Digital Media Lawyer Blog

Internet defamation law update: Courts around the U.S. regularly grant requests by plaintiffs to force publishers to disclose the identity of anonymous bloggers -- albeit, often not until the plaintiff has jumped over some rather stringent procedural hurdles. However, in a recent case, a federal judge in Missouri denied such a request, on the grounds that the plaintiff's need for the blogger's testimony did not outweigh the blogger's First Amendment right of anonymity. Sedersten v. Taylor, W.D.Mo., 6:09-cv-03031, Order Denying Motion to Compel (Dec. 9, 2009). This decision is not an outlier, but represents principles governing such cases that are recognized by most courts.

The U.S. Supreme Court has long recognized that anonymous speech is protected by the First Amendment. Talley v. California, 362 U.S. 60, 64 (1960). For example, in a case in which it invalidated an Ohio statute prohibiting anonymous political leafleting, the Court declared that "an author's decision to remain anonymous, like other decisions concerning omissions or additions to the content of a publication, is an aspect of speech protected by the First Amendment." McIntyre v. Ohio Elections Comm'n, 514 U.S. 334, 342 (1995).
The degree of protection provided speech is dependent, among other things, on its content.

Restrictions on the content of "core political speech" are subject to "exacting scrutiny" by the courts, and may only be upheld if they are "narrowly tailored to serve an overriding state interest." Id., 514 U.S. at 347. Core political speech encompasses "debate over the qualifications of candidates, discussion of governmental or political affairs, discussion of political campaigns, and advocacy of controversial points of view." Doe v. 2The Mart.com, Inc., 140 F.Supp.2d 1088, 1092 (W. D. Wash. 2001).

Restrictions on the content of non-core speech are subject to "normal strict scrutiny analysis." Id., 140 F.Supp.2d at 1093. Under strict scrutiny, the government must assert a significant and compelling government interest, and the court must decide whether the legislation is sufficiently narrowly tailored to serve that interest. People with Disabilities v. Herrera, 580 F. Supp. 2d 1195, 1215 (D.N.M. 2008). Non-core speech would include most blog posts criticizing individuals or private companies.

Courts around the U.S. impose widely varying standards when dealing with requests to unmask the identity of an anonymous blogger in defamation cases. On the lighter end of the scale, some courts require a plaintiff merely to show he has a good faith basis to contend that he may be the victim of actionable conduct. On the heavier end of the scale, other courts require a plaintiff to support his defamation claim with facts sufficient to defeat a summary judgment motion. Others impose procedural hurdles, such as requiring efforts to notify the anonymous poster that he is the subject of a subpoena so the he can oppose, and requiring the plaintiff to show that the information sought is directly relevant to the plaintiff's claims and unavailable from other sources. See our post of August 24, 2009.

Continue reading "Sedersten v. Taylor: Court Refuses Request to Unmask Anonymous Blogger who Was Not a Party to a Suit" »

The copyright infringement claims brought against Canadian Gary Fung and his .torrent sites have at last been resolved. On December 21, 2009, Judge Wilson of the Central District of California found Fung and several of his .torrent sites liable for inducement of copyright infringement. Wilson's decision was based largely the same grounds on which other operators of peer-to-peer filing sharing were found liable in Grokster, Napster and Usenet.

To be liable for inducing copyright infringement, a defendant must have knowledge of another's infringement and undertake purposeful acts aimed at assisting and encouraging this infringement. Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, 545 U.S. 913, 936-37 (2005). This means that the plaintiff must first show that there has been an act of direct infringement by third parties. A&M Records, Inc. v. Napster, Inc., 219 F.3d 1004, 1013 (9th Cir. 2001). In the case of peer-to-peer filing sharing, infringement can occur both when a copyrighted work is uploaded (this violates the copyright holder's distribution right) and when it is downloaded (this violates the copyright holder's reproduction right). 17 U.S.C. §§ 106 (1), (3).

Here, for evidence that direct copyright infringement had occurred, Judge Wilson relied on a plaintiffs' expert who testified that 95% of the files available through Fung's sites were copyrighted. This evidence was corroborated by testimony from users who admitted downloading copyrighted material from Fung's sites. For evidence that infringement had occurred in the U.S., Judge Wilson relied on IP-address data which showed that infringing downloads took place in the U.S.

