100% found this document useful (1 vote)

347 views414 pages

Global Internet Law in A Nutshell (PDFDrive)

Uploaded by

Lokesh Kumar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

347 views414 pages

Global Internet Law in A Nutshell (PDFDrive)

Uploaded by

Lokesh Kumar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 414

WEST

ACADEMIC PUBLISHING’S
LAW SCHOOL ADVISORY BOARD
____________

JESSE H. CHOPER
Professor of Law and Dean Emeritus,
University of California, Berkeley JOSHUA DRESSLER
Distinguished University Professor, Frank R. Strong Chair in Law
Michael E. Moritz College of Law, The Ohio State University YALE
KAMISAR
Professor of Law Emeritus, University of San Diego
Professor of Law Emeritus, University of Michigan MARY KAY KANE
Professor of Law, Chancellor and Dean Emeritus,
University of California,
Hastings College of the Law LARRY D. KRAMER
President, William and Flora Hewlett Foundation JONATHAN R. MACEY
Professor of Law, Yale Law School ARTHUR R. MILLER
University Professor, New York University
Formerly Bruce Bromley Professor of Law, Harvard University GRANT S.
NELSON
Professor of Law, Pepperdine University
Professor of Law Emeritus, University of California, Los Angeles A.
BENJAMIN SPENCER
Earle K. Shawe Professor of Law,
University of Virginia School of Law JAMES J. WHITE
Robert A. Sullivan Professor of Law Emeritus,
University of Michigan
I

GLOBAL INTERNET LAW

IN A NUTSHELL®

THIRD EDITION

MICHAEL L. RUSTAD
Thomas F. Lambert Jr. Professor of Law &
Co-Director Intellectual Property Law Concentration
Suffolk University Law School
II
The publisher is not engaged in rendering legal or other professional advice, and
this publication is not a substitute for the advice of an attorney. If you require
legal or other expert advice, you should seek the services of a competent
attorney or other professional.
Nutshell Series, In a Nutshell and the Nutshell Logo are trademarks registered in
the U.S. Patent and Trademark Office.
© 2009 Thomson Reuters
© 2013 LEG, Inc. d/b/a West Academic Publishing © 2016 LEG, Inc. d/b/a
West Academic
444 Cedar Street, Suite 700
St. Paul, MN 55101
1-877-888-1330
West, West Academic Publishing, and West Academic are trademarks of West
Publishing Corporation, used under license.
Printed in the United States of America ISBN: 978-1-63459-684-8
III

PREFACE
____________

The Internet has transformed every branch of procedural and substantive law
and thus every lawyer needs a basic understanding of Internet Law. For those
lawyers, law students, policymakers, and members of the business community
who are or will be involved in e-commerce, information security, or high
technology law, it is important to have some basic understanding of the relevant
cases and statutes relevant to Internet Law. This Third Edition, like the early
editions, distills the main contours of settled Internet law as well as areas that are
still evolving. The book focused upon the legal rules that govern the
development of U.S. law but nearly every chapter also covers foreign and
international law developments. The goal is to provide the reader with a succinct
exposition of basic concepts and method for each procedural and substantive
branch of law including foreign and international law developments. This Third
Edition of the Global Internet Nutshell covers global developments such as the
European Union’s right to be forgotten in the proposed General Data Protection
Regulation mandatory EU consumer law, as well as international intellectual
property decisions. One of the central themes of the book is that lawyers of the
twenty-first century must master global Internet law developments to represent
online businesses in a cross-border legal environment.

As e-businesses use the border-defying Internet, they will increasingly become

subject to foreign procedural and substantive law. The U.S. business community,
for example, needs legal audits for its websites sales and services whenever it
targets European consumers. Websites that collect personally identifiable
information need to comply with the General Data Protection Regulation even if
they are not physically headquartered in Europe.
In contrast, foreign websites may be required to appear in U.S. courts if they
infringe the rights of U.S. companies. The Internet is interconnected and
transnational, challenging traditional sovereignty based upon geographic
borders. No transnational sovereign devises uniform rules for Internet
jurisdiction and the enforcement of online judgments. The lack of certainty about
the law of cyberspace requires cross-border treaties and conventions. To date,
the countries connected to the Internet have not agreed to cede their sovereignty
in order to harmonize cyberjurisdictional rules. Instead, courts adapt their own
national rules to determine jurisdiction. Many of the chapters address European
Commission regulations, directives and conventions as well as domestic Internet
law developments from foreign jurisdictions. The organization of the book
summarizes many of the cases and statutes taught in e-commerce, Internet law,
or cyberspace law courses.
This book will be helpful to business lawyers as well as litigators confronted
with Internet-related legal issues. I have provided a concise yet

systematic examination of UCITA, the Principles of the Law of Software

Contracts, and other law reform projects to devise online contracting law. This
nutshell is comprehensive in its coverage of global Internet issues that
practitioners and students will encounter but will also serve as a useful
introduction for non-lawyers and graduate as well as undergraduate students in
diverse disciplines such as computer science, business, nursing, sociology, law
and society and criminology. My hope is that the business community will also
find this nutshell to be a useful introduction to legal issues on the global Internet.
MICHAEL L. RUSTAD
September 15, 2015
VII

ACKNOWLEDGMENTS
(THIRD EDITION)
____________

Great thanks are due to Suffolk University Law School’s reference librarians
Diane D’Angelo and Rick Buckingham. I greatly appreciate the editorial and
research of Suffolk University Law School research assistants Eunice D Aikins-
Afful, John H. Brainard, Matthew Carey, Samantha Lynne Cannon, Krista Fales,
Jeremy Kennelly, Darcy Kohls, Emily Lacy, Patrick Nichols, Nicole Maruzzi,
Harel Talasazan, Gamze Yalcin, and Elmira Cancan Zenger. I appreciate editing
by Keyur Parikh, a Patent Agent and Principal Software Engineer, a candidate
for the J.D. from Suffolk University Law School, Class of 2018. Rick
Buckingham and Diane D’Angelo provided me with expert assistance and
resources for Global Internet Law. Finally, as always, I appreciate the editorial
work and good company of my wife, Chryss J. Knowles.
IX

OUTLINE
____________

PREFACE
ACKNOWLEDGMENTS (THIRD EDITION)
TABLE OF CASES
TABLE OF STATUTES
TABLE OF AUTHORITIES
Chapter 1. Overview of the Global Internet
§ 1-1. The History & Technologies of the Internet
(A) History of the World Wide Web
(B) NSFNET
§ 1-2. Internet Technologies Demystified
(A) Hubs or IXPs
(B) Bridges
(C) Gateways
(D) Routers
(E) Repeaters
(F) Cable Modems
(G) Bandwidth
(H) DSL
(I) Search Engines
(J) Mobile Devices & Applications
§ 1-3. Web 1.0, 2.0 & 3.0
(A) The Asynchronous Internet
(B) The Synchronous Internet
(C) Web 3.0’s Ontology
§ 1-4. Setting Standards Through Voluntary Organizations
(A) Open Systems Initiative
(B) Internet Engineering Task Force

X
X

(C) ISOC
§ 1-5. The Future of the Internet
Chapter 2. Perspectives on Global Internet Governance
§ 2-1. Overview of Cyberlaw
(A) Against Internet Law
(B) Defense of Internet Law
§ 2-2. Self-Governing or Libertarian Governance
(A) Libertarian Manifesto
(B) Decentralized Governance
§ 2-3. Transnational Governance
(A) Co-Regulation of the Internet
(B) Un-Anchored WGIG Models
(1) Global Internet Council
(2) No Specific Oversight
(3) International Internet Council
(4) Mixed Model
§ 2-4. Law, Code, Markets, & Norms
(A) Internet-Related Law
(B) Code as Internet Law
(C) Norms as Internet Law
(D) Markets as Internet Law
(E) The Generative Internet
§ 2-5. Why National Regulation Still Matters
(A) Local Governance
(B) National Regulation
§ 2-6. The Wealth of Networks
(A) Economics-Based Governance
(B) Copyright Commons

Chapter 3. Global Internet Jurisdiction

§ 3-1. International Shoe in Cyberspace: An Overview
(A) Long-Arm Statutes
(B) General Personal Jurisdiction
(C) Specific Jurisdiction
(D) Zippo.com Interactivity Test
(1) Zippo.com Sliding Scale
(2) Passive Jurisdiction
(3) Gray Zone or Middle Ground
(E) The Effects Test
(F) “Something More” Test
(1) GTE New Media Services
(2) ALS Scan
(G) In Rem Jurisdiction
§ 3-2. Cross-Border Jurisdiction
(A) Brussels Regulation
(B) Foreign Jurisdiction
(1) Defendant’s Domicile
(2) Where Defendants May Be Sued
(3) Special Jurisdictional Rules
(4) Extraterritorial Impact
Chapter 4. Internet-Related Contract Law
§ 4-1. Licensing & the Internet
(A) Definition of Licensing
(B) Granting Clause
(C) First Sale Doctrine
(D) Mass-Market Licenses
(E) Types of Mass-Market Licenses
(1) Shrinkwrap Agreements
(2) Clickwrap Agreement
(3) Browsewrap

XII

(4) Scrollwrap & Sign-in-Wrap

(F) Enforceability Issues
(G) Rolling Contracts
(1) ProCD, Inc. v. Zeidenberg: A Game-Changer
(2) Hill v. Gateway 2000, Inc.
§ 4-2. Uniform Electronic Transactions Act
§ 4-3. The Electronic Signatures in Global and National Commerce Act
§ 4-4. Uniform Computer Information Transactions Act (UCITA)
(A) Statutory Purpose
§ 4-5. Principles of the Law of Software Contracts
(A) Sphere of Application
(B) Preliminary Concerns
(C) Formation
(1) Liberal Formation Rules
(2) Battle of the Forms Provision
(3) Formation Safe Harbors
(4) Parol Evidence Rule
(5) Contract Modification
(6) General Principles of Integration
(D) Software Contracting Warranties
(1) Express Warranties
(2) Implied Warranty of Merchantability
(3) Systems Integration & Fitness Warranties

XIII

(4) Non-Infringement Warranties

(5) Nondisclaimable Warranty for Hidden Defects
(E) Software Performance Standards
(1) Breach and Material Breach
(2) Material Breach
(3) Right to Cure
(4) Cancellation
(F) Remedies for Breach
(1) Expectation Interest
(2) Use of Automated Disablement of Software
(3) Liquidated Damages
(4) Cancellation & Expectancy Damages
(5) Specific Performance
(6) Limitations of Remedies
(7) Failure of Essential Purpose
§ 4-6. Cloud Computing Service Agreements
(A) Cloud Computing Service Models
(B) Terms in Service-Level Agreements
§ 4-7. Cross-Border Contracts
(A) Sources of E-Contract Law
(B) UNCITRAL’s Digital Signature

XIV

Chapter 5. Consumer Law in Cyberspace

§ 5-1. FTC’s Role in Internet Consumer Law
(A) Fraudulent Trade Practices
(1) Fraudulent Internet Businesses
(2) Deceptive Advertising Claims
(3) Online Endorsements
(4) FTC Mandatory Website Disclosures
(B) Protecting Consumer Privacy
(C) Children’s Privacy
(D) Regulation of Online Spam
(1) CAN-SPAM
(2) Emblematic CAN-SPAM Awards
§ 5-2. Federal Communications Commission
(A) The Communications Act of 1934
(B) Net Neutrality
§ 5-3. Global Consumer Law
Chapter 6. Global Internet Torts
§ 6-1. Overview of Cybertorts
(A) Defining Cybertorts
(B) Section 230 of the CDA
(C) Distributor Liability
(D) Failure to Remove Content
(E) Exceptions to CDA Section 230
(1) Website Is Deemed a Content Creator
(2) FTC Action & Section 230

§ 6-2. Intentional Cybertorts Against the Person

(A) Tort of Outrage
(B) Trespass to Virtual Chattels
(1) Spam E-Mail
(2) Bots as Trespassers
(3) Spyware as Trespass to Chattels
(4) Trespass to Digital Information
(C) Conversion in Cyberspace
(1) Domain Name Conversion
(2) Conversion of Websites
(D) Malicious Prosecution
(E) Abuse of Process
§ 6-3. Intentional Business Cybertorts
(A) Internet-Related Business Torts
(1) Unfair Competition
(2) Misappropriation of Intangible Data
(3) Interference with Business Contracts
(4) Misappropriation of Trade Secrets
§ 6-4. Intentional Information-Based Torts
(A) Cyberfraud
(B) Trade Libel in Cyberspace
(C) Individual & Media Prima Facie Case
(1) Libel Per Quod
(2) Libel Per Se

XVI
(3) Publishers & Conduits or Distributors
(4) Single Publication Rule
(5) State Action
(6) John Doe Subpoenas
(D) Defamation Defenses
(1) Public Official
(2) General Purpose Public Figure
(3) Limited Purpose Public Figure
(4) Liability Standard for Private Persons
(5) Truth as a Complete Defense
(6) Privileges and Qualified Privileges
(7) Anti-SLAPP Suit Statutes
(8) Retraction Statutes
(E) Privacy Based Cybertorts
(1) Intrusion upon Seclusion
(2) Appropriation & Right of Publicity
(3) Public Disclosure of Private Fact
(4) False Light
§ 6-5. Negligence Based Actions
(A) Internet Related Negligence
(1) Elements of Internet-Related Negligence
(B) Negligent Enablement
(C) Negligence Per Se

XVII

(D) Computer Professional Negligence

(E) Negligent Data Brokering
§ 6-6. Strict Liability in Cyberspace
(A) Defective Information
(B) Economic Loss Rule
§ 6-7. Transborder Torts
Chapter 7. Internet-Related Privacy
§ 7-1. Online Privacy Issues
(A) Google Privacy Policy
(B) Google G-Mail Litigation
(C) Google Wallet
§ 7-2. FTC’s Role as Chief Privacy Regulator
(A) FTC Privacy Disclosures
(B) FTC Privacy Enforcement
(C) COPPA
§ 7-3. Third Party Disclosure of Private Information
§ 7-4. Consumer Privacy Bill of Rights
§ 7-5. State Security Breach Notification
§ 7-6. Global Privacy Issues
(A) Data Protection Directive
(B) Google Spain v. AEPD
(1) Procedural History of Google Spain v. AEPD
(2) Aftermath of Google Spain v. AEPD
(C) Schrems’ Safe Harbor Case
(D) Proposed General Data Protection Regulation
(1) Updating the Data Protection Directive

XVIII

(2) Automatically Applicable Regulation

(3) Overview of GDRP
(4) Article 17: Right to Be Forgotten
(5) Exceptions to the Right to Be Forgotten
(E) Foreign Litigation
Chapter 8. Internet-Related Crimes
§ 8-1. Overview of Cybercrimes
(A) Overview of Computer Crimes
(1) What Computer Crime Includes
(2) The Nature of Computer Crime
(3) Defining Cybercrimes
§ 8-2. Computer Fraud and Abuse Act
(A) Criminal Law Provisions
(1) Obtaining National Security Information
(2) Accessing Computer Without Authorization
(3) Trespassing in a Government Computer
(4) Accessing to Defraud
(5) Damaging Computers or Data
(6) Trafficking in Passwords
(7) Threatening to Harm a Computer

XIX

(B) CFAA’s Civil Liability

(1) Cases Recognizing That Violating TOS Constitutes Without
Authorization
(2) Cases Rejecting View That Violation of TOS Constitutes CFAA
Offense
(a) LVRC Holding v. Brekka
(b) United States v. Nosal
(c) Weingand v. Harland Financial Solutions
§ 8-3. Electronic Communications Privacy Act
(A) Overview of the ECPA
(B) ECPA Defenses
§ 8-4. Stored Communications Act
(A) SCA Prima Facie Case
(B) SCA Defenses
§ 8-5. Computer Crime Case Law
(A) Featured ECPA Cases
(1) U.S. v. Councilman
(2) U.S. v. Riggs
(3) Bohach v. City of Reno
(4) In re Pharmatrak, Inc.
(5) Joffee v. Google
(B) Featured SCA Cases
(1) Konop v. Hawaiian Airlines
(2) United States v. Lang
(3) SCA and Cell Tower Records

§ 8-6. Other Internet-Related Criminal Statutes

(A) Identity Theft
(B) Access Device Fraud
(C) Anti-Stalking
(D) Federal Threats
(E) Sex Trafficking
§ 8-7. International Cybercrime Enforcement
Chapter 9. Content Regulation on the Internet
§ 9-1. Overview of Internet Regulations
§ 9-2. Indecent Speech & Censorship
(A) Communications Decency Act
(B) Child Online Protection Act
(C) Children’s Internet Protection Act
(D) The Child Pornography Prevention Act
(E) The Protect Act of 2003
(F) School Censorship of Internet Content
§ 9-3. Applying the First Amendment in Cyberspace
(A) Dormant or Negative Commerce Clause
(B) Content-Specific Regulations
(C) Content-Neutral Regulations
(D) Facial Attacks on Internet Speech
(1) Vagueness
(2) Overbreadth

XXI

XXII

(2) Vicarious Infringement

(3) Inducement
§ 10-4. The Path of Peer-to-Peer File Sharing
(A) Napster
(B) Grokster
§ 10-5. Links, Framing, Bookmarks, and Thumbnails
(A) Hyperlinks
(B) Framing
(C) Bookmarks
(D) Thumbnails of Images
§ 10-6. Database Protection
§ 10-7. Limitations on Exclusive Rights
§ 10-8. Digital Millennium Copyright Act
(A) Overview of the DMCA
(B) Title I’s Provisions
(1) Anti-Circumvention Provisions
(2) Anti-Trafficking Provisions
(C) Title II’s Safe Harbors
(1) Transitory Network Communications
(2) System Caching
(3) Storage Exemption
(a) OSP’s Registered Agent for Responding to Complaints
(b) Takedown & Put-Back Rules
(4) Information Location Tools
(D) Exemptions & the First Amendment

XXIII

(E) Takedown and Putback Cases

(F) DMCA Subpoena to Unveil Anonymous Infringers
§ 10-9. Copyright Issues in the Cloud
§ 10-10. International Issues
(A) Extraterritoriality
(B) SOPA
(C) ACTA
(D) Moral Rights
(E) Extraterritorial Reach
(F) European ISPs & No Duty to Monitor
(G) Foreign Copyright-Related Cases
(1) Framing
(2) Peer-to-Peer Sharing and ISPs
(3) Copyrightability of Metatags
(H) Website Blocking & In Rem Injunctions
Chapter 11. Trademarks on the Global Internet
§ 11-1. Overview of Internet-Related Trademark Law
(A) The Distension of Trademarks
(B) Federal Trademark Registration
(C) State Trademark Law
(D) Trademark Applications
(1) Elements of an Application
(2) Actual & Intent to Use Applications

XXIV

(E) The Spectrum of Distinctiveness

(F) Trade Name
(G) Service Marks
(H) Functional Limits of Trademarks
(I) What a Domain Name Is
§ 11-2. Website Trade Dress
§ 11-3. Internet-Related Trademark Claims
§ 11-4. Internet-Related Trademark Infringement
(A) Direct Infringement
(B) Contributory Trademark Infringement
(C) Secondary Trademark Infringement
(1) Vicarious Liability
(2) Contributory Infringement
§ 11-5. Trademark Dilution Revision Act of 2006
(A) Basics of Federal Dilution Claims
(1) Dilution by Blurring
(2) Dilution by Tarnishment
(B) TDRA Remedies
(C) TDRA Defenses
§ 11-6. False Designation of Origin
§ 11-7. False Endorsement
§ 11-8. Anticybersquatting Act of 1999
(A) Elements of ACPA Claims
(B) ACPA Safe Harbor
(C) In Rem Jurisdiction
(D) ACPA Remedies

