Digital Media Lawyer Blog

Two recent rulings indicate that posting private information about a third party on a social networking site will be treated as giving "publicity" of private facts that is sufficient to support a claim for invasion of privacy -- regardless of the number of persons who actually view the site.

On June 23, 2009, the Minnesota Court of Appeals, in Yath v. Fairview Clinics (Case No. A08-1556), considered a case in which a worker at a clinic created a MySpace webpage in which she revealed that the plaintiff had a sexually transmitted disease, had recently cheated on her husband and was addicted to plastic surgery. The worker obtained this information by improperly accessing the plaintiff's medical records. The record showed that the MySpace page was only up for about 24 hours before being blocked by MySpace, and may have had as few as 6 visitors.

The plaintiff sued the worker, inter alia, under Minnesota's invasion of privacy common-law tort theory, which required her to prove: (1) a defendant gave "publicity" to a matter concerning her private life, (2) the publicity of the private information would be highly offensive to a reasonable person, and (3) the matter was not of legitimate concern to the public. Bodah v. Lakeville Motor Express, Inc., 663 N.W.2d 550, 553 (Minn. 2003).

The Minnesota Court of Appeals in Yath found that publication on the MySpace page, even though accessed by only a few users, was sufficient to meet the publicity element. The Court's reasoning was based on well-established legal principles that have been recognized for decades. Citing the Restatement (Second) of Torts, a venerable treatise on common law, the Court noted that there are two methods to satisfy the publicity element of an invasion of privacy claim: (1) by a single communication to the public, or (2) by proving communication to individuals in such a large number that the matter is deemed communicated to the public.

In applying the first rule, courts around the U.S. have generally held that publication in any type of public forum, including a newspaper, the radio, a press release or in a public address to a large audience is sufficient to meet the publicity element. See David Elder, Privacy Torts § 3:3 (2002). A number of cases have held that publication on the internet also meets the publicity element of an invasion of privacy claim. See, e.g., Michaels v. Internet Entertainment Group, Inc., 5 F.Supp.2d 823 (C.D.Cal. 1998); Lambert v. Hartmann, 898 N.E. 2d 67 (Ohio App. 2008). Moreover, publication in a public forum, such as a newspaper or newsletter, will constitute publicity, even where the forum has a small distribution. Id.

Continue reading "The Yath and Moreno Cases: Publication on a Social Networking Site Is Sufficient to Meet the "Publicity" Element of an Invasion of Privacy Tort Claim" »

In the financial world, the fraud du jour is the Ponzi scheme. On the internet, the fraud du jour is click fraud. Click fraud defrauds advertisers who pay ad fees on a per "click" basis to internet service providers such as Google or MSN. In theory, each "click" is supposed to represent an interested consumer who has "clicked" on an ad, taking him to more detailed content. In click fraud, the perpetrator simply clicks away at ads without any interest in the content, thus creating higher bills for the advertiser with no marketing result. The perpetrators tend to be competitors of the advertiser, who use click fraud to deplete their competitor's ad budget and increase legitimate customer attention to their own sites, or ad subcontractors, who increase their ad revenues by generating fraudulent clicks.

After increasing hue and cry over click fraud, on June 15, 2009, Microsoft filed suit against the Lam family of Vancouver, British Columbia and Guangzhou, China (Microsoft, Corp. v. Lam, U.S. District Court, District of Washington, Case No. 09-0815). The suit alleges that the Lams were committing the competitor form of click fraud -- using computer-generated clicks on competitors' web ads for insurance and World of Warcraft gold, in order to drain their competitors' ad budgets and to advance the placement of their own ads. According to the suit, Microsoft suffered at least $750,000 in damages from lost ad revenue and from investigating and addressing the defendant's fraudulent activities.

Microsoft raised numerous common law claims, including breach of contract, interference with business relations and fraud. In addition, Microsoft also brought claims under the State of Washington's consumer protection act -- and the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030).

Continue reading "Microsoft Corp. v. Lam: The Role of CFAA in the Legal Battle Against Click Fraud" »

In its May 22, 2009 decision in Worden v. Alaska, the Alaska Court of Appeals overturned a criminal conviction that was based on the presence of several images of child pornography in the web browser cache on a defendant's hard drive. This decision followed a much-criticized 2006 ruling by the Ninth Circuit in the Kuchinski case that also found that a defendant cannot be convicted of possession of child pornography based on the presence of images in a browser cache, if he is unaware of their presence.

