Coinbase sought to send the case to arbitration, but there was a possible conflict in the governing TOSes. Coinbase’s standard terms required consumers to arbitrate their disputes with Coinbase. However, the terms accompanying the Dogecoin sweepstakes offer contained an exclusive forum selection clause, requiring resolution of disputes in California courts. The legal question is how these two documents interact with each other. Does the original TOS (and its arbitration provision) control, or do the Dogecoin promotion terms?

The district court denied Coinbase’s request to compel arbitration. The Ninth Circuit affirms.

Coinbase argued that the delegation clause in its standard Coinbase terms granted authority to the arbitrator in the first instance to decide whether the dispute was covered by the arbitration clause. The Ninth Circuit disagreed, finding that while this may be the case where a conflicting venue provision and an arbitration clause are contained in the same agreement, this is not the case where the venue clause is contained in a later agreement. In the court’s view, the question presented is the validity of the arbitration agreement, which is a matter of “the existence rather than the scope” of the arbitration agreement:

The “scope” of an arbitration clause concerns how widely it applies, not whether it has been superseded by a subsequent agreement.

While an arbitrator may decide the scope of the agreement, they may not decide the existence of an agreement to arbitrate.

Coinbase relied on an integration clause in the original Coinbase terms and argued that this reflected the parties’ intent to have all disputes governed by arbitration. The court says that an integration clause does not mean that future agreements can’t supersede earlier ones, and the later agreement need not specifically call out an intent to revoke the prior agreement.

Coinbase also argued that the two agreements should be “harmonized,” but the court agrees with plaintiffs that there is a clear conflict between the two agreements. While language in the agreements themselves render them difficult to reconcile with each other, there was another aspect to the two agreements that made them difficult to reconcile:

The Official Rules apply to all Sweepstakes entrants, including entrants who are not subject to the User Agreement because they used an alternative mail-in procedure. Despite Coinbase’s arguments, the Official Rules make no distinction between entrants who are Coinbase users subject to the User Agreement’s arbitration clause and those who are not because they used an alternative mail-in entry procedure.

The court affirms the district court’s refusal to send the dispute to arbitration. That seemingly leaves the Dogecoin promotion terms as the controlling document, at least as to dispute resolution.

What could Coinbase have done to avoid this? The easy answer is that it should ensure that any later agreements expressly incorporate the default terms and its dispute resolution provisions. It’s always easier said than done to ensure consistency among various sets of terms of service, but this is one of those things where it’s worth having on a checklist.

[Eric’s comment: another option would be to use the identical arbitration provisions in every TOS. It’s easy enough to cut-and-paste from one document to the next, but usually this is a left-hand/right-hand problem where two internal teams are working independently and don’t cross-check each others’ efforts.]

Starting with Douglas v. Talk America (and later Blockbuster), the blog has covered numerous cases where companies rely on ToS provisions that say they can be unilaterally amended. Courts have grown increasingly skeptical of this practice. Most recently Kieran covered International Markets v. Thayer and offered this comment:

RIP, “The Company may update these terms of use at any time by posting updates to this site.” Born, circa 1997. Always sick and infirm. Officially declared dead, 2022.

Did the rising judicial skepticism towards TOS amendments influence this decision?

Interestingly, the plaintiffs also named the marketing agency involved in the sweepstakes. One wonders how the dispute between it and Coinbase (if any) played out.

Case citation: Suski v. Coinbase, No. 22-15209 (9th Cir. Dec. 16, 2022). (Note: Coinbase obtained an extension of the deadline to seek rehearing.)

Related posts:

Court Says “You May NOT Amend Your TOS by Posting New Terms to Your Site”–International Markets v. Thayer

Ninth Circuit Strikes Down Contract Amendment Without Notice–Douglas v. Talk America

Stop Saying “We Can Amend This Agreement Whenever We Want”!–Harris v. Blockbuster

The post Conflicting Terms of Service Provisions Undermine Arbitration Clause–Suski v. Coinbase appeared first on Technology & Marketing Law Blog.

The district court denied the motion to compel arbitration. It said Knapke agreed to the terms of service despite Reilly’s declaration that Knapke had not authorized him to agree to the terms of service on her behalf. The district court also held that Reilly accessed the online account in question and agreed to the terms in order to satisfy his Rule 11 obligations.

The Ninth Circuit reverses. because the record is unclear regarding key facts which would bear on whether counsel could bind his client by virtue of (1) an agency relationship, whereby counsel acted within the scope of their authority by agreeing to the terms, or (2) in the absence of actual authority, whether counsel had implied authority or whether the client ratified the acts of counsel.

Agency: As to the agency relationship, the court says the record is unclear regarding when Reilly became Knapke’s attorney. The court says this “might be material” to determining whether Knapke is bound by Reilly’s actions. In general, the court says there is a factual dispute regarding the scope of Reilly’s authority.

Implied Authority and Ratification: The record is also unclear as to whether Reilly had implied authority. The “contours” of the agreement between Reilly and Knapke are unclear. Thus, the Ninth Circuit says the district court should “determine the contours of the attorney-client privilege and any potential waiver of that privilege.” The court also says the district court should consider the consequences of Knapke “simultaneously denying an agency relationship regarding the arbitration agreement and asserting a privilege for communications that bear directly on that issue.”  The court also agrees with PeopleConnect that the record is unclear regarding the issue of whether Knapke ratified Reilly’s acts by (1) accepting the benefits of the agreement; (2) failing to repudiated it; OR (3) otherwise taking action which demonstrates adoption or recognition of the agreement.

The court also says that Knapke’s status as an “undisclosed principal” does not necessarily insulate her from Reilly’s actions with respect to the online terms. Nor does it buy Knapke’s argument that Rule 11 necessitated the inquiry and essentially forced Reilly to agree to the terms. As an initial matter, Reilly’s declaration was silent on Rule 11. Even if his motivations regarding entering into the terms were relevant, they are not determinative. In any event, the court says “Rule 11 cannot explain Reilly’s choice not to opt out of arbitration . . . .”

__

Ouch. This sounds like nightmare fuel for plaintiffs’ lawyers. It admonishes caution when agreeing to terms in the course of conducting an online investigation. I wonder what the solution is from the standpoint of plaintiffs’ lawyers. Perhaps sending a letter repudiating the agreement after the lawsuit is filed or immediately prior to filing? Spelling out in the engagement letter that the lawyer is not authorized to bind the client to arbitration? Another option is to outsource the investigation.

I also blogged a similar case from the Northern District of California. Surprisingly, in that case, where the district court also denied the motion to compel, the Ninth Circuit summarily affirmed. While I haven’t done close comparison between the laws of Washington and California regarding agency, I have to think they are similar enough that the difference in outcomes was not entirely a function of differences in state law.

Surprisingly, Knapke did not file a request for rehearing.

Case citation: Knapke v. PeopleConnect, Inc., No. 21-35690 (9th Cir. June 29, 2022)

Related posts:

If a Lawyer Accepts a TOS While Investigating a Claim, Does It Bind the Client to Arbitration?

Background Reports Protected by Section 230–Dennis v. MyLife

Yearbook Defendants Lose Two More Section 230 Rulings

Yearbook Database Cases Are Vexing the Courts–Sessa v. Ancestry

Court Casts Doubt on the Legality of the Data Brokerage Industry–Brooks v. Thomson Reuters

Section 230 Doesn’t Protect Yearbook Website’s Ads–Knapke v. Classmates

Section 230 Covers Republication of Old Yearbooks–Callahan v. Ancestry

Section 230 Doesn’t Protect Advertising “Background Reports” on People–Lukis v. Whitepages

The post Lawyer’s Agreement to Online Terms if Investigating a Claim May Bind a Client appeared first on Technology & Marketing Law Blog.

The court discusses two social media accounts: Instagram.com/misshayleypaige and pinterest.com/misshayleypaige/_saved/. Gutman opened both accounts after she entered into the employment contract with JLM. While certain attributes of the accounts made it unclear as to whether they were personal or business-focused accounts, the evidence was clear that the accounts were used extensively by JLM or by Ms. Gutman in her role as an employee of JLM. JLM exerted significant control (or “influence”) over both accounts and in particular the Instagram account. The court is emphatic that the accounts “served as critical advertising platforms for JLM’s products affiliated with the Hailey Paige brands.” The court also found “Ms. Gutman and JLM employees worked together to strategize as to how best to leverage the social media platforms to market the HP brands.” JLM (and Gutman) also used the Instagram account to communicate with actual and potential customers of JLM. While it was true that the accounts were imbued with aspects of Ms. Gutman’s personality and personal life, these were part of the overall marketing strategy for JLM.