XXV

§ 11-9. Keyword Trademark Litigation

(A) The Meaning of Use in Commerce
(B) Keywords and Commercial Use
(1) 1-800 Contacts, Inc. v. WhenU.Com, Inc.
(2) Rescuecom Corp. v. Google
(3) Google Keyword Cases
§ 11-10. Sponsored Banner Advertisements
§ 11-11. Metatags
(A) Invisible Trademark Violations
(B) Initial Interest Confusion
§ 11-12. Trademark Law Defenses
(A) Nominative Fair Use
(B) First Amendment in Cyberspace
(1) Gripe Sites
(2) Lamparello v. Falwell
(C) Trademark Parodies
(D) Trademark Laches
§ 11-13. False Advertising
§ 11-14. Domain Name Hijacking & Reverse Hijacking
§ 11-15. Uniform Domain Name Resolution Policy
(A) Overview of UDRP Proceedings
(B) UDRP Providers
(C) How the UDRP Works
(1) Domain Name Registration
(2) Liability of the Domain Name Registrars
(3) Appealing UDRP Decisions

XXVI

§ 11-16. Types of UDRP Cases

(A) Incorporating Another’s Trademark
(B) Common Law TM Rights of Celebrities
(C) Appending Descriptive or Generic Words
(D) Anti-Corporate Websites
(E) UDRP Typosquatting
(F) UDRP Panels v. Domain Name Litigation
§ 11-17. Global Trademark Issues
(A) Global E-Business Concerns
Chapter 12. Trade Secrets in Cyberspace
§ 12-1. What Trade Secrets Are
§ 12-2. Trade Secrets Governed by State Law
(A) UTSA’s Definition of Secrecy
(B) UTSA Misappropriation Action
(C) Reasonable Means to Protect Secrets
(1) Nondisclosure Agreements
(2) Idea Submission Policies
(D) Uniform Trade Secret Act Remedies
(E) Defenses in UTSA Litigation
(1) Reverse Engineering
(2) First Amendment Defenses
§ 12-3. Restatement (First) of Torts
§ 12-4. Internet-Related Misappropriation
§ 12-5. Trade Secrets in a Global Internet

XXVII

Chapter 13. Patent Law and the Internet

§ 13-1. Overview of Internet-Related Patents
(A) Why Internet Patents
(B) Constitutional and Statutory Basis
(C) American Invents Act
(1) First Inventor to File (FITF)
(2) Expedited Procedures
(3) Other Patent Reforms
(D) Types of Patents
(1) Utility Patents
(2) Design Patents
(E) Patent Law Terms
(F) Section 101 Patentable Subject Matter
(G) The Essentials of Patentability
(H) Patentability: Novelty
(1) Anticipation
(2) Statutory Bar
(I) Patentability: Nonobviousness
(J) Patentability: Utility
(K) Patent Invalidity
(L) Patent Terms
§ 13-2. Internet Related Patents
(A) Software Patents
(B) E-Business Methods
(C) Post-State Street Cases
§ 13-3. Internet-Related Patent Litigation
(A) Infringement Lawsuits
(B) Markman Hearings
(C) E-Business Patent Trolls

XXVIII

(D) The Supreme Court’s Patent Cases

(1) MercExchange
(2) Bilski v. Kapos
INDEX
XXIX

TABLE OF CASES
References are to Pages
____________

1-800 Contacts, Inc. v. WhenU.com, Inc.----------------------------------384

415 University Community Co. v. Lykes-Youngstown Corp.------------------------
----------177
A & M Records, Inc. v. Napster, Inc.----------------------------------306
Academy of Motion Pictures Arts and Sciences v. GoDaddy.com-------------------
---------------403
Ackourey v. Sonellas Custom Tailors----------------------------------67
ACLU v. Mukasey----------------------------------275
ACLU v. Reno----------------------------------274
Advertise.com, Inc. v. AOL Adver., Inc.----------------------------------346
Air Canada v. United Kingdom----------------------------------83
Akamai Technologies, Inc. v. Limelight Networks, Inc.-------------------------------
---448
Alappat, In re----------------------------------448
ALS Scan v. Digital Services Consultants, Inc.----------------------------------75
Amazon.com, Inc. v. Barnesandnoble.com, Inc.----------------------------------452
American Libraries Association v. Pataki----------------------------------281
American Library Ass’n, United States v.----------------------------------276
American Online, Inc. v. LCGM, Inc.----------------------------------163
AMF Inc. v. Sleekcraft Boats----------------------------------357
Andra v. Left Gate Property Holding, Inc.----------------------------------57
Apple Inc. v. Samsung Electronics----------------------------------438
Ashcroft v. ACLU----------------------------------275
Ashcroft v. Free Speech Coalition----------------------------------277
AT&T Corp. v. Excel Communications, Inc.----------------------------------450
Australian Gold Inc. v. Hatfield----------------------------------388
Avery Dennison Corp. v. Sumpton----------------------------------371
Baker v. Selden----------------------------------297
Bally Total Fitness Holding Corp. v. Faber----------------------------------392
Barclays Capital Inc. v. Theflyonthewall.com----------------------------------175
Bartnicki v. Vopper----------------------------------211
Bavaro Palace, S.A. v. Vacation Tours, Inc.----------------------------------376
Be In, Inc. v. Google Inc.----------------------------------97
Bensusan Restaurant Corp. v. King----------------------------------2

XXX

Berkson v. Gogo LLC----------------------------------99, 102

Bernstein v. J.C. Penney----------------------------------310
Bihari v. Gross----------------------------------392
Bilski v. Kappos----------------------------------441, 458
Bobbs-Merrell Co. v. Straus----------------------------------89
Bohach v. City of Reno----------------------------------257
Braintech v. Kostiuk CA----------------------------------79
Breitfeller v. Playboy----------------------------------287
Budsgunshop.com (BGS) v. Security Safe Outlet, Inc.--------------------------------
--170
Burger King Corp. v. Rudzewicz----------------------------------61
Cable News Network L.P., L.L.L.P. v. cnnews.com---------------------------------
-379
Calder v. Jones----------------------------------72
Cambria Co. v. Pental Granite & Marble Co.----------------------------------71
Capitol Records Inc. v. MP3tunes LLC----------------------------------330
Carlson v. Fidelity Motor Group, LLC----------------------------------69
Cell Tower Records Under 18 U.S.C. § 2703(d), In the Matter of Application
for----------------------------------263
Cellular Accessories for Less v. Trinitat LLC----------------------------------425
Chisholm v. Foothill Capital Corp.----------------------------------191
Clark v. Roccanova----------------------------------288
Coca-Cola Co. v. Purdy----------------------------------376
Columbia Industries v. Fung----------------------------------309
CompuServe v. Cyberpromotions, Inc.----------------------------------163
Constant v. Adv. Micro-Devices, Inc.----------------------------------445
Corsair Memory, Inc. v. Corsair7.com----------------------------------375
Councilman, United States v.----------------------------------256
Crookes v. Newton----------------------------------310
Cross Media Mktg. Corp., In re v. Nixon----------------------------------425
Cubby v. CompuServe----------------------------------151
Cuccioli v. Jekyll & Hyde Neue Metropol----------------------------------79
Curtis Publ’g Co. v. Butts----------------------------------185
Cybersell Inc. v. Cybersell, Inc.----------------------------------67
Dallas Buyers Club LLC v. iiNet Limited----------------------------------335
Dealertrack, Inc. v. Huber----------------------------------424
Decision Insights, Inc. v. Sentia Group, Inc.----------------------------------419
Dendrite Int’l, Inc. v. Doe----------------------------------183
DFSB Kollective Co. v. Yang----------------------------------73
Dirty World Entertainment v. Jones----------------------------------157
DMCA Subpoena to eBay, Inc., In re----------------------------------329
Doe II v. MySpace Inc.----------------------------------200
Doe v. Friendfinder Network----------------------------------184

XXXI

Domain Vault LLC v. Bush----------------------------------366

DoubleClick, Inc. v. Henderson----------------------------------426
Drew, United States v.----------------------------------97
DVD Copy Control Ass’n, Inc. v. Bunner----------------------------------423
Earthweb v. Schlack----------------------------------413
East River Steamship Corp. v. Transamerica Deval Inc.------------------------------
----201
eBay Inc. v. Bidder’s Edge Inc.----------------------------------165
eBay Inc. v. MercExchange L.L.C.----------------------------------456
Elliot v. Google, Inc.----------------------------------346
Elonis, United States v.----------------------------------266
Faegre & Benson v. Purdy----------------------------------352
Fair Housing Council of San Fernando Valley v. Roommates.com, LLC-----------
-----------------------155, 156
Federal Communications Commission v. Pacifica Foundation-----------------------
-----------282
Feist Publications, Inc. v. Rural Telephone Service Co.-------------------------------
---294, 314
Flava Works v. Gunter----------------------------------312
Ford Motor Co. v. Lane----------------------------------423
FTC v. Accusearch Inc.----------------------------------159
FTC v. Corzine----------------------------------137
FTC v. Cyberspace.com, LLC----------------------------------132
FTC v. Fortuna Alliance, L.L.C., et al.----------------------------------136
FTC v. Johnson----------------------------------135
FTC v. Sale Slash, LLC----------------------------------134
FTC v. Stefanchik----------------------------------132
Fteja v. Facebook, Inc.----------------------------------95
Gator.Com Corp. v. L.L. Bean, Inc.----------------------------------59
Gershwin Publishing Corp. v. Columbia Artists Mgmt.-------------------------------
---308
Gertz v. Robert Welch, Inc.----------------------------------185
Ghrist v. CBS Broadcasting, Inc.----------------------------------173
GOFIT LLC v. GoFIT LLC----------------------------------71
Goodyear Dunlop Tires Operations, SA v. Brown---------------------56, 58
Google, Inc. Gmail Litig., In re----------------------------------205
Google, Inc. v. American Blind & Wallpaper Factory, Inc.---------------------------
-------386
Google, Inc., Privacy Policy Litig., In re----------------------------------205
Google Spain v. AEPD----------------------------------216
Greenwald, United States v.----------------------------------424
GTE New Media Services Inc. v. BellSouth Corp.----------------------------------74

XXXII

Gucci America, Inc. v. Hall & Assocs.----------------------------------360

Hammer v. Amazon.com----------------------------------180
Hanson v. Denckla----------------------------------55
Hard Rock Café Licensing Corp. v. Concession Servs. Inc.--------------------------
--------362
Hasbro, Inc. v. Internet Entm’t Group, Ltd.----------------------------------370
Hearts on Fire Co. v. Blue Nile, Inc.----------------------------------380
Helicopteros Nacionales de Colombia, S.A. v. Hall---------------------------------
-58
Hill v. Gateway 2000, Inc.----------------------------------105
Hines v. Overstock.com, Inc.----------------------------------98
Huon v. Breaking Media LLC----------------------------------161, 178, 189
Hy Cite Corp. v. Badbusinessbureau.com, L.L.C.----------------------------------69
inno360, Inc. v. Zakta----------------------------------62
Inset Sys., Inc. v. Instruction Set, Inc.----------------------------------61
Intel Corp. v. Hamidi----------------------------------164
Intermatic Inc. v. Toeppen----------------------------------381
International Airport Centers v. Citrin----------------------------------245
International Shoe v. Washington----------------------------------56
Inwood Labs., Inc. v. Ives Labs., Inc.----------------------------------359, 363
IP Technologies v. Amazon.com----------------------------------442
iPhone Application Litigation, In re----------------------------------203
J.S. v. Blue Mt. Sch. Dist.----------------------------------280
Jada Toys Inc. v. Mattel, Inc.----------------------------------367
James v. Meow Media Inc.----------------------------------200
Jaynes v. Commonwealth of Virginia----------------------------------284
Joffee v. Google----------------------------------259
Kelly v. Arriba Soft Corp.----------------------------------312
Kilbride, United States v.----------------------------------285
Kirtsaeng v. John Wiley & Sons----------------------------------89
Klayman v. Zuckerberg----------------------------------160
Knutson v. Sirius XM----------------------------------99
Konop v. Hawaiian Airlines, Inc.----------------------------------260
Kremen v. Cohen----------------------------------169
Kroneymer v. Internet Movie Database Inc.----------------------------------188
L.L. Bean, Inc. v. Drake Publishers Inc.----------------------------------393
Lamparello v. Falwell----------------------------------393
Lang, United States v.----------------------------------262
Layshock v. Hermitage Sch. Dist.----------------------------------280
LBF Travel, Inc. v. Fareportal, Inc.----------------------------------382
Lefebure v. Lacambre----------------------------------228
Legacy Learning Systems, Inc. v. Federal Trade Commission-----------------------
-----------138
XXXIII

Lenz v. Universal Music Corp.----------------------------------327

Levi Strauss & Co. v. Abercrombie & Fitch Trading Co.-----------------------------
-----370
Lexmark Int. v. Static Control Components----------------------------------319
Lifetouch Church Directories & Portraits v. Ingalsbe---------------------------------
-414
Limelight Networks, Inc. v. Akamai Technologies, Inc.-------------------------------
---449
Litecubes LLC v. Northern Light Products, Inc.----------------------------------333
Lockheed Martin Corp. v. Network Solutions, Inc.---------------------------------
-360
Lone Star Nat. Bank, N.A. v. Heartland Payments Sys.-------------------------------
---195
Louis Vuitton Malletier, M.A. v. Haute Diggity Dog---------------------------------
-394
LVRC Holdings LLC v. Brekka----------------------------------246
Lyons Partnership v. Giannoulas----------------------------------393
MAI Systems Corp. v. Peak Computer----------------------------------296, 416
Manufactured Home Communities Inc. v. County of San Diego---------------------
-------------188
Markman v. Westview Instruments Inc.----------------------------------455
Mathis v. Cannon----------------------------------186
Mattel, Inc. v. Jcom, Inc.----------------------------------367
Maximillian Schrems v. Data Protection Commissioner------------------------------
----219
Maximized Living, In re v. Google----------------------------------329
Mayo Collaborative Servs. v. Prometheus Labs, Inc.---------------------------------
-440
McNeil v. Jordan----------------------------------172
Metro-Goldwyn Mayer Studios v. Grokster----------------------------------304, 307
MGM Studios, Inc. v. Grokster, Ltd.----------------------------------304
Michaels v. Internet Ent. Group Inc.----------------------------------190
Microsoft Corp. v. i4i L.P.----------------------------------445
Microsoft v. Does 1–18----------------------------------166
Mid-Michigan Computer Sys. v. Marc Glassman Inc.---------------------------------
-421
Miller v. California----------------------------------287
Moseley v. Victoria Secret Catalogue, Inc.----------------------------------368
Murdock v. L.A. Fitness----------------------------------162
MySpace, Inc. v. Graphon Corp.----------------------------------459
National Cable & Telecommunications Association v. Brand X Internet
Services----------------------------------144
NBA v. Motorola----------------------------------174

XXXIV

Network Automation, Inc. v. Advanced Systems Concepts, Inc.---------------------

-------------386
New Kids On The Block v. News America Publishing, Inc.--------------------------
--------391
New York Times v. Sullivan----------------------------------185
Newport News Holdings Corp. v. Virtual City Vision---------------------------------
-376
Nguyen v. Barnes & Noble, Inc.----------------------------------97
Nicosia v. Amazon.com, Inc.----------------------------------95
Nielsen Media Research Inc. v. Microsystems Software Inc.-------------------------
---------196
Noah v. AOL Time-Warner, Inc.----------------------------------182
Nosal, United States v.----------------------------------247
Obado v. Magedson----------------------------------152
Office Depot Inc. v. Zuccarini----------------------------------401
Ogbolumani v. Young----------------------------------168
Opperman v. Path, Inc.----------------------------------159
Orion IP, LLC v. Hyundai Motor Am.----------------------------------445
Panavision Int’l, L.P. v. Toeppen----------------------------------377
Perfect 10, Inc. v. Amazon.com, Inc.----------------------------------292
Perfect 10, Inc. v. Giganews, Inc.----------------------------------302
Perfect 10, Inc. v. Google, Inc.----------------------------------313
Perfect 10, Inc. v. Visa Int’l Serv. Ass’n----------------------------------362, 363
Perkins v. Benquet Consolidated Mining Co.----------------------------------58
Petroliam Nasional Berhad v. GoDaddy.com, Inc.---------------------------------
-360
PFLAG v. Camdenton R-III School Dist.----------------------------------277
Pharmatrak, Inc., In re----------------------------------258
Pioneer Hi-Bred Int’l v. Holden Found Seeds----------------------------------417
Playboy Enterprises, Inc. v. Good Samaritan Program---------------------------------
-405
Playboy Enterprises, Inc. v. Netscape Communications Corp.-----------------------
-----------387
Playboy Enterprises, Inc. v. Welles----------------------------------389
ProCD, Inc. v. Zeidenberg----------------------------------103
Red Label Vacations Inc. (redtag.ca) v. 411 Travel Buys Limited
(411travelbuys.ca)----------------------------------335
Religious Tech. Ctr. v. Netcom On-Line Communic. Servs. Inc.--------------------
--------------416, 425
Rembrandt Wireless Technologies LP v. Samsung Electronics Ltd.-----------------
-----------------452
Remsburg v. Docusearch, Inc.----------------------------------197
Reno v. ACLU----------------------------------272, 273, 283, 284

XXXV

Renton, City of v. Playtime Theatre----------------------------------283

Rescuecom Corp. v. Google----------------------------------385
Riggs, United States v.----------------------------------256
Ron Paul 2012 Presidential Campaign Comm., Inc. v. Does 1-10-------------------
---------------373
Rosetta Stone Ltd. v. Google, Inc.----------------------------------349, 386
Sabinsa Corp. v. Creative Compounds, Inc.----------------------------------346
Sable Communications Inc. v. FCC----------------------------------281
Safeguard Operations LLC v. Safeguard Storage----------------------------------407
Sandler v. Calcagni----------------------------------191
Sangster v. Paetkau----------------------------------172
Scherillo v. Dun & Bradstreet Inc.----------------------------------102
Serbite Agency Inc. v. Platt----------------------------------248
Shamsuddin v. Vitamin Research Prods.----------------------------------61
Shields v. Zuccarini----------------------------------376
Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc.-----------------------
-----------241
Six Continents Hotels, Inc. v. John Zuccarini----------------------------------409
Societé Air France v. Virtual Dates, Inc.----------------------------------393
Societe Google, Inc., In re----------------------------------230
Sotelo v. DirectRevenue----------------------------------167
Specht v. Netscape Communications Corp.----------------------------------101
State Street Bank & Trust Co. v. Signature Fin. Group, Inc.--------------------------
--------449
Stevo Design, Inc. v. SBR Mktg., Ltd.----------------------------------61
Stomp Inc. v. Neato----------------------------------95
Stratton Oakmont, Inc. v. Prodigy Services Co.----------------------------------151
Subafilms Ltd. v. MGM-Pathe Commn’ns Co.----------------------------------333
Svenson v. Google, Inc.----------------------------------206, 207
Tamiz v. Google, Inc.----------------------------------201
Telemedia Network Inc. v. Sunshine Films, Inc.----------------------------------398
The Plain Dealer, State ex rel. v. Ohio Dept. of Ins.---------------------417
Toronto-Dominion Bank v. Karpachev----------------------------------409
Two Pesos, Inc. v. Taco Cabana, Inc.----------------------------------351
U-Haul Co. of West Virginia, State ex rel. v. Zakaib---------------------------------
-96
UMG Recordings, Inc. v. Augusto----------------------------------315
UMG Recordings, Inc. v. Veoh Networks Inc.----------------------------------321
United Airlines, Inc. v. Zaman----------------------------------62
Universal City Studios, Inc. v. Corley----------------------------------318
Vernor v. Autodesk, Inc.----------------------------------90
Viacom Int’l, Inc. v. YouTube, Inc.----------------------------------308
Vulcan Golf LLC v. Google, Inc.----------------------------------396

XXXVI

Warehouse Solutions v. Integrated Logistics (ILL)---------------------------------

-414
Washington Post v. Total News, Inc.----------------------------------311
Wayburn Digital Media, Inc. v. Drop Zone Digital Media LLC----------------------
------------414
WEC Carolina Energy Solutions LLC v. Miller----------------------------------239
Weingand v. Harland Financial Solutions----------------------------------248
Williams, United States v.----------------------------------278
Winfield Collection, Ltd. v. McCauley----------------------------------66
Xcentric Ventures L.L.C. v. Borodkin----------------------------------172
Yahoo! Inc. v. XYZ Companies----------------------------------143
Yeager v. Bowlin----------------------------------182
Yelp v. Catron----------------------------------395
Zappos.com, Inc., Customer Data Breach Sec. Litig., In re---------------------------
-------98
Zeran v. America Online----------------------------------152, 153
Ziegler, United States v.----------------------------------296
Zippo Manufacturing Company v. Zippo Dot Com, Inc.------------------------------
----63
XXXVII

