Digital Media Lawyer Blog

Internet jurisdiction: Newcomers to digital media cases are often astounded at the ease at which the 9th Circuit is willing to find personal jurisdiction in a plaintiff's home court over a defendant from a foreign (out-of-state or out-of-country) jurisdiction. However, in a recent non-unanimous ruling, in which it found the jurisdiction was proper in the Northern District of California over a website operator whose passive website solely targeted Southern California residents, the 9th Circuit appears to have clearly strayed off track. See Brayton Purcell LLP v. Recordon & Recordon, __ F.3d __, 2009 WL 2383035 (9th Cir. Aug. 5, 2009).

The plaintiff in the case, Brayton Purcell, is located in a rustic, "country" setting near Novato, California. However, it is one of the largest asbestos case plaintiffs law firms in the state. I successfully defended two or three of their cases myself in Los Angeles County Superior Court a few years back. In addition to cranking out asbestos cases, Brayton Purcell also bills itself as a specialist in elder abuse law, and created a website for this practice area, which it copyrighted in 2002.

In 2004, the defendant, Recordon & Recordon, a two-person law shop in San Diego, set up a non-interactive website which advertised its elder law expertise to persons in Southern California. According to the Court, the Recordon site "consisted entirely of material copied verbatim from, and without attribution to, Brayton Purcell's own website." Brayton Purcell discovered the site and sued for copyright infringement.

California has four judicial districts. Novato is in the Northern District, San Diego is in the Southern District. Brayton Purcell filed its suit in the Northern District. Recordon & Recordon filed a motion to dismiss for improper venue, which the District Court denied. Recordon & Recordon appealed to the 9th Circuit.

Under federal rules, venue for a case is proper "in the district where the defendant resides or his agent resides or may be found." 28 U.S.C. § 1400(a). This means that venue is proper in any judicial district in which the defendant would be subject to personal jurisdiction, if the district were a separate state. So while the 9th Circuit's was technically considering a motion to dismiss for improper venue, its ruling also affects 9th Circuit standards for asserting personal jurisdiction, as well.

Under U.S. Supreme Court precedent, for a court to exercise personal jurisdiction over a nonresident defendant, the defendant must have "minimum contacts" with the judicial forum selected by the plaintiff (here the judicial district) such that the exercise of jurisdiction does not "offend traditional notions of fair play and substantial justice." International Shoe Co. v. Washington, 326 U.S. 310, 316 (1945). Where a defendant has "continuous and systematic business contacts" with the forum, then a court can exercise what is called "general jurisdiction" over him, regardless of the events at issue in the case. Helicopteros Nacionales de Columbia, S.A. v. Hall, 466 U.S. 408 (1984).

Continue reading "Brayton Purcell v. Recordon & Recordon: 9th Circuit Decision on Personal Jurisdiction and Venue in Passive Internet Website Case Goes Off-Track" »

A bill (H.R. 2267) introduced by U.S. House Financial Services Committee Chairman Barney Frank to remove Federal obstacles to Internet gambling may be delayed, but don't consider it beyond hope. This bill, which was introduced in May 2009, has already garnered significant House support. While reports indicate that consideration of the bill has been delayed, given the current fiscal crisis, it would only seem logical for Congress to look to Internet gaming as a source of much-needed revenues.

There has long been a debate as to whether Federal laws prohibit many forms of Internet gaming, such as on-line poker. The DOJ has historically taken the position, which has been accepted by some courts, that the Wire Act (18 U.S.C. § 1084) prohibits transmission of wagers over interstate wire communications facilities for all forms of on-line gaming. See e.g, People, ex rel. Vacco v. World Interactive Gaming Corp., 185 Misc.2d 852, 860 (N.Y. Sup. Ct., 1999).

On the other hand, the 5th Circuit and District Courts in other Circuits have held that the Wire Act only prohibits wire transmissions for sporting events, but not on-line gaming, such as poker. In re MasterCard. Intern. Inc, Internet Gaming Litigation, 132 F.Supp.2d 468 (E.D. La. 2001), aff'd 313 F.3d 257 (5th Cir. 2002); United States v. BetOnSports PLC, U.S.D.C., Eastern District of Missouri, Case No. 4:06CV01064 (Nov. 9, 2006).

Of course, all States have laws regulating gaming, and some outlaw virtually all games of chance, including poker. So, in 2006, Congress enacted the Unlawful Internet Gambling Enforcement Act (UIGEA). See 31 U.S.C. § 5361 et seq. The UIGEA did not directly outlaw Internet gaming, but prohibited any person "engaged in the business of betting or wagering" from "knowingly accept[ing] in connection with the participation of another person in unlawful Internet gambling" . . . credit, electronic funds transfers, checks and the proceeds of other financial transactions. Id. at § 5363.

Transactions constitute "unlawful Internet gambling," only if prohibited by other Federal, State or Tribal law. However, the UIGEA prohibits online gambling transactions if an Internet bet is placed or received in a place where a State, Federal or Tribal law make such a transaction illegal. Id. at 5362(1). Given this breadth of scope, the UIGEA creates real risks for financial institutions who attempt to cooperate in on-line gambling anywhere in the U.S.

Congressman Barney Frank has been opposed to the UIGEA for some time, and first introduced legislation to curtail some of its effects in 2007. In May 2009, Rep. Frank introduced H.R. 2267 in a further attempt to help legalize online gambling in the U.S. The Bill would give the U.S. Treasury Secretary regulatory powers over Internet gambling, and would permit the Secretary to issue licenses to Internet gambling facilities. Licensees would be permitted to accept bets from persons in the U.S., so long as they were physically located in a jurisdiction that permits Internet gambling at the time the bet was placed. The Bill would also provide immunity for any financial institution that processed transactions on behalf of licensees, for activities conducted under the Bill's provisions.

Continue reading "Internet gaming: Bill Offering Protection for Internet Gambling Delayed, but Not Necessarily Dead" »

I should have anticipated this. On the very same day (August 25) that I posted a blog entry questioning whether the predicted flood of Twitter-squatting suits would ever arrive -- a suit that verges on Twitter-squatting or Twitter-jacking was announced.

The case involves transgender, Nampa, Idaho mayoral candidate Melissa Sue Robinson. According to the local Fox radio affiliate, Ms. Robinson discovered that someone had created a Twitter account under her name and displaying her photograph with the title "woman with a penis." She reportedly asked Twitter to remove the account, but got did not get immediate action to remove the site.

Twitter's Terms of Use provide that users "must not abuse, harass, threaten, impersonate or intimidate other Twitter users." The Terms of Use also state that violations of this or other Twitter policies "will result in the termination of your Twitter.com account." My own check of the Twitter site yesterday indicated that the account has been deactivated. So apparently, Twitter has now acted on Ms. Robinson's complaint and terminated the account under its stated policies.

Ms. Robinson is reported to be in the process of unmasking the identity of the anonymous blogger. Prospective plaintiffs seeking to sue an anonymous blogger are often required to commence legal proceedings against the blog host to uncover the blogger's identity. However, this may not be necessary here. Twitter's Privacy Policy includes the following provision:

"Compliance with Laws and Law Enforcement: Twitter cooperates with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims, legal process (including subpoenas), to protect the property and rights of Twitter or a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law."

This suggests that Twitter may be willing to voluntarily provide the name of the blogger without requiring Ms. Robinson to institute court proceedings against it.