The district court initially punted on the ownership question. The Second Circuit also declined to address this issue when resolving the appeal from the preliminary injunction, finding that the injunction previously entered by the district court could be valid if tied to her contractual duties to assist JLM with its advertising. The contract term was set to expire in August 2022, and thus the injunction would be dissolved as well. JLM sought to extend the injunction on the basis that it was likely to succeed on the ownership and conversion questions. JLM’s argument was that if the court ultimately decided that it “owned” the accounts, then JLM would need some form of injunctive relief protecting its property interest in the social media accounts.

The court starts by noting that ownership of social media accounts is a novel question that only a few courts have addressed. The court relies on two decisions: (1) In re CTLI, a bankruptcy ruling from 2015 blogged here: “Company’s Social Media Accounts Transferred in Bankruptcy” and (2) Int’l Bhd. Teamsters Loc. 651 v. Philbeck. The court summarizes the considerations relied on by those courts as relevant to determining ownership of an employee social media account:

• Whether the account handle reflects the business name;
• How the account describes itself;
• Whether the entity relied on the account in its promotional efforts;
• Whether the account links to the business websites or accounts;
• The purpose behind the account;
• Whether employees or the entity had access to the account.

The court distills these down to three factors:

• How the account is held out to the public;
• How the account has been utilized;
• Whether the business used the account to further the interests of the business.

Ms. Gutman argued that the inquiry should be focused on the date of creation of the account, but the court says this is simplistic and “the dynamics of social media warrant a much fuller examination of how the accounts were held out to the public, the purposes for which the accounts were used, and how the accounts were ‘managed'”.

Here, the bulk of evidence supports JLM’s view that it owned the accounts in question.

1. “The accounts were held out as official accounts of JLM.”
2. “The accounts were regularly used to promote JLM’s business.”
3. “The evidence demonstrates clearly that JLM’s employees were involved in formulating the marketing strategy for the accounts and directly participated in the management of the accounts in support of JLM’s business interests.”

The court says JLM has a clear likelihood of success in showing that it owned the accounts in question.

Ms. Gutman pointed to her own creative input into the account, but the court says that this is consistent with her being the point person for JLM in managing the account. The mixture of personal and professional content in the accounts was also consistent with Ms. Gutman’s vision for JLM’s marketing that it would be an extension of her personality.

She also pointed to anecdotal references by JLM employees to the accounts as Ms. Gutman’s “personal accounts,” but the court says these stray references are hardly determinative.

She also argued that the employment agreement did not contain any provisions regarding ownership, but the court falls back on the work-for-hire language in the agreement.

Finally, the court concludes that JLM has likely shown conversion by virtue of Gutman’s interference with JLM’s access and use of the account.

The court says loss of ongoing access to the social media accounts would cause irreparable harm: “JLM’s ability to control the content of the accounts is critical to maintaining the strong internet presence of [its] brands, . . . reputation, and the goodwill [it] has created among potential and actual customers who follow the accounts.”

__

The court is not very sympathetic to Ms. Gutman. Indeed, it has harsh words for her conduct vis-a-vis her intent and ability to honor her contractual obligations. One of the Second Circuit judges was much more sympathetic to Ms. Gutman, observing that depriving her from use of her name in bridal fashion endeavors would be unduly onerous. This judge’s sympathy along with the lack of a unanimous opinion in the Second Circuit makes me wonder whether Ms. Gutman will appeal.

The dispute is interesting in many ways–especially the fact that it’s been this heavily litigated. Perhaps the ongoing cycles of litigation have caused the parties to become invested in their respective positions and less interested in resolving the dispute. In any event, it’s surprising to see the parties so many resources on litigating over Instagram and Pinterest accounts.

The court’s fact-based inquiry to resolve the nature of the account is reminiscent of the Sixth Circuit’s recitation of factors in Lindke v. Freed. As Eric notes, the Sixth Circuit in Lindke ended up giving government actors a lot of leeway by asking “[whether the government actor operated the account:] (1) pursuant to his actual or apparent duties or (2) using his state authority.” In this case, the court seems to apply the factors more faithfully.

The court at one point cites to a case involving domain names in addition to social media accounts, in concluding that JLM has a property rights in the accounts. Still, the court acknowledges that its resolution while definitive is only as between the two parties (i.e., it still depends on whether “Ms. Gutman or the relevant platforms may hold title to the accounts”). It’s always worth keeping in mind in these cases that the accounts exist at the discretion of the platform.

This case differs significantly from the typical social media ownership dispute because of the existence of a written agreement and because of the assignment of name-rights to the employer. It’s unclear from the court’s ruling whether the conclusion depends on the existence of a written agreement. Of course, the court’s fact-based analysis is as strong an admonition as they come in favor of securing an agreement in writing regarding social media accounts.

A final note is that the opinion does not mention the laws restricting employer access to employee social media accounts or ownership of such accounts. Those laws were enacted by several states with a lot of fanfare, but they have seen little, if any, activity.

Dec. 2022 UPDATE: Gutman has been ordered to pay $118k in attorneys fees. 2022 WL 17832303 (SDNY Dec. 21, 2022)

Case citation: JLM Couture, Inc. v. Gutman, 2022 U.S. Dist. LEXIS 131139 (S.D.N.Y Jul. 25, 2022)

Other coverage:

The Fashion Law: Court Reviews “Novel” Issue of Social Media Account Ownership in Hayley Paige Lawsuit

Bloomberg Law: “JLM Likely Owns ‘Hayley Paige’ Insta Account, Court Says (Correct)”

Linnea Orians: “More Than a Name: A New Era”

Related Posts:

Social Media Ownership Disputes, Part I: the Satanic Temple of Washington Can’t Get Its Facebook Pages Back

Ex-Employee’s Continued Use of Twitter Account May Be Conversion–Farm Journal v. Johnson

The Spectacular Failure of Employee Social Media Privacy Laws

Do Employers Own LinkedIn Groups Created By Employees?–CDM v. Sims

Creating Parody Social Media Accounts Doesn’t Violate Computer Fraud & Abuse Act – Matot v. CH

When Does A Parody Twitter Account Constitute Criminal Identity Theft?–Sims v. Monaghan

Trademark Owner Sues Over Alleged Twittersquatting–Coventry First, LLC v. Does

Steps Brand Owners Can Take to Deal With Brandjacking on Social Networks

Battle Over LinkedIn Account Between Employer and Employee Largely Gutted–Eagle v. Morgan

Ex-Employer’s Hijacking of a LinkedIn Account Is a Publicity Rights Violation–Eagle v. Morgan

Washington State’s Proposed Employer Social Media Law: The Legislature Should Take a Cautious Approach — SB 5211

Big Problems in California’s New Law Restricting Employers’ Access to Employees’ Online Accounts (Forbes Cross-Post)

“Social Media and Trademark Law” Talk Notes

Court Denies Kravitz’s Motion to Dismiss PhoneDog’s Amended Claims — PhoneDog v. Kravitz

An Update on PhoneDog v. Kravitz, the Employee Twitter Account Case

Another Set of Parties Duel Over Social Media Contacts — Eagle v. Sawabeh

Employee’s Claims Against Employer for Unauthorized Use of Social Media Accounts Move Forward–Maremont v. SF Design Group

Courts Says Employer’s Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed–PhoneDog v. Kravitz

Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer–Ardis Health v. Nankivell

Court Declines to Dismiss or Transfer Lawsuit Over @OMGFacts Twitter Account — Deck v. Spartz, Inc.

Employee’s Twitter and Facebook Impersonation Claims Against Employer Move Forward — Maremont v. Fredman Design Group

MySpace Profile and Friends List May Be Trade Secrets (?)–Christou v. Beatport

The post Who Owns a Disputed Social Media Account? – JLM v. Gutman appeared first on Technology & Marketing Law Blog.

The court notes that the facts from the record in the original case may have become obsolete, “given the speed at which the internet evolves,” but uses them anyways. It also sidesteps the dispute regarding whether hiQ is still in business.

Irreparable Harm / Balance of Equities: The court confirms that no viable alternative data sources exist for hiQ. The court remains skeptical of LinkedIn’s privacy-based arguments:

LinkedIn has no protected property interest in the data contributed by its users, as the users retain ownership over their profiles.

Viability of hiQ’s Tortious Interference Claim:  The court again finds hiQ’s tortious interference claims viable. It’s skeptical of LinkedIn’s motivations as being legitimate:

If companies liked LinkedIn, whose servers hold vast amounts of public data, are permitted to selectively to ban only potential competitors from accessing and using that otherwise public data, the result—complete exclusion of the original innovator in aggregating and analyzing the public information—may well be considered unfair competition . . . .”