TABLE OF STATUTES
References are to Pages
____________

15 U.S.C. § 43(a)---------------------------------------------------351
15 U.S.C. § 45-------------------------------------------------------137
15 U.S.C. § 45(a)---------------------------------------------------131
15 U.S.C. § 101(C)-------------------------------------------------107
15 U.S.C. § 1051----------------------------------------------340, 385
15 U.S.C. §§ 1051 et seq.----------------------------------------341
15 U.S.C. § 1052(e)(5)--------------------------------------------349
15 U.S.C. § 1054----------------------------------------------------345
15 U.S.C. § 1114----------------------------------------------------356
15 U.S.C. § 1114(1)------------------------------------------------352
15 U.S.C. § 1114(1)(a)--------------------------------------339, 355
15 U.S.C. § 1114(2)(D)(iii)---------------------------------------403
15 U.S.C. § 1114(2)(D)(iv)--------------------------365, 399, 404
15 U.S.C. § 1114(2)(D)(v)----------------------------------397, 398
15 U.S.C. § 1115(b)------------------------------------------------357
15 U.S.C. § 1115(b)(4)--------------------------------------------390
15 U.S.C. § 1117(d)------------------------------------------358, 380
15 U.S.C. § 1125(a)------------------------------------------355, 394
15 U.S.C. § 1125(a)(1)(A)----------------------------------353, 374
15 U.S.C. § 1125(a)(1)(B)----------------------------------------354
15 U.S.C. § 1125(c)----------------------------353, 359, 364, 367
15 U.S.C. § 1125(c)(1)-------------------363, 364, 367, 368, 372
15 U.S.C. § 1125(c)(2)---------------------------------------------371
15 U.S.C. § 1125(c)(2)(A)----------------------------------363, 370
15 U.S.C. § 1125(c)(2)(B)----------------------------------365, 369
15 U.S.C. § 1125(c)(2)(B)(i)-------------------------------------370
15 U.S.C. § 1125(c)(2)(C)----------------------------------365, 367
15 U.S.C. § 1125(c)(3)(A)----------------------------------------372
15 U.S.C. § 1125(c)(3)(A)(i)-------------------------------------372
15 U.S.C. § 1125(c)(3)(A)(ii)------------------------------------372
15 U.S.C. § 1125(d)----------------------------354, 374, 375, 376
15 U.S.C. § 1125(d)(1)(B)----------------------------------------377
15 U.S.C. § 1125(d)(1)(B)(ii)------------------------------------377
15 U.S.C. § 1125(d)(1)(C)----------------------------------------376

XXXVIII

15 U.S.C. § 1125(d)(2)(A)----------------------------------------378
15 U.S.C. § 1125(d)(2)(B)----------------------------------------378
15 U.S.C. § 1127--------------------------------339, 342, 348, 368
15 U.S.C. §§ 1681 et seq.----------------------------------------131
15 U.S.C. § 6501----------------------------------------------140, 209
15 U.S.C. §§ 7701–7713------------------------------------------141
15 U.S.C. § 7704(a)(1)--------------------------------------------143
15 U.S.C. § 7707(b)(2)(A)----------------------------------------163
17 U.S.C. § 101-----------------------------------------------295, 299
17 U.S.C. § 102----------------------------------------294, 443, 444
17 U.S.C. § 102(a)--------------------------------------------------293
17 U.S.C. § 106-----------------------------------------------302, 333
17 U.S.C. § 106(1)--------------------------------------------------298
17 U.S.C. § 107-----------------------------------------------298, 299
17 U.S.C. § 116-----------------------------------------------------293
17 U.S.C. § 117-----------------------------------------------------296
17 U.S.C. § 401(d)-------------------------------------------------301
17 U.S.C. § 407-----------------------------------------------------300
17 U.S.C. § 512---------------------------------308, 316, 320, 323
17 U.S.C. § 512(a)------------------------------306, 320, 321, 324
17 U.S.C. § 512(a)–(d)--------------------------------------------320
17 U.S.C. § 512(b)–(d)--------------------------------------321, 322
17 U.S.C. § 512(c)--------------------------------------------309, 324
17 U.S.C. § 512(c)(1)----------------------------------------------322
17 U.S.C. § 512(c)(3)----------------------------------------323, 329
17 U.S.C. § 512(c)(3)(A)------------------------------------------324
17 U.S.C. § 512(d)-------------------------------------------------327
17 U.S.C. § 512(f)--------------------------------------------------328
17 U.S.C. § 512(f)(1)–(f)(2)--------------------------------------325
17 U.S.C. § 512(f)(2)-----------------------------------------------326
17 U.S.C. § 512(g)--------------------------------------------------328
17 U.S.C. § 512(g)(2)(B)------------------------------------------326
17 U.S.C. § 512(g)(2)(C)------------------------------------------326
17 U.S.C. § 512(g)(3)(C)------------------------------------------326
17 U.S.C. § 512(h)-------------------------------------------329, 330
17 U.S.C. § 512(k)(1)(B)------------------------------------------322
17 U.S.C. §§ 1201 et seq.----------------------------------315, 318
17 U.S.C. § 1201(a)(1)(A)----------------------------------------318
17 U.S.C. § 1201(a)(2)--------------------------------------------319
17 U.S.C. § 1201(a)(3)(A)----------------------------------------318
17 U.S.C. § 1201(a)(3)(B)----------------------------------------318
17 U.S.C. § 1201(b)(2)(B)----------------------------------------318

XXXIX

17 U.S.C. § 1203----------------------------------------------------315
17 U.S.C. § 1203(b)(1)--------------------------------------------316
17 U.S.C. § 1204----------------------------------------------------315
18 U.S.C. § 2---------------------------------------------------------265
18 U.S.C. § 875(c)--------------------------------------------266, 267
18 U.S.C. § 1028(a)------------------------------------------------264
18 U.S.C. § 1028A-------------------------------------------------264
18 U.S.C. § 1029----------------------------------------------243, 264
18 U.S.C. § 1029(a)(E)--------------------------------------------265
18 U.S.C. § 1029(c)(1)(A)(I)-------------------------------------265
18 U.S.C. § 1029(e)(2)--------------------------------------------265
18 U.S.C. § 1029(e)(3)--------------------------------------------265
18 U.S.C. § 1030----------------------------------------------------235
18 U.S.C. § 1030(a)------------------------------------------------235
18 U.S.C. § 1030(a)(1)-------------------------------236, 237, 264
18 U.S.C. § 1030(a)(2)--------------------------------------236, 238
18 U.S.C. § 1030(a)(2)(C)----------------------------------235, 236
18 U.S.C. § 1030(a)(2)(C)(2)------------------------------------235
18 U.S.C. § 1030(a)(3)-------------------------------235, 236, 238
18 U.S.C. § 1030(a)(4)-------------------------------235, 237, 238
18 U.S.C. § 1030(a)(5)--------------------------------------236, 238
18 U.S.C. § 1030(a)(5)(A)----------------------------------------241
18 U.S.C. § 1030(a)(5)(A)(I)-------------------------------------236
18 U.S.C. § 1030(a)(5)(B)----------------------------------238, 242
18 U.S.C. § 1030(a)(5)(B)–(a)(5)(C)---------------------------235
18 U.S.C. § 1030(a)(5)(C)----------------------------------239, 242
18 U.S.C. § 1030(a)(6)--------------------------------------237, 239
18 U.S.C. § 1030(a)(7)--------------------------------------237, 239
18 U.S.C. § 1030(c)(4)(A)(i)(I)----------------------------------244
18 U.S.C. § 1030(e)(8)--------------------------------------------244
18 U.S.C. § 1030(e)(11)-------------------------------------------244
18 U.S.C. § 1030(g)-----------------------------------237, 244, 247
18 U.S.C. § 1040(e)(6)--------------------------------------------236
18 U.S.C. § 1831----------------------------------------------------430
18 U.S.C. § 1832----------------------------------------------------431
18 U.S.C. § 1839(3)(A)--------------------------------------------413
18 U.S.C. § 2252(a)------------------------------------------------288
18 U.S.C. § 2252A(a)(2)------------------------------------------287
18 U.S.C. § 2252A(a)(3)(B)--------------------------------------278
18 U.S.C. § 2257----------------------------------------------------287
18 U.S.C. § 2257(b)(1)---------------------------------------------278
18 U.S.C. § 2510(5)------------------------------------------------254

18 U.S.C. § 2510(12)----------------------------------------249, 250

18 U.S.C. § 2510(16)----------------------------------------------260
18 U.S.C. § 2510(16)(A)------------------------------------------249
18 U.S.C. § 2511----------------------------------------------------260
18 U.S.C. § 2511(1)(a)-------------------------------249, 251, 252
18 U.S.C. § 2511(1)(c)---------------------------------------------251
18 U.S.C. § 2511(1)(d)--------------------------------------------251
18 U.S.C. § 2511(2)(a)–(2)(h)-----------------------------------249
18 U.S.C. § 2511(2)(d)--------------------------------------------252
18 U.S.C. § 2511(2)(g)(i)-----------------------------------252, 260
18 U.S.C. § 2511(2)(g)(ii)(I)–(2)(g)(ii)(IV)-------------------250
18 U.S.C. § 2701----------------------------------------------207, 254
18 U.S.C. §§ 2701–2711------------------------------------------253
18 U.S.C. § 2701(c)(1)---------------------------------------------254
18 U.S.C. § 2702----------------------------------------------------207
18 U.S.C. § 2703(d)------------------------------------------262, 263
35 U.S.C. § 101-------437, 439, 440, 441, 443, 447, 458, 460
35 U.S.C. § 102-----------------------------------------------------444
35 U.S.C. § 102(a)--------------------------------------------445, 446
35 U.S.C. § 102(a)(1)----------------------------------------------444
35 U.S.C. § 102(a)(2)----------------------------------------------444
35 U.S.C. § 102(b)--------------------------------------------------445
35 U.S.C. § 161-----------------------------------------------------437
35 U.S.C. § 171-----------------------------------------------437, 438
35 U.S.C. § 282-----------------------------------------------------447
35 U.S.C. § 282(b)(2)----------------------------------------------436
47 U.S.C. § 151-----------------------------------------------------144
47 U.S.C. § 223(a)--------------------------------------------------273
47 U.S.C. § 227-----------------------------------------------------141
47 U.S.C. § 230----------------------------------------150, 151, 153
47 U.S.C. § 230(c)(1)----------------------------------------149, 150
47 U.S.C. § 230(c)(2)----------------------------------------------150
47 U.S.C. § 230(f)(3)-----------------------------------------------150
47 U.S.C. § 231-----------------------------------------------------273
Mass. Gen. Laws § 93H–1 et seq.-----------------------------214
Restatement (First) of Torts § 757---------------------415, 423
Restatement (First) of Torts § 757, cmt. b-----------------423
Restatement (First) of Torts §§ 757–758-------------------423
Restatement (Second) of Contracts § 241------------------119
Restatement (Second) of Contracts §§ 344–355----------124
Restatement (Second) of Torts § 46--------------------------161
Restatement (Second) of Torts § 46, cmt. 1----------------162

XLI

Restatement (Second) of Torts § 402(A)(1)-----------------199

Restatement (Third) of Torts § 46----------------------161, 162
Restatement (Third) of Torts § 46, cmt. b------------------163
Restatement (Third) of Torts § 46, cmt. d------------------162
Restatement (Third) of Torts: Liability for Physical and Emotional Harm § 18
(2009)--------------------------161
Restatement (Third) of Unfair Competition § 46--------190
U.C.C. Art. 2--------------------------------------------------------104, 106, 110, 111,
114, 115, 117, 119, 122, 124
U.C.C. § 2–207-----------------------------------------105, 106, 112
U.C.C. § 2–207(2)--------------------------------------------------106
U.C.C. § 2–312------------------------------------------------114, 116
U.C.C. § 2–706------------------------------------------------------124
U.C.C. § 2–708------------------------------------------------------124
U.C.C. § 2–718------------------------------------------------------123
UCITA § 2.01(B)---------------------------------------------------112
UCITA § 2.02--------------------------------------------------------112
UCITA § 2.02(D)---------------------------------------------------112
UCITA § 2.03--------------------------------------------------------113
UCITA § 3.01--------------------------------------------------114, 117
UCITA § 3.01(B)---------------------------------------------------115
UCITA § 3.02--------------------------------------------------115, 117
UCITA §§ 3.02—3.07---------------------------------------------114
UCITA § 3.04--------------------------------------------------------116
UCITA § 3.05(A)---------------------------------------------------118
UCITA § 3.05(B)---------------------------------------------118, 119
UCITA § 3.08--------------------------------------------------------113
UCITA § 3.09(A)---------------------------------------------------114
UCITA § 3.10--------------------------------------------------------114
UCITA § 4.03--------------------------------------------------------119
UCITA § 405--------------------------------------------------------116
UCITA § 701--------------------------------------------------------119
UCITA § 808--------------------------------------------------------124
UTSA § 1, cmt. 2---------------------------------------------------422
UTSA § 3-------------------------------------------------------------421
UTSA § 6-------------------------------------------------------------421
XLIII

TABLE OF AUTHORITIES
References are to Pages
____________

Aikins, Matthieu, Jamming Tripoli, Wired (June 2012)-------------------------------

---14
Alexis, Alexei, House Bill for ‘Operators’ Handling Student Data, Bloomberg
BNA Computer Technology Law Report (Apr. 29, 2015)--------------------------
--------209
ALI, The Principles of the Law of Software Contracts (2010)------------------------
----------120, 121, 122, 124
Alter, Scott, One Year After Alice: Was It the Right Medicine? Law 360 (June
18, 2015)----------------------------------442
Bear, Vangie, Packet Switching, Webopedia----------------------------------6
Benkler, Yochai, The Wealth of Networks: How Social Production Transforms
Markets and Freedom (2006)----------------------------------52
Bessen, James, & Meurer, Michael J., Patent Failure (2005)-------------------------
---------433
Beyoud, Lydia, Net Neutrality Bill, Bloomberg BNA: Electronic Commerce &
Law Report (Mar. 16, 2015)----------------------------------25
Bloomberg BNA, Keeping Up With the Domain Name Explosion, Electronic
Commerce & Law Report (Dec. 28, 2012)----------------------------------402
Boyle, James, Foucault in Cyberspace: Surveillance, Sovereignty and Hardwired
Censors, 66 U. Cin. L. Rev. 177 (1997)----------------------------------36
Bradshaw, Karen M., & Saha, Souvik, Academic Administrators and the
Challenge of Social Networking Sites in Saul Levmore & Martha Nussbaum,
The Offensive Internet: Privacy, Speech, and Reputation (2010)------------------
----------------279
Brown, Bob, Paul Baran, Internet and Packet Switching Pioneer is Mourned
Network World (March 27, 2011)----------------------------------5
Burris, Daniel, The Internet of Things is Far Bigger Than Anyone Realizes,
Wired (Nov. 2011)----------------------------------22

XLIV
XLIV

Campagna, Mark V., Understanding Patent Reforms in the Context of Litigation

(2009)----------------------------------435
Carmody, Tim, Yahoo! Sues Facebook in a Web Patent Showdown, Epicenter
(Mar. 13, 2012)----------------------------------454
Cisco, Cisco Visual Networking Index Update 2014–2019 (Feb. 3, 2015)---------
-------------------------19
Citron, Danielle Keats, Hate Crimes in Cyberspace (2014)---------------------------
-------31
Colston, Catherine, & Galloway, Jonathan, Modern Intellectual Property (2010)-
---------------------------------333
Cross, John, et al., Global Issues in Intellectual Property Law (2010)---------------
-------------------411
Data Breaches: California Data Breach Notice Law Would Apply to User
Names, Passwords, Bloomberg BNA, Electronic Commerce & Law Report
(May 22, 2013)----------------------------------214
Disruptive Competition Project, One in Six Patents Pertain to the Smartphone
(Oct. 17, 2012)----------------------------------453
Dobbs, Dan B., The Law of Torts § 402 (2000)----------------------------------181
Doyle, Charles, Cybercrime: An Overview of the Federal Computer Fraud &
Abuse Statute & Related Federal Criminal Law, Congressional Research
Service (Oct. 15, 2014)----------------------------------237
Essers, Loek, Berlin Court Rules Google Privacy Policy Violates Data
Protection Law, IDG News Service (Nov. 20, 2013)--------------------------------
--230
European Commission, Commission Proposes a Comprehensive Reform of Data
Protection Rules to Increase Users’ Control of Their Data and to Cut Costs for
Business, Brussels (Jan. 25, 2012)----------------------------------224
Federal Bureau of Investigation, The Cyber Threat: Part I: On the Front Lines
with Shawn Henry (Mar. 27, 2012)----------------------------------234
Federal Trade Commission, Complying with COPPA (Apr. 13, 2013)-------------
---------------------140, 209, 210
Federal Trade Commission, Dot.com Disclosures (2012)-----------------------------
-----139
Federal Trade Commission, FTC Staff Report, Mobile Privacy Disclosures:
Building Trust Through Transparency (Feb. 2013)---------------------------------
-208
Feingold, Stephen W. & Hogan, Howard S., Unique Online Trademark Issues,
Chapter 7 in G. Peter

XLV

Albert, Jr. an AIPLA, Intellectual Property in Cyberspace (2d ed. 2011)-----------

-----------------------356
Fisch, Michael, Software Patents and the Smartphone, PrawsBlawg (Nov. 15,
2012)----------------------------------453
Giblin, Rebecca, Code Wars: 10 Years of P2P Software Litigation vi (2011)------
----------------------------302
Gibson, William, Neuromancer (1984)----------------------------------7
Goetz, Jeffrey M., A New World of EU Data Protection, Martindale.com (Feb.
2, 2012)----------------------------------222
Goldman, Eric (Forbes Cross-Post), Technology Law & Marketing Blog (June 8,
2015)----------------------------------384
Golumbia, David, Cyberlibertarians’ Digital Deletion of the Left, Jacobin
Magazine (Dec. 13, 2013)----------------------------------37
Grabosky, Peter, & Smith, Russell G., Crime in the Digital Age: Controlling
Telecommunications and Cyberspace (1998)----------------------------------333
Gueally, Jon, Greenwald: Leaked Documents, Common Dreams (July 15, 2014)-
---------------------------------288
Hillman, Robert A., & Maureen O’Rourke, Defending Disclosure in Software
Licensing, 78 U. Chi. L. Rev. 95 (2011)----------------------------------118
Husovec, Martin, In Rem Jurisdictions: Case of Website Blocking, International
Max Planck Research School for Competition and Innovation (April 27,
2013)----------------------------------336
ICANN, UDRP Dispute Resolution Policy (2012)---------------------------------
-402
Internet Corporation for Assigned Names & Numbers (ICANN), Registration
Abuse Policies Working Group Final Report (submitted 29 May 2010)----------
------------------------350
Internet Users, Internet Live Statistics (2015)----------------------------------2
Jankowski, Simona, Goldman Sachs Global Investment Research, The IoT as the
Third Wave of the Internet (Sept. 2014)----------------------------------22
Johnson, David R., & David Post, Law and Borders—The Rise of Law in
Cyberspace, 48 Stan. L. Rev. 1367 (1996)----------------------------------36
Joseph, Paul, CJEU Rules That Linking & Framing Is Not Copyright
Infringement, Lexology (Feb. 13, 2014)----------------------------------312
Kerr, Orin S., Computer Crime Law (2006)----------------------------------234
Kerr, Orin S., Computer Crime Law (2d ed. 2009)---------------------------------
-232
Koops, Bert-Jaap, Forgetting Footprints, Shunning Shadows. A Critical Analysis
of the “Right To Be

XLVI

Forgotten” in Big Data Practice, 8 Scripted 229 (2011)-------------------------------