Ms. Robinson has indicated that she plans to file an action for defamation and invasion of privacy against the blogger, once his/her identity is revealed. While Ms. Robinson may have an actionable claim against the blogger, I would not expect her to be able to maintain similar claims against Twitter, because these causes of action would likely be blocked by the Communications Decency Act.

Ms. Robinson's case may technically not be a case of Twitter-squatting, because it is unclear whether the Twitter account at issue was under her name, or whether it merely referenced her name in a tweet. If her name was not part of the account name, then it may be better to categorize this as a case of Twitter-harrassment. While the flood of Twitter-squatting suits may not yet be here, this case represents at least one drop of rain.

David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.

On August 21, 2009, the Second Circuit finally weighed in on when a webcasting service that provides users with individualized playlists can be considered an "interactive service" and thus be required to pay individual licensing fees to sound recording copyright holders. If a webcaster is not deemed to be an interactive service, then it only needs to pay a statutory licensing fee to the Copyright Royalty Board. According to the Second Circuit, which is the first Circuit to rule on the issue, the determining factor is the degree of control that a user exercises over the songs to be played. Arista Records, LLC, et al. v Launch Media, Inc., U.S.C.A., Second Circuit, No. 07-2576-cv.

The webcaster at issue was Launch Media, Inc. and its online music service, LAUNCHcast, which permitted users to act as their own DJs and create their own simulated radio broadcasts. Launch was purchased by Yahoo! in 2001 and LAUNCHcast today is part of the Yahoo! Music site.

LAUNCHcast did not permit users to directly request the specific songs be played at specific times. Instead, LAUNCHcast created a convoluted algorithm which permitted a user to select the genre of music he wished to hear (e.g., country, classic rock), designate preferred artists and songs, and specify songs he did not wish to hear. LAUNCHcast then created its own playlist from the tens of thousands of songs in its catalog and delivered this via webcasting to the user.

Launch was sued in 2001 by Arista and other recording companies who charged that LAUNCHcast was an "interactive service" under 17 U.S.C. § 114(j)(7) and hence was required to pay individual licensing fees to them and other copyright holders. On the surface, it would seem that the recording companies have a point, since the entire point of LAUNCHcast is to permit interactivity and give users some control the music that was delivered to them.

However, the trial court did not agree. And, on appeal, neither did the Second Circuit.

Until 1971, the Copyright Act did not provide copyright protection for sound recordings. The ostensible reason was that the recording industry and radio broadcasters existed in a symbiotic relationship in which the broadcast of recorded music was "free advertising" that brought customers to music stores where they would purchase recordings. The same logic is being used today by broadcasters in their fight against the proposed Performance Rights Act. (See our blog posts of March 3 and 30, 2009).

With the inception of the Internet, the recording industry realized that webcasting had the potential to significantly depress music sales, if users could were able to get webcasting of music on demand. In 1995, Congress enacted, and in 1998 amended, the Digital Performance Right in Sound Recordings Act, which gave sound recording copyright holders an exclusive right to perform (play or broadcast) sound recordings via a digital audio transmission for transmission through paid services and "interactive services." 17 U.S.C. § 114(d). Non-interactive services qualified for statutory licensing, but interactive services were required to obtain individual licenses for each recording played.

Continue reading "Arista Records v. Launch Media: Degree of User Control over Song Selections Determines whether Webcasting Service Is Required to Pay Individual Licensing Fees for Sound Recordings" »

Twitter accounts, like the Internet domain names, are named-based. As a result, Twitter long ago developed problems that mirror Internet domain name cybersquatting -- namely, twittersquatting or twitterjacking. Twittersquatting is when a third party registers a trademark or a famous person's name as a Twitter username with the intent to cause confusion or mischief. Twittersquatting has already become extremely widespread. According to one report, as of January 2009, of the top 100 global brands, 93% had their Twitter names taken by someone else.

So what are Twittersquatters doing with their borrowed trademarks? The same things they did with borrow trademarks on the Web -- in many cases, using them to sell products unrelated to the trademark name, or simply holding them for sale. A visit to the Armani Twitter account on August 23rd, 2009 showed that the latest "tweet" was the following: "Retweet this! Xanax, Oxy, Valium, Vicodin, Viagra! over night shipping and no doctors required! http://supplymedd.com."

Other twittersquatters are using their Twitter names to harass, embarrass or satirize the holder of the mark of famous name. One of the best known cases was the Twitter site set up by a prankster in the name of St. Louis Cardinals manager Tony La Russa. The site, which purported to have been set up by LaRussa himself, contained posts criticizing Cardinal players or describing LaRussa's drinking habits. One entry read: "Lost 2 out of 3, but we made it out of Chicago without one drunk driving incident or dead pitcher . . . I'd call that an I-55 series." The fake LaRussa account also included the note: "Bio Parodies are fun for everyone."

With all of this twittersquatting, many commentators have assumed that we would see a flood of trademark infringement lawsuits. Some have even called for the creation of an digital media industry-wide Uniform Username Dispute Resolution Policy which would mirror ICANN's domain name dispute resolution system -- the Uniform Domain Name Dispute Resolution Policy (UDRP).

So why hasn't the flood of trademark infringement lawsuits occurred? One answer could be the control that Twitter retains over its accounts. Under its Terms of Use, Twitter "reserve[s] the right to reclaim usernames on behalf of businesses or individuals that hold a legal claim or trademark on those usernames." Given this retained power, a business interested in protecting its mark may be able to eliminate a cybersquatter through a simple request to Twitter. Of course, dispute resolution could get more troublesome where multiple persons are using the same mark. Another answer -- given the continued presence of so much obvious twittersquatting -- is that many trademark holders don't yet see sufficient business value in Twitter to take action.

So far, the only twittersquatting suit has gained notoriety was Tony LaRussa's suit earlier this summer against Twitter regarding the satire site described above. LaRussa v. Twitter, Inc., San Francisco Superior Court, Case No. CGC-09.488101. This suit did not last long: it was filed in May 2009 and voluntarily dismissed only six weeks later, apparently as the result of a settlement. A recent visit to the LaRussa Twitter account showed that the site had been taken over by Tony LaRussa himself, and contained a link to LaRussa's animal rescue foundation. See http://twitter.com/tonylarussa.

Continue reading "Digital Media Law: Where is the flood of Twitter-squatting lawsuits?" »

There are many hurdles to recovering damages when a third party makes a defamatory post about you or your business on an interactive website. The Communications Decency Act generally shields the site that published the third-party post itself, which means that you will have to sue the original author. If the poster was anonymous, you will have discover his identity before your suit can get off the ground. While some web hosts will disclose the identity of an anonymous poster in response to a simple request or a subpoena, others will not do so without a court order.

A court order is often not easy to get.

Anonymous speech has played a critical role in furthering the American democracy. Thomas Paine was able to publish his Common Sense which urged Americans to revolution, without fear of personal reprisal, because he was able to publish it anonymously. The Federalist Papers were also published anonymously. Given this heritage, the U.S. Supreme Court has repeatedly found that the right to speak anonymously is protected by the First Amendment. See, e.g., McIntyre v. Ohio Elections Comm'n, 514 U.S. 334, 341-42 (1995).

