single IP address usually supports multiple computer devices – which unlike traditional phones can be operated simultaneously by different individuals.”) Accord Johnson v. Microsoft Corp., 2009 WL 1794400 (W.D. Wash. June 23, 2009); in contrast, the FTC considers IP addresses to be personally identifiable information. (For what it's worth, more than a few courts have accepted the view--at least at the early stages of litigation--that an IP address identifies the putative infringer.)

2. Improper litigation tactics: at least one of the plaintiffs (K-Beech) engaged in improper litigation tactics. One of the Doe defendants contacted K-Beech to try to resolve the dispute. Apparently, K-Beech employed the usual threat that a defendant’s name could be tied to a porn lawsuit and persuaded the plaintiff to provide (under the auspices of settlement) “unfettered access to [Doe’s] computer . . . employment records [etc.]” K-Beech then failed to respond to the Doe defendant's communications regarding settlement. In response to Doe’s allegations, K-Beech’s counsel failed to present proof that it or its investigators didn't engage in this conduct. The court notes that Doe’s experience mirrors the experience of at least one other Doe defendant in a file-sharing case in New York. The court is not happy:

[t]his course of conduct indicates that the plaintiffs have used the offices of the Court as an inexpensive means to gain the Doe defendants’ personal information and coerce payment from them.

3. No copyright registration: the same plaintiff who engaged in the tactics referred to above did not have an actual copyright registration—it sought to rely on an application for registration (which is not sufficient in the Second Circuit). Although K-Beech was smacked down for this reason in another case in New York, it tried to remedy this by adding “conclusory trademark claims.” [??] When K-Beech's briefing veered into discussing reputational harm from unauthorized downloads, the court in a footnote points out that the owner of K-Beech doesn’t necessary have the most stellar reputation:

it is worth noting that the owner of K-Beech Inc. (and apparent inspiration for the K-Beech mark) is Kevin Beechum . . . . It appears that this is the same Kevin Beechum who testified in federal prosecutions about his experience vandalizing adult retail video stores to help extort protection payments from their owners.

D’oh!

4. Joinder is inappropriate: the court says that plaintiffs should not be able to sue multiple defendants in the same suit. Plaintiffs tried to rely on the “swarm” theory--which has been accepted by some courts and rejected by others--under which file-sharing defendants who were a part of the same interactions can be sued together in the same lawsuit. Here, the court notes that plaintiffs’ own allegations undermine their swarm theory. For example, the downloads were often weeks or months apart:

even assuming that the John Does are the actual infringers, the assertion that defendants were acting in concert rests upon a thin reed.

The court declines to exercise its discretion to join the Doe defendants together.

5. Plaintiffs trying to avoid separate filing fees: the court notes that plaintiffs have avoided more than $25,000 in filing fees by filing mass-defendant lawsuits, as opposed to suing the Doe defendants individually. When you take other cases in the same district into account, this amount is closer to $100,000. (The court notes that this approaches millions when the suits nationwide are considered.)

6. Don’t try to take the moral high-ground, porn plaintiffs:

In its papers, counsel for K-Beech equate its difficulties with alleged piracy of its adult films with those faced by the producers of the Harry Potter books, Beatles songs and Microsoft software, and compare its efforts to collect from alleged infringers of its rights to the efforts of the FBI to combat child pornography. In an ironic turn, the purveyors of such works as “Gang Bang Virgins,” explain how its efforts in this matter will help empower parents to prevent minors from watching “movies that are not age appropriate.” . . . It is difficult to accord plaintiff, which features “Teen” pornography on its website, the moral high-ground in this regard.

__

Ouch. As mentioned above, the court dismisses K-Beech’s lawsuit sua sponte in its entirety. The dismissal is without prejudice, but K-Beech should think twice about filing another file-sharing lawsuit in New York. The other defendants can pursue cases against defendants on an individual basis (they must file separately), and the Does (other than unlucky Doe No. 1) are dismissed from the three lawsuits. The court appears open to appointing counsel from its pro bono panel for Doe No. 1 (and I’m guessing future Doe plaintiffs).

There are a slew of these lawsuits pending around the country so it’s tough to say anything definitive, but courts certainly seem to be reaching the boiling point with bittorrent plaintiffs (the abusive litigation tactics don’t help). Check out the TorrentLawyer blog for a few recent examples:

- Malibu Media, LLC cases go down in FLAMES in Virginia

- THIRD DEGREE FILMS, INC. attorney perhaps facing a THIRD DEGREE FELONY

Also, as a follow up to the case in New York, Twitter user "fightcopyrighttrolls" reports on what seems to be an inexplicable strategic decision by lawyers for one of the plaintiffs in this case.

[A note to lawyers: judges compare notes, directly or indirectly.]

Other coverage:

Ars Technica: Furious judge decries "blizzard" of copyright troll lawsuits

Torrent-Freak: Judge: An IP-Address Doesn’t Identify a Person (or BitTorrent Pirate)

Previous posts:

Court Nukes Another Mass Defendant File-Sharing Lawsuit -- Digiprotect v. Does
Copyright Doe Defendant Can’t Quash Disclosure Subpoena Anonymously—Hard Drive Productions v. Does

Art of Living Foundation v. Does, 10-cv-05022-LHK (N.D. Cal.; May 1, 2012)

I posted earlier about the Art of Living Foundation’s (AOLF) efforts to unmask online critics (posting psueudonymously as ‘Skywalker’ and ‘Klim’). In early rulings, the court rebuffed AOLF’s efforts. AOLF originally brought defamation and trade secrets claims. The court held that any allegedly defamatory statements were protected opinion, and that AOLF failed to identify trade secrets with particularity. The court also stayed discovery of defendants’ identities, finding that the balance of equities favored the preservation of anonymity. (Here's my prior blog post on the case: "Spiritual Group's Attempt to Unmask Online Critics Goes South.")

AOLF filed an amended complaint, dropping the defamation claims but adding claims for copyright infringement. The amendment also specified the allegedly misappropriated trade secrets. With respect to the copyright claim, AOLF alleged that republication of certain “lesson plans” by the Doe defendants constituted copyright infringement and misappropriation of trade secrets.

In a further development in this lawsuit, the court granted the Does’ request to dismiss the copyright claims. The trade secrets claims largely survive, although the court notes that they aren’t the strongest.