---224
Krotoski, Mark T. & Brock Dahl, Stealing Trade Secrets and Confidential
Information With Computers: Time to Resolve the Lingering Circuit Split,
Bloomberg BNA: Computer Technology Law Report (Mar. 6, 2015)----------
-245
Lemley, Mark, et al., Software & Internet Law (2003)--------------------------------
--461
Lemley, Mark, et al., Software and Internet Law (3rd ed. 2006)---------------------
-------------212
Lessig, Lawrence, Architecting for Control: Version 1.0 (2000)---------------------
-------------45
Lessig, Lawrence, Code and Other Laws of Cyberspace (1999)---------------------
-------------30
Lessig, Lawrence, Code and Other Laws of Cyberspace, Version 2.0 (2006)------
----------------------------30, 42
Lipton, Jacqueline, Rethinking Cyberlaw: A New Vision for Internet Law
(2015)----------------------------------28, 29, 31
Markovski, Veni, ICANN, Vice President for Russia, CIS and Eastern Europe,
Remarks at The Geopolitics of Internet Governance, Center for Strategic &
International Studies (May 23, 2013)----------------------------------11
McCarthy, J. Thomas, Trademarks and Unfair Competition (4th ed. 2012)--------
--------------------------351, 384
McCarthy, J. Thomas, et al., McCarthy’s Desk Encyclopedia of Intellectual
Property (2004)----------------------------------447
Milligan, Robert B. & Daniel P. Hart, Top 10 Developments/Headlines in Trade
Secret, Computer Fraud, and Non-Compete Law in 2014 (Jan. 6, 2014)---------
-------------------------430
Mitchell, Rick, Google Drops Appeal of French Fine Over Single Privacy Policy
Across Products, BNA Bloomberg, Privacy and Data Security Law Resource
Center (Feb. 6, 2015)----------------------------------230
Mullin, Joe, IBM Sues Priceline Over Patents, Because Prodigy Was Cool,
ArsTechnica (Feb. 11, 2015)----------------------------------450
Nash, David, Blasphemy in the Christian World (2012) at Preface------------------
----------------290
National Institute of Standards, NIST Cloud Computing Program (2013)----------
------------------------127
Petersen, Karim, Deep Linking is Legal in Denmark, EDRi (2006)-----------------
-----------------310

XLVII

Principles of the Law of Software Contracts (2010)---------------------------------

-110
Quinn Jr., Eugene R., Web Surfing 101: The Evolving Law of Hyperlinking, 2
Barry L. Rev. 37 (2001)----------------------------------311
Ramsay, Lisa B., Brandjacking on Social Networks: Trademark Infringement for
Impersonation of Markholders, 58 Buff. L. Rev. 851 (2010)-----------------------
-----------338
Retzer, Karin, German Court Rules Against Facebook’s ‘Friend Finder,’
Socially Aware: The Law and Business of Social Media (March 3, 2014)-------
---------------------------230
Rouse, Margaret, TCP/IP Techtarget.com (2015)----------------------------------5
Rustad, Michael L. & Sanna Kulevska, Reconceptualizing the Right to Be
Forgotten to Enable Transatlantic Data Flow, 28 Harv. J. L. & Tech. 351
(2015)----------------------------------216
Rustad, Michael L. & Thomas H. Koenig The Tort of Negligent Enablement of
Cybercrime, 20 Berkeley Tech. L.J. 1553 (2005)---------------------------------
-194
Rustad, Michael L., The Negligent Enablement of Trade Secrets, 22 Santa Clara
Computer & High Tech J. 455 (2006)----------------------------------431
Sansbury, Maree, Moral Rights and Their Application in Australia (2003)--------
--------------------------332
Sapp, Geneva, E-Businesses vie for Technology Ownership, Network World
(Mar. 6, 2000)----------------------------------451
Schechter, Roger E., & Thomas, John B., Intellectual Property: The Law of
Copyrights, Patents, and Trademarks (2003)----------------------------------443
Schener, Sam, Tech Firms, French Police, Ally in Terrorism Fight, Wall. St. J.
(Apr. 22, 2015)----------------------------------38
Schuetze, Benjamin, Germany: No Digitisation Without Reproduction, Kluwer
Copyright Blog (May 29, 2015)----------------------------------311
Schuppert, Stefan and Tim Wybitul, Hogan, Lovells, Irish High Court Refers
Questions to European Court of Justice: Can National DPAs Disregard Safe
Harbor? (July 10, 2014)----------------------------------220
Schwartz, Jason C., et al., 2014 Trade Secrets Litigation, Roundup, Bloomberg
BNA: Computer Technology Law Report (Jan. 16, 2015)--------------------------
--------427
Smith, Graham J.H., Internet Law and Regulation (2007)-----------------------------
-----348

XLVIII

Solum, Lawrence, Models of Internet Governance, Chapter 2 in Models of

Internet Governance Infrastructure and Institutions (Lee A. Bygrave ed. 2009)-
---------------------------------32
Stone, Geoffrey R., Content Regulation and the First Amendment, 25 Wm. &
Mary L. Rev. 189 (1983)----------------------------------282, 283
Svensson and Larsson, Intellectual Property Law Compliance in Europe (2012)--
--------------------------------48
The White House, Consumer Data Privacy in a Networked World (2012)---------
-------------------------213
Travis, Hannibal, Cyberspace Law: Censorship and Regulation of the Internet
(2013)----------------------------------34
U.S. Dept. of Justice, Manual on Prosecuting Computer Crimes (2012)------------
----------------------246
U.S. Dept. of Justice, Prosecuting Computer Crimes (2012)--------------------------
--------242
USPTO, Patent Subject Matter Eligibility (2012)----------------------------------440
USPTO, Trademark FAQs, What Are the Benefits of Trademark Registration?
(2012)----------------------------------342
Walters, Robin, Facebook, Zuckerberg Sued for $1 Billion After Not Removing
a Page Fast Enough, TechCrunch (April 1, 2011)---------------------------------
-160
Weiss, Elizabeth, Massive Breach at Health Care Company Anthem Inc. USA
Today (Feb. 5, 2015)---------193
White House Briefing, Launch of the Administration’s Strategy to Mitigate the
Theft of U.S. Trade Secrets (Feb. 20, 2013)----------------------------------429
Who Are Patent Trolls and What Will H.R. 9 Do About Them? Econostats,
Forbes (2015)----------------------------------455
Wilson, Darryl C., Battle Galactical: Recent Advances and Retreats in the
Struggle for the Preservation of Trademark Rights on the Internet, 12 J. High
Tech. L. 1 (2011)----------------------------------337
WIPO, WIPO Arbitration and Mediation Center-2012 Review (2012)--------------
--------------------399
Woollston, Victoria, Reveal What Happens in One Minute on the Internet:
216,000 Photos Posted, 278,000 Tweets, and 1.8 Million Facebook’s Likes,
Daily Mail (July 30, 2013)----------------------------------1
World Wide Web Foundation, History of The Web (2015)---------------------------
-------13

XLIX

Wu, Tim, Application-Centered Internet Analysis, 85 Va. L. Rev. 1163 (1999)---

-------------------------------45
Wymore, Mary Ann L., Social Media and Fair Use: Pinterest as a Case Study,
Bloomberglaw.com (2013)----------------------------------299
Xue, Hong, Cyber Law in China (2010)----------------------------------38
You’ve Been Framed: Deep Linking & the Law, JGR.web (May 23, 2013)-------
---------------------------311
Zittrain, Jonathan, The Future of the Internet and How to Stop It (2008)-----------
-----------------------24, 49
LI

GLOBAL INTERNET LAW

IN A NUTSHELL®

THIRD EDITION
1

CHAPTER 1
OVERVIEW OF THE GLOBAL INTERNET

In our contemporary lives, we take for granted the unfathomable scale of the
Internet and how it affects everyday life. In early 2015, there were an estimated
876,812,666 websites. The exact size of the Internet is unknown and
unknowable as the virtual universe is continuously expanding. Google Book
alone, with its 130 million digital books, is the equivalent of a virtual treasure
trove of information with it colossal collection of digitalized books from library
collections all over the world.
By early 2015, Wikipedia has 8,524,715 visits per hour and 4,882,558 articles.
Flickr users add five million images each day or sixty photographs a second.
Netflix announced that it had streamed ten billion hours of content in the first
quarter of 2015 alone. “In just a single minute on the web, 216,000 photos are
shared on Instagram; a total of £54,000 ($83,000) sales take place on Amazon;
there are 1.8 million likes on Facebook and three days’ worth of video is
uploaded to YouTube.” Victoria Woollston, Reveal What Happens in One
Minute on the Internet: 216,000 Photos Posted, 278,000 Tweets, and 1.8 Million
Facebook’s Likes, DAILY MAIL (July 30, 2013). As of October 2015, 571
websites go online every minute with a total of 300,316,879 new websites each
year. The virtual universe of the

Worldwide Web is a moving stream, not a stagnant pond.

In 1995, only 1% of the world’s population had Internet access. Internet Users,
Internet Live Statistics (March 28, 2015). “The first billion was reached in 2005.
The second billion in 2010. The third billion in 2014.” On June 23, 2015 at
10:30 (EST), the number of Internet users was 3,149,597,310—approximately
40% of world population. Internet Users, Internet Live Statistics (June 23, 2015).
Where can one begin explaining a topic as vast as global Internet law? There
is an inherent problem in writing about the omnipresent Internet, which is
continuously in the process of becoming—a moving stream, not a stagnant pond.
Courts and legislatures must continually update the law as the Internet creates
new legal dilemmas. The Second Circuit explained the unique issues of Internet-
related trademark law as “attempting to apply established trademark law in the
fast-developing world of the Internet is somewhat like trying to board a moving
bus.” Bensusan Restaurant Corp. v. King, 126 F.3d 25 (2d Cir. 1997).
Cyberspace is an entirely new law space without a transnational sovereign,
international treaty, specialized court system, or virtual dispute resolution
system. Transnational institutions have been slow to develop to forge common
legal norms and dispute resolution systems. National differences among the
regimes of different countries connected by the seamless system of computer
networks will

inevitably transform the law in profound ways. The Internet has made it
necessary to rework every branch of the law, and these ongoing changes will be
examined in this book.

§ 1-1. The History & Technologies of the Internet

(A) HISTORY OF THE WORLD WIDE WEB
The remainder of this introductory chapter focuses on the technology, history,
and the distributed geography of the Internet in order to provide context for
understanding Internet law. Designing legal solutions for the networked
information society requires a clear conception of what is technologically
possible as well as an understanding of the cultural and business context of
Internet law disputes.
What would happen if the Internet suddenly collapsed and shut down
worldwide? Business operations have grown dependent upon the Internet.
Businesses already suffer interruptions in supply chains and operations from
malicious code and defective software design; but attacks on Internet hubs could
result in a breakdown of critical information infrastructure. Cell phones would
shut down as well as desktop computers, laptops, and GPS devices. Electronic
financial institutions around the world would go offline. When this occurred in
only a single country, as what occurred in Cyprus in 2013, the ripple effects
were felt around the world.
Cloud computing would halt, leaving countless businesses without access to
key data, software

applications, and critical infrastructure for businesses, nonprofits, and

governments will suffer dislocations because of interruptions in key business,
banking, military, fiscal, and governmental infrastructure. Medical records,
shipment and aircraft tracking systems, and much of the world’s
communications infrastructure would go down. How might law and society be
different if the U.S. government never invented the Internet? The Internet is of
overarching importance to post-industrial societies. In less than two decades, we
have come to take the Web for granted when we book flights, communicate with
each other, contribute to social media sites, purchase e-books, shop in virtual
bookstores, listen to music, and explore trending videos. A world without text
messages, Twitter (2006), Skype (2003), Pinterest (2010), Instagram (2010),
Foursquare (2009), Yelp (2004), or Facebook (2004) is difficult to imagine, but
these Internet-based inventions have only been a part of mass culture for less
than fifteen years.
Carl Sagan famously said, “We live in a society exquisitely dependent on
science and technology, in which hardly anyone knows anything about science
and technology.” The definition of the “Internet” is an interconnected worldwide
web network of networks employing the Transmission Control Protocol/Internet
Protocol (TCP/IP), which is the basic communications protocol of the Internet.
TCP/IP is a two-layer program. “The higher layer, Transmission Control
Protocol, manages the assembling of a message or file into smaller packets that
are transmitted over the Internet and received

by a TCP layer that reassembles the packets into the original message. The
lower layer, Internet Protocol, handles the address part of each packet so that it
gets to the right destination.” Margaret Rouse, TCP/IP, TECHTARGET.COM (2015).
TCP/IP enables messages to be broken into smaller packets. Routing is
choosing the most efficient path in the network of computers; each packet has
routing information that enables it to reach its ultimate destination. When the
packets leave a personal computer, smartphone or other device connected to the
computer they are transmitted through the network and may start “off in
different directions taking the least busy path at that instant. A machine called a
‘Router’ works out which is the next fastest connection and sends each packet on
its way. During the course of its journey, a packet will travel through many
routers, possibly in many different countries.” Teach, ICT, What is Packet
Switching?
Paul Baran invented packet switching, which, is a communications method
that breaks down all data into packets transmitted via a medium that may be
shared by multiple simultaneous communication sessions. “Baran coined the
term ‘message over shared and distributed networks. Later in the DOD’s
ARPANET which evolved into the Internet.” Bob Brown, Paul Baran, Internet
and Packet Switching Pioneer is Mourned NETWORK WORLD (March 27, 2011).
Packets consist of headers and payloads and are “transmitted individually and
can even follow

different routes to its destination. Once all the packets forming a message
arrive at the destination, they are recompiled into the original message.” Vangie
Bear, Packet Switching, WEBOPEDIA. It is the job of the receiving computer to
reassemble the packets. Every computer connected to the Internet has an Internet
Protocol Address or IP address, which is the unique number assigned to every
computer connected to the Internet. IP addresses are formatted as a 32-bit
numeric address written as four numbers separated by periods, and is evolving
into a newer standard called IPv6, a 128-bit, six-digit standard developed to
accommodate the pace of the Internet’s quick growth.
The Internet Assigned Numbers Authority (IANA) manages the IP address
system. IANA, What is My IP Address? IANA, a U.S. based organization
assigns and allocates IP addresses worldwide. No one used the term, “Internet,”
prior to the early 1980s. The word, “cyberspace,” was coined by William Gibson
in his 1984 science fiction classic, Neuromancer, which was the story of a
computer hacker for hire planning the ultimate computer intrusion:
Cyberspace. A consensual hallucination experienced daily by billions of
legitimate operators, in every nation, by children being taught mathematical
concepts…. A graphic representation of data abstracted from the banks of
every computer in the human system. Unthinkable complexity. Lines of
light ranged in the nonspace of the mind, clusters and constellations of data.
Like city lights, receding.

WILLIAM GIBSON, NEUROMANCER 67 (1984).

The Internet became part of mass culture during the mid-1990s when the
World Wide Web went mainstream. “Tim Berners-Lee invented the World Wide
Web in 1989, about 20 years after the first connection was established over what
is today known as the Internet.” World Wide Web Foundation, History of the
Web (2015). Berners-Lee stood on the shoulders of giants who developed the
conceptual foundation for the Internet at Universities and the U.S. Defense
Department:
Vannevar Bush wrote the first visionary description of the potential uses for
information technology with his description of the “memex” automated
library system.
Norbert Wiener invented the field of Cybernetics, inspiring future
researchers to focus on the use of technology to extend human capabilities.
The 1956 Dartmouth Artificial Intelligence Conference crystallized the
concept that technology was improving at an exponential rate, and provided
the first serious consideration of the consequences.
The LivingInternet.com, The History of the Internet (2015).
The World Wide Web, as we know it today, was prefigured by the Internet
created by the U.S. Department of Defense’s Advanced Research Projects
Agency (ARPA). The Defense Department launched ARPA in 1969 as a
communications network that

could survive a nuclear war. ARPANET, which was proposed by President

Eisenhower in the 1958 Air Force appropriations bill, evolved rapidly from a
government and educational network to a commercialized space.
Subsequently, ARPANET expanded to encompass corporations, universities,
and, lastly, the public. “ARPANET” came to be called the “DARPA Internet,”
and, finally, just the “Internet.” From 1966 to the late 1970s, the Internet
continued to evolve through the efforts of a relatively small network of
individuals, which expanded it to government and research universities with
local-area networks.
(B) NSFNET
The National Science Foundation (NSF) received a grant from the federal
government and assumed control of the T1 backbone from ARPA in the mid-
1980s. NSFNET originally limited the Internet to education, military, and other
governmental purposes, prohibiting commercial uses. By the mid-1980s, the
NSF employed packet switching to develop the major backbone communications
service for the Internet.
Scientists at ARPANET developed TCP/IP to enable computers to
communicate with each other across the United States. It was not until the mid-
1980s that computer scientists at most U.S. universities had Internet access.
Several other governmental agencies also developed computer networks so their
researchers could communicate

and share data. The retiring of the ARPANET and its transfer to the NSFNET
was significant in creating the open Internet:
The NSFNET was soon connected to the CSNET, which linked
Universities around North America, and then to the EUnet, which
connected research facilities in Europe. Thanks in part to the NSF’s
enlightened management, and fueled by the popularity of the web, the use
of the Internet exploded after 1990. LivingInternet.com, The History of
the Internet (2015).
The first four computers connected to the Internet were located at the
University of California-Santa Barbara, Stanford University, UCLA, and in
Utah. By 1977, ARPANET’s network of interconnected computers expanded to
111 computers spanning the United States. Satellite links enabled ARPANET to
connect computers in all forty-eight continental states, Hawaii, and Europe. The
First Internet Connection Crashed the Internet, MOTHERBOARD (Mar. 30, 2012).
In 1981, the Internet consisted of 300 computers and by 1985; the Internet
consisted of 2,000 connected computers. As late as 1989, that number stood at
fewer than 90,000 computers. ARPANET and U.S. Department of Defense
contractors developed the Tier One (T1) backbone for the Internet, which were
the principal data routes in the Internet’s formative period.
Few people outside of the military and educational institutions used e-mail or
electronic bulletin boards during the formative years of the

Internet. A turning point occurred when computer scientists at the University

of Minnesota created Gopher, the first user-friendly interface in 1991. The
Gopher search engine enabled users to search, distribute, and retrieve documents
from the Internet, prefiguring the World Wide Web’s friendly user interfaces.
The National Center for Supercomputing Applications at the University of
Illinois launched ‘Mosaic,’ the first graphical web browser in 1993.
The privatization of the Internet began in the early 1990s when NSF opened
the Internet up to businesses. In 1990, the NSF held the first workshop on “The
Commercialization of the Internet” at Harvard University. The NSF lifted the
ban on commercial traffic in 1991, jumpstarting the 24/7 virtual marketplace we
know today. Non-state actors including companies and non-governmental
organizations began to play an increasingly important role beginning in the mid-
1990s.
In cooperation with NSF, private companies developed a T3 backbone,
connecting the networks of major companies. By September 1995, the demand
for Internet registration had become largely commercial (97 percent) and began
to expand exponentially. The commercialized Internet created new legal
dilemmas such as how to adapt personal jurisdiction to websites and whether to
treat digital signatures and records as the equivalent of traditional signatures and
paper-based records. By the mid-1990s, U.S. courts began to resolve Internet-
related jurisdictional disputes between business entities selling products and
services on

the Internet. By 2000, nearly every state adopted the Uniform Electronic
Transactions Act, a statute that treats digital signatures with the same legal force
as traditional pen signatures.
Domain name governance was once solely the province of the United States
government, which appointed the National Science Foundation (NSF) to
supervise the domain name registration system until May 1993 when Network
Solutions, Inc. (NSI) was charged with administering of the domain name
registry under a sub-contract with the U.S. Defense Information Systems Agency
(DISA). The Internet Corporation for Assigned Names and Numbers (ICANN)
currently controls the “domain name system” (DNS).
In September 1998, when NSF’s agreement with NSI expired, the number of
registered domain names surpassed 2 million. Today, there are over 2.5 billion
Internet users. The current “Internet Protocol version 4” (IPv4) has the capacity
to support 4.2 billion addresses. Each computer assigned to the Internet has a
unique IPv4 address and thus it is a critically important element of Internet
infrastructure. This address space will be greatly expanded by IPv6 to space for
an estimated trillion addresses. Veni Markovski describes the differences
between IPv4 and IPv6 as comparing a tennis ball to the sun. Veni Markovski,
ICANN, Vice President for Russia, CIS and Eastern Europe, Remarks at The
Geopolitics of Internet Governance, Center for Strategic & International Studies
(May 23, 2013).