CFAA: The key question is whether hiQ’s continued access following receipt of LinkedIn’s cease-and-desist letter was “without authorization” under the CFAA. In its original Nosal ruling, the Ninth Circuit held that violation of a contractual limitation could not transform access into access that was “without authorization”. The Supreme Court in Van Buren endorsed this approach. The court says the key question is whether hiQ’s conduct is analogous to “breaking and entering”. The court says the CFAA’s legislative history makes clear that it was intended to “apply only to private information—information delineated as private through use of a permission requirement of some sort.” The court cites to Van Buren’s “gates-up-or-down inquiry”:

In other words, applying the ‘gates’ analogy to a computer hosting publicly available webpages, that computer has erected no gates to lift or lower in the first place. Van Buren therefore reinforces our conclusion that the concept of ‘without authorization’ does not apply to public websites.

The court also looks to the SCA’s similar “without authorization” provision and the rule of lenity.

In conclusion:

It appears that the CFAA’s prohibition on accessing a computer ‘without authorization’ is violated when a person circumvents a computer’s generally applicable rules regarding access permissions, such as user name and password requirements, to gain access to a computer.

The court says companies who make their data publicly available are not without recourse. They may look to state hacking laws, trespass to chattel claims, or other causes of action “such as copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy.”

__

This is a long-running dispute and the parties are fighting over whether hiQ is still in business. Yet, the dispute is still very heavily litigated in the district court (while the Ninth Circuit was mulling over its ruling in light of Van Buren). This makes me wonder whether the lawyers for hiQ are handling it on an hourly basis (something hiQ surely cannot afford at this point) or if a litigation funder or other benefactor is involved.

The court predictably reaches the same conclusion as in its first ruling. Was this inevitable in light of Van Buren? The Ninth Circuit says Van Buren‘s gates analogy is in sync with the Ninth Circuit’s own taxonomy of three types of computers covered by the CFAA: (1) computers for which permission is not required; (2) those for which permission is required but given; and (3) those for which permission is required but has not been given. The court has already said that accessing the second types of computers will not result in a CFAA violation (Nosal).

The court notes that permission means a username and password, but doesn’t list what else fits into this category. I assume something that screens out bots (like a captcha) would not suffice, but the opinion is not explicit.

The two noteworthy things about the ruling are: (1) the court’s continued skepticism of LinkedIn’s privacy rationale and putative ownership over user data, and (2) the court’s concerns over the power that companies who house “vast amounts of public data” wield.

__

Eric’s Comments

Five years into this litigation, let’s take stock of all of the things we still don’t know:

• Is hiQ still an operational business? This seems like a question that must be answered before granting equitable relief designed to help it continue operating its business… ¯\_(ツ)_/¯
• Can LinkedIn enjoin hiQ’s scraping on non-CFAA grounds? If LinkedIn wins on any other claim, the CFAA issue becomes an inconsequential distraction. The court (appropriately) generally sidesteps the viability of other claims due to the case’s litigation posture, though it intimates that “it may be that web scraping exceeding the scope of the website owner’s consent gives rise to a common law tort claim for trespass to chattels.” After 5 years of litigation, we still don’t know the answer to this important question.
• Given the possibility of overlapping doctrines, do we even need the CFAA any more? This case is garbled mostly because we don’t understand the interplay between the CFAA and other overlapping doctrines, and the court’s carvebacks of the CFAA may only mean that other doctrines will fill that gap and lead to the same substantive outcomes.
• Then again, the court says: “giving companies like LinkedIn free rein to decide, on any basis, who can collect and use data—data that the companies do not own, that they otherwise make publicly available to viewers, and that the companies themselves collect and use—risks the possible creation of information monopolies that would disserve the public interest.” Does this mean that courts will reject any claim, including a TTC claim, that could lead to “information monopolies”? (See also the essential facilities discussion below).
• In the gates metaphor, if a service wants to restrict scraping, do they need to raise the gates (erect a fence) or lower the gates (drop the portcullis)? This court treats gates like a portcullis, i.e., the CFAA requires gates-down.
• Are robots.txt, IP address blocks, or cease-and-desist letters still relevant to the CFAA at all? The court says websites’ “publicly available sections lack limitations on access,” which implies that any effort that don’t create technical barriers to access (such as robots.txt and C&D letters) are irrelevant. Still no idea about IP address blocks (which LinkedIn tried).
• Who else beyond hiQ has an unrestricted right to scrape LinkedIn? It seems like a business can build solely around LinkedIn-sourced data and then weaponize that status to ensure unrestricted access, but that conclusion would motivate terrible behavior.
• Does hiQ really have a prayer of winning its tortious interference claim? Those claims RARELY succeed.
• Is the CFAA just a proxy for antitrust concerns? The court says: “If companies like LinkedIn, whose servers hold vast amounts of public data, are permitted selectively to ban only potential competitors from accessing and using that otherwise public data, the result—complete exclusion of the original innovator in aggregating and analyzing the public information—may well be considered unfair competition under California law.” But…this opinion is about CFAA, not unfair competition; and this language implies that LinkedIn is an essential facilities–a conclusion with wide-reaching implications.
• If LinkedIn can’t do anything to protect its users’ interests in publicly shared data, can anyone else do it? Or is publicly shared data forever free to whoever can grab it?
• If a service doesn’t immediately block a scraper, even if the scraper is inconsequential, does that functionally estop the service from blocking them later due to tacit acquiescence?
• The court says that unauthorized access can only occur with respect to “private information—information delineated as private through use of a permission requirement of some sort.” What user interactions or technological restrictions are sufficient to create a “permission requirement”?
• Later, the court says “authorization is only required for password-protected sites or sites that otherwise prevent the general public from viewing the information,” and later says that it was gates-down in Nosal and Power Ventures because both had password controls to access. However…if agreeing to a TOS is required to obtain the password, does the TOS define the rights of the password-holder for CFAA purposes? The Ninth Circuit has previously said that a “violation of the terms of use of a website—without more—cannot establish liability under the CFAA” (Power Ventures), and the court endorses this language. But if the TOS doesn’t govern the password, then what legal or technical mechanisms define the password-holder’s rights to use the password and engage with the server?
• The court apparently addresses only the “without authorization” part of the CFAA. Which, if any, of this court’s analysis would differ under the “exceeds authorized access” provision?
• The court says, per the term of the injunction, LinkedIn remains free to take steps to thwart “malicious activity” and “bad actors.” How does LinkedIn know who is a bad actor and who isn’t? Are we sure hiQ isn’t a bad actor?

I think many Internet Law experts were hoping that hiQ would answer the myriad questions left open by the Van Buren decision. As my list of open issues shows, we know very little about the CFAA right now. Contact me if you are willing to teach this topic to my Internet Law students, because today I have no clue how to help them understand the CFAA.