The amount of First Amendment protection offered to anonymous speech, like all other protected speech, varies with the class of speech involved. For example, where disclosure of a speaker's identity would chill his ability to exercise his political rights, the U.S. Supreme Court has absolutely refused to permit disclosure of his identity. NAACP v. Alabama, 357 U.S. 449, 462; 78 S.Ct. 1163, 1171, 2 L.Ed.2d 1488 (1958); Talley v. California, 362 U.S. 60, 80 S.Ct. 536, 4 L.Ed.2d 559 (1960). On the other hand, the Court has found that defamatory and libelous speech gets no Constitutional protection. Chaplinsky v. New Hampshire, 315 U.S. 568, 571 (1942).

While courts permit disclosure of an alleged defamer's identity, a court faced with a complaint that accuses an anonymous speaker of engaging in defamation faces a "chicken and the egg" dilemma. If trial proves that the speaker is liable for defamation, then his anonymity was not entitled to First Amendment protection and should be disclosed. If trial proves that the speaker is not liable for defamation, then his anonymity was entitled to First Amendment and should not be disclosed. However, disclosure of a speaker's identity is generally required for a court to determine whether his words were defamatory. In other words, you have to disclose his identity to determine whether his identity should be disclosed.

For example, proving a cause of action for defamation often requires showing that the speaker acted with malice. To show malice, a plaintiff must have evidence that the speaker made his defamatory statements intending or knowing that they would cause harm to the plaintiff, or that he made his statements without a reasonable basis for believing that they were true. Such evidence of a defendant's mental state can generally only be provided to a court after the speaker has been identified and discovery of his purposes and of the facts available to him at the time he spoke has been obtained.

Continue reading "Solers, Inc. v. Doe & In re Liskula Cohen: Hurdles to Uncovering the Identity of an Anonymous Internet Poster Vary Greatly throughout the U.S." »

The Internet has a worldwide reach. It is easy for a cybersquatter who resides in a foreign country to gain control over an Internet domain name without ever setting foot or engaging in a transaction in the U.S. However, under traditional rules for jurisdiction, it was often not possible for a trademark owner to bring an action in a U.S. court against a foreign defendant who had gained control over a domain name that infringed the plaintiff's mark.

For example, personal jurisdiction rules do not permit a foreign defendant to be sued in federal court if the defendant is not physically available to be served in the state where the court is located, the transaction at issue did not occur in the state, or the defendant does not have systematic dealings with the state. Diversity jurisdiction rules do not permit a citizen of one foreign country to bring a suit against a citizen of another foreign country in federal court if neither resides in the U.S. 28 U.S.C. § 1332.

In 1999, Congress enacted the Anticybersquatting Consumer Protection Act (ACPA) to deal with these problems. See 15 U.S.C. § 1125(d). The ACPA gave the owner of a "mark" the right to bring suit if another person, "registers, traffics in or uses a domain name" with "a bad faith intent to profit from that mark." Id. at 1125(d)(1)(A). The ACPA expanded the scope of its protection of "marks," to include to include personal names, as well as traditional trademarks.

The ACPA also addressed the thorny problems of jurisdiction, described above. Questions about subject matter jurisdiction were resolved by the mere fact that the ACPA was a federal law -- thus permitting litigants to bypass diversity jurisdiction and sue on federal question grounds. 28 U.S.C. § 1331, 1338. Problems with obtaining personal jurisdiction over foreign defendants were swept away by permitting the owner of a trademark to file its cybersquatting complaint as an in rem action in the judicial district(s) in which either the domain name registrar or the domain name registry was located. 15 U.S.C. § 1125(d)(2)(A).

The registry for the most popular general Top Level Domain names (gTLDs) -- .com, .org and .net -- is VeriSign, which is located in Virginia. The registries for the gTLDs .eduand .gov are maintained by U.S. government agencies, and hence also located in the U.S. This means that an in rem action can be brought regarding domain names ending in these, and certain other popular suffixes, in U.S. federal courts, regardless of the location of the registrar or the registrant.

Continue reading "Digital media law: Koenig v. ALL.COM case shows the power of rem jurisdiction in resolving cybersquatting disputes" »

In an unmitigated ruling for spammers' rights, on August 6, 2009, the Ninth Circuit affirmed a District Court ruling, and found that the owner of a domain name who used this domain name to set up email accounts for third parties, did not have standing to sue as an internet service provider under the federal CAN-SPAM statute. See Gordon v. Virtumundo, Inc., U.S.C.A., Case No. 07-35487.

The case involved James S. Gordon, who did business as gordonworks.com. According to the case report, Gordon is the registrant of an Internet domain name, "gordonworks.com", which he hosts on server space at GoDaddy.com, a domain registrar and web hosting company. By virtue of his ownership of an Internet domain, Gordon is able to post content to the Internet, create new email accounts, and set user names and log-on passwords.

Gordon used these tools to create six or so email accounts for friends. He later asked his friends to set up their own personalized domains and to abandon the gordonworks.com email accounts to him. He then continued to monitor these email accounts for spam, which then continued to accumulate over time. Gordon then began filing lawsuits in state and federal court against the firms that had sent these spam emails, seeking big dollar damages. For example, in his motion for summary judgment in the Virtumundo suit, Gordon sought statutory damages in the amount of $10,257,000, plus attorneys fees and costs, based on 7,890 allegedly unlawful emails.

The 9th Circuit panel described Gordon as a "professional plaintiff" and his various domains as "spam traps," which had the sole purpose of snagging as many email marketing messages as possible. His "clients" also used their personalized domains to gather commercial emails, which they then sent to Gordon in batches of 10,000 to 50,000, to fuel his lawsuits. In exchange, Gordon's clients shared in the proceeds from the settlements of the suits he filed. According to the court, "Since at least 2004, Gordon has held no employment. Hs has never been compensated for any of his purported Internet services, and his only income source has come from monetary settlements from his anti-spam litigation campaign."

Continue reading "CAN-SPAM update: Ninth Circuit Ruling Shuts down Anti-SPAM Cottage Industry" »

Digital media law update: News has just broken about a suit filed by five individuals against Facebook for alleged privacy violations. While the ink has barely dried on the court filings, in my view, the plaintiffs face significant legal hurdles to recovery of significant damages. Here is an initial analysis of the claims in the complaint -- Melkonian, et al., v. Facebook, Inc., et al., Superior Court of the State of California, County of Orange, Case No. 30-2009-00293755:

The plaintiffs and their allegations

This is not a class action, but a joint suit by a rather mixed bag of plaintiffs:

• The lead plaintiff, Melkonian, is a photographer who claims that images she took have been posted on Facebook without her consent.
• Two plaintiffs are minors under age 13 who created Facebook accounts without their parents' consent and uploaded personal information and photographs onto the site.
• The fourth plaintiff is a college student who joined the original form of Facebook, "Thefacebook," in May 2005 and uploaded personal information when the site operated under an allegedly more privacy-protective set of terms and conditions.
• The fifth plaintiff is an actress who claims that digital images of her have been uploaded onto the site without her consent.