Fung argued that his sites' .torrent files were not directly involved in illegal downloads, but merely pointed users to tracker sites that were responsible to initiating the user downloads. (See discussion in our December 7, 2009 post). However, Judge Wilson found that when a user of a BitTorrent sites clicks on a "download torrent" button, this causes the downloading "of the actual content item referenced by the dot-torrent file" to occur, without any further action by the user. Even though in reality, the torrent file is directing the user's computer to a BitTorrent tracker and the content files are actually downloaded from third party users' computers, the user is effectively unaware of this. Judge Wilson stated: "dot-torrent files and content files are, for all practical purposes, synonymous. To conclude otherwise would be to elevate form over substance."

As evidence that Fung and his sites had induced this direct infringement, Judge Wilson cited material on Fung's websites that showed knowledge the sites were being used to download infringing material and that encouraged users to provide access to infringing material:

Continue reading "IsoHunt Mystery Resolved: Judge Wilson finds Gary Fung's BitTorrent Sites Liable for Contributory Copyright Infringement" »

The Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030) is a broadly written statute permits private citizens to recover damages for a wide variety of computer-related injuries. I use the amorphous term "computer-related," because CFAA permits recoveries for wrongful acts committed against computers, or for wrongful acts committed using computers. In some cases, CFAA may permit recovery for acts that have not been recognized under state law -- such as the unauthorized accessing or obtaining information from a computer. Use of CFAA can also permit a plaintiff to bring her suit in federal court, a favorable litigation strategy under many circumstances.

The CFAA was originally written as a criminal statute, and only secondarily extended to permit private claims. And, it imposes a series of hurdles -- in my view, small hurdles -- that must be crossed on civil claims. A recent dismissal of a CFAA class action suit provides an excellent guide to these minimum requirements. See Czech v. Wall Street on Demand, D. Minn., No. 0:09-cv-00180.

The defendant, Wall Street on Demand (WSOD) is a provider of financial information services sent via electronic text messaging to cell phones. The plaintiff, Czech, began receiving text messages from WSOD after she purchased a new cell phone. Czech claimed that she incurred fees and costs related to her receipt of these messages from her cell phone carrier. While Czech was able to get WSOD to stop sending these messages to her, she ultimately filed a class action lawsuit against WSOD claiming that by sending unwanted messages, it had violated CFAA. Her argument was that by sending unwanted messages, WSOD was using up some of the broadband "minutes" that she had purchased from her cell phone carrier.

To recover under CFAA, a plaintiff must meet three requirements:

• First, she must show that the defendant violated one of the prohibitions of CFAA,
• Second, she must show that she incurred "damage or loss" as a result of this violation, and
• Third, she must show that the defendant caused one of five specific types of harm enumerated in the Act.

The CFAA violation prong:

CFAA applies to all computers that are involved in interstate communication. This includes computers that are connected to the Internet, which means that the Act covers virtually all computers in use today. The Court in the Czech case held that the term "protected computer" would also apply to a cell phone. The most useful CFAA provisions prohibit:

• obtaining information via intentional unauthorized access to a computer,
• committing fraud via unauthorized access to a computer,
• knowingly or intentionally transmitting a program, information, a code or command to a computer that causes damage,
• intentionally accessing a computer without authorization and causing damage,
• trafficking in passwords or other information that can be used to access a computer,
• extorting money by threatening to cause damage to or obtain information from a computer.

See 18 U.S.C. § 1030(a).

Continue reading "What are the Threshold Requirements for a CFAA Civil Suit?" »

Participants in the P2P world have long hoped that courts would recognize that at least some forms of file sharing constitute fair use. In a recent opinion in the Tenenbaum file-sharing case, Judge Gernter of the District of Massachusetts enumerated several unauthorized uses of copyrighted music thinks might constitute a fair use -- including file-sharing under certain limited circumstances. While Judge Gertner's opinions have limited precedential value, they may point to some pathways to legitimacy for the oft-maligned P2P industry.

Joel Tenenbaum was a sophomore at a small college in Baltimore. Like many other students, he used a number of music file-sharing services, including Kazaa, through which he shared songs with other users. In 2007, he was sued by Sony BMG and other recordings company for copyright infringement for sharing 30 songs. One of the defenses that Tenenbaum raised was fair use -- a defense which the Judge Gertner rejected in July 2009, shortly before the commencement of trial. As is well-known, trial did not turn out well for Tenenbaum, who was found liable for infringement and statutory damages of $675,000.