Copyright claims: AOLF did not present any evidence that one of the two defendants was involved in any way in republishing the lesson plans, or related notes, so this defendant (Klim) is awarded summary judgment. Skywalker, the second Doe defendant, admitted to posting the text of the lesson plans on his blog. Although he wasn’t entitled to summary judgment on the same basis as Klim, he challenged AOLF’s ownership of the copyrights at issue.

The court finds that the registration certificate presented by AOLF was not prima facie evidence of ownership (because the registration was obtained more than five years after publication). The court goes on to find that the AOLF entity that brought the copyright claim was not the owner of the copyrighted material. There’s an Indian AOLF entity, and one of the declarations let slip that the lesson plans at issue were created “for the benefit of the Art of Living Foundation in India with the understanding that the Art of Living Foundation in India would own [all of the rights to the lesson plan].”

AOLF (US) also tried to argue that the Indian entity assigned the US entity the copyright, but AOLF (US) failed to produce any written record or an assignment, or even that such a writing existed. Even a confirming email would have been plenty, but for whatever reason AOLF (US) was unable to muster evidence on this point.

Trade secrets claims: Defendants continue to batter away at AOLF’s trade secrets, but the court finds that AOLF made the minimal necessary showing that its teaching methods: (1) have independent economic value and are not generally available; and (2) are the subject of reasonable confidentiality restrictions. In particular, AOLF came forward with evidence that although the teaching methods were drawn on “conventional concepts and terminology of Hindu mysticism,” AOLF “incorporate[d] many additional and novel elements.” With respect to confidentiality, AOLF alleged that it required its teachers to sign confidentiality agreements. Although the court expresses some skepticism about the overall merits of AOLF’s trade secrets claims, those claims are sufficient to move forward at this time. However, the court does include language in its order inviting defendants to move for summary judgment on the issue of whether AOLF’s information is truly a trade secret, or indistinguishable from general knowledge of the public or those skilled in the relevant field. The court also raps AOLF on the knuckles for trying to take a third bite at the designation of trade secrets apple. AOLF already submitted an amended designation of trade secrets and sought to amend this designation again. The court says that although it will allow the amendment, this is the last time (“the court puts [AOLF] on notice that this is its final opportunity to amend its trade secret designation with particularity”).

Finally, the court grants the motion to strike as to Klim, finding that AOLF put forth no evidence that Klim was involved in any way in the alleged dissemination of AOLF trade secrets.

SLAPP fees: Finally, the court grants defendants' request for fees as to the defamation/trade libel claim. Although AOLF amended its complaint and dropped the defamation and trade libel claims, there was no evidence that AOLF achieved its goals with respect to these claims through other means. AOLF’s amendment of its complaint to exclude the defamation and trade libel claims was “tantamount to a voluntary dismissal.” (Defendants brought a motion to dismiss and a motion to strike and the court earlier granted the motion to dismiss but declined to reach the merits of the motion to strike.) End result: defendants can seek fees for dismissal of the defamation and trade libel claims.
_____

This is another example of how things can go wrong when someone tries to squelch speech online. Granted, in countless other cases, these types of claims would have resulted in default judgments without anyone batting an eye, but the Does were represented by counsel (and both Public Citizen and EFF appeared as amici). As a result, the balance of power changed significantly. (It also helps to have a thoughtful judge—in this case Judge Koh—who takes a close look at the issues and seems mindful of the speech implications of the judge's rulings.)

It’s interesting that AOLF’s efforts to unmask the Does were premised in part on AOLF’s copyright claims. These turned out to be insufficient at the end of the day. Courts routinely grant requests to unmask Doe defendants when copyright claims are involved, but this ruling is a reminder that judges should take a close look at those requests, even when the other side may not be represented by counsel. For another example, see Maximized Living v. Google.

Finally, the court’s order makes a reference to how many times the webpages containing the alleged trade secrets were viewed: 147 and 351 in July and August 2010, respectively (before the pages were removed in response to a takedown request sent to WordPress). Given the cloud around AOLF’s copyrights and the multiple entities involved (the takedown request was sent from Vyakti Vikas Kendra India), one wonders about the propriety of the takedown requests. But setting this aside, these statistics raise the question of whether AOLF’s significant expenditure of fees to squelch criticism of it was even remotely worth it. (I would be shocked if their answer today was “yes”.) Compare Pitale v. Holstine.

Given the court’s ruling on the fees issue, and its hints around the strength of AOLF’s trade secrets claims, this case should quickly head towards a settlement. The big question is whether everyone will just go their separate ways, or if AOLF will be writing a check to the Does (or their counsel).

Price v. Gannett Co., 2012 WL 1570972, (S.D. W. Va. May 1, 2012)

This is a pro se case. The plaintiffs alleged that pseudonymous posters made defamatory and otherwise tortious remarks about the plaintiffs on Topix. The court has zero difficulty tossing the case on a 12(b)(6) motion to dismiss. The court's analysis:

Plaintiffs have alleged all three elements [of a 230 defense] in their complaint as Topix is a website where users post comments. Plaintiffs have admitted in the complaint that the unknown individuals provided the statements, not Topix. It is also clear that Plaintiffs are treating Topix as the publisher.

If the plaintiffs weren't pro se, this would be a logical case for the judge to issue sanctions against the plaintiffs for bringing such an obviously unmeritorious claim.

This is at least the second time Topix has qualified for the 47 USC 230 immunity. See my post on the first case, Hopkins v. Doe, which similarly involved a pro se suing over pseudonymous posts and led to an equally emphatic defense win.

Capriotti's Sandwich Shop, Inc. v. Taylor Family Holdings, Inc., 2012 WL 1448514 (D. Del. April 25, 2012). The complaint and exhibits A-D, E-H and I-O. Some background.

Capriotti's is a franchised fast-food sandwich chain, with its signature sandwich being "the Bobbie" with roasted turkey, cranberry sauce and stuffing. I've never been to the chain and it doesn't sound like my kind of place, but they do have a comparatively well-developed (for a fast-food sandwich place) vegetarian menu.

In 2003, Taylor became a Capriotti's franchisee in Las Vegas. The franchise agreement contained standard provisions requiring franchisor pre-approval of any franchisee ad copy.