Much of the 41-page complaint is devoted to a history of Facebook's changing policies on user privacy, its interactions with groups such as "People Against the New Terms of Service," discussions about public attitudes toward privacy, and various private and public investigations into Facebook's privacy practices. The primary factual allegations in the complaint are:

(1) Facebook data mines personal information posted on its site and exploits this by providing it to advertisers who use it to target ads to users;

(2) Facebook's posted privacy policies are incomplete, misleading and unfair. For example, on February 4, 2009, Facebook unilaterally changed its terms of service to include, inter alia, a grant by users of "an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license to use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, edit, frame, translate, excerpt, adapt, create derivative works and distribute User Content . . . and to use your name or likeness and image for any purpose, including commercial or advertising . . ." According to the Complaint, this is an outrageous extension of Facebook's rights over its user's data;

(3) Facebook fails to adequately warn users about the dangers of posting sensitive personal information online;

(4) Facebook fails to prominently disclose its privacy policies and terms of use at sign-up and employs confusing and ineffective privacy protection tools;

(5) Facebook has no technical safeguards to prevent misappropriation of user data by third-party developers who have access to the site;

(6) Facebook fails to provide users with a simple and permanent means to delete their accounts and personal data;

(7) Facebook's uses "social ads" -- customized advertisements that use private data, such as a user's name and photo -- to advertise products and services to the user's "friends" and others users within that person's network;

(8) Facebook uses tracking technology called "Beacon" that allows third parties to gather information about user's purchase activities and then create social ads regarding such purchases;

(9) Facebook lacks adequate safeguards to prevent registration or use by children under age 13.

Analysis of the causes of action

Based on these wide-ranging allegations, the complaint states six separate causes of action against Facebook, including: (i) and (ii) statutory and common law misappropriation of the right of publicity for its use of the plaintiffs' names and photographs without consent for advertising purposes; (iii) violation of the California unfair competition law for its data mining practices and dissemination of the plaintiffs' personal information, (iv) violation of the California Constitutional Right to Privacy for its commercialization of plaintiffs' personal information; (v) violation of the California Online Privacy Act for failing to "conspicuously post and comply" with the privacy policies required under the Act, and (vi) violation of the California Consumer Legal Remedies Act for unconscionably changing its Terms of Use and privacy policies without notice, and representing that user information would remain private, but then providing it to third party advertisers.

The claims of the lead plaintiff, Melkonian, appear to be claims for copyright infringement. As such, some or all of her claims here could be preempted by the Copyright Act. Putting this issue aside, the remaining four plaintiffs' claims are based on allegations that their names, personal information and/or photos were used commercially without their consent.

So do these claims have any legs?

Causes of action 1 & 2: misappropriation of name and likeness

To make out a valid claim of common law misappropriation of name or likeness, a plaintiff must show that (1) the defendant used his/her name or likeness; (2) the use was to the defendant's advantage, commercially or otherwise; (3) lack of consent; and (4) resulting injury. Eastwood v. Superior Ct. (1983) 149 Cal.App.3d 409, 417. To make out a valid claim under the California privacy statutes, a plaintiff must prove the same elements, however the defendant must have used the plaintiff's name directly in connection with the advertising or sale of goods. California Civil Code § 3344.

Continue reading "Melkonian v. Facebook: New Privacy Suit against Facebook Faces Challenges" »

A much-maligned Internet marketing model that is currently struggling to morph into societal acceptance is the "penny auction" or "entertainment shopping" model, such as operated by www.Swoopo.com and www.for10cents.com.

In the Swoopo version, users pay a small fee for the privilege of bidding on a variety of consumer goods, such as a Samsung 46" LCD TV or an Apple MacBook Pro Laptop. The opening price for each auction starts at $.12 cents, and the price goes up by $.12 cents (or less) for each bid placed. However, each bid placed costs the bidder $0.60.

So how do the economics add up? On an auction conducted on August 17, 2009 for a Logitech G7 Laser Cordless Mouse, Swoopo listed the mouse as "Worth up to: $64.99." The final auction price was $12.96. Assuming that the price started at $0.12 and was increased by $0.12 with each bid, the participating bidders were charged $64.68 in bid fees. In addition, the winning bidder, "Ichholes," paid $12.96 as the final auction price. The Swoopo site also indicated that it would charge $12.90 for delivery. The winning bidder, who placed 10 bids, paid $18.96 for the mouse -- a real bargain. However, Swoopo's total take was $90.60. That's $25.61 over the $64.99 that Swoopo stated was the mouse's maximum value.

According to Swoop's terms of use, "bidding rights, so-called 'bids', must be purchased and paid for by users prior to online bidding." Bids are purchased in packages ("BidPacks"). In my visit to the site on August 17, 2009, I saw BidPacks for 50 and 300 bids being auctioned on the site.

Swoopo's unique business model has generated speculation as to whether it constitutes a form of gambling. However, it is not altogether clear that Swoopo's practices are prohibited -- at least under California lottery and gambling laws.

For example, California Penal Code Sections 321-23 make non-State lotteries illegal. A lottery is defined as a "scheme for the disposal or distribution of property by chance, among persons who have paid or promised to pay any valuable consideration for the chance of obtaining such property or any portion of it . . .upon any agreement, understanding or expectation that it is to be distributed or disposed of by lot or by chance . . ." Cal. Penal Code § 319.

Here, Swoopo could argue that its auctions don't result directly in the distribution of any property. Rather, the products on the site are only distributed when a successful bidder pays the discounted purchase price. All the auctions do is to merely compute the discount to be applied.

Continue reading "Swoopo!: Do Penny Auction Sites Run Afoul of California Gambling Laws?" »

How do you bind someone to contract terms that you can't disclose until after the contract is signed? That's the question that a California Court of Appeal addressed in its August 12, 2009 decision in DVD Copy Control Assn., Inc. v. Kaleidescape, Inc., --- Cal.Rptr.3d ---, 2009 WL 2450711. The defendant, Kaleidescape, sells a DVD storage and filing system that permits users to manage their DVD's by uploading them onto a Kaleidescape home system for future playback. For a father of young children, as I am, the Kaleidescape sounds like a neat alternative to the dozens of "Dora the Explorer" and "Thomas the Tank Engine" disks that I constantly find myself kicking across floors of our house.

To lessen the concerns of the motion picture industry about piracy, the DVD industry created the Content Scramble System (CSS), to encrypt the material on DVDs. CSS scrambles material on the DVD so that it cannot be reader unless the DVD player has the right descrambling technology. Over the course of extensive negotiations, a standard CSS license agreement was adopted. The Plaintiff, DVD Copy Control Association, Inc. (Association), was created to manage these licenses.

The Association does not negotiate agreements with licensees. Rather, under the CSS licensing scheme, to obtain a license, a licensee signs the standard agreement in which it agrees to maintain the confidentiality of the CSS technology. The only licensee-specific portion of the contract is a section in which the licensee identifies the type of device it wishes to make by selecting from a list of 14 "membership categories."

At the time a license agreement is signed, the licensee is not aware of the specifications that he will be required to comply with. Only after the license agreement is signed, and the licensee pays the requisite fees, does the licensee receive a master key to incorporate into its system and specifications on how CSS works.

Realizing that its system would require an CSS license, Kaleidescape executed the license agreement, paid the required fees and checked the boxes indicating that it needed technical specifications for Descramblers and Authenticators. The Association then sent Kaleidescape the specifications for Descramblers and Authenticators, along with General Specifications applicable to all DVDs and players.

Here came the rub: the General Specifications require that an original DVD disk be inserted into a player every time a DVD is played. However, the very purpose of Kaleidescape's system is to eliminate the need to insert individual DVDs into the player in order to view them. When the Association discovered how Kaleidescape's system worked it sent a cease and desist letter and eventually filed suit.