Within a decade, the computer scientists of the U.S. Department of Defense’s

(DoD) Advanced Research Projects Agency Network (ARPANET) used
“Transmission Control Protocol/Internet Protocol” (TCP/IP) to network
computers across the United States. The TCP/IP protocol is the most widely
used communication system within the Internet, and functions to enable file
transfers, e-mail, remote terminal access, and other vital essential tools of the
World Wide Web. The TCP is the data packeting protocol whereas IP is the
protocol for routine packets. Each packet has a header containing its source and
destination, a block of data content, and an error checking code.
“Internet Protocol Numbers” (IP) encompass four groups of digits separated
by periods, such as “192.215.247.50,” pinpointing the location of a specific
computer connected to the Internet. The domain name system (DNS) protocol
replaces strings of numbers with easier to remember words. Increasingly,
copyright owners are using this information to catch repeat copyright infringers.
Service providers generally collect this data for administrative purposes to
improve system performance.
Tim Berners-Lee is the George Washington of the World Wide Web as well as
the Internet’s Thomas Jefferson and Benjamin Franklin all rolled into one
person. He developed the first “Graphic User Interface” (GUI) browser, named
the “World Wide Web,” and launched the first web page on August 6, 1991.
Berners-Lee’s life work reflects the saying: “The best way to predict the future is
to invent it.”

Tim Berners-Lee created the three most important technologies enabling the
Internet to be user-friendly:
HTML: HyperText Markup Language. The publishing format for the Web,
including the ability to format documents and link to other documents and
resources.
URI: Uniform Resource Identifier. A kind of “address” that is unique to each
resource on the Web.
HTTP: Hypertext Transfer Protocol. Allows for the retrieval of linked
resources from across the Web.
World Wide Web Foundation, History of The Web (2015).

§ 1-2. Internet Technologies Demystified

The Internet is named after the Internet Protocol, the standard
communications protocol used by every computer on the Internet. The five types
of hardware comprising key Internet technology infrastructure are: (1) hubs, (2)
bridges, (3) gateways, (4) repeaters, and (5) routers. Routers and bridges
transmit information from one network area to another. A switch is a network
device that selects how data gets to its next destination. These devices may be
used to transmit data from the Internet to Local Area Network (LAN)
destinations and vice versa. Companies may connect their personal computers to
a Wide Area Network (WAN), which utilizes routers to transmit data between
LANs.

(A) HUBS OR IXPS

The Internet’s major hubs or network access points are physical entities that
connect computers around the world. The Internet Exchange (IX) acts as a
junction between multiple points of Internet presence. Here, peers are able to
connect to each other in order to exchange local Internet traffic. An oppressive
regime can use their hubs as a kill switch without affecting the Internet in other
nations. China, for example, creates temporary blackouts of its Internet to stifle
the political opposition, a policy sometimes referred to as “The Great Firewall of
China.” The United States Congress is debating installing a kill switch that could
shut down the Internet in the event of a national emergency.
The proposed “kill switch” is opposed by many academics and policymakers
who note that Hosni Mubarak, the then Egyptian President caused the Internet to
go dark to stymie massive demonstrations against his regime during the Arab
Spring in 2012. “Today you can run an approximation of 1984 out of a couple of
rooms filled with server racks.” Matthieu Aikins, Jamming Tripoli, WIRED (June
2012), at 146, 176. The supporters of the “Kill Switch” contend that it will only
be used in a true emergency against cybercriminals that threaten America’s
information infrastructure.

(B) BRIDGES
A bridge is an intelligent connectivity device connecting computers on a Local
Area Network (LAN) and World Area Network (WANS). A bridge examines
each message on a LAN, sorting and forwarding messages between LANS and
WANS.
(C) GATEWAYS
A gateway is the network point that acts as an entrance into another network
and typically includes a firewall designed to block out unrecognized Internet
protocols. Firewalls authenticate data and identify users, preventing intruders
from intercepting data or planting viruses. The proxy server, or application
gateway, runs on the firewall. Application gateways employ authentication and
logging tailored for whether high security is required as for the military,
banking, or the healthcare industry.
(D) ROUTERS
The Internet is essentially a collection of communication networks
interconnected by bridges and/or routers. A router is hardware that essentially
routes, or guides, computer traffic along a network. Cisco Systems is a leading
producer of routers, which are intelligent devices conjoining routed data over
many networks. The packet switching system allows efficient traffic control on
the network.

(E) REPEATERS
Wireless repeaters amplify a signal once it loses strength or is attenuated as it
is transmitted along a cable network. This repeater takes a signal from a router or
access point and rebroadcasts it, creating what is, in effect, a second network.
Repeaters remove noise and solve the problem of attenuation caused by cable
loss. Wireless repeaters are frequently used in “hot spots” to improve signal
range and strength. In a home wireless network, repeaters help extend a signal
across a wider area.
(F) CABLE MODEMS
By the early 1990s, telephone access to the Internet was largely displaced by
DSL and broadband. Today Internet users access the Internet using three
methods: (1) by smartphones, (2) Wi-Fi, and (3) a broadband connection.
Smartphones enable consumers to make phone calls, send text messages, send e-
mails, surf the Internet, navigate using GPS, and play media files. In 1999, the
Internet was able to transmit at a speed of 2.5 Gbps. Less than a decade later,
software engineers beta tested transmission speeds of more than 10 billion bits
per second (10 Gbps). By early 2015, Bell Labs measured a prototype’s
frequency range for data transmission of 106 MHz, enabling broadband speeds
up to 500 Mbps over a distance of 100 meters.

(G) BANDWIDTH
Bandwidth is the bit-rate of available or consumed information capacity with a
measurement unit as bits per second (bps). High bandwidth is required for fast
transmission on the Internet. To place bandwidth in perspective, the first
modems developed in 1958 had a capacity of only 300 bps. Modern modems,
using standard telephone lines, have the capacity to transmit data at up to 56
thousand bits per second, or 56 Kbps. A date rate of 1000 bps is equal to 1 Kbps.
In 2010, the Federal Communication Commission (FCC) classified broadband
speeds ranging from 200 Kbps, or 200,000 bits per second, to six Mbps, or
6,000,000 bits per second. In 2015, the FCC updated its broadband threshold to
25 megabits per second (Mbps). XFINITY offers a 505 Mbps using a fiber-
based service.
(H) DSL
Digital Subscriber Lines (DSL) enables high-speed data transmission of digital
data over traditional copper telephone wire. DSL incorporates an uninterrupted,
high-speed connection directly to an Internet Service Provider (ISP).
Asymmetrical Digital Subscriber Line (ADSL) is broadband and used
principally for residential users and applications. ADSL enables faster
downstream data transmission over the same line used to provide voice service
without disrupting regular telephone calls using that line.

Symmetrical Digital Subscriber Line (SDSL) is a broadband application with

equal downstream and upstream traffic speed used by many businesses.
“Downstream” refers to data sent from the ISP “down” to the PC; conversely,
“upstream” means data transmission from the PC to the ISP.
(I) SEARCH ENGINES
An Internet search engine categorizes and indexes information or websites.
When I want to listen to my son’s music, I can find it by typing the keywords,
“James Rustad” and “music.” into a search engine to locate all web pages on the
Internet containing these keywords. Users can download and listen to James’
original songs at https://www.youtube.com/user/guitarjr or learn about his latest
gigs at www.jamesrustad.com. Search engines such as Google create lists of
websites corresponding to the searched term, “James Rustad.”
Google, Bing, Yahoo!, Ask, America Online, Wow, and WebCrawler, are the
most popular U.S. search engines according to an eBiz/MBA survey assessing
Alexa Global Traffic rankings. Google, Bing, and Yahoo! are the most popular
search engines worldwide. The browser wars are largely between Microsoft’s
Internet Explorer, Google’s Chrome, Mozilla’s Firefox40.0.3, Apple’s Safari,
and Opera.
(J) MOBILE DEVICES & APPLICATIONS
Cisco estimates that almost a half billion mobile devices and connections were
made in 2014. “Global mobile devices and connections in 2014 grew to 7.4

billion, up from 6.9 billion in 2013. Smartphones accounted for 88 percent of

that growth, with 439 million net additions in 2014.” Cisco, Cisco Visual
Networking Index Update 2014–2019 (Feb. 3, 2015). Global mobile data traffic
grew 69 percent in 2014. Mobile Applications running on these devices allow
the user to connect to other computers on the internet.
Zeebox, Flixster, Netflix, and now Apple are four of the best applications for
streaming movies and television. TV Guide, GoWatchIt, and Beamly are three of
the best applications for streaming television. Kindle, Aldiko, and Goodreads are
three of the most popular book applications in 2015. Pandora, iHeartRadio, and
TuneinRadio are three of the most popular radio streaming applications. Spotify,
is by far the most popular music streaming service in 2015 but Soundcloud and
Poweramp all give Internet users an all you can listen to sound buffet.
Facebook’s $1 billion purchase of Instagram in 2012 evidences the growing
impact of mobile apps as a gateway for Internet access.
Instagram, which was designed specifically for mobile applications, enables
Facebook to capture a larger segment of the ever-increasing population of
Internet users accessing the Internet via smartphones or other mobile devices.
Users download Mobile applications through various distribution platforms,
such as Apple’s iTunes App Store for the Apple iPhone and iPod.

§ 1-3. Web 1.0, 2.0 & 3.0

(A) THE ASYNCHRONOUS INTERNET
Web 1.0 describes the passive Internet, where forums and bulletin boards were
the exclusive way to post information. Web 1.0 offered little by way of
interactivity, aside from users sharing files, writing in guest books, and posting
comment forms. Under Web 1.0, the owner of the website was the only
publisher and communications were asynchronous, meaning that it is
independent of time and place. Chapter 3 explains how U.S. courts are using
anachronistic tests for personal jurisdiction that tacitly assume that the Internet
continues to be largely asynchronous.
(B) THE SYNCHRONOUS INTERNET
The Internet is no longer primarily about listservs or non-interactive bulletin
board for posting information. Web 2.0 is the current Internet, which is
interactive, individuated, and user generated. Web 2.0 users connect through
blogs and social media. Wikis are an example of a Web 2.0 platform that allows
users to work collaboratively. Web 2.0 increases the scope of synchronous
communications, such as online chats, audio, and video. The WWW is in Web
2.0 and constantly in the process of evolving into Web 3.0. Personal jurisdiction
tests based upon Web 1.0 based upon the mere interactivity of websites has been
overtaken as all but a few sites are interactive or Web 2.0.

(C) WEB 3.0’s ONTOLOGY

The Web 3.0 or the semantic web refers to the latest stage in the evolution of
the Worldwide Web. World Wide Web Consortium (W3C), an international
voluntary organization, develops open standards to ensure the long-term growth
of the Web through standard protocols, ensuring interoperability. The W3C is
working on standards for a more interactive and intelligent Web 3.0. The W3C
led “semantic web” employs groundbreaking languages such as the Resource
Description Framework (RDF) and the Web Ontology Language (OWL). RDF is
a standardized language of the web, which enables computer systems to infer or
extrapolate relationships between databases and computer users. The Web 3.0
language fashions the multi-tier representation behind a web page using
Universal Resource Identifiers.
The semantic web is beginning to evolve out of Web 2.0 formats of XML
tagging, folksonomies, and microformats to the computer readable format of
RDF and OWL. The RDF is layered on top of the HTML and other WWW
protocols. Web 3.0 will continue to evolve but it will not entirely displace Web
2.0. Web 3.0 creates a need to update personal jurisdiction tests and the meaning
of purposeful availment in cyberspace, a topic addressed in Chapter 3. Web 3.0,
in turn, is evolving into an Internet of Things (IoT) where smart devices
communicate human-to-computer and computer-to-computer. Wired describes
the IoT as: revolving around machine-to-machine communications built on a
cloud computing infrastructure and data sensors,

enabling “mobile, virtual, and instantaneous connection” controlling

everything from streetlights to seaports “smart.” Daniel Burris, The Internet of
Things is Far Bigger Than Anyone Realizes, WIRED (Nov. 2011). The latest
evolutionary stage is the Internet of Things (IoT):
To put this in perspective, the fixed Internet, which is really what we mostly
thought about back in the 1990s, connected about a billion users to the
Internet, primarily via their desktops. In the 2000s, we had the second wave,
which connected about two billion people to the Internet via their mobile
devices. What we’re talking about now with the Internet of Things is
connecting about 20 billion or more things to the Internet in the course of
the next decade. And if you think about what kinds of things really should
be connected, or why would we connect them, it’s anything from things in
your home, like your smoke alarm or thermostat or security camera, to
things on the manufacturing floor, like heavy industrial equipment, to cars
and trains and wearable devices.
Simona Jankowski, Goldman Sachs Global Investment Research, The IoT as
the Third Wave of the Internet (Sept. 2014).

§ 1-4. Setting Standards Through Voluntary Organizations

(A) OPEN SYSTEMS INITIATIVE
The International Standards Organization’s Open Systems Initiative Model
(OSI) conceptualized networking as an assembly line composed of seven
different layers or stages. The seven layers are the physical, data link (where
data packets are coded and decoded), network (switching and routing), transport
(hosts and data flow), session (manages connections between applications),
presentation (encryption), and application (and end-user processes). OSI’s aim is
to create an open networking environment in which all systems can interconnect
and are interoperable worldwide so that computer systems made by different
vendors can communicate with each other.
The seven-layer model processes the data after the web browsers or other
applications make requests. Each of the seven generalized layers performs
precise functions to ensure that data travels seamlessly across the network. The
OSI converts data into packets that consist of zeroes and ones, and are
transferable over the network. When a computer receives one of these packets, it
runs through the assembly line backwards. After this “disassembly,” the OSI
reassembles the data into the order sent. The entire purpose of the OSI seven-
layer model is to enable interoperability and to facilitate comparisons between
communications tools.

(B) INTERNET ENGINEERING TASK FORCE

The Internet Engineering Task Force (IETF) and the Internet Architecture
Board (IAB) are two of the most important global standards-setters for the
Internet. The IETF identifies and proposes solutions for technical problems on
the Internet. The IETF is an example of the generativity of collaborative
community described by Jonathan Zittrain in his 2009 book, The Future of the
Internet and How to Stop It. The public Internet is a generative technology
because it allows individuals and voluntary organizations to improve it. Open
source software that can be freely changed enables generativity because users
improve the code and share it with the community versus proprietary software
that treats the source code as a trade secret.
(C) ISOC
The Internet Society (ISOC) is a “cause-driven voluntary organization that
supports the IETF and the IAB to ensure that the Internet remains open and
transparent.” Internet Society (ISOC),
https://www.arin.net/participate/governance/isoc. html. “ISOC is the
organizational home of the Internet Engineering Task Force (IETF), the Internet
standards body responsible for developing the Internet’s technical foundations
through its open global forum.” The Internet evolved rapidly in large part
because of the role of nonhierarchical, open standards-setting organizations such
as ISOC.

25
ISOC’s focus is on connecting the world, collaborating with others, and
advocating for equal access to the Internet.” ISOC works on issues such as
access, privacy, Internet exchange points or hubs, children and the Internet, net
neutrality, spam, domain names, and open network standards. The organization
provides insurance coverage for those involved in the IETF standards-setting
groups. On February 2015, the Federal Communications Commission endorsed
net neutrality in its decision to reclassify broadband Internet services as
communications services under Title II of the Communications Act of 1934.
Lydia Beyoud, Net Neutrality Bill, BLOOMBERG BNA: ELECTRONIC COMMERCE &
LAW REPORT (Mar. 16, 2015).

§ 1-5. The Future of the Internet

Today’s Internet is a virtual network that connects 3.03 billion users. Twenty
years ago in 1995, there were only 16 million users worldwide. Only .4 of one
percent of the world’s population had any Internet access. By 2005, the number
of Internet users reached 1.02 billion comprising 16% of the population. Today,
3.17 billion persons have Internet access, which accounts for 42% of the 7.2
billion world population. Internet World Stats Internet Growth Statistics (June 1,
2014). Still slightly more than one in three of the 7.2 billion persons in the world
have Internet access.
This chapter has examined the history of the Internet and how it evolved from
a public work sponsored by the U.S. military and government project to a
worldwide-commercialized Internet.

The Internet Society contends that the revolutionary openness of the Net has
been its secret of success:
The Internet has changed the world. Open access to the Internet has
revolutionized the way individuals communicate and collaborate,
entrepreneurs and corporations conduct business, and governments and
citizens interact. At the same time, the Internet established a revolutionary
open model for its own development and governance, encompassing all
stakeholders. The development of the Internet relied critically on
establishing an open process. Fundamentally, the Internet is a ‘network of
networks’ whose protocols are designed to allow networks to interoperate.
To date, most law school classes concerning the Internet spend a
disproportionate amount of time on U.S. cases and statutory developments to the
exclusion of global and foreign-law developments. This nutshell presents leading
U.S. cases and statutory developments but also includes an analysis of foreign
law developments at the end of each chapter. Chapter 7, for example will
examine the consequences of ubiquitous computing on privacy covering topics
such as the proposed General Data Protection Regulation. Chapter 2 examines
the problems of governance and how multi-stakeholder models have evolved to
create today’s open Internet. The path of Global Internet law will be explored in
the chapters ahead.
27
CHAPTER 2
PERSPECTIVES ON GLOBAL INTERNET GOVERNANCE

§ 2-1. Overview of Cyberlaw

By the beginning of the twentieth century, the U.S. legal system was
beginning to update statutes to reflect the unique issues created by the rise of the
automobile, streetcar, and railway. Today the Internet is playing a similar role in
changing the nature of modern society. Modern philosophers such as Martin
Heidegger describe society as a moving stream rather than a stagnant pond. The
Internet is not a timeless essence but rather the fastest growing information
technology in world history. The rise of the Internet is a source of legal lag for
every branch of law that must accommodate to this new information technology.
The Internet, by definition, is a global institution. “The fact that much Internet
content can be accessed simultaneously in most countries raises jurisdictional
challenges along with the specter of differing cultural norms that may come into
conflict in terms of attitudes to appropriate regulation.” Jacqueline Lipton
identified three important features of cyberspace: “(a) global reach of the
Internet, (b) differing norms of behavior that occur online as compared with
those in the physical world and (c) kinds of harms suffered as the result of
undesirable behavior online.”

JACQUELINE LIPTON, RETHINKING CYBERLAW: A NEW VISION FOR INTERNET

LAW 3 (2015).
This chapter summarizes the leading theories of governance and helps the
reader recognize when courts and legislatures have adopted these perspectives in
topics covered in other chapters. After providing a theoretical overview of the
case for and against a specialized Internet law, this chapter concludes with a
discussion of the leading theories for Internet governance.
(A) AGAINST INTERNET LAW
In 1996, Judge Frank Easterbrook, a Seventh Circuit U.S. Court of Appeals
judge, spoke at a University of Chicago academic conference on cyberspace law.
In Judge Easterbrook’s opinion, devoting time and effort to studying “the law of
the Internet” makes as much (or as little) sense as studying “the law of the
horse.” He explains that: “Lots of cases deal with sales of horses; others deal
with people kicked by horses; still more deal with the licensing and racing of
horses, or with the care veterinarians give to horses, or with prizes at horse
shows. Any effort to collect these strands into a course on “The Law of the
Horse” is doomed to be shallow and to miss unifying principles.” Judge
Easterbrook thought it was better for law students interested in horse law to take
overarching subjects such as property, torts, contract law, and intellectual
property and stretch these principles to cases that involved horses. Judge
Easterbrook’s broader observation is that the law of cyberspace requires no
reworking of basic property law and

there was no need to develop a specialized Internet law.