Under federal and some state statutes, merely viewing child pornography, whether intentional or not, is not criminalized. (Fn1) Instead, these federal and state statutes criminalize receipt, transportation, shipment, distribution and possession of child pornography. (Fn2)
However, when a computer user surfs the web, its browser automatically saves a version of any images viewed into a cache on the computer's hard drive. So the act of viewing images containing child pornography on the web will, in most cases, put you in possession of these images -- in your browser cache.

While it is possible to delete images from an internet cache, this does not mean that the code for the image is no longer located on the hard drive. In many cases, prosecutors and their computer experts have been able to locate even "deleted" images -- and such deleted images been used as the basis for pornography convictions. (Fn3)

The courts have recognized that there is a genuine risk that illegal images can be unintentionally received by computer users. For example, a person may unintentionally receive child pornography from a spam email message, in a pop-up while web surfing, or via a computer virus. (Fn4) In addition, while federal and many state statutes define child pornography to include explicit images of "minors", who are defined as persons under the age of 18, some states define minors as persons under lower ages, such as 16. So a web surfer seeking "adult" images that are legal in such a locality could well receive images that would constitute child pornography under U.S. and state laws.

However, most courts recognize that mere receipt or possession of an illegal image is not sufficient to impose criminal liability. (Fn5) Rather, to be guilty of a crime, a person must have a sufficient mens rea, or mental state. Generally, federal courts require that a person must "knowingly" have received, transported, shipped, distributed or possessed child pornography to be found criminally guilty. (Fn6)

Where the basis for a claim of possession is the presence of images in a disk cache (or of images that have now been deleted from the cache), the courts have held that "the defendant must, at a minimum, know that the unlawful images are stored on a disk or other tangible material in his possession." (Fn7) If a defendant is found to have downloaded or otherwise purposely saved images to some location on his computer system, or to have accessed and manipulated images in a cache, courts have found that possession occurred. (Fn8) In most child pornography cases, there is sufficient evidence of such purposeful control over images on a hard drive for courts to find both knowledge and possession.

This is where the Kuchinski decision comes in. If the sole available evidence is the presence of illegal images in a cache, at least some courts have found that this is insufficient to find criminal possession. In Kuchinski, an examination of the defendant's hard drive revealed 106 downloaded images in files and in the recycle bin, and between 12,904-17,784 images in Deleted Temporary Internet Files -- deleted cache files. (Fn9) Kuchinski admitted to possession of the 106 downloaded images, but denied possession of the 12,000+ images in the cache files. In fact, there was no evidence that Kuchinski knew that the cache images existed. The Ninth Circuit found that given his lack of knowledge, there was no basis for holding him criminally liable for possession of the images. The Ninth Circuit stated that "where a defendant lacks knowledge about the cache files, and concomitantly lacks access to and control over those filed, it is not proper to charge him with possession and control of the child pornography images located in those files, without some other indication of dominion and control over those images." (Fn10)

Continue reading "Worden v. Alaska: The Ignorance is Bliss Defense Rides Again" »

If you are thinking about issuing a take-down notice to a website on which you have found material that infringes your copyright, make sure that you include sufficient detail on the identity and location of the infringing works. The case law indicates that the courts are taking an increasingly Arminian view (i.e., demanding "sinless perfection) of the detail that must be provided in a take-down notice to meet the Digital Millennium Copyright Act's (DMCA) "substantial compliance" rule. 17 U.S.C. § 512(3).

The text of the DMCA provides that a take down notice must provide "information reasonably sufficient to permit the service provider to locate the material." However, in many cases Court have ruled that to be effective take-down notices must identify the specific location of each infringing copy of a work. For example in Hendrickson v. eBay, Inc., 165 F. Supp.2d 1082 (C.D. Cal. 2001), in which the plaintiff claimed that eBay was permitting the sale of pirated copies of a movie on its site, the Court indicated that the plaintiff needed to "include the specific item numbers of the listings that are allegedly offering pirated copies of Manson for sale."

There is one prominent case in which a plaintiff was allowed to take a shortcut in specifying the location of pirated material on a website -- ALS Scan, Inc. v. RemarQ Communities, Inc., 239 F.3d 619 (4th Cir. 2001). However, the facts of this case are somewhat unusual -- and do not represent the standard infringement scenario typically encountered when dealing with the interactive websites common today. The plaintiff, ALS, was in the business of creating and marketing adult photographs, and held the copyright for these photographs. The defendant, RemarQ, was an internet service provider that also hosted 30,000 newsgroups. Two of the newsgroups hosted by RemarQ actually included ALS's name in their title: "alt.als" and "alt.bniaries.pictures.erotica.als." Both of these newsgroups contained hundreds of ALS-copyrighted photographs.