The trial court sided with Kaleidescape, based on a venerable contract law doctrine called "incorporation by reference." Under the form of this doctrine in California law, text not found within the four corners of a contract will be deemed to be part of the contract if referred to in the contract and: (1) the reference is clear and unequivocal, (2) the reference is called to the attention of the other party, and he consents to it, and (3) the terms of the incorporated document are known or easily available to the contracting parties. See Shaw v. Regents of University of California (1997) 58 Cal.App. 4th 44, 54. Because the General Specifications were not mentioned in the license, the trial court found that these terms were not incorporated into the agreement.

The Court of Appeal rightfully reversed this decision. It entirely rejected the trial court's application of the incorporation by reference doctrine to the facts of the case. After all, the terms of none of the three sets of specifications Kaleidescape received were "known or easily available" to it at the time it signed the license agreement. Indeed, since what Kaleidescape was to receive was encryption technology, it makes sense that at least some portion of the specifications could not be provided prior to its at least signing the confidentiality portions of the agreement.

Continue reading "DVD Copy Control Assn. v. Kaleidescape: California Court of Appeals Upholds License Agreement which Committed a Licensee to "Secret" Specifications" »

The suit between Tiffany and eBay is providing a serious test of eBay's "Notice and Takedown" model for avoiding contributory infringement liability for counterfeiting and other trademark misuse by sellers on its site. (Fn1) In this suit, Tiffany seeks to hold eBay liable for contributory and direct infringement, false advertising and trademark dilution for its involvement in the sale of counterfeit Tiffany merchandise on its site.

According to eBay, more than 100 million listing appear on eBay at any one time, and approximately 6 million new listings are posted each day. However, a certain percentage of these listings are for counterfeit goods. Tiffany alone reported 20,915 infringing listings to eBay in 2003, 45,242 in 2004, 59,012 in 2005 and 134,779 in 2006. According to Tiffany, 30% or more of Tiffany jewelry list on the site at any time can safely be deemed to be counterfeit.

Selling counterfeit trademarked merchandise constitutes trademark infringement. It also downgrades the confidence of consumers in the integrity of the source of those goods. eBay does not take possession of, and hence never sees, the goods sold on its site, so to combat the sale of counterfeit goods on its site, eBay has employed an ever-expanding arsenal of computer-based defenses. Chief among these is its "notice and takedown" system -- its VeRO program. Under this system, a trademark, copyright or patent rights owner who sees an infringing item on the site can report the listing to eBay by submitting a Notice of Claimed Infringement (NOCI).

eBay's NOCI form is its Digital Millennium Copyright Act (DMCA) takedown notice form -- which eBay has converted for use for all forms of alleged intellectual property rights infringement. The form requires that the rights owner submit all of the elements required for a DMCA notice (Fn2): (i) the identity of the alleged rights owner, (ii) the identity of the specific eBay listing numbers where the infringing material is located, (iii) the type of infringement, and (iv) the required DMCA statements that the complaining party has a good faith belief that the use on eBay is unauthorized and that the complaining party is authorized to act for the rights owner. For an overview of the VeRO program and to obtain a NOCI form, see http://pages.ebay.com/help/tp/vero-rights-owner.html.

Upon receiving a NOCI, eBay verifies that the NOCI contains the necessary information and appears accurate, and then removes the reported listing. At the time of the Tiffany v. eBay trial (2008), 75% of reported listings were removed within 4 hours. After removing a listing, eBay also attempts to prevent or to undo any actual sale. If the listing is removed before a sale has occurred, eBay cancels all bids and notifies the seller and bidder that the listing has been removed. If a sale has already occurred, eBay cancels the transaction retroactively, removes the listing and informs the parties that the listing has been removed and that the transaction should not be completed. eBay also refunds all associated fees. eBay also reviews the seller's account and may suspend the seller. (Fn3)

In addition to its NOCI system, eBay also uses what it terms a "sophisticated fraud engine," on which it spend more than $5 million annually to maintain and enhance. This search engine "uses more than 13,000 different search rules to locate potentially infringing or problematic activity. For example, it searches for listings that explicitly offer "knock-off," "replica," or "faux" merchandise. eBay also suspends sellers for repeat violations, conducts periodic "clean-up" reviews of listings and warns sellers against listing counterfeit goods. (Fn4)

Continue reading "Tiffany v. eBay: eBay's Notice and Takedown System and Trademark Law" »

Internet fraud update: Under the FTC Act, the Federal Trade Commission is empowered to prevent businesses from using unfair methods of competition or engaging in unfair or deceptive practices. 15 U.S.C. § 45(a)(2). However, under the version of the FTC Act that existed prior to 2006, the FTC did not have the authority to regulate such practices unless the business involved "commerce" (i.e. sales, shipments) within in the United States. (Fn1) This meant that a business that was solely engaged in the export of goods to countries outside the U.S. was not subject to the FTC's jurisdiction.

With the rise of the Internet, it became easy for businesses to set up shop in the U.S., but limit their business solely to export to other countries, and thus avoid FTC prosecution for unfair and deceptive trade practices. Because the FTC's ability to share information about U.S. residents with foreign prosecutors was also limited, this meant that a lot of bad behavior by exporters went unchecked. According to the FTC, this could have made the United States a "haven for fraud."

In December 2006, Congress passed the U.S. SAFE WEB Act, which amended the FTC Act to fill these loopholes. The U.S. SAFE WEB Act permits the FTC to provide investigative assistance to foreign law enforcement agencies, including conducting investigations to collect information and evidence for these foreign agencies. 15 U.S.C. § 46(j). It also permits the FTC to share investigative materials, such as documents, written reports or answers to questions and transcripts of oral testimony with foreign law enforcement agencies. 15 U.S.C. § 57b-2(6).

In addition, the Act expanded the FTC's jurisdictional reach to permit it to directly regulate acts involving foreign commerce that: (i) cause or are likely to cause reasonably foreseeable injury within the United States; or (ii) involve material conduct within the United States.

Since the law was signed, the FTC has reported using it in only one prior investigation which was concluded earlier this year. (For a discussion of this case, see our blog post of July 17, 2009). The FTC has recently announced the second use of the U.S. Safe Web Act in its regulatory action against Los Angeles-based Jaivin Karnani and his company Balls of Kryptonite, LLC. ("Karnani").

According to the FTC's complaint, Karnani operates two websites, www.bestpricedbrands.co.uk and www.bitesizedeals.co.uk, which sell consumer electronics, such as cameras, video game systems, and computer software exclusively to customers in the United Kingdom. (Fn2) By using the suffixes "co.uk", stating prices in pounds sterling, referring to the "Royal Mail" and using U.K. addresses, the websites gave U.K. customers the impression that they were located in the U.K. and subject to U.K consumer protection laws.

The complaint also alleged that Karnani's websites didn't deliver what they promised. Customers were shipped goods with power chargers that were not compatible with U.K. power systems. Because the goods shipped were not manufactured for the U.K. or E.U. markets, customers did not receive manufacturer warranties. Goods were shipped slowly and customer complaints about this slowness were ignored. Customers were also charged high restocking fees.

Continue reading "U.S. SAFE WEB Act Used by FTC to Prevent U.S. Exporter from Pretending to Be U.K.-Based Site" »

Many blog sites on the Internet are devoted to complaints or criticism of the practices of businesses and their executives. For example, we recently blogged about a site that critiques the practices of beauty company Mary Kay, Inc. -- www.pinklighthouse.com. Another site focuses on critiques of Starbucks' operations --starbucksgossip.typepad.com. The authors of such blogs or websites frequently worry that their posts could subject them to ruinous liability for defamation, trademark infringement (for use of the company name), or copyright infringement (for reprinting company materials).