You'd think that Thanksgiving-in-a-roll would sell itself, but Taylor sought a marketing edge in Las Vegas by appealing to local sensibilities. And what sells better in Vegas than sex appeal? So Taylor hooked up with a local topless bar ("Crazy Horse III") to offer a happy hour special of a sandwich and beer for $5. The ad copy displayed the franchisor's trademarked logo; though the parties disputed if Taylor authorized that or not. Several local publications and blogs shared the promotion with their audiences, such as this post:

“Hey, you like boobs, don't you? Of course you do. You like sandwiches too, right? Now why not put them together.... Apparently Crazy Horse III is teaming up with Capriotti's to offer lap dance enthusiasts six-inch-subs with a beer for five bucks during happy hour from 1 to 7 p.m. daily....”

Capriotti's learned that Taylor had allegedly cooperated with the topless bar on the promotion and sent a breach notice with a 5 day cure period. Feeling that Taylor didn't adequately remedy the situation, Capriotti's then sent a notice to terminate the franchise agreement. Taylor continued operating the franchise without change (although at some point the topless bar stopped the promotion), so Capriotti's sued Taylor in Delaware, and Taylor countersued.

The court doesn't understand why the parties sued in Delaware when both litigants are based in Nevada, so it transfers the case back to Nevada. The court also denies the plaintiff's preliminary injunction request because of the parties' factual disagreements and the unavailability of a key witness (the topless bar manager). These parties should settle, but they'll probably spend hundreds of thousands of dollars on attorneys' fees fighting over the implications of associating sub sandwiches with naked breasts instead.

What remains puzzling to me is why Capriotti's thinks it's worth suing to get Taylor out. Perhaps the association with a topless bar is so irreparably distasteful to Capriotti's that it's worth killing the relationship. The opinion also indicates that other franchisees in the local area were unhappy (jealous?) about the promotion. More likely, there's a backstory that makes the franchisor's litigiousness more explainable. Many franchisors would have gladly looked the other way or simply counseled the franchisee about its behavior going forward. After all, even if Taylor authorized the ad copy without permission, it was in the service of moving more Bobbies.

From the franchisee's perspective, this case is a good reminder that franchisors can be unduly sensitive about lascivious associations. Plus, franchisees shouldn't forget that franchisors may be delighted to have a pretextual excuse to shut down a longtime franchisee. The franchise agreement is the foundational document for the franchisee's business; it needs to be respected at all costs.

US v. Nosal, 2012 WL 1176119 (9th Cir. Apr. 10, 2012)

Nosal was a Korn/Ferry employee who, after his departure, convinced some remaining employees to provide him with confidential information to help him start a competing business. Employees were authorized to access the company's network and information on it, but they were prohibited by the employer’s policy from disclosing confidential information. The key question was whether the employees “exceeded their authorized access,” and whether their access and use of the information constituted a criminal violation of the Computer Fraud and Abuse Act.

The 9th Circuit took the case en banc. In a typically clear and emphatic Judge Kozinski opinion, the Ninth Circuit says that exceeding authorized access to an employer's network does not support a conviction under the CFAA. (Judge Silverman's dissenting opinion is worth checking out as well.) The key distinction is whether the employees accessed data or information that they were totally prohibited from accessing, or whether they misused information that that were otherwise authorized to access. The first scenario supports a CFAA violation, but the second does not.

The parties wrangle over the statute’s wording and construction, and the court sides in favor of the defendant with respect to these arguments. The court notes that the government’s interpretation of the statute would transform everyday online “dalliances,” which arguably violate employer policies by using networks for non-“business purposes,” into federal crimes:

What exactly is a “nonbusiness purpose”? If you use the computer to check the weather report for a business trip? For the company softball game? For your vacation to Hawaii?

What swayed the court is that the government’s construction of the statute would expand the scope of the statute far beyond its intended purpose—hacking—and would “make criminals of large groups of people who would have limited reason to suspect that they are committing a federal crime.” Who might these people be? You and me, and every other person who surfs countless websites arguably in technical violation of the applicable terms of service. We use sites that are subject to terms of service but these terms of service are, as the court notes, “vague and generally unknown.” We routinely violate those terms of service:

Lying on social media websites is common: People shave years off their age, add inches to their height and drop pounds form their weight. The difference between puffery and prosecution may depend on whether you happen to be someone an AUSA has reason to go after.

Moreover, websites reserve the right to change terms of service “at any time and without notice.” This means that any use of a website in violation of the terms--that the user may not even have knowledge of--could constitute a federal crime. The court cites to the terms of service of various websites, including Facebook, craigslist, Twitter, Hulu, YouTube, Match.com, Netflix, Pandora, just to name a few. The government came back and said that it would be unlikely that any user would be prosecuted for these violations, but the court cites to US v. Drew and says that if the government has a reason to go after you, its interpretation of the statute allows it to do so.

The day after the Ninth Circuit's ruling in Nosal, the Second Circuit released its opinion in U.S. v. Aleynikov, explaining its rationale for setting aside Aleynikov's conviction under the National Stolen Property Act and the Economic Espionage Act of 1996. Aleynikov was a highly paid programmer who worked for Goldman Sachs. He was lured away by a competing business to develop the competing business's high frequency trading system. Prior to leaving Goldman, he transferred a chunk of the source code that he had developed while at Goldman. The Second Circuit sets aside his conviction, finding that source code alone is not a "product" for purposes of the EEA or a "good, ware, or merchandise" for purposes of the NSPA. Interestingly, Aleynikov was charged with a CFAA violation but the district court dismissed it, relying in part on Brekka. With respect to the CFAA claim, the district court said that because Aleynikov was authorized to access the source code at the time he accessed it, his subsequent misuse is not enough to support a CFAA charge. As it turns out, the government's attempted workarounds to the CFAA, the NSPA and EEA charges, were no more availing.

__

The Ninth Circuit's Nosal ruling is a big loss for employers, who in recent years have been pushing Computer Fraud and Abuse Act claims in the employment context. The court cites to Lee v. PMSI in a footnote, but there have been countless others. (Prior blog post on this topic: “No Computer Fraud and Abuse Act Violation for Access of Facebook and Personal Email by Employee -- Lee v. PMSI.”) It’s also a big loss for networks who will have a tougher time policing access based on terms of service violations. Facebook most recently went after Power Networks, and although it proceeded under California’s anti-hacking statute, this decision may affect similar lawsuits in the future. (The two statutes are not identical and it’s unclear as to whether a network could prohibit scraping or other unauthorized access.)