On December 7, 2009, Judge Gertner issued a lengthy opinion that provided the full justification for her earlier rejection of Tenenbaum's fair use defense. See Sony BMG Music Entertainment v. Tenenbaum, D. Mass., Memorandum and Order (Dec. 7, 2009). Judge Gertner began by agreeing with Tenenbaum that the Copyright Code does provide for a fair use defense that applies to all forms of copyrights. See 17 U.S.C. § 107. Judge Gertner noted that the fair use defense was developed by judges "who recognized that the monopoly rights protected by copyright were not absolute." Where a use did not injure the market for the original work, and advanced a public purpose, such as education or artistic innovation, it could be considered "fair" and not infringing.

When Congress codified the fair use doctrine in Section 107, it set out a list of four, non-exhaustive, factors that a court is require to determine whether a use is fair. These include: (1) the purpose and character of the use, including whether the use is commercial or for nonprofit educational purposes, (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and (4) the effect of the use on the potential market for or value of the copyrighted work. Courts have added several additional factors.

Purpose and character: Judge Gertner found that the key issue was whether the defendant's use of a work was "accompanied by any public benefit or transformative purpose." Tenenbaum argued that file-sharing provides a public benefit by increasing access to copyrighted works. Judge Gertner found that this public benefit was not sufficient, since "nearly every unauthorized reproduction or distribution increases access." For file-sharing to constitute a transformative use, it would need an effect similar to that held fair in the Betamax case -- permitting the use of a work in new way, rather than merely providing users with free copies of works that they could otherwise purchase.

Continue reading "Sony BMG v. Tenenbaum: Judge Provide Outlines of Possible Fair Use Defense for Peer-to-Peer File Sharing" »

On December 17, we reported on the Convertino case in which a judge found that the attorney-client privilege was not waived for emails exchanged on an employer's network, even though the employer had access to them. It did not take long to find a case with virtually identical circumstances in which a Court reached the exact opposite result - a ruling that the privilege had been waived. This was a really bad result for the employee, because it meant that those emails could be used against her in court. See Alamar Ranch, LLC v. County of Boise, D. Idaho, No. 1:09-cv-00004, Memorandum Decision and Order (Nov. 2, 2009).

This case concerns a challenge of Boise County's denial of a permit for Alamar to construct a home for troubled youth. As part of this action, Alamar subpoenaed the records of Jeri Kirkpatrick, an opponent of the project, as well as those of her employer, the Idaho Housing and Finance Association (IHFA), to obtain emails that Kirkpatrick had sent or received through her work email address. IHFA produced the emails, which were stored on its servers.

Kirkpatrick objected that the emails were protected under the attorney-client privilege. Alamar countered that IHFA's employee policies stated that IHFA "reserved and intends to exercise the right to review, audit, intercept, access and disclose all messages created, received or sent over the e-mail system for any purpose." Kirkpatrick responded that she was unaware that her emails had ever been monitored - although she was aware of another IHFA case where monitoring had occurred.

The Idaho Court concluded that the attorney-client privilege for the emails had been waived. According to the Court, the case presented "a simple scenario where the IHFA put all employees- including Kirkpatrick -- on notice their emails would (1) become IHFA's property, (2) be monitored, stored, accessed and disclosed by IHFA, and (3) should not be assumed to be confidential." While Kirkpatrick stated she was not aware of any company monitoring, her bare assertion was insufficient to support a claim for nonwaiver. Rather, "It is unreasonable for any employee in this technological age - particularly an employee receiving the notice Kirkpatrick received - to believe her emails, sent directly from her company's email address over its computers, would not be stored by the company and made available for retrieval."

The Court found that the privilege also had been waived for emails her attorney sent to her company email address. The Court reasoned that "there is no question that her address - "Jeri@IHFA.org" - clearly put [her attorney] on notice that he was using her work e-mail address. Employer monitoring of work-based emails is so ubiquitous that [her attorney] should have been aware that the IHFA would be monitoring, accessing and retrieving e-mails sent to that address."

On the other hand, the Court found that the privilege was not waived for emails sent by other clients of Kirkpatrick's attorney to her attorney, and which copied Kirkpatrick at her work address. The Court reasoned that "laypersons are simply not on 'high alert'" for privilege issues as attorneys "must be", and would have reasonably assumed that they were having a confidential conversation with counsel.

The take-away from this case is the same as in Convertino. Employees should be very wary about making confidential communications to their attorneys from their employers' email systems. Many courts will find that privileges have been waived for emails sent over a system over which an employer has retained a right of access. So if an employee is truly concerned about maintaining the privilege, he/she should send all email communications to his/her attorney from a private email account.