ALS sent RemarQ a take-down notice that referenced these newsgroups, stated that they were created for the sole purpose of violating its copyrights and trademarks and demanded that RemarQ cease carrying the newsgroups. RemarQ refused to remove the newsgroups, but agreed to removed individual postings that infringed ALS's copyright if ALS identified them "with sufficient specificity." Id. at 621. ALS sued RemarQ, which defended by claiming that ALS had not substantially complied with the DMCA take-down notice standard and also that RemarQ had no knowledge of the alleged infringement. RemarQ argued that ALS had never provided it with a "representative list" of the infringing photographs and never identified that photos with sufficient detail for RemarQ to remove them.

The Fourth Circuit disagreed. It found that because ALS had identified the two sites "created for the sole purpose of publishing ALS's copyrighted works", asserted that "virtually" all the images on the sites were its copyrighted material, and referred RemarQ to the specific addresses of the website -- this was sufficient. Id. at 625 (emphasis added).
However, in the modern world of interactive media, the circumstances that occurred in ALS v. RemarQ will be rarely repeated. Often, a copyright holder will find its works scattered in snippets throughout hundreds of thousands or millions of files on a website. In such cases, a take-down notice that fails to state the locations where the infringing materials can be found is likely to be found insufficient.

Continue reading "DMCA Take-Down Notices with Little Detail on the Identity and Location of Infringing Material Are Often Found to Be Insufficient" »

The Digital Millennium Copyright Act provides several safe harbors for internet service providers and web hosting services against copyright claims. For interactive digital media companies, one of the most useful is provided in 17 U.S.C. § 512(c) - for "information residing on systems or networks at direction of users." If you operate a qualifying internet service and fulfill the requirements enumerated in the statute, you are immune from liability if a user has posted copyrighted information that can be accessed by other users on your site.

There are three requirements to qualify for this safe harbor:

(1) the service provider cannot have actual or constructive knowledge that infringing activity is taking place on its system, OR it must "act expeditiously" to remove infringing material upon obtain knowledge of its existence;

(2) if it has the right and ability to control the infringing activity, it cannot receive a direct financial benefit from it,

AND

(3) if it receives a DMCA "takedown notice," it must expeditiously to disable or remove the infringing material. (Fn1)

The interesting thing about these requirements is that they are conjunctive. In other words, if an internet service provider fails to meet any one of them, it doesn't qualify for the safe harbor. Many people have heard about "DMCA takedown notices" and assume that a plaintiff has to serve a DMCA notice in order to bring a copyright suit against an internet service provider. Not necessarily so. If there is solid evidence that the service provider has actual or constructive knowledge of infringing activity, then a copyright holder can sue without ever sending a DMCA notice. There are a number of recent cases against digital media companies where plaintiffs have brought suit without first sending a DMCA notice.

So why bother sending a DMCA notice at all? The problem is one of proof. Without sending a compliant DMCA notice, it is often very difficult to prove that the service provider had actual or constructive knowledge of the infringing activity.

Continue reading "Digital Millennium Copyright Act: Why a Compliant Take-Down Notice Can Be Important in a Successful Copyright Infringement Claim against an Internet Service Provider" »

Two recent decisions have eliminated questions about a defendant's ability to use the Communications Decency Act (CDA) to obtain a quick dismissal of a lawsuit. Federal rules permit a defendant, under certain circumstances, to get an immediate dismissal of a lawsuit, without every being required to file an "answer" to the complaint, make any disclosures, or engage in any discovery. Winning such a "motion to dismiss" cuts off a lawsuit at its knees, immediately eliminating the costs and risks associated with the suit.

One of the bases on which a motion to dismiss can be brought is "failure to state a claim on which relief can be granted" -- a Federal Rules of Procedure "Rule 12(b)(6)" motion. In general, a Rule 12(b)(6) motion can only be used if the complaint is so defective that the plaintiff's allegations against the defendant, even if true, would not qualify for any form of relief from the court. For example, a complaint for common-law fraud would be dismissed on a Rule 12(b)(6) motion if it failed to allege that the defendant made a false statement that the plaintiff actually relied on -- because to get damages for a false statement made by a plaintiff, the defendant must have actually relied on that false statement.