There's a key question left somewhat open by the court's opinion. If a network imposes use restrictions and says that users who access the network for improper purposes are not authorized to use the network at all (e.g., "if you provide false information when you register for an account, you are not authorized to access our service" or "you may not access our service via bots or other automated means"), does Nosal leave open the possibility of a CFAA violation in this context? Nosal (and LVRC v Brekka, an earlier Ninth Circuit case) do not appear to preclude this approach.

The Ninth Circuit's approach here diverges from the approaches of other circuit courts. I don't have a sense of whether this is a good candidate for Supreme Court review, but that's a possibility. For what it's worth, there's a draft bill currently pending to "fix" the CFAA. Check out this post from Jennifer Granick as to why the fixes won't be much of a fix: "Draft Bill to "Fix" CFAA Won't."

What steps can employers take post-Nosal? I'd consider the following: (1) make employee policies as explicit as possible, and don't rely on vague notions of fiduciary duties; (2) impose access restrictions that govern the means of access; and (3) password-protect stuff that is truly a trade secret and make it available only on a need-to-know basis. Even these steps don't guarantee a solid foundation for a CFAA claim. At the end of the day, it may be worth looking to other means of protecting your confidential information and restricting competition by employees.

Prior post:

9th Cir: Access of Computer in Violation of Employer's Use Policy Violates Computer Fraud and Abuse Act -- US v. Nosal

Other coverage:

* EFF (press release): Appeals Court Rules That Violating Corporate Policy Is Not a Computer Crime

* Jeff Neuburger: Ninth Circuit Ruling Trimming CFAA Claims for Misappropriation Reminds Employers that Technical Network Security is the First Defense

* Kim Zetter: Code Not Physical Property, Court Rules in Goldman Sachs Espionage Case

* David Kravets: Court Rebukes DOJ, Says Hacking Required to Be Prosecuted as Hacker
______

Eric's Comments

Judge Kozinski's opinion was highly entertaining (as usual) and full of pragmatic realpolitik, but I disagree with Venkat that the opinion was clear. In fact, I remain quite confused by the opinion and what it means for the CFAA. Among the questions I can't confidently answer after the opinion:

* does the en banc's definitional interpretation apply to both civil and criminal CFAA claims, or just criminal prosecutions? There are some reasons to believe the court's opinion would support reading the language the same in civil and criminal contexts. The court says: "Once we define the phrase for the purpose of subsection 1030(a)(4), that definition must apply equally to the rest of the statute." Plus, a number cases endorsed by the majority are civil. However, the majority never clarifies this point, and there is some reason to believe the results aren't 100% extensible to civil cases. For example, the majority opinion repeatedly hammers on CFAA criminality interpretation problems and gives examples of ridiculous CFAA crimes (and doesn't give any countervailing examples of a CFAA civil case). The majority also concludes that criminal prosecutions turn on lenity, a consideration that wouldn't apply in the civil context. Finally, the Lori Drew court treated civil and criminal CFAA suits differently, so arguably that distinction could still crop up in other cases.

* as noted by Venkat, if a company policy says "we condition your access to our network on you not doing XYZ with any data you subsequently acquire," has the company drafted its way around the holding? This workaround should be too facile, but the majority opinion possibly sets up this bypass.

* how can a network operator properly communicate any limits of third party access to their networks? Historically, websites could delimit access for CFAA purposes via "terms of use" that were "browsewraps," i.e., pages that users weren't required to see in order to access the site. The majority's result doesn't depend on terms placement, but it uses some examples of non-clickthrough terms that it seemingly treats as binding. (e.g., "Not only are the terms of service vague and generally unknown—unless you look real hard at the small print at the bottom of a webpage—but website owners retain the right to change the terms at any time and without notice."). In light of its ruling, perhaps terms of use never can delimit server access, so placement of terms is irrelevant, i.e., even if the contract is presented as a clickthrough, it will be irrelevant to the CFAA analysis. But if that's the case, then the opinion has virtually eviscerated all civil CFAA claims in the Ninth Circuit--a good result IMO, but a perhaps unnecessarily overreaching one.

Obviously, future litigation will give us the answers to these questions. But it would have been better if the majority opinion had been clear enough to prevent the sorting-out process that will take place over the next couple of years.

Even with all of its ambiguities, I think the majority reaches a favorable policy outcome, and I for one would love to see the CFAA scale back its scope substantially. That isn't going to happen. The CFAA is one of the statutes Congress keeps "improving" as part of its wars on terror and cybersecurity, so I wonder if this opinion's result will survive Congress' next ham-fisted amendment of the CFAA.

Hermès v. Does, 12-civ-1623 (S.D.N.Y.; Apr. 30, 2012)

We’ve blogged repeatedly about trademark owners obtaining ex parte orders that provide extraordinarily broad relief, ranging from domain name seizures to orders directing search engines and social networks to “delist” or “deindex” certain websites. In the run-up to SOPA’s introduction and consideration, it seemed relevant to keep track of what relief courts were willing to order under current law that overlapped with SOPA. Hermès recently initiated a similar case. In a breathtakingly short amount of time, Hermès filed its complaint, obtained a temporary restraining order and then an injunction, and finally obtained a judgment . . . in the amount of one hundred million dollars. (!!)

I’ve linked the relevant case documents below:

• TRO
• Preliminary Injunction
• Legal Memorandum in Support of Default Judgment
• Declaration in Support of Default Judgment
• Order to Show Cause for Entry of Default Judgment
• Judgment & Injunction

The case follows a similar trajectory to the other cases we’ve blogged about. Most importantly, the court grants broad relief, including domain name seizures on an ex parte basis. The court allows service of the lawsuit papers via email and then issues an injunction when the defendant does not respond. The court also orders injunctive relief directed at third parties, such as registrars, search engines and social networks, that are not before the court.

What’s most striking about this case is how the court grants astronomical damages without any supporting evidence of actual damages. Usually when someone asks for damages, even in a default judgment setting, the court has a prove-up hearing and requires the party put forth some evidence in support of their claim for damages. Granted, the evidence may not be subject to the rigorous examination of an adversarial proceeding, but the court is still supposed to take an independent look at the request for damages and make sure it’s kosher. (See, for example the Seventh Circuit's decision in e360 v. Spamhaus: "Spamhaus off the hook for $11 million judgment.") Here, there was no evidence of damages whatsoever. A party's failure to "participate in litigation" or comply with court orders is sometimes used as a basis for a harsh award in the form of sanctions, but a court will almost always give someone a chance and warn them before coming down on them. A party's failure to respond to lawsuit documents that were emailed to them--particularly where there's no proof even that the documents have been received by the defendants--is not the type of scenario where courts typically smack defendants for frustrating the judicial process.