David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.

Digital media law update: On December 10, 2009, a federal judge in the District of Columbia upheld the attorney-client privilege for an employee's emails to his attorney, even though his employer had access to them. The attorney-client privilege generally only exists for private communications between a client and his lawyer, not to communications to which uninvolved third parties have access. Here, the judge concluded that the privilege applied largely because the client was not aware that his employer had access to the emails.

The case is Convertino v. U.S. Dept. of Justice, D.D.C., No. 1:04-cv-00236. The plaintiff, Convertino, claims that the DOJ improperly disclosed information about him the Detroit Free Press, in contravention of the Privacy Act. To prove his case, Convertino served a discovery request on the DOJ seeking production of some 736 documents.

36 of these documents were emails between DOJ employee Jonathan Tukel to his personal attorney. Tukel had originally been a named defendant in the case and had retained an outside attorney to defend him. Tukel sent the emails to his attorney from his work computer at the DOJ - and the DOJ later obtained them from its email server.

The Court noted that under federal rules, a client can be found to have waived his right to the attorney-client privilege if he made an otherwise confidential communication in the presence of a third party, or if he disclosed it to a third party. See FRE 502(b). However, there is no waiver if the disclosure was inadvertent.

When dealing with communications made using equipment controlled by third parties, such as an employer-provided email system, the question of privilege "comes down to whether the intent to communicate in confidence was objectively reasonable." To make this determination, courts look at factors such as (1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employee's computer or e-mail, (3) do third parties have a right of access to the computer or e-mails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?" [citing In re Asia Global Crossing, Ltd., 322 B.R. 247, 258 (S.D.N.Y. 2005)].

Here, the Court found that Tukel's expectation of privacy was reasonable: The DOJ does not ban personal use of company e-mail. Although the DOJ has access to personal email sent by its employees, Tukel was unaware that the DOJ would regularly access and save emails from his account. Tukel also worked to keep his emails private by deleting them as the came into his account - unaware that they were still on the DOJ servers.

While the result turned out well for Tukel here, employees everywhere should be wary about communicating with counsel via their employer's email system. If Tukel had been informed that the DOJ regularly accessed employee emails, and/or had the technical sophistication to realize that deleted emails were still on the company servers, the Court might have found that his privilege had been waived.

Of course, the obvious way that an employee can avoid trouble like Tukel's is simply to use a personal email account from a home computer to send confidential communications to counsel.

David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.

Digital media law update: Plaintiffs who believe they have been wronged by acts committed by U.S. multinational corporations in foreign countries have long attempted to bring claims against such corporations in the U.S., and based on U.S. law. However, such plaintiffs face many hurdles. Some claims are dismissed for lack of personal jurisdiction over the defendant. Others are dismissed on forum non conveniens grounds, if most of the parties and the evidence are located in the foreign jurisdiction. Others are dismissed because the law invoked by the plaintiffs is deemed not to have effect outside the U.S. Such was the case in Zheng v. Yahoo! - even though at least one defendant was a U.S. resident and some of the relevant acts allegedly occurred in the U.S. See Zheng v. Yahoo!, Inc., N.D. Cal., No. 3:08-cv-01068, Order Granting Defendants' Motion to Dismiss, (Dec. 2., 2009).

The allegations in the complaint would tug at the sympathies of most Americans. The complaint was a putative class action brought by Chinese citizens who were part of a pro-democracy Chinese political group. The plaintiffs alleged that Yahoo!'s Honk Kong affiliate had disclosed their private electronic communications to the People's Republic of China (PRC). As a result of these disclosures, the plaintiffs alleged that they were subjected to prosecution by the PRC government and "suffered physical injuries, emotional distress, detention, arrest, torture, imprisonment, death in custody, seizure of property, and/or fear of returning to the PRC."

The plaintiffs further alleged that "Yahoo!, Inc. exercised functional control and supervision over important aspects of the operations of Yahoo! China" and hence was responsible for Yahoo! Hong Kong's acts.

The complaint brought claims against Yahoo! Hong Kong and Yahoo! under the Electronic Communications Privacy Act (ECPA) (18 U.S.C. §§ 2510 et seq. and 2701 et seq.). With a number of exceptions, the ECPA prohibits the interception of electronic communications, and the unauthorized accessing of or the divulging of communications which are in electronic storage. The ECPA also provides a private right of action for violations of its provisions, under which a plaintiff can recover damages, punitive damages and attorneys fees. 18 U.S.C. § 2520, 2707. For more on the ECPA, see our post of August 5, 2009.