Internet jurisdiction, discussed further in Chapter 3, illustrates how courts
have stretched the minimum contacts framework to cyberspace without creating
special rules. Similarly, Chapter 6, which discusses torts confirms Judge
Easterbrook’s point because many cybertorts are simply “new wine in old
bottles.” However, even tort law must evolve to accommodate to the Worldwide
Web. Contrary to those who oppose the study of cyberlaw as a distinct subject, a
unique Internet law has emerged over the past two decades. For example, the
dynamic development of the Worldwide Web has led to a reworking of many
basic principles of copyright law, trademark law, trade secrets, and patent law.
Chapters 10–13 will examine these issues in depth.
(B) DEFENSE OF INTERNET LAW
“Some commentators have argued that … cyberlaw can still teach us
important lessons about the nature of legal regulation.” “[C]yberlaw is an
important conceptual field within which to contrast the nature of law as a
regulator of human conduct against other regulatory modalities, notably system
architecture, or software code.”
JACQUELINE LIPTON, RETHINKING CYBERLAW: A NEW VISION FOR INTERNET
LAW 1 (2015).
Indeed, Lawrence Lessig also disagrees with Judge Easterbrook, arguing that
there is much value in studying the intersection between law and cyberspace as
well as the interaction of markets,

norms, and architecture. In Code and Other Laws of Cyberspace, Version 2.0,
Lessig gives the example of how code results in a more regulable cyberspace.
Lawrence Lessig, Code and Other Laws of Cyberspace, Version 2.0 (2006). He
also notes how privacy traditionally had physical limitations and high costs in
monitoring behavior.
Lawrence Lessig explains the significance of architecture in firming up the
rights of the disabled in the physical world; the disabled had no rights until the
law intervened; because norms were ineffective. Lawrence Lessig, Code and
Other Laws of Cyberspace, Version 2.0 (2006) at 2. While the market provided
goods to help the disabled, “they bear the full costs.” Lessig, a founding father of
the Berkman Center at Harvard University, contends that Internet law
illuminates the entire legal landscape, offering new perspectives on topics such
as intellectual property, globalization, private regulation, and Internet
governance. Cyberlaw is not just about statutes or cases but also encompasses
the architecture of the Internet, informal norms, as well as industry standards.
Lessig identified four modalities of Internet regulation: law, norms, markets,
and software architecture. LAWRENCE LESSIG, CODE AND OTHER LAWS OF
CYBERSPACE (1999). The functions of architecture or real-space code are not a
matter of technological necessity but rather a human-created mechanism for
controlling the Internet. Lessig’s contribution to Internet law was his
conceptualization of code as law: “We can build, or architect, or code
cyberspace to protect values that

we believe are fundamental.” The Internet, for example, creates new copyright
wars that influence the future of the public domain of ideas because of conscious
decisions to encrypt or protect code. The Internet enables a remarkable variety of
new crimes, torts, and ways to infringe patents, trademarks, and copyrights as
well as its many positive functions. Cyberharassment involves threats of
violence, privacy invasions, reputation harming lies, and calls for strangers to
physically harm victims.” DANIELLE KEATS CITRON, HATE CRIMES IN
CYBERSPACE 3 (2014).
The lack of physical interaction online means that Internet law deals entirely
with intangible property. JACQUELINE LIPTON, RETHINKING CYBERLAW: A NEW
VISION FOR INTERNET LAW 2 (2015). “Along with the importance of information
as a central tenet of cyberlaw, all online interactions involve the participation of
one or more intermediaries—organizations that enable digital information
exchange.” “In many ways, cyberlaw is the law of third-party mediated
information exchanges.” Lipton notes:
Internet intermediaries of consequence to governance include: “search
engines, online social networks, e-retailers, online auctions, data
aggregators, blogs, educational institutions and governments.” Internet law
governs intangible property given there is the lack of a physical presence.
The central role of intermediaries and intangible information is a unique
feature of Internet law.

Internet theories of governance classically have not focused on intermediate or

meso-governance. Instead, Internet macro-theorists fall into five camps: (1) self-
governance or libertarian, (2) global transnational, (3) code and Internet
architecture, (4) national governments and law, and (5) market-based or
economic-based regulation. The chart below provides the basic attributes of the
five grand theories identified by Lawrence Solum in Models of Internet
Governance, Chapter 2 in MODELS OF INTERNET GOVERNANCE INFRASTRUCTURE
AND INSTITUTIONS 48–55 (Lee A. Bygrave ed. 2009).
33

§ 2-2. Self-Governing or Libertarian Governance

(A) LIBERTARIAN MANIFESTO
In the late 1980s and early 1990s, cyberlibertarianism was the prevailing
perspective on Internet governance. Hannibal Travis describes how “cyberspace
networks the globe” drawing upon the work of science fiction writer, William
Gibson’s Neuromancer, who coined the term, cyberspace:

Its ‘bright lattices of logic simulate and transcend to the world in a ‘cage of
neon.’ Yet attempts to restrict it are at the center of key legal battles of our
time.
HANNIBAL TRAVIS, CYBERSPACE LAW: CENSORSHIP AND REGULATION OF THE
INTERNET (2013) at 1.
By the mid-1990s, the romantic idealism of Barlow, Johnson and Post and
cyberlibertarians gave way to a pragmatic realism of actual governmental control
of the Internet. Governments around the world have exercised control of the
Internet enacting countless civil and criminal statutes backed by civil and
criminal penalties.
From the libertarian perspective, this new media of communication creates an
entirely new “global village,” that is beyond the reach of law. John Perry
Barlow, in his 1996 essay, “A Declaration of Independence for Cyberspace,”
argued that governments have no business repressing content in the flattened
world of the Internet: “In our world, all the sentiments and expressions of
humanity, from the debasing to the angelic, are parts of a seamless whole, the
global conversation of bits.” Barlow stated, “On behalf of the future, I ask you
of the past to leave us alone.”
Barlow’s utopian vision was an Internet free from government censorship:
“Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind.” He famously thundered, “The
First Amendment is a local ordinance, where is the consent from Netizens for
any country imposing its laws on the Internet?”

By what authority does the U.S. impose its First Amendment on the rest of the
world?
This argument brings to mind a Seinfeld episode, “The Pothole,” which
featured Kramer complaining about a poorly maintained highway outside of
New York City after he ran over an abandoned sewing machine. Kramer
proceeded to repaint the four-lane highway creating two extra-wide lanes with
the intent to transform it into a “two lane comfort cruise.” By what authority did
Cosmos Kramer have the right to repaint the lines on the highway converting it
to a two-lane comfort zone? When can a given nation state legitimately impose
its sovereignty on the borderless Internet?
John Perry Barlow’s insight is that legitimacy must ultimately come from the
consent of Internet users in hundreds of countries. Barlow wrote his Manifesto
shortly after the German government prosecuted a Bavarian Internet service
provider for enabling German users to access objectionable content such as Nazi
memorabilia or hateful commentary posted by third parties. By what authority
can a Bavarian court order a U.S. service provider to block content to German
citizens? Under this same argument, what gives the European Union the right to
require U.S. companies like Google to comply with its right to be forgotten
provision of the General Data Protection Regulation?
Barlow’s concern about widespread censorship on the Internet has
materialized. China, Syria, Saudi Arabia and many other countries censor
Internet content because their regimes do not value free

speech or expression. China’s “great firewall” screens out information

threatening to the regime. Libertarians fear that an alliance of authoritarian
governments will use the United Nations as an instrumentality of control over
free expression on the Internet. By what authority can Internet visitors demand
that the degrading portrayal of Mohammed in the Innocence of Muslims film
trailer be stricken from the cyberspace landscape?
(B) DECENTRALIZED GOVERNANCE
David Johnson and David Post’s article portray the sovereign Internet as a
separate realm beyond the ability of individual nation states to govern. David R.
Johnson & David Post, Law and Borders—The Rise of Law in Cyberspace, 48
STAN. L. REV. 1367, 1367–75 (1996). Cyberspace, in their view, is beyond the
control of any nation state because it transcends the law’s central assumption of
reliance on territorial borders. Johnson and Post describe a sovereign legal space
bounded by screens, access controls, and passwords, rather than territorial
boundaries.
The argument that cyberspace is a distinct place, beyond the rule of territorial
sovereigns, is refuted by two decades of Internet law developments in the U.S.
and other countries. “For a long time, the Internet’s enthusiasts have believed
that it would be largely immune from state regulation. The theory was not so
much that nation states would not want to regulate the Internet, it was that they
would be unable to do so, forestalled by the technology of the medium, the
geographical distribution of its users, and the nature of its content.” James
Boyle,

Foucault in Cyberspace: Surveillance, Sovereignty and Hardwired Censors,

66 U. CIN. L. REV. 177, 178 (1997).
Still, private ordering has played an even greater role than governments in
many Internet governance functions. There are overt libertarians who are also
digital utopians—figures like Jimmy Wales, Eric Raymond, John Perry Barlow,
Kevin Kelly, Peter Thiel, Elon Musk, Julian Assange, Dread Pirate Roberts,
Sergey Brin, and the members of the Technology Liberation Front who
explicitly describe themselves as cyberlibertarians.” David Golumbia,
Cyberlibertarians’ Digital Deletion of the Left, JACOBIN MAGAZINE (Dec. 13,
2013).
Cyberlibertarians across the political spectrum focus a great deal on the
promotion of tools, objects, software, and policies whose chief benefit is their
ability to escape regulation and even law enforcement by the state (including
surveillance-avoidant technologies and applications such as Tor, end-to-end
encryption, PGP and Cryptocat). They routinely portray government as the
enemy of democracy rather than as its potential realization.”

§ 2-3. Transnational Governance

In late 2015, there are more than three billion Internet users worldwide.
Twenty years ago, there were only 44.8 million users. Today China alone has an
estimated 648 million Internet users. The Internet is reshaping every aspect of
human social existence, creating legal dilemmas in every procedural and
substantive field of law. Radically different legal

38
38

cultures encounter each other on a 24/7 basis for the first time in history
creating new legal dilemmas. United States Supreme Court Justice Benjamin
Cardozo’s description of judicial process applies equally well to the Internet:
“Nothing is stable. Nothing absolute. All is fluid and changeable.”
Courts and legislatures are increasingly scrambling to update the law to
account for the global Internet. Internet law can no longer be a U.S. centric
subject of study either. See generally, HONG XUE, CYBER LAW IN CHINA 17–21
(2010) (noting China has the most mobile communications users and passed the
U.S. in the number of Internet users).
Nearly every Internet issue requires a global solution. Cyberwarfare, by its
very nature, is a global phenomenon, as is cyberterrorism. Because there is no
international agreement governing data privacy, private actors often have no
recourse but to buckle under to national governments requiring compliance as a
condition of doing business. Google and Facebook, for example, have agreed to
hand over user data to the French government when these social media are the
instrumentality for ‘violent threats.’ Sam Schener, Tech Firms, French Police,
Ally in Terrorism Fight, WALL ST. J. (Apr. 22, 2015). Cyberlaw is a borderless
legal environment, where national regulation continues to predominate as
opposed to transnational authorities. The regulation of domain names, discussed
in Chapter 11, is a notable exception because it is truly a global solution to
resolving disputes between trademark and domain name owners. All registrars
must follow

the Uniform Domain-Name Dispute-Resolution Policy (UDRP), which gives

trademark owners a remedy against abusive domain name registrants. The
UDRP allows trademark owners to file complaints with approved UDRP
providers.
(A) CO-REGULATION OF THE INTERNET
Co-regulation of the Internet by civil society envisions governance by diverse
stakeholders from hundreds of nation states agreeing to core procedural and
substantive principles. This model is often described as multi-stakeholder
governance. The United Nations Secretariat established the Working Group on
Internet Governance (WGIG) to propose governance solutions for the
information society at the World Summit on the Information Society (WSIS).
Transnational Internet Governance is a counter-hegemonic alternative to top-
down governance by any one nation state.
In its Final Report, the WSIS concluded that the international management of
the Internet should be multilateral, transparent, and democratic. Shared
governance and meaningful participation by diverse stakeholders is WSIS’s
ideal organizational form.
(B) UN-ANCHORED WGIG MODELS
(1) Global Internet Council

WGIG posited four alternatives for international Internet governance that

illustrate Lawrence Solum’s second model of evolving transnational institutions.
Each governance alternative performs necessary coordinating functions such as
audit,

arbitration, policy setting, regulation, and day-to-day operational management

but has a different organizational structure. The UN-anchored Global Internet
Council (GIC) would consist of representatives of national governments, which
would replace the Internet Corporation for Assigned Names and Numbers
(ICANN).
The GIC would first identify public policy issues relevant to Internet
governance and work with existing organizations, much like the civil society
process overseen by the WGIG. The proposal is that GIC would eventually
displace ICANN and create policies more transparently and with greater public
participation because of the role of the UN. The goal would be for the GIC to
synchronize cyberspace public policies and oversee Internet resource
management. The GIC, for example, would supervise IP addresses, introduce
new TLDs, and delegate country code top-level domains (ccTLDs). Examples of
ccTLDs include .us (United States) and .de (Germany).
The GIC would also establish public polices as to spam, privacy,
cybersecurity, and cybercrime that are currently not addressed by other
intergovernmental organizations. Most significantly, this new transnational
entity would oversee all Internet public policy issues including trade and
intellectual property protection.
(2) No Specific Oversight

The “no specific oversight” alternative is a second UN-anchored governance

model that will create a

more democratic oversight of ICANN to resolve current domain name

management issues in a more inclusive way. This minimalist model suggests the
participation of a wider spectrum of stakeholders to allay the concerns that
governmental power will be used to undermine Internet freedom.
(3) International Internet Council

WGIG’s third alternative is a multilateral International Internet Council (IIC)

that displaces ICANN’s Government Advisory Committee (GAC). The IIC will
spearhead public policy issues such as Internet resource management and
universal access. The IIC will resolve Internet resource management issues and
institute transparent and democratic decision-making in a coordinated way.
Eurozone governance, for example, stresses the need to have an open,
transparent and regular dialogue between the European Union and diverse
sectors of civil society.
(4) Mixed Model
The mixed or hybrid model conceptualizes government as leading public
policy development with oversight by a Global Internet Policy Council (GIPC).
The hypothetical GIPC calls for governance supplemented by participation of
civil society and the private sector, but only as passive observers, not as active
participants.
The World Internet Corporation for Assigned Names and Numbers
(WICANN) would theoretically displace ICANN but it has not gained traction as
a

mechanism to displace today’s piecemeal and decentralized Internet

governance.
§ 2-4. Law, Code, Markets, & Norms
Internet law, Lawrence Lessig argues, consists of interrelated conceptual
layers with four interrelated modalities: (1) laws or legal sanctions, (2) social
norms, (3) the market, and (4) code or architecture depicted in the chart below.
Four Modalities Comprising Internet Law: Code as Law

43
Law shapes and is shaped by norms, architecture, and the market in Lessig’s
model of Internet governance. The National Security Agency’s omniscient data
gathering apparatus illustrates Lessig’s architecture of control as does Homeland
Security’s surveillance activities. In December of 2011, the Electronic Privacy
Information Center (EPIC) filed suit against the Department of Homeland
Security to require it to disclose how it monitors and collects data on social
networks such as Facebook. Software also functions as an architecture of
control. Anti-circumvention software constrains fair use and has the potential to
chill speech. Open source architecture, on the other hand,

enables a culture of collaboration and sharing. Lawrence Lessig also notes

how digital signatures and public key encryption illustrates his thesis that code is
law.
(A) INTERNET-RELATED LAW
Cyberspace raises inevitable jurisdictional issues because, by its very
definition, the Internet involves transborder communications across hundreds of
countries. Cyberlaw lacks comprehensive international conventions, codes, or
directives covering diverse topics such as computer security, electronic
contracts, cybertorts, cybercrimes, online privacy, intellectual property, content
regulation or cross-border jurisdictional rules.
Policymakers need to create specialized Internet law but also stretch well-
established brick and mortar doctrines to fit the new realities of cyberspace.
They must consider how Internet architecture, norms, and markets interact with
legal principles. The ever-expanding copyright law, trademark law, and patent
law are attempts by powerful stakeholders to enlarge their rights at the expense
of the Internet commons. Private fences combine with the civil and criminal law
to comprise Internet law and governance. The evolving architecture of the
Internet codetermines laws, norms, and markets.
(B) CODE AS INTERNET LAW
Cyberlaw is not just about statutes or cases but also encompasses the
architecture of the Internet,

informal norms, as well as industry standards. Under Lessig’s model of “code

as law,” digital rights management or access controls is a form of architecture
useful for social control. Software code constrains what Internet users can do
and is legal, which threatens the Internet freedoms. In his book Code and Other
Laws of Cyberspace, Lawrence Lessig took issue with libertarians and others
who argued that the Internet was not regulable. Lessig describes how the
architecture of Paris with its broad boulevards limited the ability of
revolutionaries to challenge state power. LAWRENCE LESSIG, ARCHITECTING FOR
CONTROL: VERSION 1.0 (2000), at 3. Lessig explains how the strategic location of
the German Constitutional Court in Karlsruhe, a six hours drive from the
Bundestag in Berlin, is a geographic constraint against urban-based dissident
groups. The six-hour drive from Berlin creates a barrier against demonstrations
in Karlsruhe.
In the words of Winston Churchill: “We shape our buildings, and afterwards
our buildings shape us.” The Internet is “layered architecture” which enables
“specialized efficiency, organizational coherency, and future flexibility.” Tim
Wu, Application-Centered Internet Analysis, 85 VA. L. REV. 1163, 1189 (1999).
Encryption or digital locks also illustrate how code functions as social control of
Internet users. Digital locks prevent unauthorized users from accessing materials
and are thus an instrumentality for access control as well as cabining conduct.
An online company’s failure to encrypt data may constitute a breach of the duty
to protect the intangible assets of third parties.
46

The functions of architecture or real-space code are not a matter of

technological necessity but rather a human-created mechanism for controlling
access on the global Internet. In Lessig’s view, the software code infrastructure
is, in effect, a form of law. The Internet, for example, creates new copyright
wars that influence the future of the public domain of ideas because of conscious
decisions to encrypt or protect code.
(C) NORMS AS INTERNET LAW
Social norms constrain and shape Internet conduct. Sociologists define norms
as social expectations dividing them into mores (socially important) and
folkways (customary ways of doing things that are more easily changed).
Communities, rather than the government, determine which norms constitute
mores or strict norms that control and punish conduct regardless of the formal
legal rules. Sending sexually charged text messages is part of today’s high
school rate, dating, and mating rituals. “Sexting—the texting of sexually explicit
pictures—is a modern form of risqué love notes that has become controversial
because it can violate mores as well as the law. Overzealous prosecutors charged
three Pennsylvania teenage girls with child pornography for sending
photographs of themselves wearing training bras or baring their breasts to
boyfriends and other peer group members. The legislators who drafted the child
pornography statute never anticipated this stretching of a criminal law statute
enacted to punish adult distributors of child

pornography could have unanticipated consequences for sexters.

In the early years of the Internet, users stigmatizes conduct that violated social
mores such as spamming, online ads, or other commercial misconduct on
professional forums through “flaming” and other forms of vigilante justice.
Posting inappropriate posts or pictures on Facebook is an example of norms as
informal social control. It is also a violation of informal norms to engage in
incendiary exchanges with Facebook posters about politics or religion. Social
norms are enforced by informal norms such as “defriending” objectionable
individuals or screening messages they can transmit. Trolling on Facebook is
making rude or incendiary responses to posts and is often dealt with by informal
norms such as shaming and defriending the offender.
Daniel Solove tells the story of how Internet users enforced norms against an
individual who overused the free Wi-Fi available in a San Francisco Apple store.
Vigilantes posted a YouTube video designed to shame the moocher that drew
millions of views. This “public shaming” video is an example of how user
communities can wield informal sanctions to establish norms and informally
sanction those that break them. Vigilantes stigmatize violations of norms by
reposting obnoxious spam, political diatribes, or racist rantings with critical
commentary. Internet hackers engage in vigilante justice against child
pornographers, vendors who publicly brag that their security products are
impenetrable, and other cyberspace actors that they find offensive.