Hermès filed a brief arguing that counterfeiting is a serious problem, and that defendants infringed willfully, failed to participate in the litigation, and frustrated Hermès’s efforts to obtain the necessary information that would otherwise support a number for default judgment purposes. There was no discussion whatsoever of numbers of products that defendants allegedly sold—even by estimation. There wasn't any details on the alleged relationship between the various defendants (if any).

I don’t really know what to say. It’s crazy to see judges sign off on these types of orders. Interestingly, as the memo filed by Hermès shows, this isn’t the first time. Cases brought by brands in the last year have resulted in laughably high damages awards against alleged “sprawling online counterfeit networks”: True Religion ($8,150,000); Tory Burch ($164,000,000); Burberry ($60,000); North Face ($78,000,000). (See also “Uggs Wins $686 Million Judgment in Counterfeit Cases Against Over 3,000 Knock Off Sites”.)

It remains to be seen whether these judgments are merely part of a PR push, somewhat similar to those pursued by ISPs against spammers, or whether the brands will do more than levy against the PayPal funds to collect. Either way, judges have shown a surprising willingness to sign off on whatever these types of trademark plaintiffs put in front of them. As anyone who has any experience in federal courts can attest, federal judges tend to be prickly about the orders they sign. I keep thinking one of these days a judge will issue a blockbuster order saying that while it's appropriate for brands to pursue relief against infringers and counterfeiters, courts won't rubber stamp their proposed orders.

(h/t Fashionista (Leah Chernikoff): “Hermès Wins $100 Million Judgment in Counterfeit Case; 34 Knock Off Websites Are Forced To Shutter”)
__________

Eric's Comments

Raise your hand if you think Hermès actually lost $100M of profits to this group of online foreign defendants. Anyone?

Raise your hand if you think it's possible that Hermès could lose $100M in profits to the entire collection of online counterfeiters throughout the world. Think about the market size in total and the mixed empirical results about counterfeiting as beneficial marketing/price discrimination. Anyone?

Raise your hand if you think Hermès will collect more than $1 in cash from any defendant in this case (other than seizing cash in the hands of third party payment service providers). Anyone?

OK, so Hermès gets a big, empirically indefensible, uncollectable damages award ex parte. Um...yay...?

Can someone please explain to me how an award like this does any good for anyone? If anything, I think outcomes like this breed disrespect for trademark owners and for the judicial system. Trademark owners look like greedy SOBs making such pie-in-the-sky demands using procedural shortcuts that almost certainly negate any possibility of opposition. (Anyone who wants to justify the award by saying "well, the judge signed off on it, so it must be OK" is cordially invited to stuff it because...). As we've protested before, ex parte judicial review is much more analogous to NO judicial review than to bona fide due process. When judges rubber-stamp BS requests like this, it makes me question the legitimacy of our judicial system. But because I actually think our judges really do try to do the best they can, outcomes like this are a warning sign we shouldn't be asking them to make ex parte decisions. Screening ex parte demands doesn't play to judges' strengths.

Meanwhile, some of the other relief authorized by the judge is disgusting. Sorry, I can't think of a more appropriate word. The judge orders:

* service provider cutoff: "domain name registry or other third party providers, including without limitation registrars, Internet Service Providers ("ISP"), back-end service providers, web designers, sponsored search engine or ad-word providers, merchant account providers, third party processors and other payment processing services, or shippers who receive actual notice of the terms of this Permanent Injunction, immediately and permanently cease rendering any services to the Defendants in connection with any of the Infringing Websites and Infringing Domain Names owned or operated by the Defendants"
* future de-indexing if the judge finds that the defendants register any additional infringing domain names: "upon giving actual notice of such an Order to any Internet search engines including, but not limited to, Google, Bing, and Yahoo, and any social media websites including, but not limited to, Facebook, Google+, and Twitter, (collectively "Internet Search and Social Media Websites"), such Internet Search and Social Media Websites shall de-index and remove from any search results pages any Additional Infringing Domain Names and websites connected thereto, unless otherwise instructed by this Court or by the Plaintiffs that any such domain name is authorized to be reinstated, at which time it shall be reinstated to its former status within each search engine index from which it was removed" [so now the court will be telling search engines that they must reinstate content too? See my post about the virtual horses/bunnies dispute in Second Life]

These requests reflect an impressive tour de force by the lawyers. They obviously read SOPA and basically recycled the worst ideas from the proposed statute into their requested relief. At least they are staying current with the news.

Now, maybe these service providers will refuse to comply with this order. I wouldn't bet on it. As we've discussed ad nauseum with SOPA, the incentives for these service providers are misaligned--especially once they are presented with a court order, even if it's not binding on them. Odds are the service providers will quietly comply with the requests, irrespective of the requests' legitimacy.

I'm sorry if I'm a Johnny One-Note, but I can't stress it enough. Scuttling SOPA/PIPA was only part of the solution. We need to proactively fix what's taking place in the courts. If we don't affirmatively restrict the relief judges order in ex parte proceedings and teach judges to remember the potential abuses of the ex parte system, we are going to see more junky outcomes like this. And that, in turn, will breed greater social distrust in our judicial system.

Prior blog posts on this topic:

* Egregious/Overreaching Ex Parte Orders for Rightsowners Keep Coming -- Deckers and Richemont
* More on Ex Parte Cutoffs of Foreign "Rogue" Domain Names
* Does the House Judiciary Committee Debating SOPA Know What's Going On In the Courts?--Philip Morris v. Jiang
* If You Dislike SOPA, You'll Dislike This Case Too--True Religion v. Xiaokang Lei
* Ad Network Avoids Contributory Copyright Infringement for Serving Ads to a Rogue Website--Elsevier v. Chitika
* Court OKs Private Seizure of Domain Names Which Allegedly Sold Counterfeit Goods--Chanel, Inc. v. Does

I’ve posted a new essay to SSRN titled The Irony of Privacy Class Action Lawsuits. It should be published later this year in the Journal of Telecommunications and High Technology Law at University of Colorado. The essay comes out of a panel discussion we had at Colorado Law in December on the Economics of Privacy. The version I’ve posted is still in draft form, so I should be able to make some changes. I welcome your comments.