However, a recent decision by a District Court in the Northern District of California illustrates the protections the law affords attack blogs from such claims. In 2006, Robert Delsman, Jr., a former General Electric employee, submitted a claim for disability benefits to the firm that handled such claims for GE -- Sedgwick Claims Management, Inc. Sedgwick is managed by David North (CEO) and Paul Posey (COO). Delsman grew dissatisfied with Sedgwick's handling of his case and began to express his views about Sedgwick, North and Posey in a blog and a postcard mailing campaign called "Operation Going Postcard."

The blog, which is currently hosted at http://www.gesupplydiscrimination.com/, accused Sedgwick of wrongfully denying benefits to claimants, violating various laws, and accused Sedgwick and its "minions" (which it termed "Sedgthugs") of having committed "Sedgcrimes."
Delsman also took two copyrighted photos of North and Poser and superimposed them on "WANTED" postcards, some of which he "morphed" to look like pictures of Adolph Hitler and Heinrich Himmler. The postcards contained messages next to the photos such as this: "WANTED FOR HUMAN RIGHTS VIOLATIONS. . . Have you been threatened by this man or his minions? The time for change is at hand!" On the reverse side, they read: "Have you been terrorized, threatened or lied to by Sedgwick Claims Management Services? The time to act is now! Report these despicable activities to the US Department of Justice and the Attorney General in your state. Sedgwick CMS can be stopped peacefully and purposefully if enough people act now! Get informed!"

That's strong stuff!

Sedgwick filed suit against Delsman seeking to stop his damaging campaign. It claims included copyright infringement, for his use of the photos, and the usual panoply of defamation-related claims, including libel and interference with prospective business advantage. See Sedgwick Claims Management Services, Inc. v. Delsman, U.S.D.C. Northern District of California, Case No. C 09-1468 SBA, Order Granting Defendant's Motion to Dismiss (July 16, 2009).

There is nothing wrong with the types of claims Sedgwick brought. I have successfully brought them myself on behalf of defamed plaintiffs. However, the circumstances have to be right. The reality is that the First Amendment protects a lot of damaging speech.

Continue reading "Attack Blog's Salvos against Corporation and Blogger's Use of Copyrighted Photos in Parodies of Management Deemed Non-Actionable by California District Court" »

The Federal Trade Commission (FTC) is increasingly using its broad powers to require businesses to enact privacy measures to protect their customers' personal data. According to the FTC, all companies must "maintain reasonable and appropriate measures to protect sensitive consumer information." And the FTC is ready and willing to step in and make them implement such measures -- regardless of whether Congress has enacted a specific statute requiring the business to do so.

When most people think about the Federal Trade Commission (FTC), they think about a federal agency that fights monopolies or big consumer frauds. However, the FTC Act, the statute that created the FTC, gave it a very broad mandate: "to prevent persons, partnerships or corporations . . . from using unfair methods of competition in or affecting commerce and unfair or deceptive acts or practices in or affecting commerce." 15 U.S.C. § 45(a)(2). In the digital media world, throughout the past decade, the FTC has used this vague "unfairness" mandate to require consumer-based businesses to enact data security measures.

There are federal laws that impose data security requirements, such as the Fair Credit Reporting Act (15 U.S.C. § 1681e) and the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.). These laws apply to financial institutions and credit reporting agencies. However, in its recent enforcement actions, the FTC has begun apply these data security rules to consumer businesses as a whole. (Fn1) According to a June 17, 2009 statement by the FTC to the U.S. House (Fn2), since 2001, the FCT has brought 26 cases against businesses that allegedly failed to protect consumer's personal information. This includes cases against Microsoft, TJX, LexisNexis, Tower Records, Petco, Reed Elsevier, CVS and Compgeeks.com. None of these companies would commonly be considered financial or credit reporting companies.

The legal authority for the FTC's actions in each case differed, but in some cases, such as the TJX and Compgeeks.com cases, rested solely on the FTC's broad mandate to fight "unfairness." (Fn3) Nevertheless, the terms of the consent orders reached in both cases imposed on TJX and Compgeeks.com the same obligations required of financial companies under the Gramm-Leach-Bliley Act. Both consent orders required the implementation of "a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers." This is language taken directly from 16 C.F.R. §314.3, the FTC's rules implementing Gramm-Leach-Bliley.

The FTC complaints in its cases against non-financial businesses "have alleged such practices as the failure to (1) comply with posted privacy policies; (2) take even the most basic steps to protect against common technology threats, (3) dispose of data properly, and (4) take reasonable steps to ensure that they do not share customer data with unauthorized third parties." According to the FTC, "all of the cases stand for the principle that companies must maintain reasonable and appropriate measures to protect sensitive consumer information."

Some may wonder about the breadth of the FTC's powers. However, prior case law had held that the FTC is not limited to merely enforcing specific laws that the Congress has elsewhere enacted. To the contrary, the FTC has the power to declare legal practices as unfair or deceptive, hence making them illegal.

Continue reading "On-line Privacy Update: FTC Uses Its Mandate to Expand Reach of Consumer Data Security Laws to Non-Financial Businesses" »

TJX's legal saga concerning its massive security breach in 2003 and 2006 lives on. TJX is a large retailer, with over 2000 T.J. Maxx, Marshalls, HomeGoods, Bob's Stores and A.J. Wright stores in the U.S. and Puerto Rico, During 2003 and 2006, hackers broke into the TJX computer network that handled its credit and debit card, check and return merchandise transactions. The intrusion involved transactions occurring in 2003 and from May-December 2006. TJX learned about the intrusion in mid-December 2006, but delayed making public notification until January 17, 2007. Reports indicated that approximately 45.7 million customer credit and debit cards were affected by the breach.

According to TJX's most recent 10-Q (May 2, 2009), TJX initially established a reserve of $178.1 million to reflect its losses from the data intrusion. TJX later reduced this reserve by $39.4 million. This means that TJX's expects its net losses from the data intrusion to total almost $139 million. While TJX will survive, this is truly a massive loss and represents one of the largest computer-related losses experienced by a company.

An expanding of body of federal and state law has imposed two types of data security regulations on companies handling consumer financial transactions: (i) a duty to employ reasonable security measures, and (ii) a duty to notify consumers when a breach of security has occurred.

After TJX announced its data security breach, it was hit with a lengthy list of legal actions. These included: (i) a regulatory complaint by the FTC; (ii) claims by the credit card companies to recover tens of millions in fraud losses; (iii) regulatory actions by over 40 state attorneys general; (iv) several consumer class actions; and (v) a class action on behalf of thousands of banks that had lost money as a result of the breach. All but one of these major legal actions appear to have been resolved.

The FTC Complaint was resolved in July 29, 2008 with the entry of a consent order requiring TJX to install and maintain a "comprehensive information security program to protect the security, confidentiality, and integrity of personal information collected from customers." TJX is also required to provide initial and biennial audits affirming the quality of this system for the next 20 years. (Fn1) The State Attorney General actions were settled on June 22, 2009 with another consent decree requiring TJX to maintain a "comprehensive information security program." TJX also agreed to comply with state breach notification laws and to pay the states $9.75 million.