The Internet has created new norms about the meaning of intellectual property
and whether young people think it is wrong to violate the exclusive rights of
copyright owners by copying and distributing infringing content. The Sociology
of Law Department at Sweden’s Lund University concluded that there was a gap
between copyright law and social norms about the free sharing of content.
Seventy-five percent of young Swedes “did not regard the file sharing of
copyright protected material to be illegal,” or as a normative reason to stop
downloading illegal content. The Lund study interviewed more than a thousand
respondents between ages 15 and 25 concluding that social norms of file sharing
were not impacted by Sweden’s amended copyright law. Svensson and Larsson,
Intellectual Property Law Compliance in Europe (2012).
(D) MARKETS AS INTERNET LAW
The Cato Institute, a research organization dedicated to limited government
and individual liberty, contends that it is not for governments to regulate the
Internet. The Cato Institute contends that policymakers should resist intervention
and allow the Internet to develop market-based solutions to problems.
Regulators should not attempt to fix what is not broken and defer to the free
market that has developed the Worldwide Web.
Opponents of this free-market perspective argue for government oversight in
order to guarantee net neutrality. Consumer advocates point to the need for
government to enact mandatory minimum protection

49
49

for Internet users because the marketplace for privacy and consumer rights has
failed. The free market allows telecomm providers such as AT&T, Verizon, and
Comcast to create different tiers of online service with differential pricing.
Google, for example, faces criticism for directing their searches toward
companies that pay for keyword advertising. The U.S. follows a market-based
approach to consumer protection as compared to the mandatory protections
found in Europe and many other countries connected to the Internet.
(E) THE GENERATIVE INTERNET
Jonathan Zittrain’s magisterial work illustrates Solum’s third model by
stressing the ways that software code and Internet architecture interact.
JONATHAN ZITTRAIN, THE FUTURE OF THE INTERNET AND HOW TO STOP IT 2
(2008). The strength of the Internet is in its users’ collective collaboration,
resulting in improvements, a process he calls the “generativity.” The generative
Internet is comprised of tens of millions of Internet users collaborating to
produce code and content. To Zittrain, the Apple II Computer was the
“quintessentially generative technology” because it invited tinkering and
improvements by users. The appliance-like platform of Apple’s iPhone and iPod,
in contrast, is completely manufacturer-controlled, making it difficult for the
community users to modify or improve applications. Apple counters widespread
security threats through digital certificates, passwords, secure socket layer
protocols, and other security devices. Apple’s iPhones and iPods are

reliable and easy to use but have chilling effects on user innovation. DRM
systems that control access to copyrighted works discourage innovation in the
user community. Apple’s lockdown of its products in response to security threats
as the unanticipated consequence of stifling innovation by its community of
users. Zittrain’s argument is that greater regulation and the tethering of iPhones
and other appliances to a platform is antithetical to the open Internet.

§ 2-5. Why National Regulation Still Matters

(A) LOCAL GOVERNANCE
Lawrence Solum’s fourth model of Internet governance is local regulation by
individual governments. All over the world, local governments are imposing
domestic laws on the Internet. Online companies such as Google, Microsoft, and
eBay have capitulated to domestic regulations of various countries under the
threat of not being able to do business in those marketplaces. In March of 2012,
for example, a court in India issued rulings that will require Internet Service
Providers to block access to music-hosting websites because of massive
copyright infringement. In 2014, Google had little choice but to capitulate to
demands that it implement the EU’s right to be forgotten. The EU’s right to be
forgotten gives all EU citizens the right to remove links to certain online
postings, subject to exceptions. The EU law on data protection is examined in
the following section.

(B) NATIONAL REGULATION

National governments frequently impose their extraterritorial will on
cyberspace activities through directives and regulations. The European
Community’s Data Protection Directive, for example, prohibits the transfer of
personal information across national borders unless the receiving country has
implemented an adequate level of protection. The European Commission in
1995 granted all European citizens a fundamental right to control the collection,
transmission, or use of personal information. (Council Directive 95/46/EC). In
2017, the EU’s Data Protection Regulation will go into effect giving all
European citizens “a right to be forgotten” subject to exceptions such as the right
of expression.
The twenty-eight member states of the European Union are signatories of the
European Convention on Human Rights, which guarantees respect for one’s
“private and family life, his home, and his correspondence,” subject to certain
restrictions. The European Court of Human Rights gives this article a very broad
interpretation, making privacy functionally equivalent to a fundamental EU-wide
constitutional right. The EU’s Brussels Regulation governing jurisdiction and the
Rome I Regulation governing choice of law applies equally well to Internet
transactions. U.S. companies must comply with the EU’s mandatory consumers
such as the 1993 Unfair Contract Terms Directive. U.S. companies doing
business in the Eurozone that do not tailor their terms of use to comply with EU
consumer law, do so at their peril.

52
52

§ 2-6. The Wealth of Networks

(A) ECONOMICS-BASED GOVERNANCE
Yochai Benkler of Harvard University’s Berkman Center describes the shift
from durable goods to an information-based economy as “the wealth of
networks.” YOCHAI BENKLER, THE WEALTH OF NETWORKS: HOW SOCIAL
PRODUCTION TRANSFORMS MARKETS AND FREEDOM (2006). Karl Marx predicted
class conflict between the bourgeoisie who controlled the means of production
and the proletariat who were wage slaves. One view of the Internet is that it blurs
the boundary between workers and the owners of the means of production. The
Internet is potentially democratizing because it enables workers to have access to
the means of information production because it grants greater access to digital
information, which is the information age’s means of production. Yochai
Benkler’s concept of Networked Information Economics (NIE) considers
commons-generated content as decoupling physical constraints on production.
Benkler’s thesis about shared infrastructure of the Internet brings to mind Sly
and the Family Stone’s Everybody is a Star.
Where there were once walls preventing ordinary persons from access to mass
media distribution, now the free-flowing information superhighway is available
to build an “open, diverse, liberal equilibrium.” Law is both a means of
oppression and a means of resistance in Benkler’s theory of networked society.
Free and open source software, for example, is generative—controlled by those
who produce it—whereas proprietary software reflects

an oppressive model, where the software publishers own the code.

(B) COPYRIGHT COMMONS
Yochai Benkler contends that Hollywood and the recording industry are
systematically undermining the innovations of the collaborative-networked
economy. He concludes that we should not let “yesterday’s winners dictate the
terms of tomorrow’s economic competition.” Urs Gasser, Benkler’s Berkman
Center colleague, describes the Internet as an information ecosystem that
dramatically reduces the cost of production, which can potentially lead to a more
participatory and egalitarian society with a broader governing class.
There is no inexorable logic driving us toward a more open, diverse, liberal
equilibrium. Practicing attorneys often describe their work as “one damn case
after another,” without appreciating that law reflects wider social and
technological developments. The broader theories of Internet governance
discussed in this chapter are the backdrop for understanding procedural and
substantive topics in the following chapters.
55
CHAPTER 3
GLOBAL INTERNET JURISDICTION

Fifty-eight years ago, the U.S. Supreme Court observed that the courts must
continually update Internet jurisdiction to accommodate new technologies,
Hanson v. Denckla, 357 U.S. 235, 251 (1958). Traditional concepts of
jurisdiction and enforcement of judgment need to be adapted to the Internet. This
chapter examines the unique jurisdictional issues that arise out of cyberspace
transactions and asks the fundamental question whether the minimum contacts
due process framework can be accommodated to cyberspace. No international
treaty specifically governs Internet jurisdiction. Since no exclusive subject
matter jurisdiction exists for cyberspace, courts must apply traditional principles
to virtual space. The borderless Internet challenges uniquely U.S. concepts such
as the long arm statute, due process, and minimum contacts. U.S. courts have
mechanically stretched the parochial minimum contacts approach to personal
jurisdiction into cyberspace, creating jurisdictional dilemmas because no other
country has adopted a minimum contacts paradigm for personal jurisdiction.
In the United States, personal jurisdiction is the issue of whether a court has
the authority to decide a case involving this specific defendant. Plaintiffs must
demonstrate that defendants have sufficient ‘minimum contacts’ with the forum
such that finding personal jurisdiction will not offend ‘traditional notions of fair
play and substantial

justice,’ International Shoe v. Washington, 326 U.S. 310 (1945). The nature
and quality of the “minimum contacts” necessary to support jurisdiction depend
upon whether the plaintiff asserts general or specific personal jurisdiction over
the defendant. Courts have had little difficulty stretching the International Shoe
due process model to personal jurisdiction arising out of Internet contacts.
A U.S. plaintiff has the burden of demonstrating that the defendant has
minimum contacts with the forum by either general jurisdiction (pervasive
contacts) or specific jurisdiction (nexus between conduct and minimum
contacts). General jurisdiction refers to the authority of a court to hear any cause
of action involving a defendant, even those unrelated to the defendant’s contacts
with the forum state. Specific jurisdiction depends on “an ‘affiliatio[n] between
the forum and the underlying controversy,’ principally, activity or an occurrence
that takes place in the forum State and is therefore subject to the State’s
regulation.” Goodyear Dunlop Tires Operations, SA v. Brown, 131 S. Ct. 2846,
2851 (2011).

§ 3-1. International Shoe in Cyberspace: An Overview

(A) LONG-ARM STATUTES
To establish personal jurisdiction over a nonresident, a court must engage in a
two-part inquiry: (1) a court must first examine whether jurisdiction is applicable
under the state’s long-arm statute and (2) whether a finding of jurisdiction

satisfies the constitutional requirements of due process. A long-arm statute is a

statutory means of serving process on a nonresident defendant. Every U.S.
jurisdiction has enacted a long-arm statute as the primary tool for exercising
jurisdiction over a foreign defendant. The long arm statute, for example permits
a state court to acquire jurisdiction over a nonresident motorist who flees the
jurisdiction before any action commences against him. Long-arm statutes are
divided into two broad types: (1) statutes that assert jurisdiction over the person
to the limits allowed by the Fourteenth Amendment to the U.S. Constitution,
often called unlimited long-arm statutes, and (2) statutes that place limitations on
the assertion of jurisdiction. A growing number of state long-arm statutes assert
control over the defendant’s activities to the limit of due process.
In a recent case, the Missouri Supreme Court interpreted this statute to be a
permissible interpretation of the due process clause. The decision noted;
“Missouri’s long-arm statute is construed to extend the jurisdiction of Missouri
courts over nonresidents to that extent permissible under the due process clause.”
Andra v. Left Gate Property Holding, Inc., 453 S.W.3d 216, 226 (Mo. Sup. Ct.
2015).
(B) GENERAL PERSONAL JURISDICTION
General jurisdiction refers to the authority of a court to hear any cause of
action involving a defendant, even when the cause of action is not related to the
defendant’s contacts with the forum
58

state. The defendant must have “continuous and systematic” contacts with the
forum state in order for a court to assert general jurisdiction, Helicopteros
Nacionales de Colombia, S.A. v. Hall, 466 U.S. 408, 414–16 (1984). In
Helicopteros v. Nacionales de Columbia, S.A. v. Hall, 466 U.S. 408 (1984), the
U.S. Supreme Court found that mere purchases were insufficient to assert
jurisdiction over a Columbian corporation in a claim arising out of a Peruvian
helicopter crash was neither “continuous and systematic.”
In Helicopteros, the Court held that general jurisdiction did not exist when the
Colombian defendant negotiated a contract in Texas, accepted checks from
Texas, and sent employees to purchase helicopters and attend training sessions in
Texas. If minimum contacts are sufficient to establish general jurisdiction, the
out of state defendant may be sued in the forum state for any cause of action
arising in any place. The threshold for general jurisdiction is high; the contacts
must be sufficiently extensive and pervasive to be the functional equivalent of
physical presence.
With general jurisdiction, the defendant’s contacts are so extensive in the
foreign forum that the defendant becomes functionally present. “Systematic and
continuous” activities in the forum state are required for a finding of general
jurisdiction. After seven decades of U.S. Supreme Court jurisprudence, the Court
has upheld general jurisdiction in only a single case, Perkins v. Benquet
Consolidated Mining Co., 342 U.S. 437 (1952). In 2011, in Goodyear Dunlop
Tires Operations v.

Brown, 131 S. Ct. 2846 (2011), the U.S. Supreme Court sends a signal to
lower federal and state courts that the threshold for a finding of general
jurisdiction is extremely high. In Goodyear, the Court held that a corporation is
subject to general jurisdiction only in a “home” state, defined as the state of
incorporation and principal place of business. The Court’s decision sends a
signal to lower federal and state courts that the threshold for a finding of general
jurisdiction is extremely high. To date, the U.S. Supreme Court has not rendered
an Internet-related general jurisdiction opinion.
The first lower court to find general jurisdiction in an Internet-related dispute
was Gator.Com Corp. v. L.L. Bean, Inc., 398 F.3d 1125 (9th Cir. 2005), where
the court found general jurisdiction based upon L.L. Bean’s millions of dollars
of sales to California consumers. The L.L. Bean court noted that direct e-mail
solicitations and millions of catalog sales spurred this revenue stream. Gator.com
Corp. filed suit against the outdoor outfitter in a California federal court, seeking
a declaratory judgment that its pop-up ads did not infringe L.L. Bean’s
trademarks or constitute an unfair business practice. L.L. Bean is a Maine
corporation with its principal place of business in Maine.
Because L.L. Bean had neither property nor employees in California, the
district court granted L.L. Bean’s motion to dismiss for lack of personal
jurisdiction. The Ninth Circuit reversed this decision, holding there was a basis
for general jurisdiction over the Maine outfitter. The L.L. Bean court premised
its finding of general jurisdiction in part upon L.L.

Bean’s extensive marketing and sales targeting California consumers and

contacts with California vendors. In addition, the L.L. Bean website created a
virtual California store. Nevertheless, this finding of general jurisdiction
predicated upon a highly interactive website was vacated after the parties settled
before the Ninth Circuit’s rehearing en banc. Few Internet cases will satisfy the
rigorous general jurisdiction test after the Goodyear decision. General
jurisdiction is often asserted but seldom successful in Internet-related cases.
(C) SPECIFIC JURISDICTION
Assuming a court finds no general jurisdiction, the question becomes whether
there is a basis for specific jurisdiction or case-linked jurisdiction. Courts use a
three-part test to evaluate whether specific jurisdiction exists in a particular case:
(1) the defendant must either purposefully direct its activities at the forum or
purposefully avail itself of the of the privilege of doing business there, (2) the
claim must arise from the defendant’s forum-related activities, and (3) the
exercise of jurisdiction must be reasonable.
This judicial test ensures that a defendant will not be subject to personal
jurisdiction solely because of random, fortuitous, or attenuated contacts or of the
unilateral activity of another party or a third person. Therefore, the issue
becomes whether the specific activity or occurrence-giving rise to the claim took
place in the forum state and is subject to the state’s regulation. A website’s
notice that it will not accept orders from a given forum is insufficient
61

to shield it from a finding of purposeful availment. The purposeful availment

test asks whether the defendant purposefully avails itself of the “privilege of
conducting activities within a state” through “systematic and continuous”
contacts.
To evaluate whether a defendant’s contact with the forum state satisfies due
process, the court considers whether “the defendant purposefully avails itself of
the privilege of conducting activities within the forum State” such that the
defendant enjoys the protections of state laws and, therefore, should reasonably
anticipate being haled into court in that state. The contacts must “proximately
result from actions by the defendant himself that create a ‘substantial
connection’ with the forum State.” Burger King Corp. v. Rudzewicz, 471 U.S.
462, 475 (1985).
Early Internet specific jurisdiction cases created the possibility that
jurisdiction could be premised solely on having a website that could reach
anywhere. In Inset Sys., Inc. v. Instruction Set, Inc., 937 F. Supp. 161, 164–65
(D. Conn. 1996), the court held that because the defendant directed advertising
on the Internet; it directed advertising to all states. By 2004, courts were
referring to Inset as “an early case which is now largely discredited.”
Shamsuddin v. Vitamin Research Prods., 346 F. Supp. 2d 804, 808 (D. Md.
2004). A defendant’s Internet postings alone is never sufficient to establish
purposeful direction toward a forum. “This is especially true where the alleged
victims of the postings are not residents of the forum state.” Stevo

Design, Inc. v. SBR Mktg., Ltd., 958 F. Supp. 2d 1082 (D. Nev. 2013).
In United Airlines, Inc. v. Zaman, 2015 WL 2011720 (N.D. Ill. Apr. 30,
2015), a major U.S. airline filed suit against a discount air travel website
“Skiplagged.com” whose business model was to conduct searches for a
destination that is a stopover for a connecting flight elsewhere. Instead of flying
to the ultimate destination, the traveler flies the first leg of their trip and does not
complete the second. Although Skiplagged.com knew of the potential harm that
United Airlines could incur in the forum state, the court did not grant personal
jurisdiction to the plaintiff because “the mere geography of Plaintiff’s injury and
Plaintiff’s location, without more, can no longer serve as the relevant contacts
supporting personal jurisdiction.”
In inno360 v. Zakta, 50 F. Supp. 3d 587 (D. Del. 2014), a software licensee
sought a declaratory judgment that it did not owe the licensor royalties among
other claims. In addition, the licensee sued the licensor for trade dress, unfair
competition and a number of other business torts. The licensee held that the
licensor was subject to personal jurisdiction satisfying that state’s long-arm
statute because it transacted business in Delaware.
The inno360 court found that while it was foreseeable that the website could
be accessed in Delaware, this did not satisfy the purposeful availment test. The
plaintiff further argued that defendant subjected itself to Delaware jurisdiction
by knowingly signing a software license agreement

with a Delaware corporation. The court did not find that the act of entering
into a license agreement was within the scope of Delaware’s long-arm statute.
The court found all of the contacts relevant to the license agreement to be
located in Ohio where the software license was negotiated, executed, and
performed. The parties’ choice of law clause indicated Ohio was to be the forum.
The court found that neither the long arm statute nor specific or general
jurisdiction was satisfied denying the plaintiff’s request for jurisdictional
discovery.
Zippo Manufacturing Company v. Zippo Dot Com, Inc., 952 F. Supp. 1119
(W.D. Pa. 1997), is the emblematic Internet-related jurisdiction test because
hundreds of courts have adopted its framework. The chart below highlights the
court’s holding that the interactivity of a website is the emblem of sufficient
contacts to satisfy due process.
(D) ZIPPO.COM INTERACTIVITY TEST
(1) Zippo.com Sliding Scale
64

Under Zippo.com’s sliding scale, websites range from “passive” ones, which
merely post information and generally do not provide the contacts required to
support jurisdiction, to “interactive” ones that enable contract formation. The
Zippo.com court described a “sliding scale” to guide the due process inquiry for
Internet-based minimum contacts: At one end of the spectrum are situations
where a defendant clearly does business over the Internet. If the defendant enters
into contracts with residents of a foreign jurisdiction that involve the knowing
and repeated transmission of computer files over the Internet, personal
jurisdiction is proper. At the opposite end are situations where a defendant has
simply posted information on an Internet Web site, which is accessible to users
in foreign jurisdictions. A passive Web site that does little more than make
information available to those who are interested in it is not grounds for the
exercise personal jurisdiction. The middle ground is occupied by interactive
Web sites where a user can exchange information with the host computer. In
these cases, the exercise of jurisdiction is determined by examining the level of
interactivity and commercial nature of the exchange of information that occurs
on the Web site.
The plaintiff in Zippo.com was the manufacturer of the well-known
manufacturer of “Zippo” tobacco lighters that sued Zippo Dot Com, Inc., the
operator of a California Internet news service corporation and operator of an
Internet news service, alleging

trademark infringement and among other causes of action. Zippo.com had

obtained the exclusive right to use the Internet domain names “zippo.com”,
“zippo.net”, and “zipponews.com.” and Zippo.com also frequently also used the
word “zippo” in numerous locations on its website and in the heading of
newsgroup messages posted by its subscribers on its website. Approximately
140,000 people worldwide subscribed to defendant’s service by filling out an
online application and then making a credit card payment by credit card either
over the Internet or by telephone. Each Zippo.com subscriber was assigned a
password, which gave the subscriber permission to view and/or download
newsgroup messages stored on the defendant’s server in California.
Approximately 3,000 of the defendant’s subscribers were Pennsylvania
residents. Additionally, the defendant entered into agreements with seven
Internet service providers in Pennsylvania to enable their subscribers to access
the defendant’s news service. The Zippo.com court held that Zippo.com was
subject to jurisdiction in Pennsylvania.
Many U.S. courts have imported the Zippo.com court’s three-part continuum
that divides websites into: (1) interactive, (2) passive, and (3) a “gray area” in
the borderland between the passive and active website. In upholding personal
jurisdiction, the Zippo.com court posited a sliding scale test classifying Internet
sites by the nature and quality of the online commercial activity. In the wake of
Zippo.com case, courts continue to deny personal jurisdiction to passive
websites. However, this

bellwether decision is becoming less relevant as website design increasingly

emphasizes interactivity. Michigan, for example, rejected the Zippo.com test
observing: that the need for a special Internet-focused test for minimum contacts
has yet to be established … [The] manner of establishing or maintaining those
contacts, and the technological mechanisms used in so doing, are mere
accessories to the central inquiry [of whether there are minimum contacts].
Winfield Collection, Ltd. v. McCauley, 105 F. Supp. 2d 746, 750 (E.D. Mich.
2000).
(2) Passive Jurisdiction

The Zippo.com court based jurisdiction on the interactivity of the website and
made no effort to connect the plaintiff’s claims with the online activity, which is
a predicate of specific jurisdiction. The Zippo.com court stated, “the other end of
the sliding scale, personal jurisdiction does not exist because a defendant’s
Internet activity is “passive,” such as where the defendant merely posts
information on a website which is accessible to users in foreign jurisdictions.”
For passive websites, where there is no interaction with visitors, courts find no
personal jurisdiction. At the other end of the spectrum, interactive websites often
give rise to a finding of personal jurisdiction. In “gray area,” middle-ground
cases, the court will assess the level of interactivity

in order to determine whether the exchanges are commercial.