The essay issues a challenge to privacy advocates who support enforcement of privacy violations via class action lawsuits. I argue that the structure of class action lawsuits contains a number of attributes that privacy advocates consider bad business practices, such as requiring consumers to opt-out and providing inadequate notice-and-choice. Privacy advocates’ reaction to the essay has almost universally been “D’oh!” However, I don’t think the irony (or, at least, my explication of it) is compelling enough to persuade privacy advocates to strike class action enforcement from their toolkit.

More generally, the essay suggests that there may be value to more closely examining the various enforcement institutions for privacy violations. Comparative enforcement institution analysis is a perennial topic in consumer/advertising law (and many other disciplines, I’m sure). Yet, I’m not aware of the institutional competence issue getting a lot of attention in the privacy scholarship, which is surprising given the vast volume of privacy scholarship. If I’ve missed something, please let me know.

The essay is a quick read, and one reader called the ironies "delicious." I hope you’ll check it out.
_______

The abstract:

In the past few years, publicized privacy violations have regularly spawned class action lawsuits in the United States, even when the company made a good faith mistake and no victim suffered any quantifiable harm. Privacy advocates often cheer these lawsuits because they generally favor vigorous enforcement of privacy violations, but this essay encourages privacy advocates to reconsider their support for privacy class action litigation. By its nature, class action litigation uses tactics that privacy advocates disavow. Thus, using class action litigation to remediate privacy violations proves to be unintentionally ironic.

[I've been working on this linkwrap for 3 months. Linkwraps rarely improve with age. At this point, it's not even clear the US government has a case due to its repeated gaffes. Nevertheless, I've decided to post this linkwrap now because--regardless of its disposition--the Megaupload prosecution is an incredibly important Cyberlaw development that almost certainly will make my top 10 year-end list.]

While there could be a small amount of provable criminal copyright infringement—under our modern overexpansive criminalization of ordinary daily activities—for infringing files the Megaupload principals uploaded themselves, the government ordinarily wouldn't have cranked up its massive machinery for those violations. After all, millions of Americans routinely commit violations like that, and mass panic would be at hand if the government exercises its prosecutorial discretion so loosely.

Instead, the government's prosecution of Megaupload demonstrates the implications of the government acting as a proxy for private commercial interests. The government is using its enforcement powers to accomplish what most copyright owners haven't been willing to do in civil court (i.e., sue Megaupload for infringement); and the government is doing so by using its incredibly powerful discovery and enforcement tools that vastly exceed the tools available in civil enforcement; and the government's bringing the prosecution in part because of the revolving door between government and the content industry (where some of the decision-makers green-lighting the enforcement action probably worked shoulder-to-shoulder with the copyright owners making the request) plus the Obama administration’s desire to curry continued favor and campaign contributions from well-heeled sources.

The resulting prosecution is a depressing display of abuse of government authority. It’s hard to comprehensively catalog all of the lawless aspects of the US government’s prosecution of Megaupload, so I’ll just focus on two:

1) Trying to hold Megaupload criminally liable for its users' actions. Criminal copyright infringement requires willful infringement, a very rigorous scienter level. I discuss the implications of this high scienter requirement in more detail in my decade-old article on warez trading. Megaupload’s business choices may not have been ideal, but Megaupload has a number of strong potential defenses for its users' activities, including 512(c), lack of volitional conduct and more. Whether it actually qualified for these is irrelevant; Megaupload’s subjective belief in these defenses should destroy the willfulness requirement. Thus, the government is simply making up the law to try to hold Megaupload accountable for its users' uploading/downloading.

2) Taking Megaupload offline. Megaupload's website is analogous to a printing press that constantly published new content. Under our Constitution, the government can’t simply shut down a printing press, but that's basically what our government did when it turned Megaupload off and seized all of the assets. Not surprisingly, shutting down a printing press suppresses countless legitimate content publications by legitimate users of Megaupload. Surprisingly (shockingly, even), the government apparently doesn't care about this “collateral,” entirely foreseeable and deeply unconstitutional effect. The government's further insistence that all user data, even legitimate data, should be destroyed is even more shocking. Destroying the evidence not only screws over the legitimate users, but it may make it impossible for Megaupload to mount a proper defense. It's depressing our government isn't above such cheap tricks in its zeal to win.

The government has also been shockingly cavalier about the collateral consequences of its prosecution on the marketplace. Legitimate web hosts, and their investors, are quaking in their boots that they will be next. It doesn’t help that the content industry is circulating a “kill chart” of its next desired targets.

In the end, the Megaupload prosecution demonstrates that SOPA advocates are inevitably going to win. The content owners’ ire toward “foreign rogue websites,” combined with the administration’s willingness to break the law, if necessary, to keep content owners happy, leads to lawless outcomes like the Megaupload prosecution and ICE’s domain name seizures. I'll say more about this in my long-delayed SOPA linkwrap.

Some links about Megaupload or the situation more generally worth checking out:

Source Materials

* Superseding indictment

* News.com: Some of the assets seized

Analysis of the Enforcement

* EFF: Megaupload Goes to Court: A Primer

* Ars Technica: How can the US seize a Hong Kong site like Megaupload

* Techdirt: Megaupload Details Raise Significant Concerns About What DOJ Considers Evidence Of Criminal Behavior

* News.com: How did the FBI get access to internal Megaupload conversations?

* Ars Technica: Megaupload: Erasing our servers as the US wants would deny us a fair trial

Collateral Effects

* Phil Corwin on collateral effects

* News.com: FileSonic changed its sharing practices in light of the prosecution

* TorrentFreak: RapidShare Publishes Anti-Piracy Manifesto for Cyberlockers

* RWW: Feds to Megaupload Users: Tough Luck

Revolving Doors/Patronage

* News.com: Nobody wanted MegaUpload busted more than MPAA

* News.com: U.S. Attorney chasing MegaUpload is former piracy fighter

General

* CMLP site on Megaupload

* Irina D. Manta, The Puzzle of Criminal Sanctions for Intellectual Property Infringement, 24 Harv. J.L. & Tech. 469 (2011)

Ouellette v. Viacom Intern., Inc., 2012 WL 1435703 (D. Mont. April 25, 2012)

Ouellette sued Viacom for sending allegedly bogus takedown notices for videos he posted to YouTube. His case has gone nowhere. In 2011, his ADA claims were tossed. Then, earlier this year, the magistrate judge rejected his 17 USC 512(f) claim. In this ruling, the judge adopts the magistrate's report and closes the case.