The exceptions to the ECPA are important. For example, Section 2701 prohibits an electronic communications service provider from knowingly divulging to any person or entity the contents of a communication while in electronic storage. However, Section 2703 provides that a government agency can require disclosure of the contents of a stored communications if it obtains a warrant or subpoena that qualifies with the ECPA and other U.S. law. Section 2703 also provides that a service provider is immune from criminal or civil penalties if it provides the contents of a stored communication pursuant to such a warrant or subpoena, or pursuant to a court order.

Continue reading "Zheng v. Yahoo!: U.S. Companies Not Subject to U.S. Restrictions on Disclosure of Private Emails if the Disclosure Is Made in a Foreign Country" »

Digital media law update: In a twist on an old story, a judge in the Eastern District of Missouri has dismissed a data breach class action because the named plaintiff was unable to plead that he had suffered any injury other than an increased risk of identify theft. This case is somewhat unique, because the Court dismissed the case on standing grounds, even though it found that the lead plaintiff had pled sufficient facts for a breach of contract action. This result is at odds with many recent cases which tend to find that an increased risk of identity theft is sufficient to confer standing.

Express Scripts provides prescription management services for employee benefit plans. In October 2008, Express Scripts received an anonymous letter demanding money. The letter writer claimed that it had obtained critical personal identifying information for millions of Express scripts members and threatened to reveal this information if Express Scripts didn't pay up. The letter included details on 75 Express Scripts members, including names, dates of birth, Social Security numbers and prescription data.

In 2009, lead plaintiff John Amburgy filed a consumer class action against Express Scripts. Amburgy alleged that Express Scripts had failed to maintain adequate security measures and that this had led to the data breach. Amburg claimed that as a result of Express Scripts' breach of duty, Amburgy and other plan members had been exposed to "increased risk of becoming victims of identity theft crimes, fraud, abuse and extortion." Amburgy did not allege that he and other class members had actually suffered identity theft losses, but merely that they had incurred costs for credit monitoring to prevent such losses. The complaint sought damages from Express Scripts under negligence, breach of contract, and state consumer statute theories.

The Court rejected these claims on "standing" grounds. According to U.S. Supreme Court precedent, to have standing to bring a case before a federal court, a plaintiff must show that he has suffered "injury-in-fact." Lujan v. Defenders of Wildlife, 504 U.S. 555 (1992). This can be either an injury he has already sustained or is in immediate danger of sustaining.

Continue reading "Amburgy v. Express Scripts: Why a Missouri Court Held that an Increased Risk of Identity Theft Is Insufficient to Confer Standing in a Data Breach Case" »

As reported by Brian Krebs of the Washington Post, electronic calibration systems firm JM Test Systems, which is based in Baton Rough, Louisiana, has just filed a complaint against its bank, Capital One, to recover two unauthorized wire transfers amounting to some $97,000. See JM Test Systems, Inc. v. Capital One Bank, N.A., 19th Judicial Dist., Parish of East Baton Rouge No. 585172D. As reported by Krebs and stated in the complaint, the unauthorized transfers appear to have been initiated by hackers. The funds were ultimately transferred to "Alpha-Bank Moscow." Eastern Europe is the destination of choice for funds from hacked bank accounts.

This complaint involves just one of dozens of cases that Krebs has unearthed in the past year in which a small business has lost a significant sum of money through wire transfer fraud. While some businesses have filed lawsuits against their banks in an attempt to recover the stolen funds, according to Krebs, many small businesses have been leery to go after their banks.

So can a business expect its bank to cover its losses from hacker wire transfer fraud? The answer is "sometimes." The result in an individual case is largely determined by rules found in an obscure section of the Uniform Commercial Code -- Article 4A. Here is a synopsis of the key rules:

• Rule 1 -- Insider fraud: If the person who initiated the transfer was authorized under agency law to initiate the transfer, then the customer is generally liable for the unauthorized transfers. UCC § 4A-202. In other words, if an unauthorized transfer results from an act of embezzlement by a person otherwise authorized to act on behalf of the company, the customer, not the bank, will generally be liable.