Internet service providers have often used Rule 12(b)(6) to obtain dismissal of suits brought against then for their publication of third-party material by successfully asserting that the Communications Decency Act (47 U.S.C. § 230) barred the claim. However, a recent ruling from the Ninth Circuit threatened to overturn this practice. In a May 7, 2009 opinion in Barnes v. Yahoo!, Inc., __ F.3d___, 2009 WL 1232367 (9th Cir. 2009), the Ninth Circuit stated that "section 230(c) provides an affirmative defense" and that [t]he assertion of an affirmative defense does not mean that the plaintiff has failed to state a claim, and therefore does not by itself justify dismissal under Rule 12(b)(6)." The proper procedure, according to the opinion, was for the defendant Yahoo to have filed answer asserting its CDA defense, and then to have filed a motion to dismiss under Federal Rule of Procedure 12(c) -- a motion for judgment on the pleadings.

A Rule 12(c) motion can't be filed until all the pleadings are "settled" -- i.e., after the complaint and all answers have been filed, and all Rule 12(b) motions resolved. This might not occur until many months after a suit is filed. Following the procedure suggested by the Ninth Circuit would have forced Yahoo to start making unwanted disclosures in its answer and possibly under federal automatic disclosure and discovery rules, and to have continued to burn through cash defending the suit.

When I first read this portion of the Ninth Circuit opinion on Barnes v. Yahoo, it struck me as a little odd. Every litigator knows that courts don't like to waste time with obviously meritless suits and that courts often will grant a motion to dismiss if the plaintiff's allegations reveal the presence of an affirmative defense that would bar the case from proceeding. The most common example would be if the allegations in the complaint show that the claim is barred by the statute of limitations. I have participated in successfully bringing several such motions.

Continue reading "Communications Decency Act Update: A CDA Defense Can Be Raised in a Rule 12(b)(6) Motion to Dismiss" »

Private parties frustrated by spam often face significant legal hurdles to bringing suit against the spammer. Businesses and individuals, except for internet service providers, cannot sue under the main Federal anti-spam statute -- CAN-SPAM. 15 U.S.C. § 7706. Some state anti-spam laws do permit email businesses and individuals to bring suit. For example, California's anti-spam laws permit any email recipient to sue. Cal Bus. & Prof. Code § 17529.8. However, CAN-SPAM also unfortunately provides that all state laws regulating commercial emails are preempted (can't be enforced), except to the extent that such laws prohibit "falsity or deception." 15 U.S.C. § 7707(b)(1). This rule has often meant that businesses and consumers seeking to sue spammers under state laws are out of luck.

The reason for their ill-luck is that courts have generally interpreted the terms "falsity and deception" in CAN-SPAM to refer to common-law fraud. This means that the state law is invalid except to the extent that it merely prohibits common-law fraud. So to bring suit under a state anti-spam statute that prohibited falsity or deception, the plaintiff would have to prove that the spammer intentionally made a misrepresentation of material fact, on which the plaintiff actually relied and which caused him actual damages. See, e.g., Omega World Travel, Inc., 469 F.3d 348, 353 (4th Cir. 2006).

To penetrate anti-spam defenses, many spam emails contain false "header" information -- in which a "friendly" email address, from an organization that the email recipient will not block -- is substituted for that of the actual sender (the spammer). Sometime the "from" box in a spam email will contain a variant of the recipient's email address, an email address of another person at the recipient's firm, an email address of another legitimate business, or a misspelled email address from any of the foregoing.

Spam emails also often contain deceptive information in the reference line, such as "A free gift for you", or "You have been selected for a cruise", etc. This material convinces the recipient to open and read the file.

While this header information may be false, it may be difficult for the recipient to argue that this false header information gives rise to the common-law tort of fraud. The false information may have permitted the spammer to get around the recipient's anti-spam software, or the recipient may have been induced by a false reference line to open the spam email. However, the recipient may have never relied on this false information to enter into a transaction in which he lost money. There lies the rub: if there was no actual reliance and no damages caused by the reliance -- then there is no cause of action for common-law fraud. This eliminates most private suits against spammers.

However, some recent decisions regarding California's anti-spam laws have begun to question the standard interpretation of "falsity and deception."