The disposition of Ouellette's 512(f) claim is hardly surprising. Putting aside his status as a pro se, even well-lawyered 512(f) plaintiffs rarely make any progress in court after the Ninth Circuit Rossi case required subjective bad faith as an element of a 512(f) claim. With this insurmountable mountain in his way, Ouellette never really had a chance.

Like so many plaintiffs, Ouellette argued that he can't fully allege Viacom's bad scienter until he gets discovery to see what they did and said. Not surprisingly, the court doesn't want to hear it:

Contrary to Ouellette’s assertion that interrogatories are the correct means for him to discover Viacom’s intent in issuing its takedown notice to Youtube.com, § 512(f) requires Ouellette to allege facts, at the pleading stage, that demonstrate that Viacom acted without a good-faith belief.

Stated differently, unless the 512(f) plaintiff has smoking-gun evidence of the copyright owner's bad intent before filing the complaint, the plaintiff has virtually no chance of getting a 512(f) claim into discovery.

The court rejects Ouellette's other contentions, including:
* Viacom's takedowns of other users' content is relevant to his situation. The court only considers Viacom's scienter with respect to the takedowns of Ouellette's content.
* Viacom's failure to sue Ouellette after the takedowns tacitly admitted that Ouellette had engaged in fair use. Obviously, Viacom could have many legitimate reasons why it didn't sue Ouellette for his uploads.

Ouellette was a lousy test case for 512(f), but his case reminds us that 512(f) plays effectively no role in 17 USC 512's overall design of checks-and-balances.

US v. Lawson, 10-4831 (4th Cir.; Apr. 20, 2012)

Lawson and his co-defendants were convicted of violating the “Animal Welfare Act” through their participation in “gamefowl derbies” (cockfighting). One of the elements of the crime was “sponsorship” of the events in question. Shortly after the verdict was rendered, one of the jurors came forward and reported potential misconduct on the part of another juror (Juror 177). Apparently, Juror 177 had consulted “certain internet sources” the morning before the jury reached its verdict. The district court held a hearing and found that Juror 177 consulted Wikipedia for the definition of the term “sponsor.” Juror 177 printed out the definition of “sponsor” and brought it with him to the jury room. He was rebuffed by the jury foreperson, but it was clear he considered the definition, and some discussion of the Wikipedia entry took place between him and other jurors. The jury reached a verdict shortly after Juror 177's efforts.

The district court found that the juror’s consultation of Wikipedia did not prejudice the defendant. The Fourth Circuit disagrees, and in the process takes more than a few potshots at Wikipedia. The court says there is a presumption of prejudice when a juror consults outside sources, and it applies a five factor test to determine whether the government effectively rebutted the presumption of prejudice.

One of the key factors ends up being the extent to which the dictionary (or in this case, Wikipedia) definition of the term differed from the legally operative definition. The court says that it can’t compare the Wikipedia definition Juror 177 consulted with the correct definition because the juror misconduct only came to light several days after the verdict, and there was nothing in the record to indicate that the definition Juror 177 obtained was the same definition the district court looked at when it compared the Wikpedia page to the definition in the jury instructions:

[t]the government has not argued, nor has it provided evidence establishing, that the Wikipedia entry for the term “sponsor” can be retraced to its form when Juror 177 researched the term.

(The version of the Wikipedia page the district court looked at was printed out 14 days after his search of the term and five days before the district court hearing.) The court acknowledges that Wikipedia keeps an archive of changes, which the government failed to present to the district court. In any event, the court notes that even if historical edits were presented by the government, it could not consider these, absent some indication that Wikipedia archives of historical changes are “accurate and trustworthy.”

The court also considers a “catch-all” factor and notes that Wikipedia has particular “reliability” problems. Looking to Wikipedia’s own about page, the court says that Wikipedia touts itself as being edited and populated by “amateurs.” Indeed, Wikipedia itself cautions that the fact that “anyone [is allowed] to edit Wikipedia means that it is more easily vandalized and susceptible to unchecked information.” While a few courts have cited Wikipedia in their opinions and orders, the court says that litigants have been repeatedly warned against citing Wikipedia as authoritative.

__

A few days after this opinion was released, the Wall Street Journal’s Law Blog published a post looking at which federal appeals courts cite to Wikipedia most often: Which Federal Appeals Court Cites Wikipedia Most Often? (the Seventh Circuit and Ninth Circuit). While courts may cite to Wikipedia, it is ill-advised at best for a litigant to do so, unless it is being cited for the most menial and undisputed proposition (and even in this instance, caution is warranted). Similarly, as demonstrated by this case, a juror’s consultation of Wikipedia can topple a jury verdict.

One question you’re left with is whether the government’s failure to “retrace” Juror 177’s steps was central to the Fourth Circuit’s holding. If the government had produced historical Wikipedia entries and testimony from Wikipedia execs regarding the accuracy of the edit-archiving process, would this have made a difference? I’m tempted to say yes, although the court’s opinion is practically dripping with venom aimed at Wikipedia. It’s abundantly clear from the court’s language that it doesn’t like Wikipedia, and while litigants and judges may cite to it from time-to-time, a jury verdict that is tainted by consultation of Wikipedia is in hot water. As the court noted in Crispin v. Audigier (quoting another district court opinion), "Wikipedia is not a reliable source at this level of discourse."

[NB: the opinion is interesting in other respects, in particular the court's discussion of the term "bet" or "wager." On this score, the court says an event involves a wager where the prize depends on the number of entrants. Where the participants pay an entry fee but this fee does not determine the prize, there may not have been an underlying violation of South Carolina's gambling law.]

Related posts:

Wikipedia Edits Support Defamation Claim--Pitale v. Holestine

Bland v. Roberts, 2012 US Dist. Lexis 57530, 4:11cv45 (E.D. Va.; Apr. 24, 2012)

Bland and his cohorts worked in the Hampton Sheriff’s Office, under B.J. Roberts. Roberts ran for re-election against Jim Adams, and the plaintiffs were lukewarm in their support of Roberts. In fact, three of the plaintiffs went so far as to “like” Adams' Facebook page. Roberts won the election, and he decided to not retain the plaintiffs. He justified the terminations on cost-cutting and budgeting grounds, but plaintiffs argued that their termination violated their First Amendment rights. The court grants Roberts’ motion for summary judgment.