• Rules 2-4 -- Outsider fraud: If the person who initiated the transfer was not an agent of the corporation, then following rules apply:

• Rule 2: The bank is not liable for a fraudulent transfer if the four following conditions exist: (i) the bank and it customer have agreed to verify the authenticity of transfers by security procedures, (ii) the bank instituted a commercially reasonable method of providing security against unauthorized transfers, (iii) the bank complied with these security procedures for the transfers in question; and (iv) none of the exceptions to this rule apply. UCC § 4A-202(b).

What constitutes commercially reasonable security procedures will depend on the customer account involved. According to the UCC, "A customer that transmits very large numbers of payment orders in very large numbers may desire and reasonably expect to be provided with state of the art procedures that provide maximum security." While smaller customer accounts may not need this level of security, according to the UCC, "a security procedure that fails to meet prevailing standards of good banking practice applicable to the particular bank should not be held to be commercially reasonable." For further information on what constitutes commercially reasonable security procedures, see our post on the Shames-Yeakel case and the FFEIC's 2006 Report on Authentication in an Internet Banking Environment.

Continue reading "JM Test Systems v. Capital One: The Legal Decision-Tree for Determining the Party Liable for an Unauthorized Funds Transfer" »

YouTube has been amassing an impressive list of music industry giants who have agreed to license their content for performance on its site. Recent additions to the fold include Warner Music and the UK Performing Rights Society. These are simply two more examples of the recent warming trend in the music and video copyright holding community's attitude toward YouTube

I recently attended a meeting of the California Copyright Conference which featured a panel appearance by Zahava Levine, YouTube's knowledgeable and enthusiastic Chief Counsel. CCC membership includes publishers, songwriters, attorneys, representatives from trade publications, performing rights societies, motion pictures, television, multimedia, Internet, and record companies. Given the amount of infringement of CCC member's copyrights that exists online, I half expected to see bushels of rotten tomatoes and crates of eggs to be hurled in Ms. Levine's direction.

There were universal complaints about diminished royalties from music in general -- much of which was attributed to Internet file-sharing. However, many, if not most, CCC members seemed to view YouTube as a possible savior and were eager to learn how to make money from the site.

As Zahava explained (and is further detailed on YouTube's site), YouTube offers audio and video copyright holders three options for dealing with unauthorized copyrighted material: a copyright holder can either block, monetize or track such unauthorized material. Under the "block" option, a copyright holder can send a DMCA notice to YouTube identifying the infringing material and requesting YouTube to take it down. Under the monetize option, a copyright holder can share in revenue, such as earnings from InVideo ads overlaid on videos and banner ads running next to videos. Under the tracking option, a copyright holder can simply choose to monitor traffic for videos containing its material, using YouTube's analytics tools.

To aid in these three goals, YouTube has created tools to identify infringing audio and video files on its site -- called "Audio ID" and "Video ID." Zahava explained to me that these operate as fingerprinting technologies. (Although "fingerprint" is not YouTube's preferred term for this process.) A copyright holder provides YouTube with a master audio or video file from which YouTube creates a fingerprint. This fingerprint is then compared to the millions of audio and video files in YouTube's system to identify infringing material. Participating copyright holders can than opt to either block, monetize or simply monitor the identified material -- the three options described above. Zahava did not provide the CCC members with specific metrics on the effectiveness of this technology, but indicated that it was one of the most effective in the industry. For more on YouTube's content protection programs, see http://www.youtube.com/t/content_management.

While some copyright holders would like to achieve complete control over their content and wring a dime or dollar from every performance, copy or distribution, this has never been possible. YouTube's approach brings the promise of at least some monetary returns -- even if these currently are far less than the rapidly vanishing dollars from CD and DVD sales. But who can say what the future holds.

David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.

Digital media law update: We have now passed the two-year anniversary of the filing of the plaintiffs' motion for summary judgment in the case brought by several content providers against BitTorrent promoter Gary Fung, a 20-ish Canadian resident who operated the torrent site isoHunt. See Columbia Pictures, Inc. v. Gary Fung, Central District of California, No. 2:06-cv-05578. Such a lengthy period to litigate a summary judgment motion is highly unusual, but largely appears to have been caused by the nature of bit torrent technology and the fact that torrent sites are at least one step removed from the file-sharing process.

BitTorrent is a peer-to-peer file sharing technology, or "protocol," that permits individuals to upload and download very large files, such as files for feature films and video games. It breaks up such large files into many smaller bits, so that they can be more quickly transferred between users. The first user creates a "seed" file that consists of the entire movie, song or other file that the user wishes to share. After the availability of this seed becomes known, other users (caller "peers") request and are given different pieces of data from the seed. Once the entire file is distributed among users, then each becomes the source for that portion of the seed file which can then be distributed to all the peers on the network.