Comments from Kieran McCarthy

• Whenever I read a CFAA case, I pause to remember that this is a federal criminal statute. And for that reason, I will always praise courts that take a narrow view of it. We do not want to open the door for rogue prosecutors to throw programmers in jail for common-place commercial activity. This opinion may help keep people out of jail for benign conduct, and the importance of that cannot be overstated. I salute the Ninth Circuit for that, first and foremost.
• Like Venkat, I too wonder who is paying hiQ Labs’ legal bills. In motions’ practice from last year, LinkedIn alleged “that hiQ went out of business three years ago.” Case 3:17-cv-03301-EMC, Document 219. Filed, 9/24/21 (emphasis in original). This case is in full-blown discovery, plus a Ninth Circuit appeal, and we are now five years into this dispute, with over 250 docket entries. How does a long out of business startup afford to pay Quinn Emanuel to fight all these fights?
• I agree with Eric that the Ninth Circuit’s insinuation that hiQ Labs could win its tortious interference claim might be the least plausible part of the opinion.
• While I agree with Eric and Venkat that privacy issues are important, I think courts should separate out that issue from the rest of the analysis. The majority of web scrapers don’t collect PII, and so to dictate all web-scraping jurisprudence based on a fact-pattern that only applies to subsection of those companies is problematic.
• With that said, the Ninth Circuit did some serious hand-waving on the privacy issues.
• This sentence is great for web scrapers: “[g]iving companies like LinkedIn free rein to decide, on any basis, who can collect and use data—data that the companies do not own, that they otherwise make publicly available to viewers, and that the companies themselves collect and use—risks the possible creation of information monopolies that would disserve the public interest.” But it’s hard to know where it fits within the broader jurisprudence on these issues. The current law of online contracts says that if you have notice of a website’s terms, and you continue to access in violation of those terms, you are in breach of contract. Indeed, just over a year ago, the district court in this case said: “Although currently hiQ is allowed access to the LinkedIn website and to copy or use public profiles posted thereon under the preliminary injunction, this does not mean that hiQ is entitled to a permanent injunction. Based on the counterclaim as pled, LinkedIn has a basis for asserting that it is entitled to a permanent injunction – or at least a declaration – that hiQ is subject to the User Agreement in the future.” hiQ Labs Inc. v. LinkedIn Corp., 2021 WL 1531172 at 6 (N.D. Cal. April 19, 2021).
• The same judge who said that giving companies like LinkedIn free rein to decide who accesses their site disserves the public interest also said that LinkedIn has a basis for asserting that it is entitled to a permanent injunction on the basis for asserting a permanent injunction because of its breach of contract claim.
• So let me get this straight: Information monopolies created by a CFAA cease-and-desist letters “disserve the public interest” but information monopolies created by breach-of-contract cease-and-desist letters derived from the exact same facts are A-OK?
• This is why I always say that we are far from a stable equilibrium on these issues. If you have the exact same set of facts, and both sides are entitled to injunctive relief on those facts based on different legal claims, sooner or later that has to be resolved one way or another.
• Eric’s “essential facilities” comment hints at the real underlying policy issue here. We have a company that makes its data available to the public but wants to restrict access to potential competitors who want to access the data and use it for commercial purposes. LinkedIn is giving the whole world a wide-open door to access this data but trying to slam the door (gate?) shut for a few select competitors who want to commercialize the data in a way they don’t like. This is anticompetitive behavior, pure and simple. The question is whether it is legal anticompetitive behavior or whether it implicates antitrust or unfair competition laws.
• Of note, the district court dismissed hiQ Labs essential facilities claim two years ago.
• This is an incredibly common fact pattern—it is nearly identical to almost every web scraping dispute from the famous Register.com v. Verio, Inc. case in 2002 to the Points Guy case in 2022. There is an entire multi-billion-dollar industry that is waiting for real guidance here, but courts repeatedly fail to deliver. Courts need to start acknowledging the importance of this specific fact pattern, and they need to provide real clarity on what is appropriate and what is not.
• The trespass to chattels claim is total crap, in my opinion. It’s sooooooo 2003. These days, only the clumsiest and most incompetent of web scrapers puts any burden on hosts’ IT infrastructure—and even so, that IT infrastructure is usually hosted on Amazon Web Services, anyway. At the motion to dismiss stage, the district court took evidence of the aggregate impact of web scraping on LinkedIn as evidence that hiQ Labs specifically had damaged LinkedIn’s infrastructure: “[T]aken in the aggregate, automated scrapers place a substantial burden on LinkedIn’s infrastructure – reaching at present into hundreds of millions of blocked access requests per day.” 2021 WL 1531172 at 10 (N.D. Cal. April 19, 2021). Taken in the aggregate, cars damage roads, but that doesn’t mean that every driver who drives on a public highway is responsible for destruction of public property.
• I’ll write more about this later, but the mainstream press’s coverage of this case has been lazy, reckless, and irresponsible. Forbes, TechCrunch, the Register, and TechRadar all covered the opinion with some version of the headline “web scraping is legal, says US court.” The distinction between “scraping public data is not a violation of the CFAA in the Ninth Circuit” and “there is an affirmative legal right to scrape publicly available data in the United States” was lost on many tech journalists. But that’s a very important distinction.

Case citation: hiQ Labs v. LinkedIn, 17-16783 (9th Cir. Apr. 18, 2022)

Related posts:

The CFAA “Gates-Up-or-Down” Metaphor Is Baffling Courts–ACI v. Conservice (Guest Blog Post)

Airline Sues to Stop Popular Web-Scraping Service–American Airlines v. The Points Guy (Guest Blog Post)

Researchers’ Challenge to CFAA Moves Forward–Sandvig v. Sessions

LinkedIn Enjoined From Blocking Scraper–hiQ v. LinkedIn

Scraping Lawsuit Survives Dismissal Motion–CouponCabin v. Savings.com

QVC Can’t Stop Web Scraping–QVC v. Resultly (Forbes Cross-Post)

Multiple Listing Service Gets Favorable Appellate Ruling in Scraping Lawsuit

Anti-Scraping Lawsuits Are Going Crazy in the Real Estate Industry (Catch-Up Post)

College Course Description Aggregator Loses First Round in Fight Against Competitor in Scraping Case — CollegeSource v. AcademyOne

Anti-Scraping Lawsuit Largely Gutted–Cvent v. Eventbrite

Interesting Database Scraping Case Survives Summary Judgment–Snap-On Business Solutions v. O’Neil

Facebook Gets Decisive Win Against Pseudo-Competitor Power Ventures — Facebook v. Power Ventures

Power.com Up For Auction — Facebook v. Power Ventures

Power.com Counterclaims Dismissed — Facebook v. Power Ventures

Judge Denies Facebook’s Request for Judgment on the Pleadings and Strikes Power.com Counterclaims — Facebook v. Power.com

Craigslist Wins Routine But Troubling Online Trespass to Chattels Ruling in 3Taps Case (Catch-up Post)

Craigslist’s Anti-Consumer Lawsuit Threatens to Break Internet Law–Craigslist v. 3Taps/Padmapper (Forbes Cross-Post)

Ninth Circuit Says LinkedIn Wrongly Blocked HiQ’s Scraping Efforts

The post Once Again, LinkedIn Can’t Use CFAA To Stop Unwanted Scraping–hiQ v. LinkedIn appeared first on Technology & Marketing Law Blog.

The underlying case is a putative TCPA class action. Fluent is a marketing company that generates leads. With respect to one of the plaintiffs, Fluent’s website (which offered free items) asked the plaintiff to “confirm her zip code”. The zip code was pre-populated and the consumer clicked on a button that said “this is correct, continue! >>”. The second plaintiff was asked to confirm their gender and click “continue”.

A highly magnified view of the key area from the above screenshot:

As between the webpage [the other plaintiff] viewed, sandwiched between the buttons allowing Russell to select her gender and the large green “continue” button were the same two lines of text in tiny gray front stating, “I understand and agree to the Terms and Conditions which includes mandatory arbitration and Privacy Policy.” The hyperlinks were underlined but . . . appeared in the same gray font as the rest of the sentence.

A highly magnified version of the key area from the screenshot above:

The key question was whether either plaintiff assented to the terms by proceeding. The court says “no”.

The court says that either New York or California law governs, and the result would be the same under either state’s law. Both states require mutual consent. These basic principles “apply with equal force to contracts formed online.” On one end of the spectrum are “clickwrap” agreements which are routinely found to be enforceable. At the other end are “browsewrap” agreements which courts are more skeptical of. Absent a showing of “actual knowledge,” inquiry notice will result in a contract only if (1) the website provides ‘reasonably conspicuous’ notice and (2) the consumer makes an “unambiguous” manifestation of assent. The court says neither condition is satisfied here.

Reasonably conspicuous notice: The court says the text disclosing the terms on the websites “is the antithesis of conspicuous.” Far from drawing a user’s attention to the terms, the presentation “deemphasized” them:

Website users are entitled to assume that important provisions—such as those that disclose the existence of contractual terms—will be prominently displayed, not buried in fine print.

The court even finds fault with the way the hyperlink is presented:

A web designer must do more than simply underscore the hyperlinked text in order to ensure that it is sufficiently ‘set apart’ from surrounding text.

Manifestation of assent: The court is not any more persuaded on the assent issue:

[Here, the button] did not indicate to the user what action would constitute assent to those terms and conditions. Likewise, the text of the button itself gave no indication that it would bind plaintiffs to a set of terms and conditions.

The court notes that the fact that the notice referenced arbitration is not persuasive. The key question is whether the plaintiffs can be deemed to have manifested their assent to the terms in the first place.

Concurring Judge Baker: A concurring Judge Baker focused first on the choice of law question. After reasoning that California law applied, Judge Baker focused on two decisions from California appellate courts. Judge Baker faults the panel opinion for not paying close enough attention to California law, noting that federal courts are “messengers, not catalysts, of state law.”

California law offered two cases, both from intermediate appeals courts: Long v. Provide Commerce and a more recent decision: Sellers v. JustAnswer LLC. (See blog posts on those rulings here and here.)

Long was an e-commerce case where the website simply failed to present the terms of service and ask a purchasing customer to agree to them. The court cited extensively to Nguyen. Judge Baker says

Long went further and approved Nguyen’s conclusion that if browsewrap is to be enforceable, ‘a textual notice should be required to advise consumers that continued use of a web site will constitute the consumer’s agreement to be bound by the web site’s terms of use.

Sellers v. JustAnswer embraced Judge Weinstein’s taxonomy from Berkson v. Gogo. Sellers was also an e-commerce case where the website buried the website terms of service. The court said it was a “sign-in wrap,” which is enforceable where notice to the consumer is “reasonable.” The court in Sellers also looked to the context of the transaction and specifically whether the relationship is contemplated to be “ongoing.” In that case, the notice was not conspicuous at all.