The credit card company claims were settled for an amount estimated to be at least $24 million, but possibly much more. The consumer class action was settled in early 2008 in consumer class action dollars: including (i) the choice of a $60 gift certificate or $30 in cash, (ii) three years of credit monitoring from Equifax, (iii) the replacement cost of a drivers license and(iv) the amount of any actual, unreimbursed damages. Plus, TJX agreed that all its stores would hold a one-time Special Event (a sale) in which prices at its stores would be reduced by 15%. The plaintiffs' attorneys received $6.5 million in attorneys fees, as well. (Fn2)

The major piece of litigation that remains is the financial institution class action. (Fn3) The suit is brought on behalf of "thousands of financial institutions" who apparently suffered losses too small to bring individual actions. So if the court refused to certify the plaintiffs as a class action, their claims would likely go away.

Continue reading "TJX Data Security Breach Saga Continues: Financial Institution Class Action against TJX Survives on Based on Unfair Competition Claim Predicated on Statements in FTC Complaint against T.J. Maxx / Marshalls' Parent Company" »

On July 30, 2009, Judge Fogel, who should be called the "Internet Judge" of the Northern District of California, closed the loop on the Goddard v. Google class action by ruling that Google's Keyword Tool constitutes a "neutral tool" for Communications Decency Act (Fn1) purposes. (Fn2). Google's Keyword Tool, which is offered under its AdWords program, provides potential advertisers on Google with suggestions on alternate keywords they can purchase to increase traffic to their site.

The complaint alleged that the class members were injured when they clicked on ads for mobile subscription services that were carried on Google. The mobile subscription services sell ringtones, sports score reports, weather alerts, stock tips, direct payment services, and interactive radio over the Internet for use on cell phones. According to the complaint, the services transmit their products directly to consumers' mobile devices and apparently are able to bill the consumer merely by providing the consumer's cellular telephone number to a billing aggregator. The aggregator in turn instructs the relevant cellular carrier to add the charges to the consumer's cellular telephone bill. The complaint alleged that the unverifiable nature of this business model resulted in large numbers of unauthorized and fraudulent charges being racked up on consumer's phone bills. (Fn3)

The suit alleged that Google was liable for this fraud on negligence, aiding and abetting, money laundering and other grounds. Google defended each of these claims based on the Communications Decency Act, claiming that all the plaintiffs' theory of liability against it were based on its publication of material provided by a third party.

During the original hearing on Google's motion to dismiss (Goddard I), Judge Fogel expressed skepticism over the viability of the case in light of the broad immunity provided by the Communications Decency Act. However, as part of the basis for its claims, the complaint had alleged that Google "assists its customers in drafting AdWords and selecting keywords through both live support from its AdWords Specialists and its advertising campaign optimization services." Judge Fogel noted that an internet service provider can be found to be co-information content provider if it has collaborates in creating illegal content.

For example, in Fair Housing Council v. Roommates.com, LLC, 521 F.3d 1157, 1162 (9th Cir. 2008), the 9th Circuit found that an internet roommate matching service was responsible for content created on its site by third parties, where it had provided prompts that assisted users in developing their roommate profiles. These prompts effectively required users to enter information that violated state and federal fair housing rules. The 9th Circuit held that "by providing a limited set of pre-populated answers" that violated state and federal law, Roommates.com became a developer of the illegal content in the profiles posted on its site.

Continue reading "Goddard v. Google - Part II: Judge Fogel Rules that Google's Keyword Tool Is a Neutral Tool For Communications Decency Act Purposes" »

As data storage moves from equipment controlled by its authors into the "cloud" -- storage on equipment controlled by third parties -- there is an increased risk that unauthorized third parties will access this data and use it for nefarious purposes. The Stored Communications Act ("SCA", 18 U.S.C. § 2701 et seq.) is widely thought to provide protection from disclosure for emails and other private data that are in such electronic storage. However, a less-known loophole in the SCA can permit stored information to be accessed without the author's permission and then divulged to competitors, to adversaries, to strangers, or to the general public, without liability under the SCA.

The SCA provides that any person who intentionally accesses stored electronic communications without authorization or beyond the scope of his authorization is subject to civil and criminal penalties. 18 U.S.C. § 2701(a), (b). However, there are two important exceptions to this protection:

Even if an author of a communication has not authorized a third party to access that communication, the SCA provides that this unauthorized third party is immune from liability if he/she was authorized to gain access by the provider of the electronic communications service --such as the ISP or the business the operates the network. The SCA further provides that an unauthorized third party is also immune if he/she has been given permission to access the communication by a user of the service on which the communication is stored -- such as a member of a private website, such as a MySpace page.

This means that even if the author has not consented for anyone except for the recipients to access his/her private emails, a lot of people could still be looking at them, copying them and doing whoknowswhatelse to them -- with SCA-immunity.

That sounds bad enough. However, the next section in the SCA -- Section 2702 -- opens the door to unauthorized disclosure even wider.

Continue reading "Will Cloud Computing Create a Thunderstorm?: Loophole Permits Private Emails and other Digital Data Stored by Third Parties to Be Divulged to the Public without Stored Communications Act Liability" »

Employers seeking to discover what their employees are doing and writing on the internet will can find themselves out of the reach of federal wiretap laws (under the Electronic Communications Privacy Act ["ECPA"] and the Stored Communications Act ["SCA"]) so long as they limit their efforts to intercepting and accessing emails and web activity conducted or stored on company-operated networks. Reaching for forbidden apples from the Tree of the Knowledge of Good and Evil -- employee email accounts or websites operated by third-party servers -- can throw them out of this happy garden and into the cursed land of civil liability and even prison time.

First, wiretap law basics: Federal wiretap laws provide different levels of immunity to electronic communications service providers for accessing third-party communications, based on whether the communication is in-progress or "stored." (Fn1) Communications are considered stored regardless of whether the storage is temporary, intermediate, incident to impending transmission or more permanent storage for backup purposes. For example, in Konop v. Hawaiian Airlines, 302 F.3d 868, 874 (9th Cir. 2002), the 9th Circuit held that email messages stored on an electronic bulletin board system, but not yet received by the intended recipients, were stored, not in-progress communications.

In-progress communications, which are governed by the ECPA (18 U.S.C. §§ 2510 et seq.), are subject to a greater level of access restrictions. Stored communications, which are governed by the SCA (18 U.S.C. § 2701 et seq.) are subject to lesser access restrictions. In-progress communications may not be intercepted unless the employer meets one of two exceptions:

Exception 1: The employer provides the electronics communications service and interception is a "necessary incident" to the rendition of the communication service provider's business or "to the protection of the rights or property of the provider of that service." An employer can use the "necessary incident" exception to intercept employee emails or internet communications only if its equipment provides the communications services -- not if it merely has its employees subscribe to a third-party ISP to get email and internet access services. 18 U.S.C. § 2511(2)(a)(1).

Exception 2: The employer is "a party to the communication" or one of the parties to the communication has given prior consent to the interception. 18 U.S.C. § 2511. An employer can use the "consent" exception if it gets express or implied consent. Courts have found that employee consent to interception has been implied where an employer has clearly informed its employees that their communications will be monitored and explained the manner in which the monitoring would be conducted. (Fn2) 18 U.S.C. § 2511(c). To be safe, put your monitoring policy in the employee handbook -- and get the employees to sign a consent form.