The user who first uploads a seed also creates and uploads a .torrent file. This file includes a unique identifying number, or "hash." This file contains metadata about the files to be shared and about the tracker, the computer that coordinates the file distribution. Peers that want to download the file must first obtain a torrent file for it, and connect to the specified tracker, which tells them from which other peers to download the pieces of the file. The tracker maintains lists of the clients currently participating in the torrent (also called the "swarm"). See http://en.wikipedia.org/wiki/BitTorrent_(protocol) for further details.

To locate torrent files, users can use web search engines. There are also torrent sites, like Gary Fung's isoHunt, that provide links to .torrent files (according to briefs filed by Fung, isoHunt "provides a .torrent file to the visitor"). According to Fung's briefs, "The services provide by a torrent site like isoHunt involve functions of data collection, indexing, caching and downloading of a torrent file." At isoHunt, .torrent data files are collected through uploads from visitors and by searching the Internet with automated systems that systematically investigate all accessible hyperlinks, looking for ".torrent files. The .torrent files are cached in a database where there are many thousands of .torrent files. Columbia Pictures v. Fung, Central District of California, Defendants' Supplemental Brief in Opposition to Plaintiffs' Motion for Summary Judgment on Liability (April 25, 2008).

Continue reading "The Gary Fung / isoHunt Mystery: Are Torrent Sites Liable for Copyright Infringement Conducted by Third Parties?" »

Online merchants often believe that if they make a full disclosure of all key terms in their contracts with consumers, including specifying all charges to be made to user credit cards, that they will be exempt from FTC or state consumer law enforcement actions. Unfortunately, this faith often has little basis. Recent FTC enforcement actions have often found online contracts the contain full disclosures to still be deceptive, if key terms are buried in fine print or if they are contradicted by other statements made by the vendor.

A case in point is the recently-settled enforcement action, FTC v. Commerce Planet, Inc., C.D. Cal., No. 8:09-cv-01324. Commerce World is (or was) a Santa Barbara-based firm that sold kits showing customers how to make money selling products on eBay and other online auction sites. Commerce Planet sold these kits through pop-up ads, sponsored links on search engines, and email.

According to the FTC complaint, customers who clicked on links in these ads were taken to Commerce Planet's website. Once at the site, they were invited to "activate FREE 7-DAY trial -- just pay S/H." Customers who clicked on that link were taken to a second web page which offered them a "free online auction kit" and asked them to fill in their name, shipping address and phone number. Consumers who did so and clicked "Ship my Kit!" were taken to a third page where they were asked to choose a shipping method -- either Regular for $1.95 or Expedited for $7.95 -- and fill in their credit card information. Consumers who then clicked on the "Ship My Kit!" button authorized their credit cards to be charged.

On the second web page, below the "Ship My Kit!" button was language which stated that "By submitting this form you are agreement to the Privacy Policy and Terms of Membership of this Web Site . . . ." The Terms of Membership link took customers to a separate page which stated: "If you do not contact our customer service to cancel your . . . membership within 7 days, you will automatically be charged a monthly membership fee of $59.95, and you will be charged this monthly fee every 30 days thereafter until you cancel your membership."

This type of contract (which is commonly used for health club memberships) is called a "negative option" contract. According to the FTC, in addition to the disclosures on the Terms of Membership page, the second page of the Commerce Planet website contained language indicating that the transaction "involves a negative option" and that consumers "may be liable for payment of future goods and services . . . for $59.95 per month.
So the website fully disclosed the $59.95 monthly charge in two separate places! So how could the FTC fault Commerce Planet?

Continue reading "FTC v. Commerce Planet: Can a Website that Fully Discloses Charges to Be Made to Consumer Credit Cards Be Faulted for Unfair or Deceptive Conduct?" »

Web sites can be accessed virtually everywhere. A frequent worry of website operators is that a court in some distant state will find that it has personal jurisdiction over them and force them to defend a suit far from home. While it often seems that courts are biased towards assuming jurisdiction over defendants, two recent cases dealing with personal jurisdiction over alleged typo-squatters show that there are true limits:

In Ubid, Inc. v. The GoDaddy Group, Inc., N.D. Ill., No. 1:09-cv-02123, an Illinois District Court found that it lacked personal jurisdiction over an Arizona corporation for alleged typosquatting which affected a Chicago business. On the other hand, in Weather Underground, Inc. v. Navigation Catalyst Systems, Inc., E.D. Mich., No. 2:09-cv-10756, a Michigan District Court found that it had personal jurisdiction over a defendant for alleged typosquatting that affected a Michigan resident, even though the defendant was a Delaware corporation.