Continue reading "California's Anti-Spam Laws May Provide a Potent Weapon for Private Parties to Wield Against Spammers (Eventually)" »

CAN-SPAM (15 U.S.C. § 7701-7713) was enacted in 2003 in response to a national hue and cry over spam. At the time, unsolicited commercial email was estimated to account for half of all electronic mail traffic. According to the Congressional "findings" in the preamble to the Act, the sheer quantity of spam was doing real damage to the internet, creating costs for storage, accessing, reviewing and discarding unwanted emails, and reducing the reliability and usefulness of electronic mail to the recipient. The findings further stated that "The growth in unsolicited commercial mail imposes significant monetary costs on providers of Internet access services, businesses and educational and nonprofit institutions that carry and receive such mail, as there is a finite volume of mail that such providers, businesses, and institutions can handle without further investment in infrastructure." 15 U.S.C. § 7701(a).

Given these findings, one would think that CAN-SPAM would impose onerous penalties on spammers. Au contraire, mon frere! Instead of "canning" spam, the act became known as the "Yes, You CAN SPAM Act." In fact, the Act does nothing to outlaw the sending of unsolicited emails per se.

Rather, the sending of unsolicited emails is permitted as long as a few basic rules are followed. In general: (i) the "from" and "subject matter" lines in the header must be accurate, relevant to the subject matter of the email and not misleading. A commercial advertiser must also provide its physical address, and a label must also be present if the email contains adult content; (ii) the email must contain an "opt-out" mechanism, that must be honored within 10 days; and (iii) the email must not be not sent to an email address obtained through "address harvesting" or a "dictionary attack" and must not be sent via automatically created email accounts or a computer network to which the sender has gained access without authorization.

Another important element of CAN-SPAM is that it provides that "any statute, regulation, or rule of a State . . . that expressly regulates the use of electronic mail to send commercial messages" is "superseded" -- i.e., preempted. This means that states cannot enact laws that are expressly directed at preventing the sending of unsolicited email messages or at reducing the quantity of email messages that can be sent by a single person. In other words, CAN-SPAM means that the federal government has refused to prevent spamming per se and has declared that the states can't do it either (unless the spam is accompanied by "falsity or deception"). The effect is that much of the job of preventing spam per se is in private hands.

Continue reading "Six Years After CAN-SPAM: Effective Spam Control Can Require Both Technical and Litigation Solutions" »

Several months ago, the California Energy Commission made big news by announcing that it was considering new energy efficiency standards for televisions. California's current regulations only apply when a television is in "stand-by" mode and limit and limit such stand-by power usage to 3.0 watts. The current rules also only apply to stand-alone TVs designed to receive broadcast signals, and do not apply to combination TV/DVD or VCR units or computer monitors.

The proposed rules were based on recommendations from Pacific Gas & Electric, a large California utility. The proposed rules would regulate TVs in both their stand-by and "on" modes and would apply to combination as well as stand-alone TVs. They would not cover computer monitors -- a significant exception given the increasing encroachment of computer monitors into the entertainment space. The new rules would require significantly recued power usage: In stand-by mode, power usage would be limited to 1.0 watts. In "on-mode", power usage limits would be based on screen size -- ultimately based on the following formula: [{0.12 watts x the screen area (in square inches)} + 25 watts].

Immediately after the new proposed rules were announced, the major consumer electronics players, such as the Consumer Electronics Association ("CEA") cried foul. The typical objection was that the new rules would primarily impact larger-sized and more richly-featured LCD and plasma TVs. Because these sets carry higher profit margins, the new rules could have a devastating impact on TV manufacturers and installers.

The California Energy Commission, which planned to move slowly on these regulations, has continued to seek and accept public comment. One such submission, from the CEA, which was recently released by the Commission on June 12, 2009, suggests that the CEA intends to mount a court challenge if the Commission moves forward with the proposed standards.

Continue reading "Update on Proposed California Efficiency Standards for TVs: Given the Efficiency of our Market System, Does Consumer Demand for Green Technology Make this Regulation Unnecessary?" »

Consumer suits against retailers for losses from data thefts face many hurdles to recovery. A recent illustration is the court's dismissal of virtually all claims brought by customers of Hannaford, a supermarket chain based in Maine. In re Hannaford Bros. Co. Customer Data Security Breach Litigation, U.S. District Court, District of Maine, MDL Docket No. 2:08-MD-1954).

From December 2007 through March 2008, "wrongdoers" (apparently a less malevolent class of miscreant than the "evildoers" faced by President Bush) gained access to Hannaford's information technology systems. The thieves stole some 4.2 million debit and credit card numbers, expiration dates, security codes, PIN numbers and other customer information. They were able to use this information to rack up an undisclosed amount of charges on customer accounts. Hannaford apparently discovered the security breach, but delayed before warning its customer, who continued to use their credit and debit cards for some time before the breach was closed.