Judge Baker summarizes the state of California law:

Long and Sellers teach that, pending further word from the California appellate courts, browsewrap agreements are unenforceable per se; sign-in wrap agreements are in a gray zone; and clickwrap and scrollwrap agreements are presumptively enforceable. And in the gray zone of sign-in wrap agreements, enforceability requires conspicuous textual notice that completing a transaction or registration signifies consent to the site’s terms and conditions. Whether such notice is sufficiently conspicuous will turn on the transactional context, the notice’s size relative to other text on the site, the notice’s proximity to the relevant button or box the user must click to complete the transaction or register for the service, and whether the notice’s hyperlinks are readily identifiable. A court must “[c]onsider[ ] all of these factors” together. Sellers, 289 Cal. Rptr. 3d at 29. [fn 4]

Applying those principles, the context of the transaction here (a one-off) requires that the websites’ notices “must undergo the most rigorous scrutiny.” The theory being that consumers won’t expect the site to have attached terms? Either way, the websites here fail that test.

“Textual notice” is required. A key feature of a “sign-in wrap” agreement is that the text explains to consumers that “acceptance of a separate agreement is required before the user can access the service.”

Judge Baker’s final observation: “for an otherwise conspicuous notice to be effective, it must be unambiguously tied to some act of the website user that manifests assent to the site’s terms and conditions.”

__

It’s tough to tell precisely what the disagreement is between Judge Baker and the panel opinion.

Kieran McCarthy’s post on Sellers presciently noted the trend of federal court rulings citing to other federal court rulings in these terms of service rulings:

Which is why it is perhaps odd that the law of online contracts is such an echo chamber of federal court opinions interpreting other federal court opinions. There are relatively few state-court cases with outsized influence in the law of online contracts. But occasionally you’ll find a state-court case that makes you think that maybe that’s due for a change. Enter Truc Do, judge for the Court of Appeals, Fourth District, in California.

I also find it helpful to look at it from the perspective of the type of transaction in question.

Long, Sellers (and Nguyen) were all purchase transactions (where a consumer purchased something from a website), in some instances recurring. The transaction in this case is slightly different: the websites in question merely asked the consumer for personal information of some sort in an exchange resulting in marketing communications. Perhaps this is equivalent to a purchase transaction although it doesn’t involve money changing hands? On the other hand, in a purchase transaction where cash changes hands, the consumer must input payment information at some point. As a consumer, I always expect that these transactions come with some sort of terms.

Footnote 4 from Judge Baker’s concurrence is worth highlighting:

Given the present state of California law, website designers who knowingly choose sign-in wrap—to say nothing of browsewrap—over clickwrap and scrollwrap designs practically invite litigation over the enforceability of their sites’ terms and conditions, as the fact-intensive inquiry over ‘what makes a given textual notice sufficiently conspicuous . . . invariably lends itself to a more subjective than objective analysis.

Lawyers who advise website designers and companies, take note!

I wonder if either side seeks rehearing?

__

Eric’s Comments: The majority never uses the term “sign-in-wraps” (yay!), but I think most courts nowadays would categorize the defendant’s implementations that way, as the concurrence does. Sign-in-wrap formation processes normally succeed. Why didn’t that happen here? The defendant made three crucial mistakes:

(1) The call-to-action font was too small. “It is printed in a tiny gray font considerably smaller than the font used in the surrounding website elements, and indeed in a font so small that it is barely legible to the naked eye.” As I teach my students, the call-to-action should never be the smallest font on the page.

(2) Underlining words didn’t sufficiently denote hyperlinks. “Consumers cannot be required to hover their mouse over otherwise plain-looking text or aimlessly click on words on a page in an effort to ‘ferret out hyperlinks.'” The court says blue font or all caps would have helped, but other courts have only required an offsetting color, not necessarily blue.

(3) The “call-to-action” was just a declarative statement without the standard if/then grammar. The judges were not willing to read the conditional “if X” part into the text; they interpreted the words quite strictly. The majority doesn’t mention the additional problem in the first screenshot, where a different ask is made between the call-to-action and the action button, but the concurrence does.

Forming online contracts is not rocket science. The court’s concerns were incredibly easy to avoid. The court obviously felt that the defendant was trying to pull a fast one by cutting corners on standard/best practices. The concurrence hammers the point: “Given the present state of California law, website designers who knowingly choose sign-in wrap—to say nothing of browsewrap—over clickwrap and scrollwrap designs practically invite litigation over the enforceability of their sites’ terms and conditions.”

The court doesn’t indicate if the contract would have formed if the defendant had fixed one or two of the three problems. At minimum, it seems like the misdrafted call-t0-action was fatal no matter what.

As Venkat notes, the concurrence tries to boil the rules down to a simple formula: “browsewrap agreements are unenforceable per se; sign-in wrap agreements are in a gray zone; and clickwrap and scrollwrap agreements are presumptively enforceable.” I’m not sure it’s as categorical as this, but the lessons are clear: use a “clickwrap” (2 clicks, not one) and sleep better at night. Don’t give the judges any reason to doubt the drafter’s sincerity or find reasons to reject the formation process.

Case citation: Berman v. Freedom Financial Network, No. 20-16900 (9th Cir. Apr 5, 2022)

__

BONUS COVERAGE (by Eric): BD v. Blizzard Entertainment, Inc., D078506 (Cal. App. Ct. March 29, 2022). This case alleges that the game Overwatch used lootboxes, and they constituted illegal gambling. Blizzard seeks to send it to arbitration per its TOS:

The court characterizes this formation as a “sign-in-wrap” but correctly adds “we need not dwell on the issue because it is the degree of notice provided, not the label, that is determinative.” As you can see, the visible portion of the TOS calls out the arbitration clause. The presentation had a properly phrased and located call-to-action, though we could quibble about font size.

The court relies heavily on the Long and Sellers rulings, showing the precedential power of California appellate court decisions when they are actually published. The court concludes: “the 2018 pop-up notice provided sufficiently conspicuous notice that a user who clicked the “Continue” button at the bottom of the pop-up would be bound by the 2018 License Agreement and the Dispute Resolution Policy incorporated into it… Blizzard’s notice did not rely on a visually nondescript hyperlink—no hyperlink was required to access the 2018 License Agreement (because the entire agreement was contained in the pop-up), and the hyperlink in the Dispute Resolution section stood out in underlined blue text.”

Related posts:

Court Rejects “Browsewrap.” Is That Surprising?–Long v. ProFlowers

California Appellate Court Rejects Poorly Executed “Sign-In Wrap”–Sellers v. JustAnswer (Guest Blog Post)

Court Enforces Arbitration Clause in Amazon’s Terms of Service–Fagerstrom v. Amazon

The “Browsewrap”/”Clickwrap” Distinction Is Falling Apart

What’s a Browsewrap? The Ninth Circuit Sure Doesn’t Know–Nguyen v. Barnes & Noble

23andMe’s Browsewrap Fails, But Its Post-Purchase Clickthrough Works Anyway–Tompkins v. 23andMe

Facebook’s “Browsewrap” Enforced Against Kids–EKD v. Facebook

Judge Can’t Decide if Facebook’s User Agreement is a Browsewrap, But He Enforces It Anyways–Fteja v. Facebook

Gmail Terms of Service Apply to reCAPTCHA During Account Formation–Rojas-Lozano v. Google

Jawbone Plaintiff Can Invoke California Choice of Law Provision in Service Agreement

If You’re Going To Incorporate Online T&Cs Into a Printed Contract, Do It Right–Holdbrook v. PCS

Clickthrough Agreement Upheld–Whitt v. Prosper

‘Flash Sale’ Website Defeats Class Action Claim With Mandatory Arbitration Clause–Starke v. Gilt

Some Thoughts On General Mills’ Move To Mandate Arbitration And Waive Class Actions

Second Circuit Says Arbitration Clause in Terms Emailed After-the-Fact Not Enforceable – Schnabel v. Trilegiant

Users Can’t Sue Sony for Changing Online Terms to Require Arbitration – Fineman v. Sony Network Entertainment

Qwest Gets Mixed Rulings on Contract Arbitration Issue—Grosvenor v. Qwest & Vernon v. Qwest

Zynga Wins Arbitration Ruling on “Special Offer” Class Claims Based on Concepcion — Swift v. Zynga

Second Circuit Enforces Terms Hyperlinked In Confirmation Email–Starkey v. G Adventures

If You’re Going To Incorporate Online T&Cs Into a Printed Contract, Do It Right–Holdbrook v. PCS

Clickthrough Agreement Upheld–Whitt v. Prosper

The post Poorly Executed “Sign-in-Wrap” Contract Formation Process Fails–Berman v. Freedom Financial appeared first on Technology & Marketing Law Blog.

On summary judgment, the parties largely renew the arguments they previously made.

Was the embed a “display” under the Copyright Act: Newsweek relied on the server test to argue that its use of the embed functionality offered by Instagram did not result in a display of the photograph. The court rejects this argument for similar reasons it initially relied on. First, the server test has not been widely adopted outside the Ninth Circuit. Second, accepting Newsweek’s argument would render the display right a “subset of the reproduction right”. The server test results in loss of control to a photographer who promotes their work on Instagram. The court finds this untenable:

it cannot be that the Copyright Act grants authors an exclusive right to display their work publicly only if that public is not online.