What led to these different results?

Whether a court may assume personal jurisdiction over a non-resident defendant depends on the amount of contact the defendant has with the state. If a defendant has "continuous and systematic contacts" with the state, a court may assume "general jurisdiction" over it, regardless of its contacts with the state for the transaction at issue in the case. Helicopteros Nacionales de Columbia, S.A. v. Hall, 466 U.S. 408 (1984). Even where such systematic contacts are lacking, a court may assume "specific jurisdiction" over the defendant for the transaction at issue in the suit, if the suit arises out of the defendant's intentional contacts with the state. Id.

In both Ubid and Weather Underground, the courts found that the defendants lacked sufficient contacts with the "forum state" -- the state where the court was located -- for general jurisdiction. The Weather Underground case wasn't close, since defendant Navigation's sole contacts with Michigan had been the sale of eight domain names to Michigan residents over a period of 3 years. The Ubid case was harder: GoDaddy derived 3% of its revenues from Illinois, regularly conducted business with Illinois customers, placed advertisements in Illinois as part of national ad campaigns and sponsored race drivers at Illinois venues. Nevertheless, because all of these activities lacked an "Illinois-specific focus," the court found that they would not support a finding of general jurisdiction.

However, the courts reached opposite conclusions on specific jurisdiction.

Continue reading "Ubid v. Godaddy and Weather Underground v. Navigation Catalyst: How the "Effects Test" Drove the Courts to Opposite Rulings on Personal Jurisdiction" »

Readers of this blog know that courts around the U.S. frequently arrive at opposite conclusions on whether the use of a competitor's trademark in search engine advertising constitutes trademark infringement. In my view, the courts should not devise a one-size-fits-all rule for such cases, that dictates that such use of a competitor's trademark does or does not constitute infringement. Rather, the courts should take into account the content and context of each ad in question, as well as concepts such as nominative fair use.

A recent decision by an Illinois District Court shows how close some courts come to adopting a per se rule that the use of a competitor's trademark in search engine advertising constitutes trademark infringement.

The case is Morningware, Inc. v. Hearthware Home Products, Inc.. See N.D. Ill., No. 1:09-cv-04348, Memorandum Opinion and Order (Nov. 16, 2009). Morningware sells counter-top electric ovens. Hearthware is Morningware's nearest competitor. Morningware claimed that Hearthware purchased Morningware's trademark as an AdWords keyword for pay-per-click advertising on Google's search engine. When an internet user entered the word "Morningware" as a search term, Hearthware's advertisement would appear at the top of the search results page -- before the link to Morningware's website. Moreover, the content of Hearthware's link stated "The Real NuWave Oven Pro Why Buy an Imitation? 90 Day Gty."

According to Morningware, the placement and content of the Hearthware ads misled some consumers into believing that Morningware's products were of poorer quality and were fakes -- which they were not. Other consumers were misled into simply believing that Morningware products were products were available from Hearthware, and thus were improperly diverted from Morningware's website.

Morningware sued Hearthware under several legal theories, including trademark infringement, under false designation of origin and product disparagement theories, and several related Illinois state law claims. Hearthware filed a motion to dismiss. This motion requires a court to determine whether the facts stated in the complaint, if true, are sufficient to state a plausible cause of action against the defendant. The Court denied the motion.

According to the Court, to establish a cause of action for false designation of origin, a plaintiff must show: (1) that it owns a protectable trademark, (2) that the defendant has used this mark in commerce, and (3) that the defendant's use of this trademark is likely to cause confusion. Here, while Morningware does not appear to have registered its trademark, it alleged that it had used it extensively and continuously for several years -- an allegation that the Court found to be sufficient to establish a protectable interest in a trade name. Following that 2nd Circuit's decision in Rescuecom Corp. v. Google, 562 F.3d 123 (2d. Cir. 2009), the Court also found that use of a trademark as a keyword in an online search program constituted a use in commerce.

Continue reading "Morningware v. Hearthware: Illinois Court Finds Use of Competitor's Trade Name to Drive Search Engine Advertising Can Constitute Trademark Infringement" »