The customers sued in the U.S. District Court in Maine and sought certification as a class action. They brought claims for breach of implied contract, breach of implied warranty, breach of fiduciary duty, breach of a Maine statute requiring disclosure to customers of a data security breach, strict liability, negligence, and unfair trade practices.

District Court Judge Hornby first analyzed the plaintiffs' ability to recover under each of these causes of action, rejecting all but the breach of implied contract, negligence and unfair trade practice theories. The Court found that under Maine law, a contract includes "all such implied provisions as are indispensible to effectuate the intention of the parties." When a customer gives a merchant his debit or credit card information, the parties assume that "the merchant will not use the card data for other people's purchase, will not sell or give data to others, and will take reasonable measures to protect the information." This duty supported both the breach of implied contract and negligence claims against the merchant.

The court also found that Hannaford could be subject to suit under Maine's unfair competition law. The Maine statute appears to rather broad (broader than the California UCL) because it permits a consumer who purchases goods or services and "suffers any loss of money or property" as a result of an unfair or deceptive act to sue for "actual damages, restitution" and equitable relief. Here, the plaintiffs claimed that Hannaford failed to disclose the data breach for several months, which caused customers who continued to use plastic at the store to suffer data losses. The court concluded that Hannaford's inaction justified a UCL claim.

Continue reading "Frustration for Consumers Seeking to Recover from a Retailer in a Maine Data Theft Case" »

A thief breaks into the corporate headquarters of your digital media company and steals a laptop. He uses the laptop to gain access to your customers' files, and gleans sensitive information, including their drivers license data, social security numbers and bank account data. Can you be liable to customers for this theft? The answer, at present, is theoretically "yes", but in many cases, "no" -- if you take the right steps.

Many states have statutes protecting personal information of consumers. For example, the California Civil Code requires businesses to: (i) destroy personal information when it is no longer to be retained by the business; (ii) "implement and maintain reasonable security procedures" to protect personal information from unauthorized access; (iii) disclose any breach of security which has caused disclosure of personal information, and (iv) disclose any personal information provided to third parties on the consumer's request. (Fn 1) The Civil Code provides that a customer may sue to recover damages, as well as injunctive relief, for any violation of these rules. (Fn 2)

So if a thief steals your customer data, and your failure to meet these standards causes your customers to suffer losses -- yes -- you can be found liable.

But, while these laws have been on the books for about five years, they do not seem to have resulted in a lot of large judgments. There are no reported appellate cases directly dealing with any of them and few unreported court orders mention them.

One reason for this may be the sheer economics of consumer rights litigation. Most consumer rights cases involve small dollars. Because the plaintiff generally must bear his own attorneys fees, few cases hold the promise of a sufficiently large recovery to warrant paying the fees to win the case. This is why the real action in consumer rights cases is in consumer class actions. Combining thousands or millions of cases together can yield sufficient damages to justify the attorney time expended. In addition, bringing a case as a class action may give plaintiffs an argument that they are also entitled to an attorney fee award under state statutes awarding fees for actions taken in the public interest or in defense of civil rights. (Fn 3)

However, even data theft cases brought as class actions have faced significant hurdles. This is mainly because the lead plaintiffs have often been unable to allege actual injuries resulting from the cyber security breach.

Continue reading "Tort Liability from Data Thefts: The Race is to the Swift" »

Sweden's Pirate Party, which hoists a stylized version of the mast a pirate ship as its logo, surprised many by winning at least one, and possibly as many as two seats in the parliament of the European Union. The party, which came in third among Swedish parties, captured a stunning 12% of Swedish male voters, but only 4% of female voters. The Pirate Party was founded in Sweden as an advocacy group for what might loosely be called internet freedom, or the rights of consumers to freely engage in file-sharing. The party grew slowly until the Pirate Bay trial in April of this year, after which membership quadrupled, although there is evidence that it may be now leveling off.

What are the Pirate Party's political goals? According to its "Declaration of Principles", the Pirate Party wants nothing less than a sweeping rollback of the intellectual property rights currently held by the copyright and patent holders. Here are the major elements of the Party platform:

• Curtail state and private powers to conduct surveillance on citizens:

According to the Declaration, "[e]ach citizen must be guaranteed the right to anonymity . . . and the right of the individual to control use of his or her personal data must be strengthened." Consistent with this principle, the Party opposes "special legislation for terror-related crimes", because these "nullify due process, and risk being used as a repressive tool against immigrants and dissidents."