[Quoting Nicklen v. Sinclair Broadcasting]

Whether Instagram granted Newsweek an express sublicense: The court says Instagram’s policies make clear Instagram has the power to grant a sublicense to content posted to its platform. However, it’s less clear as to whether Instagram actually took this step. The court finds the relevant language sufficiently equivocal. For example. The “Platform Policy” appears to grant a broad license to users of the API. On the other hand, it provides that “User Content is owned by users and not by Instagram.” Further, the terms referenced by the Platform Policy include a representation by platform licensees that they “own or have secured all rights necessary to display, distribute and deliver all content in [the licensee’s] app or website.” While the definition of “Platform” includes “content,” it doesn’t appear to contain “User Content.”

As the court notes in a footnote, Instagram has changed its policy since the onset of the litigation. The current terms make clear that platform API users are not automatically granted a license and must independently secure rights in any content they embed.

Whether Instagram granted Newsweek an implied sublicense: An implied license exists where someone (1) creates content (2) at another’s request and (3) handed it over, intending the other party copy and distribute it. Newsweek tried to argue that the relevant content in question was the embed code, but the court says this views things too narrowly. The content at issue is really the photograph. Still, the court says that Instagram’s own statements on its website could support the view that it intended platform API users to freely distribute content. The court notes that McGucken tried to introduce evidence of a quote from an “unidentified” Instagram representative made to Ars Technica. The court says this statement is irrelevant to the parties’ understanding at the time of the conduct.

Fair use is also an issue best left for trial: Newsweek also argued fair use.  The court finds that a reasonable juror could come to either conclusion.

__

Perhaps this case will tee up the server test for review by the Second Circuit.

The court flags that the parties did not submit any new evidence on the issue of whether Instagram intended a license. I wonder whether McGucken tried to depose Instagram representatives and take third party discovery regarding Instagram’s internal deliberations regarding this issue.

A key question is what the revised terms mean for users of Instagram’s embed feature going forward. It’s noteworthy that Instagram didn’t make any statements to try to clarify the scope of the license. Its revised terms make clear that platform users are not granted an express license. I suppose this still leaves the possibility of an implied license but this case cautions reliance on this theory.

Case citation: McGucken v. Newsweek LLC, 19-civ-9617 (Mar. 21, 2022)

Related posts:

Is It OK to Embed Instagram Photos? ¯\_(ツ)_/¯

Instagram’s TOS Authorizes Third-Party Embedding of Photos–Sinclair v. Mashable

In-Line Linking May Be Copyright Infringement–Goldman v. Breitbart News

Court Definitively Rejects AFP’s Argument That Posting a Photo to Twitter Grants AFP a License to Freely Use It — AFP v. Morel

Court Rejects Agence France-Presse’s Attempt to Claim License to Haiti Earthquake Photos Through Twitter/Twitpic Terms of Service — AFP v. Morel

Ninth Circuit Opinion in Perfect 10 v. Google and Amazon

The post Instagram Embedding Cases Continue to Vex the Courts–McGucken v. Newsweek appeared first on Technology & Marketing Law Blog.

This is a putative class action lawsuit against a people search company for allegedly misusing publicity and personality rights by displaying images contained in yearbooks. Among other things, plaintiffs complained that defendant used plaintiffs’ likenesses to drive traffic and sell subscriptions to paid searches.

Defendant argued that plaintiffs were bound by the arbitration clause. In a plot twist, this argument was based on counsel for plaintiffs agreeing to the clause. Apparently counsel created two accounts, agreeing to the terms of service, and also “used” the website in question.

Judge Chen analyzed agency and authority. Under California law, where the lawyer has express authority, the client may be bound by the lawyer’s agreement to a contractual term. The client may also be bound by ratification. Finally, the client could be bound if the lawyer has “implied actual authority” or “apparent authority”.  Here, there was no indication that there was express authorization. “Nor [was] there any suggestion that Plaintiffs . . . ratified the agreement to arbitrate.” Judge Chen found that the mere fact of the attorney-client relationship did not give rise to either type of authority. Finally, Judge Chen pointed out that counsel’s use of the website “was undertaken as part of the investigation—an investigation consistent with counsel’s Rule 11 obligations.”

The Ninth Circuit’s ruling largely tracks Judge Chen’s. The court clarifies that plaintiffs did not ratify the agreement by accepting the benefits or failing to repudiate the agreement. Further:

[a]t the time the complaint was filed, there was no evidence Plaintiffs knew the arbitration agreement existed, that their counsel had executed it, or that they had the right to rescind it. By the time Plaintiffs were alerted to this information, any information derived from their counsel’s use of the website had already been publicly filed and had become part of the litigation. At that stage, it was no longer possible for Plaintiffs to avoid “accepting” any of these purported “benefits”.

__

This case addresses the often-relevant question of whether counsel can compromise a client’s rights through use of a site or agreement to a terms of service. Judge Chen was skeptical of defendant’s argument. The Ninth Circuit appears less skeptical of it, but it’s tough to tell, given their treatment of the issue in a memo opinion. It’s always disappointing to see the Ninth Circuit take this approach when the case presents a thorny issue. The Ninth Circuit took a similar approach in a recent case (BF v. Amazon) involving whether minors who did not agree to arbitration could be forced to arbitrate their claims.

The case also raises the question of when third parties can be bound by an arbitration clause. This is increasingly relevant in the consumer context, where household items come with terms that include arbitration. See Eric’s post from late last year covering this issue in the case of Peloton exercise equipment: “Peloton Can’t Bind All Family Members To Its Arbitration Provision–SS v. Peloton”

Case Citation: Callahan v. PeopleConnect, Inc., No. 21-16040 (9th Cir. March 18, 2022)

Related posts:

“Amazon Can’t Force Arbitration of Minors’ Privacy Claims Based on Alexa Recordings–BF v. Amazon”

“Anarchy Has Ensued In Courts’ Handling of Online Contract Formation (Round Up Post)”

“Minors’ Suit Over Facebook Credits Survives in Part – I.B. v. Facebook”

“Facebook’s “Browsewrap” Enforced Against Kids–EKD v. Facebook.”

“Parents’ Lawsuit Against Apple for In-App Purchases by Minor Children Moves Forward — In re Apple In-App Purchase Litigation.”

“Clickthrough Agreement Binding Against Minors–A.V. v. iParadigms”

“Peloton Can’t Bind All Family Members To Its Arbitration Provision–SS v. Peloton”

The post If a Lawyer Accepts a TOS While Investigating a Claim, Does It Bind the Client to Arbitration? appeared first on Technology & Marketing Law Blog.

Defendants (Hollenshead and Accu-trade) talked with Carfax about using Carfax’s QV tool in exchange for the provision of data by defendants to Carfax. Carfax provided Accu-trade with a test account and a limited data set. The parties never executed a formal agreement, and Accu-trade advised Carfax that it was no longer interested in using the QV tool. As alleged in the complaint, Accu-trade and possibly Hollenshead accessed the tool and data following termination of the negotiations. When confronted, Accu-trade’s CFO signed a previously sent over (but-unexecuted) agreement. Apparently, not only had Accu-trade continued to use the QV tool, it also allegedly allowed use by others downstream, including allowing one party to access the tool who then authorized 100 of its own customers to do so.

Plaintiff alleges claims under the CFAA and the Virginia computer crimes statute. Defendants moved to dismiss the complaint.

Personal Jurisdiction: The court first engages in a lengthy detour while evaluating personal jurisdiction. The court concludes:

1. Defendants engaged in acts or omissions in Virginia that caused tortious harm (plaintiff’s servers were located in Virginia).
2. The co-defendant and individual defendant were sufficiently complicit in the acts that they too are subject to Virginia’s long-arm statute.
3. Defendants purposefully availed themselves of the benefits of conducting business in Virginia. The court takes a further detour regarding the effect of a server in the jurisdiction and some personal jurisdiction cases involving spam.
4. The court rejects Defendants’ arguments that Walden v. Fiore nullified the “effects test”.

CFAA Claim: The parties argued whether plaintiff stated a claim under Fourth Circuit precedent as modified (if at all) by Van Buren:

Defendants argue that Van Buren‘s bright-line “gates-up-or-gates-down” view of authorization under the CFAA makes Plaintiff’s allegations as to Count I of no moment. To that end, Defendants contend that Plaintiff’s allegation that Accu-Trade was not permitted to use the QV tool after allegedly rejecting Plaintiff’s contract is “not enough.” As such Defendants contend that because Plaintiff did not allege it attempted to disable Accu-Trade’s ability to access the QV tool or issue some clear message to Accu-Trade that their access to the QV tool was no more, the Complaint fails to assert that Accu-Trade accessed the QV tool without authorization.