Stored communications may not be accessed if the employer intentionally accesses or exceeds his authority to access the facility through which the electronic communications service is provided. 18 U.S.C. § 2701(a). However, there are big exceptions to this rule:

Continue reading "Employer Access of Employee Digital Communications and Federal Wiretap Laws: It's Easier to Be Found Immune if the Communications Reside on Your Servers" »

Now that the new FCC commissioners are in place, the FCC is getting down to the task of working on a new broadband plan. As would be expected, this is renewing the debate over the place of ISP-level filtering, or "surveillance", as some prefer to call it. See, e.g., http://www.publicknowledge.org/node/2568 On one hand, ISP-level filtering creates the potential for a solution to the massive loss of revenues that illegal file-sharing costs copyright holders. On the other hand, ISP-level filtering would doubtlessly be over-inclusive and prevent many fair uses of copyrighted material.

Regardless of the side of the debate you are on, it is critical to determine whether ISP-filtering is permissible under U.S. law. ISP-level filtering involves examining some portion of the header or contents of information packets passing through an ISP. The primary legal hurdles to such inspection are federal and state wiretapping laws.

Under the federal Electronics Communication Privacy Act (ECPA), it is unlawful to intentionally intercept electronic communications. 18 U.S.C. § 2511. However, there are a number of exceptions for ISPs. The most important of these include (i) interceptions that are "a necessary incident to the rendition of [the ISP's] service or to the protection of the rights or property of the provider of that service" and (ii) interceptions where "one of the parties to the communication has given prior consent to such interception." While both of these exceptions hold promise for those in favor of using ISP-filtering, both present practical problems.

Continue reading "Internet Service Provider-Level Filtering for Copyrighted Materials and Federal Wiretap Laws" »

On July 30, 2009, two customers filed a class action suit in a Seattle federal court over Amazon.com's remote deletion of copies of George Orwell's 1984 from their Kindle "Devices." (Fn1) The suit alleges that in its Terms of Use, Amazon.com provided that customers were granted the "right to keep a permanent copy" of content obtained from Amazon, and "to view, use, and display such Digital Content an unlimited number of times . . ." Amazon.com's deletion of their copies of 1984 violated these promises. The plaintiffs have alleged several legal theories against Amazon.com, including breach of the Terms of Use, damaging the plaintiffs' computers in violation of CFAA, trespass to chattels (the plaintiffs' Kindle Devices), conversion (of the deleted material) and other grounds.

While Amazon.com has yet to file a response, provisions in its Terms of Use for the Kindle provide clues as to how it may proceed.

As widely commented on in the press and by other bloggers, Amazon's Kindle electronic book reading device represents a significant departure from the way that book content has previously been distributed. For printed books, once the publisher sells the book, it is practically impossible for the publisher to exert significant control what happens to the individual copies of the book. The publisher has no ability to obtain royalties except from the first purchaser. The publisher has no real ability to prevent users from making copies of books to share with others. Moreover, if the publisher mistakenly sells content for which it has not secured the copyrights, it is virtually impossible for it to retrieve the books and minimize the damages. (Fn2)

Amazon.com's Terms of Use for the Kindle attempt to change all of that. While Amazon.com's Kindle webpages often use the term "buy" or "bought" in connection with books offered on the site, its "clickwrap" Terms of Use paint a different picture.

On one hand, some of the provisions in the Terms of Use, make a Kindle book transaction look like the traditional purchase of a book. According to the Terms of Use, "[u[pon your payment of the applicable fees set by Amazon, Amazon grants you the non-exclusive right to keep a permanent copy of the applicable Digital Content and to view, use, and display such Digital Content an unlimited number of times . . ."

However, the provisions that immediately follow limit those rights. According to the Terms of Use, a customer has the right to keep and view this Digital Content ". . . solely on the Device or an authorized by Amazon as part of the Service and solely for your personal, non-commercial use." In other words, the user has lost the traditional book buyer's rights transfer the content to others, or to use the content for whatever non-infringing purpose he or she desires. (Fn3) The Terms of Use further restrict traditional book purchaser's powers by providing that "[y]ou may not use the Device, the Service or the Digital Content for any illegal purpose."

Continue reading "The Kindle Content Deletion Flap: Predictions on how Amazon.com Will Respond to the Newly-Filed Class Action" »

Mary Kay, Inc.'s recently filed trademark infringement suit concerning Yahoo! Shortcuts' is the latest in a series of suits it has brought to defend its distinctive business model from encroachments by unauthorized resellers. (Fn1) In this suit, Mary Kay alleges that Yahoo! Shortcuts creates hyperlinks to websites owned by unauthorized resellers of Mary Kay products in emails sent from Mary Kay salespersons. Yahoo! presents these hyperlinks in popup windows that also include short ads from the resellers. Mary Kay claims that this practice creates confusion among Yahoo! email users as to whether Mary Kay is sponsoring or affiliated with the ads in the popup windows.

Mary Kay is fresh off a victory in a similar trademark suit filed against another reseller in Mary Kay, Inc. v. Weber. (Fn2) However, pre-trial rulings against Mary Kay in that case indicate that Mary Kay has work cut out for it in its suit against Yahoo!

Mary Kay is a Dallas-based cosmetics company that sells its products directly to the consumer through a world-wide network of beauty consultants. While Mary Kay disavows the label, it is commonly understood to operate as a classic multi-level marketing organization. Mary Kay keeps tight controls over its distribution network and only permits its products to be sold by authorized distributors -- termed Independent Beauty Consultants ("Consultants" or "IBCs"). Mary Kay offers a "Satisfaction Guarantee" under which it promises customers that it will replace, exchange or provide a full refund for products if the customer is not fully satisfied.

As with any multi-level marketing organization, Mary Kay has enthusiastic supporters and disappointed detractors. (For a sample of the different points of view, see the Mary Kay-centered blog www.pinklighthouse.com). (Fn3) One problem that Consultants have is disposing of unsold product. Sources indicate that to remain with Mary Kay, Consultants have to purchase $200 worth of product per month. While Mary Kay has a program to buy back unsold product, some reports indicate that this only applies to product purchased within the past 12 months. An unsuccessful sales person who isn't quick to act on this policy can find herself with several thousands of dollars worth of unsold product.

Some Consultants have turned to auction sites like eBay to resell their unreturnable product. There are also reseller sites, which purchase unsold product from Consultants and then resell it to the public. One such site is www.touchofpinkcosmetics.com, which is owned by Amy and Scott Weber. The current version of their website is very forthcoming about their business model and carries the following heading: "This company has been established by former Mary Kay Consultants who are assisting consultants to liquidate their inventory. We offer Mary Kay products at a great discount. Most of our items are discontinued, past shelf life or expired, which is why we can offer you such great prices."

Unfortunately for the Webers, the ghost of Mary Kay founder, Mary Kay Ash, was not amused. In 2008, Mary Kay sued the Webers on Lanham Act and interference with business relations grounds. The Lanham Act claims included unfair competition, passing off and trademark infringement theories. The Webers raised several affirmative defenses, including the first sale doctrine, nominative fair use and laches.

In February 2009, on a motion for summary judgment by the Webers, District Court Judge A. Joe Fish dismissed the interference with business relations claims. However, he permitted the Lanham Act claims to go the jury -- which ultimately found for Mary Kay on all its claims in the case. However, on summary judgment, Judge Fish did find for the Webers on one key element of their "nominative fair use" defense.

Continue reading "Mary Kay v. Yahoo! and Mary Kay v. Weber: Can Use of Third-Party Trademarks as Keywords for Ads Be "Fair Use"?" »