The Party also wants a "general communications secrets act." According to the Declaration: "Just as it is prohibited to read someone else's mail, it shall be forbidden to read or access e-mail, SMS or other forms of messages, regardless of the underlying technology or who the operator may be. . . . Employers shall only be allowed to access an employee's messages if this is absolutely necessary to secure the[ir] technological functionality or in direct connection with the employee's work-related duties. The government shall only be allowed access in the case of a firm suspicion of a crime being committed by said citizen . . ."

• Reduce copyright protections

Citing the vast storehouses of orphaned copyrighted material held by media companies, the Declaration urges changes in laws to make such material available to the general public. However, the changes it proposes go far beyond what would be necessary to achieve this goal and would create laws that encourage consumer copying and use of "protected" materials.

Continue reading "The Manifesto of the Swedish Pirate Party: A Sweeping Rollback of Intellectual Property Rights" »

Is a digital media website the "developer" of all information that it requires users to include in on-line profiles? The disturbing answer, according to a recent court opinion, is "yes."

In a May 22, 2009 ruling, Judge Schell of the Eastern District of Texas dismissed a complaint for negligence, gross negligence and strict products liability against MySpace brought by on behalf of a 15 year old girl who was assaulted by a person whom she met on MySpace.com. See Doe IX v. MySpace, Inc., United States District Court, Eastern District of Texas, No. 4:08-CV-140 (Order granting motion to dismiss). The plaintiff claimed that MySpace was negligent for "refusing to employ reasonable safety features on its website." Order at 2. The plaintiff also argued that MySpace was not entitled to Communications Decency Act immunity because it provided prompts to assist users in creating profiles and thus was a co-developer of the profiles. Presumably the criminal who assaulted the plaintiff had been assisted by these prompts in creating the profile through which he met the plaintiff. Id.

The court rejected both of these arguments. On the first claim, the Court held that in effect the claim was attempting to hold MySpace liable for publishing information furnished by another information content provider. "Failing to employ reason safety features" means much the same thing as negligently deciding whether or not to publish a particular profile -- a traditional function of a publisher. Id. at 2.

On the second claim, the plaintiff argued that MySpace was a co-developer of the profiles on its sites because when a user creates a profile, MySpace prompts the user to enter additional information about "Interests & Personality", "Name", "Basic Info", Background and Lifestyle," Schools," Companies," Networking," and "Song & Video on Profile." The plaintiff claimed that the use of such prompts in Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008) was held to make a website a developer of information on the profile. Id. at 3.

The judge rejected this claim, because "[t]he Ninth Circuit repeatedly stated throughout its en banc opinion that the Roommates.com website required its users to provide certain information as a condition of its use and was, therefore, an (sic) information content provider." Because MySpace users are not required to provide any additional information, MySpace is not an information content provider. Order at 3.

The result in this case is not out of line with prior decisions on the Communications Decency Act. However, I do take issue with his reasoning in finding the MySpace was not a co-developer of its user profiles. While it is true that in Roommate, users were required to enter certain information in profiles, it was not this factor alone that made Roommate a developer of the information on those profiles. After all, many interactive websites require a user to enter basic information such as the user's name, email address and gender. Rather, the problem for Roommate was that the information it required users to provider was found to be discriminatory. As the Ninth Circuit noted: "Not only does Roommate ask these questions, Roommate makes answering the discriminatory questions a condition of doing business." Fair Housing Council, 521 U.S. F.3d at 1166.

The real issue for ISP liability should be whether it is culpable in eliciting the illegal content from a third party. As long as an ISP provides neutral tools to assist users in creating and searching for content -- as MySpace appears to have done here -- then it should get Communications Decency Act protection as not being the publisher or speaker of this material. On the other hand, if a website encourages users to post illegal material, that is a different story.

David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.

On May 29, 2009, the U.S. Department of Justice, submitted an amicus curiae brief which requested that the U.S. Supreme Court not accept certiorari in the case Cable News Network, Inc. v. CSC Holdings. The Cable News Network case is critical because it is one of the first to deal with the copyright infringement problems implicit in user-controlled remote data storage services. While the service at issue is a remote DVR service, the ruling could have a major impact on copyright issues faced by cloud computing services, as well.

Cloud computing is an umbrella term for computer services that permit user programs or data files to be stored remotely and then accessed via the Internet. A well-known example is the expected Google G-Drive, which has been described as "online file backup and storage" that will provide "reliable storage for [user] files, including photos, music and documents" and "allow [ users] to access [their] files from anywhere, anytime, and from any device - be it from [their] desktop, web browser or cellular phone.