Plaintiff acknowledged it could not state a claim on the basis that defendants “exceeded authorized access”, but argued that it stated a claim because defendants’ access was “without authorization” when Accu-trade informed plaintiff that it was not interested in a licensing relationship and would not be using the QV tool.

The court agreed that, while the parties were discussing a possible relationship, Carfax had granted Accu-trade and company some sort of access to the information in question. Carfax cannot assert a claim as to access during this period. The court then turns to the key question:

That leaves the Court with the question: Were the gates to the QV tool ever re-erected following Accu-Trade’s representations to Plaintiff on November 3, 2018 so as to provide a plausible basis for Plaintiff’s claim that Defendants continued to access the QV tool “without authorization”? Framed differently, the Court must determine, as a matter of law, whether an affirmative act by Plaintiff to re-raise the gates around the QV tool server is required to establish that Defendants had acted “without authorization.” Because this Court construes the issue as a question of law and not a disputed fact, resolution of this issue is required in making a plausibility assessment of Count I and is therefore a proper exercise at the motion to dismiss stage. See, e.g., WEC, 687 F.3d at 203 (affirming the district court’s consideration of how to interpret “without authorization” at the motion to dismiss stage).

[Eric’s note: this judge is treating gates like fences, not portcullises, so “up” means that the gates are meant to block access.]

The court looks to WEC (a pre-Van Buren Fourth Circuit case involving an employee that endorsed a CFAA claim, I blogged about here) and says three factors prompted the court to find that the so-called “gates were up” (1) the former employee access the information after he left the company; (2) the company took steps to revoke access; (3) the employee acknowledged he lacked authorization following his resignation. The court says plaintiff falls short of establishing that here. The court also notes that the Fourth Circuit endorsed the Ninth Circuit’s “narrow view” of the CFAA. (Cites to Nosal and Power Ventures.)

State Law Claims: Notwithstanding rejection of the CFAA claim, the court says Carfax does state a claim under the Virginia Computer Crimes Act. This statute pre-dated the CFAA and is not “derivative” of the CFAA. Courts have not employed the rule of lenity in interpreting it.

__

A few comments about this ruling.

The jurisdictional discussion illustrates that courts struggle with reconciling Supreme Court rulings limiting the reach of personal jurisdiction with existing precedent taking a broad approach.

Second, Carfax does not appear to have required defendants to enter into an evaluation agreement, although the ruling is silent on this point. I wondered if an evaluation agreement would have been helpful. Would language in correspondence saying “at the conclusion of this evaluation relationship, we revoke your access to any databases, servers, etc.” have been helpful to plaintiff?

This is another example of Van Buren’s “gates-up-or-down” metaphor not being very helpful. Kieran McCarthy’s recent post is worth quoting:

As with Finnegan’s Wake, the most important content of that opinion comes in the form of an opaque metaphor, the “gates-up-or-gates-down inquiry.” And while I may have my own opinions about what that metaphor means (and if it has any meaning at all), every time I read about how others interpret it, the results are different.

Finally, Van Buren was a case involving a license plate database (albeit a law enforcement one). This case involves two companies battling over VIN and license plate information as well. I vaguely wondered where these companies get the data they are fighting over in the first place.

Case citation: Carfax, Inc. v. Accu-Trade, LLC, et al., 1:21-cv-00360 (E.D. Va. Mar. 4, 2022)

Related posts:

The CFAA “Gates-Up-or-Down” Metaphor Is Baffling Courts–ACI v. Conservice (Guest Blog Post)

Airline Sues to Stop Popular Web-Scraping Service–American Airlines v. The Points Guy (Guest Blog Post)

Researchers’ Challenge to CFAA Moves Forward–Sandvig v. Sessions

LinkedIn Enjoined From Blocking Scraper–hiQ v. LinkedIn

Scraping Lawsuit Survives Dismissal Motion–CouponCabin v. Savings.com

QVC Can’t Stop Web Scraping–QVC v. Resultly (Forbes Cross-Post)

Multiple Listing Service Gets Favorable Appellate Ruling in Scraping Lawsuit

Anti-Scraping Lawsuits Are Going Crazy in the Real Estate Industry (Catch-Up Post)

College Course Description Aggregator Loses First Round in Fight Against Competitor in Scraping Case — CollegeSource v. AcademyOne

Anti-Scraping Lawsuit Largely Gutted–Cvent v. Eventbrite

Interesting Database Scraping Case Survives Summary Judgment–Snap-On Business Solutions v. O’Neil

Facebook Gets Decisive Win Against Pseudo-Competitor Power Ventures — Facebook v. Power Ventures

Power.com Up For Auction — Facebook v. Power Ventures

Power.com Counterclaims Dismissed — Facebook v. Power Ventures

Judge Denies Facebook’s Request for Judgment on the Pleadings and Strikes Power.com Counterclaims — Facebook v. Power.com

Craigslist Wins Routine But Troubling Online Trespass to Chattels Ruling in 3Taps Case (Catch-up Post)

Craigslist’s Anti-Consumer Lawsuit Threatens to Break Internet Law–Craigslist v. 3Taps/Padmapper (Forbes Cross-Post)

Ninth Circuit Says LinkedIn Wrongly Blocked HiQ’s Scraping Efforts

The post Database Access After Failed Negotiations Didn’t Violate the CFAA–Carfax v. Accu-Trade appeared first on Technology & Marketing Law Blog.

Plaintiffs fired the remaining defendant. When the plaintiffs could not obtain the log-in credentials for the Facebook page, they sued in state court. Defendants removed the case to federal court.

False Association Under the Lanham Act: The court says plaintiffs state a claim under the Lanham Act:

Taking [plaintiffs’] allegations as true, it follows that Tito & Tita represented it was associated with all the historic La Baguette content it failed to delete, associated with or endorsed by La Baguette as a successor, and endorsed by all La Baguette’s existing Facebook followers. The analogous non-digital conduct would be to take a photograph of a crowd inside La Baguette with the caption “La Baguette, Christmas party 2016,” erase “La Baguette,” write-in “Tito & Tita,” and keep the photograph on the wall where customers can see it. Tito & Tita allegedly modified content, rendering it false or misleading, then used that content to kick start its competing business.

The court says plaintiffs adequately allege likelihood of confusion and also satisfy standing under Lexmark.

Unfair Competition: The same allegations support a claim for unfair competition under Maryland law.

Tortious Interference: Plaintiffs also state a claim for tortious interference:

The complaint alleges wrongful conduct resulting in the diversion of prospective customers, and it contains facts from which the Court can infer tortious intent and malicious purpose. Specifically, plaintiffs allege they were injured by defendants’ false representations and unfair competition. . . .  They have identified future business relationships likely to occur absent defendants’ misconduct, namely orders from the people who followed the Facebook page. . . .  They further allege several customers thought they were ordering from La Baguette when they were in fact ordering from Tito & Tita—specific potential business relations that would have occurred absent defendants’ interference.

The court says plaintiffs also allege bad intent:

They allege that defendants posted a message shortly after the “hijacking” seeking to divert people who followed the Facebook page, . . .  that defendants passed off their goods as plaintiffs’, . . . and that customers were in fact diverted and ordered from Tito & Tita when they intended to order from La Baguette . . . . .

Conversion and Detinue: Courts have been reluctant to extend conversion claims under Maryland law to pure intangibles. The outer limits of the conversion claim are where some documents representing the intangibles are improperly transferred to the defendant (such as stock certificates, promissory notes, or life insurance policies). Interestingly, the court doesn’t discuss treatment of the password, or communication transmitting the password, as such a document. Detinue, while distinct from conversion, has also not been extended to pure intangibles. Absent a hint from Maryland courts that they would be willing to expand this tort, the court is likewise unwilling to do so.

Breach of Fiduciary Duty: A breach of fiduciary duty is limited in the employment context to higher level employees. Further, Maryland courts allow departing employees to take preparatory actions. Defendants did not contest that they were high level employees. The court says their actions amount to more than mere preparation.

Breach of Contract: Plaintiffs only alleged a contract claim, based on breach of a non-compete, against the one defendant who had signed the non-compete. He had two legal arguments in favor of dismissal, neither of which succeeded. First, he argued lack of consideration. The court says continued employment, even if at-will, is sufficient under Maryland law, where the non-compete is only for the duration of employment. Maryland courts scrutinize consideration more closely where the non-compete extends beyond the termination of employment but that wasn’t at issue here. Second, the defendant argued that the specification of termination as a remedy meant that this was the employer’s sole remedy. The court says this argument is not supported by language in the agreement.

Unjust Enrichment and Conspiracy: The court also says plaintiffs adequately stated a claim for unjust enrichment and for conspiracy.