Plaintiffs alleged they engaged in a variety of protected activities, such as placing a bumper sticker on one of their cars and attending an Adams-sponsored cookout, but the court says there is no evidence that Roberts was aware of these activities. The one activity that Roberts knew about was “the presence” of two of the plaintiffs on his opponent’s Facebook page. However, with respect to this activity, the court says that plaintiffs did not point to any specific statements they made on Adams’ Facebook page. One plaintiff claimed he posted a comment to Adams' page, but he later took it down, and the comment wasn't presented to the court. Plaintiffs “liked” Adams' Facebook page, and there was no dispute that Roberts was aware of this, but the court says this is insufficient:

[Roberts'] knowledge of the posts only becomes relevant if the court finds the activity of liking a Facebook page to be constitutionally protected. It is the court’s conclusion that merely “liking” a Facebook page is insufficient speech to merit constitutional protection. In cases where courts have found that constitutional speech protections extended to Facebook posts, actual statements existed within the record.

[emphasis added; citing Mattingly v. Milligan, mentioned in Eric’s quick links here] The court declines to “infer the actual content of [plaintiff’s] posts from one click of a button on Adams’s Facebook page.”

The court also says that plaintiffs don’t adequately state a freedom of association claim. The court cites to the standards for when it's permissible to terminate public employees for their political affiliations, but it doesn't engage in any analysis because, in the court's view, plaintiffs have not produced any evidence of association with Adams' campaign that Roberts knew about--and any Facebook association is insufficient:

[a]side from the Sheriff’s admission that he knew [two of the plaintiffs] had been on Adams’s Facebook page, there is little to no evidence that rises to the level of a genuine dispute about whether the Sheriff actually know about the Plaintiffs’ support of Adams.

Even assuming plaintiffs could point to statements or association that the Sheriff knew about and that played a part in his decision to terminate plaintiffs, the court says Roberts is protected by qualified immunity. The Sheriff had not “transgressed [any] bright lines.”
__

Gak!

The court’s conclusion on qualified immunity may or may not be defensible, but the court veered off course in concluding that a Facebook like is not speech. Maybe the court slept through Arab Spring and the many other instances of online activism in the past five years. Maybe the court is unaware of the robust body of First Amendment precedent which says that protection for expression is not limited to just actual words. Hello, Tinker (black arm bands) and Texas v. Johnson (flag burning)! More likely, as Eric notes in his comments below, the practical implications of a "like" threw the court for a loop.

It’s easy to dismiss Facebook "likes" as one of those mindless knee-jerk online activities we all routinely engage in that have little or no societal value. Courts can discount Facebook friendships in other contexts (see, e.g., Quickly v. Karkus, discussed here: “It’s Officially Legal: Facebook Friends Don’t Count”), but it’s well off the mark to say in this case that "likes" were not speech for First Amendment purposes. As menial as a Facebook like may be in the overall scheme of life, it’s an announcement to your Facebook friends that you support something, whether it’s a cause, a candidate, a company, or another person. A like also promotes a particular page or newsfeed to your friends, which sounds like quintessential expressive activity. [See Eric's comments below for various potential implications of a Facebook like.]

While I remain leery of Facebook's "like" ecosystem, I "dislike" this ruling.
____

Eric's Comments

Oh man, the technological implications of social media sure does baffle the judicial system. What does it mean to "friend" someone? What does it mean to "like" something? Most judges seem to want to curl up into a ball when posed with such thorny questions. Could you imagine a judge trying to grok what a Facebook "poke" means? [FWIW, a Westlaw ALLCASES search for "facebook /s poke" yields no results...yet.]

From my perspective, the judicial confusion about "likes" partially stems from the fact that the single technological interaction of "liking" something has multiple effects. When John Doe "likes" something on Facebook, it means:

1) When other people visit that content item/page, John Doe publicly appears as someone who "likes" it.
2) In addition, some folks are privately notified that John Doe "likes" the item/page, such as the person who posted the item/page as well as other people who are referenced on the page.
3) Depending on John Doe's privacy settings, John Doe's "like" may be communicated to his friends via his newsfeed.
4) If John Doe likes a business/interest, it may appear on John Doe's info/profile page.
5) If John Doe likes a business or ad, the business or advertiser may be able to buy an ad that redisplays John Doe's "like" to John Doe's friends.
6) John Doe may be subscribed to further content regarding the thing he likes.
7) Under the hood, Facebook treats the "like" as an affinity that modifies Facebook's perception of the relationship between liker and likee (i.e., it changes the social graph).

I'm sure there are other technological implications of "liking" something on Facebook; these are only the implications that occur off the top of my head. Perhaps Facebook's system is too complicated for lay folks to understand. The fact I can't easily enumerate the implications of a "like" is disconcerting. Personally, I think Facebook should disaggregate these implications so that a single action doesn't have so many simultaneous implications. At minimum, I am much less likely to "like" things on Facebook because there is so much import of such a simple action, and I definitely don't "like" any businesses because I think Facebook's Sponsored Stories program is not in either my or my friends' best interests. I explain these points in more detail in my post on Fraley v. Facebook.

I "like" Venkat's assessment above that "liking" on Facebook is First Amendment-protected speech. Looking at the complete list of implications above, collectively there is no question about that. But even if we focus only on implication #1, I don't even see the First Amendment issue as a close question. Listing a person's name as an "endorser" of a political candidate is core First Amendment activity. That's exactly what the "likes" did here. Perhaps, as Venkat indicates, we might otherwise excuse Roberts' firings through qualified immunity, or in fact maybe the budget cutting wasn't pretextual, but the judge's techno-confusion prevented it from reaching those questions squarely. This looks like an excellent case for an appeal.

Related posts:

Is the Florida Bar Taking Facebook Friendship Too Seriously?

UPDATE: On an email list, John Rothchild called our attention to Three D, LLC and Sanzone, Case No. 34-CA-12915 (NLRB ALJ Jan. 3, 2012):

Spinella’s selecting the “Like” option on LaFrance’s Facebook account constituted participation in the discussion that was sufficiently meaningful as to rise to the level of concerted activity. Spinella’s selecting the “Like” option, so that the words “Vincent VinnyCenz Spinella…like[s] this” appeared on the account, constituted, in the context of Facebook communications, an assent to the comments being made, and a meaningful contribution to the discussion....I find therefore that Spinella’s selecting the “Like” option, in the context of the Facebook conversation, constituted concerted activity as well.