The problem with remote data storage services is that computer storage necessarily requires making copies of program and data files -- copying that could run afoul of the Copyright Act. The Copyright Act gives the copyright owner the right to "reproduce" its copyrighted work "in copies or phonorecords" 17 U.S,C. § 106(1). "Copies" are defined as "material objects . . . in which a work is fixed by any method . . . and from which a work can be perceived, reproduced or otherwise communicated. 17 U.S.C. § 101. A work is "fixed" when "its embodiment in a copy . . . is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than a transitory duration." Id.

Based on these sections, many Circuit Courts have held that making even temporary copies of files, such as occurs when a computer program is downloaded into the random access memory (RAM) of a personal computer (PC), constitutes copying for purposes of the Copyright Act. See MAI Systems Corp., 991 F.2d 511 (9th Cir. 1993); Stenograph LLC v. Bossard Assoc., Inc., 144 F.3d 96 (D.C. Cir. 1998); Storage Technology Corp. v. Custom Hardware Engineering & Consulting, Inc., 421 F.3d 1307 (Fed. Cir. 2005). This is sometimes called the "RAM copy" doctrine.

Continue reading "DOJ Asks U.S. Supreme Court Not to Hear Case with Potential Major Impact on Cloud-Computing Copyright Issues" »

Sometimes a shift in label can signal a shift in policy. A recent shift by the Ninth Circuit away from the use of the term "immunity" when describing the effect of the Communications Decency Act appears to signal such a change.

In earlier cases, the Ninth Circuit frequently referred to the Communications Decency Act as providing "immunity" to internet service providers who publish third-party material. See, e.g., Batzel v Smith, 333 F.3d 1018, 1029 (9th Cir. 2003). Many other circuits followed this characterization. The exception was the Seventh Circuit, which pointed out that the operative language, in 47 U.S.C. § 230(c)(1), did not use the word "immunity", but merely provided an exclusion from liability by means of a definition -- by defining an internet service provider as not a "publisher or speaker" in certain contexts. Doe v. GTE Corp., 347 F.3d 655, 660 (7th Cir. 2003).

The Seventh Circuit's approach is not to assume that an internet service provider (ISP) receives blanket immunity for third party content, but to ask whether the suit in question is seeking to treat the ISP as a publisher or speaker. See Chicago Lawyers' Comm. For Civil Rights under the Law v. Craigslist, Inc., 519 F.3d 666, 670-71 (7th Cir. 2008). If the theory of liability is something other than that the ISP is publishing or speaking the words in question, liability may be imposed. For example, the Seventh Circuit stated that Section 230(c)(1) would not "help people steal music or other material in copyright." Id. at 670. (Fn1) The Communications Decency Act would not protect such activities as aiding, abetting, inducing or encouraging, or conspiracy with, a third party to place illegal content on a site. Id. at 671-72.

In earlier decisions, the Ninth Circuit has not been adverse to finding against Communications Decency Act immunity for internet service providers. However, it generally did so by finding that the ISP was itself a co-provider of the illegal content. This was the approach in Batzel v. Smith and Fair Housing Council v. Roommates.com. (Fn2)

While the Ninth Circuit probably has not abandoned this approach, in Barnes v. Yahoo, the Ninth Circuit has now also adopted the Seventh Circuit's "definitional" method for analyzing the scope of the Communications Decency Act. Barnes v. Yahoo, 2009 WL 1232367 * 3-4. This enabled the Ninth Circuit, in Barnes, to find against CDA protection for third-party content, because it was able to characterize the cause of action as something other than holding an ISP liable for speaking or publishing third party content -- in this case, breaking a promise regarding third party content.

Looking at typical cases in which the Communications Decency Act has been applied (defamation, fraud, obscenity, assault/harassment), the "definitional" approach to the scope of the CDA would seem to move the debate to determining the kinds of acts by an ISP that rise to the level of encouraging illegal behavior. Given the fact-intensive nature of this determination, the outcome of many cases currently in the works should be interesting.

David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.

Notes:

Fn1 In making this comment, the Seventh Circuit seemed to forget that 47 U.S.C. §230(e)(2) specifically excluded laws relating to intellectual property from the application of §230.
Fn2 Batzel v. Smith, 333 F.3d 1018, 1031-35 (9th Cir. 2003); Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1163-1167.