In a footnote, the court acknowledges the law is “evolving” with respect to employer ownership of social media accounts:

The law on the ownership of a social media pages created by employees for employers is evolving rapidly and varies between jurisdictions. See generally, Christopher A. Moore, Find Out Who Your Friends Are: A Framework for Determining Whether Employees’ Social Media Followers Follow Them to A New Job, 39 CAMPBELL L. REV. 493 (2017); Courtney J. Mitchell, Keep Your Friends Close: A Framework for Addressing Rights to Social Media Contacts, 67 VAND. L. REV. 1459 (2014); Zoe Argento, Whose Social Network Account? A Trade Secret Approach to Allocating Rights, 19 MICH. TELECOMM. & TECH. L. REV. 201 (Spring 2013). If this litigation continues and defendants wish to repeat this argument, they should support their assertion that they own the Facebook page with authority.

Defendants are free to flesh out their arguments regarding ownership of the Facebook page later in the case.

__

It’s helpful to compare and contrast this case with a pair of cases I blogged about last year.

In United Federation of Churches v. Johnson, the Satanic Temple of Washington tried to wrest control of its Facebook page from a competing faction. It relied on CFAA and cybersquatting claims, as well as tortious interference, consumer protection, and defamation claims. The claims were unsuccessful, and I speculated that the church may have had better luck if it had a viable trademark or a contract claim, neither of which it had. In contrast, in JLM Couture v. Gutman, JLM, the bridal wear company was successful at the PI stage precisely because it asserted trademark and contract claims. (NB: I have an update in the queue to my recent post recapping the Second Circuit’s decision on the JLM Couture case.)

The court’s discussion of the conversion claim was worth noting. Conversion does not neatly fit the bill in these cases, although plaintiffs have tried to shoehorn it into possible pleadings. One wonders how a domain name would fare under Maryland law.

Two questions to consider:

What could the ex-employees have done to continue to use the Facebook page?: This is a tough one. The claims are presented through the trademark lens and they focused on false association. Much of the actions the court focused on were a result of “the way Facebook works”. If the former employees were able to change the page so only new content was labeled as coming from the new entity, would La Baguette have had recourse?

What about employee social media laws?: Maryland enacted a social media privacy law in 2021. As with other such laws, this law struggles with definitions. It appears to cover “personal account[s] or service[s],” but this is not further defined by the statute. Perhaps the facts in this case are at the fringe and the account is obviously a non-personal account? But those laws will always struggle to carve out what belongs to the employer and what is off-limits to the employer.

One thing to consider is that the business in this case relied on Facebook as its primary platform. I suppose it could have found itself in the same position with respect to its domain name (and website), but perhaps it would have had more readily available legal tools in that context.

Other coverage: “competitor’s alleged hijacking of Facebook page could violate 43(a)” (Prof. Tushnet)

Case citation: Pan 4 America, LLC, et al. v. Tito & Tita Food Truck, LLC, et al., DLB-21-401 (D. Md. Mar. 3, 2022)

Related posts:

Social Media Ownership Disputes, Part I: the Satanic Temple of Washington Can’t Get Its Facebook Pages Back

Ex-Employee’s Continued Use of Twitter Account May Be Conversion–Farm Journal v. Johnson

The Spectacular Failure of Employee Social Media Privacy Laws

Do Employers Own LinkedIn Groups Created By Employees?–CDM v. Sims

Creating Parody Social Media Accounts Doesn’t Violate Computer Fraud & Abuse Act – Matot v. CH

When Does A Parody Twitter Account Constitute Criminal Identity Theft?–Sims v. Monaghan

Trademark Owner Sues Over Alleged Twittersquatting–Coventry First, LLC v. Does

Steps Brand Owners Can Take to Deal With Brandjacking on Social Networks

Battle Over LinkedIn Account Between Employer and Employee Largely Gutted–Eagle v. Morgan

Ex-Employer’s Hijacking of a LinkedIn Account Is a Publicity Rights Violation–Eagle v. Morgan

Washington State’s Proposed Employer Social Media Law: The Legislature Should Take a Cautious Approach — SB 5211

Big Problems in California’s New Law Restricting Employers’ Access to Employees’ Online Accounts (Forbes Cross-Post)

“Social Media and Trademark Law” Talk Notes

Court Denies Kravitz’s Motion to Dismiss PhoneDog’s Amended Claims — PhoneDog v. Kravitz

An Update on PhoneDog v. Kravitz, the Employee Twitter Account Case

Another Set of Parties Duel Over Social Media Contacts — Eagle v. Sawabeh

Employee’s Claims Against Employer for Unauthorized Use of Social Media Accounts Move Forward–Maremont v. SF Design Group

Courts Says Employer’s Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed–PhoneDog v. Kravitz

Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer–Ardis Health v. Nankivell

Court Declines to Dismiss or Transfer Lawsuit Over @OMGFacts Twitter Account — Deck v. Spartz, Inc.

Employee’s Twitter and Facebook Impersonation Claims Against Employer Move Forward — Maremont v. Fredman Design Group

MySpace Profile and Friends List May Be Trade Secrets (?)–Christou v. Beatport

The post Departing Employees Rename Their Former Employers’ Facebook Account. That May Be a Problem–La Baguette v. Tito & Tita appeared first on Technology & Marketing Law Blog.

On LifeLock’s motion to dismiss, the court issues a mixed ruling for LifeLock, saying it may be on the hook for some of the loss.

Whether plaintiff has an “Account” covered by the policy: The policy defines “Account” as:

a U.S. regulated and domiciled checking, savings, money market, brokerage, or credit card Account of [the customer] held directly or indirectly by a Financial Institution and established primarily for personal, family or household purposes. ‘Account’ also includes a Retirement Account held in [the customer’s] name, or the name of [the customer’s] authorized representative.

The court surveys legal decisions addressing whether cryptocurrency is “regulated” under U.S. law. While courts recognize that generally the whole purpose of this type of currency is to function outside government regulation, “a public sale of cryptocurrency is [a] sale of securities regulated under the Securities Act.” However, plaintiff failed to allege that he purchased the cryptocurrency at issue in a public sale. The court thus finds that the assets lost by the plaintiff were not kept in an “Account”. The court rejects the breach of contract claim for any losses which hinge on the status of the “Account” as one subject to U.S. regulation.

Whether plaintiff suffered a “Stolen Identity Event”: Another provision of the policy defined a “Stolen Identity Event” as any “theft of personal information without [the customer’s] express authorization to establish or use a deposit, credit, or other Account.” “Personal information” is broadly defined to include “personal identification, social security number, or other method of identifying [the customer].” The court says plaintiff has sufficiently alleged he experienced a “Stolen Identity Event” (the loss of his account access credentials) and states a breach of contract claim on this basis.

Breach of the Duty of Good Faith and Unjust Enrichment: The court rejects plaintiff’s claims for breach of the duty of good faith and for unjust enrichment. Under New York law, the breach of duty of good faith requires an allegation distinct from the breach of contract claim. Plaintiff fails to make that allegation here. New York law recognizes unjust enrichment despite the existence of a contract in “unusual” circumstances. This is not the case here.

__

This is a noteworthy ruling, given the prevalence of these types of losses. Other than an insurance company, plaintiffs have tried their luck suing wireless carriers, where SIM swapping is involved.

I found the court’s discussion of the policy provisions somewhat confusing. Policies are famously byzantine in how they describe what is covered and excluded, and this policy was no exception. The policy covers losses arising from (i) a “Stolen Identity Event” or (ii) a “Stolen Funds Loss” (resulting from an “Unauthorized Funds Transfer”). Note: the policy provides for different levels of coverage depending on the event in question. My read of the policy is that it provides coverage up to $1 million if you can show there was a “Fraudulent Withdrawal,” which means a loss of funds as a result of a “Stolen Funds Loss incurred as a direct result of a Stolen Identity Event.” On the other hand, if you merely experience a “Stolen Identity Event,” without an unauthorized withdrawal, the policy covers things like remediation and reimbursement for for costs of remediation.

Either way, all of the losses appeared tied to the definition of “Accounts”, and given the court’s conclusion that the account at issue did not fit into the category of an “Account,” I couldn’t quite understand why the court found plaintiff adequately alleged a breach of contract claim.

The policy‘s definition of “Stolen Identity Event” also covered a scenario where someone’s identity was stolen and the perpetrator used the identity to “enter into a contract or commit a crime.” The court did not discuss this, but I wondered whether plaintiff could argue that the perpetrator here used the plaintiff’s identity to “enter into a contract” (i.e., in using or further transferring the assets)?

One final point worth noting is that rules governing interpretation of policies vary by state. Some states, such as Washington, have robust protection for insureds. Ambiguities in policies are interpreted in favor of the insured, and insurers owe a duty of good faith when making coverage decisions. I could see a different result under Washington law.

Case citation: Atwal v. NortonLifeLock, Inc., 1:20-cv-00449-WMS (W.D.N.Y. Feb. 3, 2022)

The post LifeLock Identity Theft Protection Policy May Cover Theft of Cryptocurrency Assets–Atwal v. LifeLock appeared first on Technology & Marketing Law Blog.