In Cybersell Inc. v. Cybersell, Inc., 130 F.3d 414 (9th Cir. 1997), Cybersell
Incorporate (Cybersell AZ) registered its service mark with the U.S. Trademark
Office in 1994. In 1995, a father and son running a family consulting business in
Florida also created a website for their business under the trade name of
Cybersell (Cybersell FL). The Cybersell AZ plaintiffs, Laurence Canter and
Martha Siegel, who were infamous spam e-mailers, then filed a lawsuit for
trademark infringement against Cybersell FL. The Arizona federal court
dismissed the action, finding that it had no personal jurisdiction over the
Cybersell FL website because since it was neither interactive nor were its owners
conducting commercial transactions.
The Ninth Circuit found that Cybersell FL’s operation of a passive website did
not purposefully avail itself of the privilege of doing business in Arizona, thus
Cybersell FL’s contacts were insufficient to establish personal jurisdiction.
However, the court noted that operation of an interactive, commercial website
often is sufficient to warrant personal jurisdiction. The defendant must do
something akin to specifically targeting the forum, rather than merely posting a
website accessible in the forum state.
In Ackourey v. Sonellas Custom Tailors, 573 Fed. Appx. 208 (3d Cir. 2014), a
copyright infringement suit, the Third Circuit ruled that an Internet website
being advertised within Pennsylvania for an Oregon

owner of a custom-tailored apparel business in Oregon did not have minimum

contacts with Pennsylvania sufficient for personal jurisdiction with
Pennsylvania, as required for exercise of personal jurisdiction there in a
copyright infringement suit, based on his Internet website being advertised
within Pennsylvania. The Third Circuit stated: The website does not allow
customers to place orders, make payments, or engage in any business
transaction. SCT appointments consist of showing fabric samples to customers,
providing styling advice, and measuring customers for custom sizing. SCT sends
any orders made at these appointments to an independent supplier in Hong
Kong. The Hong Kong supplier manufactures the custom clothing and ships the
order directly to the customer.
Ackourey contended Sonellas wrongfully displayed his copyrighted images on
SCT’s website and this established minimum contacts with Pennsylvania by: (1)
using the website to target potential customers in Pennsylvania, (2) selling
custom-tailored apparel through appointments in Pennsylvania, and (3) reaching
into Pennsylvania to purchase a copy of the 2005 stylebook.
The Ackourey court found that the defendant’s contact in Pennsylvania was
too attenuated and therefore the court found no personal jurisdiction. The court
held that the website was passive, in that it made information available to those
who were interested in having custom clothing designed and

then manufactured overseas. In addition, the website listed the owner’s travel
schedule allowing potential customers to make e-mail requests for appointments.
However, the website did not permit customers to place orders, make payments,
or engage in commerce. Moreover, the court found no web-based requests for
appointments in Pennsylvania and therefore the defendant did not transact
business with Pennsylvania residents via the website.
In Carlson v. Fidelity Motor Group, LLC, 2015 WI App. 16 (Wis. Ct. of App.,
Jan. 14, 2015), Carlson, a resident of Wisconsin, and Fidelity was an Illinois
automobile dealership. Carlson observed an advertisement on his wife’s cell
phone from Fidelity from an Illinois dealership. He called Fidelity’s toll free
number listed on the website and spoke with a Fidelity representative for
approximately four minutes, during which time the representative told Carlson
the vehicle had no known mechanical problems and was in excellent condition.
Five months after Carlson purchased a BMW from Fidelity, he found that the car
had mechanical problems in large part because the oil had not been changed for
“tens of thousands of miles.”
While Fidelity’s website advertisements were accessible in Wisconsin, they
were accessible to everyone around the world. The appeals court found that the
less than five-minute conversation combined with Fidelity’s advertisement were
contacts too attenuated to create the minimum contacts insufficient to establish
personal jurisdiction. The Wisconsin court noted that it was following Hy Cite
Corp. v. Badbusinessbureau.com, L.L.C., 297 F. Supp.

2d 1154 (W.D. Wis. 2004) rather than Zippo.com. The Hy Cite court rejected
the Zippo.com test as a substitute for a sustained minimum contacts inquiry.
Wisconsin does not view websites as separate and apart from other traditional
contacts test, but views websites as part of an overall due process inquiry. The
court noted, “whether the defendant’s contacts with the state are of such a
quality and nature such that it could reasonably expect to be haled into the courts
of the forum state.” The Hy Cite court reasoned: A finding that a defendant uses
its website to engage in repeated commercial transactions may support the
exercise of personal jurisdiction, so long last, there is a corresponding finding
that the defendant is expressly targeting residents of the forum state and not just
making itself accessible to everyone regardless of location.
(3) Gray Zone or Middle Ground

The Zippo.com court recognized a middle ground between the passive and
interactive ends of the sliding scale “which permit the exchange of information
between the website and the user.” The court reasoned that in gray zone cases,
jurisdiction is “determined by examining the level of interactivity and
commercial nature of the exchange of information that occurs on the Web site.”
Courts closely inspect the gray region or the borderland between passive and
interactive websites to determine whether a website targeted the forum with

advertising, solicitation of orders, or other emblems of the defendant’s

presence in a forum.
In Cambria Co. v. Pental Granite & Marble Co., 2013 WL 1249216 (D.
Minn. March 27, 2013), a Washington company’s website enabled Minnesota
website visitors to pay bills online, even though it had no agents, operations, or
facilities in Minnesota. In addition, visitors could “like” the website on
Facebook and follow it on Twitter. The court found the website to be in the
borderland between passive and active websites. A key factor in favor of
jurisdiction was that the website advertised infringing products targeting
Minnesota residents.
In Zippo and Cambria, the exercise of jurisdiction was determined by
examining the level of interactivity and the commercial nature of the exchange
of information that occurs on the website. Although a growing number of courts,
such as the Cambria court, recognize that Zippo.com court’s interactivity test has
been outgrown and needs to consider factors beyond interactivity, too many U.S.
courts are applying an outmoded interactivity test to stretch the minimum
contacts framework to cyberspace. Too many U.S. courts are engaging in
mechanical jurisprudence by applying an outmoded interactivity test to
determine specific jurisdiction in cyberspace.
Nevertheless, in GOFIT LLC v. GoFIT LLC, 2013 WL 1566908 (N.D. Oka.
2013), the federal court held that a minimally interactive fitness website did not
satisfy minimum contacts. The plaintiff, GOFIT LLC, an Oklahoma fitness
equipment company,

sued the defendant GoFit LLC, a Delaware company for trademark

infringement in an Oklahoma federal court. The court found that the only basis
for minimum contacts in Oklahoma was the defendant’s nationwide policy of
giving free passes to its fitness centers. The federal appeals court reasoned that
the defendant did not intend to do business in Oklahoma and found no personal
jurisdiction.
(E) THE EFFECTS TEST
The focus of minimum contacts in cybertort cases: is the “effects” or “brunt of
the harm” test first articulated in Calder v. Jones, 465 U.S. 783 (1984). In
Calder, television star Shirley Jones filed suit in California, where she lived,
against the author and editor of a National Enquirer story that stated she was an
alcoholic. The allegedly libelous story concerned the activities of Jones and was
centered in California. The tabloid article was drawn from California sources,
and the brunt of the harm, in terms both of respondent’s emotional distress and
the injury to her professional reputation, was suffered in California.
In sum, California was the focal point both of the story and the harm Shirley
Jones suffered. The Supreme Court unanimously found that the National
Enquirer defendants were “primary participants in an alleged wrongdoing
intentionally directed at a California resident, and jurisdiction over them is
proper on that basis.”
The Calder effects test requires a successful plaintiff to show that (1) the
defendant committed

an intentional act, (2) that was expressly aimed at the forum, and (3) that
caused harm, the brunt of which is suffered and which the defendant knows is
likely to be suffered in the forum. In Calder, the U.S. Supreme Court upheld a
California state court’s finding that California had personal jurisdiction over The
National Enquirer, which had offices in Florida, “based on the ‘effects’ of their
Florida conduct in California.” The Court held that personal jurisdiction over the
National Enquirer reporter and the editor in California was proper “based on the
‘effects’ of their Florida conduct in California.”
Those effects were felt in California because, the court explained, “[t]he
allegedly libelous story concerned the California activities of a California
resident. The tabloid impugned the professionalism of an entertainer whose
television career was centered in California.”
Without an “expressly aiming” prong, the Calder effects test is ill suited for
the Internet because it is overly inclusive. A federal court, for example, found
that Asian-based websites hosting Korean pop songs copyrighted in the United
States were expressly targeting California residents when they incorporated third
party advertisements in their online messages. DFSB Kollective Co. v. Yang,
2013 WL 1294641 (N.D.Cal. March 2, 2013).

(F) “SOMETHING MORE” TEST

(1) GTE New Media Services

U.S. federal courts have adopted an effects test for torts and intellectual
property infringement actions, but are beginning to demand “something more” in
addition to website interactivity to support a finding of minimum contacts. GTE
New Media Services Inc. v. BellSouth Corp., 199 F.3d 1343 (D.C. 2000) was one
of the first courts to articulate a “something more” test in addition to interactivity
to satisfy personal jurisdiction. GTE New Media (GTE) filed a Sherman
Antitrust Act complaint against Bell South (Bell) alleging they were in a
conspiracy to dominate the Internet directories market in the Washington, D.C.
metropolitan area by diverting Internet users from the GTE website to the
defendant’s websites.
The D.C. Circuit Court of Appeals found Bell lacked minimum contacts with
the District of Columbia based solely upon the fact that its residents could access
its Internet Yellow Pages from within the city. The GTE court ruled that GTE
could conduct discovery in order to seek proof of whether Bell had sufficient
contacts with the forum. The district court applied the Zippo “sliding scale” test,
and found that BellSouth’s websites fell into the uncertain gray zone. The court
ruled that jurisdiction existed based on the highly interactive nature and
commercial quality of the sites. The federal appeals court reversed, finding no
personal jurisdiction reasoning that because since accessing an Internet Yellow
Page site was no different than searching a telephone book.

The GTE court found that consumers did not pay to use thethis search tool and
any resulting commercial transactions were between the consumer and the
businesses found in the Yellow Pages. The court found that the lack of any
commercial relationship between the consumer and the provider of the Yellow
Pages did not meet the “something more” test. The GTE court brought common
sense to the common law in by updating the personal jurisdictional rules to
accommodate for changes in Internet web technologies and practices.
(2) ALS Scan
The court in ALS Scan v. Digital Services Consultants, Inc., 293 F.3d 707 (4th
Cir. 2002) held that an Internet service provider was not subject to personal
jurisdiction based solely upon a third party’s copyright infringement occurring
on its website. ALS Scan, a Maryland based adult entertainment website, filed
suit against a Georgia ISP for enabling a third parties’ misappropriation of its
copyrighted photographs. The plaintiff argued that Digital Services enabled
Alternative Products’ publication of the infringing photographs on the Internet,
which caused ALS Scan to suffer an injury in Maryland.
The Fourth Circuit recognized in ALS Scan that “a person’s act of placing
information on the Internet’ is not sufficient by itself to ‘subject that person to
personal jurisdiction in each State in which the information is accessed.” The
court reasoned that this would mean that any person

posting information on the Internet would be subject to personal jurisdiction

everywhere.
The ALS Scan court found no personal jurisdiction because the ISP did not
engage in continuous and systematic activities within the forum. The court’s
approach was that a state may exercise judicial power over a person outside of
the state when they: (1) direct electronic activity into the state, (2) with the
manifested intent of engaging in business or other interactions within the state,
and (3) the activity creates in a person within the state, a potential cause of
action cognizable in the state’s courts.
The Ninth Circuit reasoned that satisfying Zippo’s interactivity test was not
enough to support a finding of general jurisdiction because it is possible for a
website to be interactive, and to have no meaningful quantity of contacts. In
other words, the contacts might be continuous, but insignificant and not
meaningful.
(G) IN REM JURISDICTION
The application of in rem jurisdiction is over property rather than person.
Under U.S. law, in rem jurisdiction affects the right of all persons to property.
The problem with the global Internet is that in rem jurisdiction may not be
recognized or have a different meaning as in the United Kingdom where in rem
jurisdiction applies only to admiralty cases.
Technically, in rem jurisdiction relates to the determination of title to, or the
status of, property

located within the court’s territorial limits. A quasi in rem judgment affects
the interests of particular persons in designated property. Neither in rem, nor
quasi in rem jurisdiction typically apply to intangible Internet assets.
Nevertheless, the Anticybersquatting Consumer Protection Act (ACPA)
recognizes in rem jurisdiction over domain names where personal jurisdiction
over defendant infringers or cyberpirates is unavailing.
The plaintiff in an in rem action under ACPA is the trademark owner, while
the defendant is the infringing domain name. Courts will not permit a trademark
owner to proceed in rem absent proof that the identity and address of the
registrant of defendant domain name cannot be been found and that in personam
jurisdiction was not possible.

§ 3-2. Cross-Border Jurisdiction

An Internet presence automatically creates an international presence,
triggering the potential for cross-border litigation. Clearly, Internet law requires
harmonized jurisdictional rules, as there is no sovereign or any international
treaty establishing rules for cyberspace. It is theoretically possible for a U.S.
business to be sued in hundreds of foreign countries for the same course of
online conduct, but this has not yet happened due to the jurisdictional barriers to
filing cross-border lawsuits—a topic explored throughout this book.
To date, no international convention addresses how to resolve Internet
jurisdiction, choice of law, or forum disputes. A growing number of U.S. courts

are exercising jurisdiction over website activity occurring outside of the

country’s territorial boundaries. Conversely, U.S. companies are increasingly
being sued in foreign venues for activities occurring on Web servers located in
the United States. Presently, almost no case law covers international Internet
jurisdiction, and no statutory solutions exist to answer the question of cross-
border Internet jurisdiction.
As companies use the border-defying Internet, they will increasingly become
subject to foreign procedural and substantive law. Foreign websites may be
subject to personal jurisdiction in state and federal courts if they target U.S.
users. To date, countries connected to the Internet have not agreed to cede their
sovereignty in order to harmonize cyber-jurisdictional rules. Instead, courts
adapt their own national rules to determine jurisdiction.
(A) BRUSSELS REGULATION
The European Union (EU) updated its cross-border jurisdiction rules in March
2002 when it replaced the 1968 Brussels Convention with the Brussels
Regulation. The Brussels Regulation provides uniform rules for jurisdiction and
enforcement of judgments throughout the European Union. This cross-national
agreement is a possible model for developing global Internet jurisdiction
solutions. The purpose of the EU is to create a seamless body of consumer
protection, providing certainty for consumers and predictability for the business
community.

(B) FOREIGN JURISDICTION

The rules for cross-border foreign jurisdiction disputes are unsettled. There is
a strong consensus among U.S. courts that a website alone is insufficient for
jurisdiction. U.S. courts also extend the minimum contacts framework for
defendants in foreign countries haled into U.S. courts. In Cuccioli v. Jekyll &
Hyde Neue Metropol, 150 F. Supp. 2d 566 (S.D. N.Y. 2001), a federal court
found that the mere existence of an instate hyperlink to a foreign website was
insufficient to predicate jurisdiction over a German defendant in New York.
Courts have devised a website plus rule for evaluating jurisdiction-creating
contacts in Internet cases.
The rest of the world does not follow the U.S. style minimum contacts
approach. A British Columbia court refused to enforce a judgment of a Texas
court holding that the court had no jurisdiction in a lawsuit brought by a B.C.
company for allegedly defamatory comments in an Internet chat room. The court
found no link to the forum and therefore no jurisdiction. Braintech v. Kostiuk,
[1999] 171 D.L.R. (4th) 46 (Can.) The chart below briefly describes the cross-
border jurisdictional rules for the twenty-eight countries of the European Union.

80
(1) Defendant’s Domicile

The Brussels Regulation is broadly applicable to civil and commercial matters

with delineated exceptions. It does not apply to issues such as revenue, customs
or administrative matters. The

basic principle is that jurisdiction is to be exercised based on domicile rather

than nationality. In the case of legal persons or corporations, domicile is
determined by the country where they have their statutory seat, central
administration, or principal place of business.
(2) Where Defendants May Be Sued

Under the Brussels Regulation, domicile is determined in accordance with the

domestic law of the EU country where the matter is brought before a court. If a
party is not domiciled in the EU country of the court considering the matter, the
court is to apply the law of another EU country to determine where the party is
domiciled. In the case of legal persons or firms, domicile is determined by the
country where they have their statutory seat, central administration or principal
place of business. In the case of trusts, domicile is defined by the court that is
considering the case by applying its own rules of private international law. For
business-to-business (B2B) transactions, the parties are free to choose what
jurisdiction applies in advance.
Persons domiciled in an EU Member State may be sued in the courts of any
other Member State. Article 2(1) states that courts are to determine domicile in
accordance with the domestic law of the Member State where the matter is
brought before a court. The Brussels Regulation approach to choice of forum
clauses for B2B contracts is similar to the U.S. approach in honoring freedom of
contract. However, if the parties do not include a choice of forum clause in their
terms of service or other online

contract, the Brussels Regulation supplies the default rule.

(3) Special Jurisdictional Rules

The Brussels Regulation forges special rules for determining jurisdiction for
contracts where the offeror and offeree are located in different EU signatory
countries. Article 5 of the Brussels Regulation provides that in most contracts
where the parties are from different signatory states, the jurisdictional country is
where performance took place. The EC devised a specialized rule for
determining jurisdiction in sales of goods transactions. European courts base
jurisdiction in sale of goods cases by the place of delivery as specified in the
contract. Article 5(1) dictates that the place of delivery will frequently turn on
shipping terms or other contractual provisions. For services, courts determine
jurisdiction at the place where services are rendered. To date, no European court
has adapted the “place of performance” test to Internet-related contract law.
Perhaps the most significant development that the Brussels Regulation, with
implications for all websites selling goods or rendering services to European
consumers is that this EU Regulation imposes mandatory consumer rules. Under
Articles 15–17, consumers in the Eurozone are entitled to have their disputes
settled in their home court or the country where they reside. Article 15 defines
consumer as someone who is acting outside her trade or profession.

83
Additionally, Article 17 of the Regulation prevents the parties to a consumer
contract from agreeing to waive their right to jurisdiction in their home court
except the parties may agree to allow a consumer to have the option of bringing
their jurisdiction in another jurisdiction. Companies cannot compel European
consumers to waive the benefit of the Brussels Regulation’s mandatory home
court rule. Thus, an online business has no ability to enforce a contractual term
in which a consumer waives her right to sue in her own country or home court.
While the Brussels Regulation does not explicitly address electronic commerce
related contracts, European courts will have little difficulty extending mandatory
consumer rules for jurisdiction and the enforcement of judgments to cyberspace.
(4) Extraterritorial Impact

Any company directing its activities to a European consumer’s home country

will automatically be subject to jurisdiction because it has directed activities to
that forum under Article 15 of the Brussels Regulation. In Air Canada v. United
Kingdom, (1995) 20 EHRR 150, the European Court of Human Rights held that
the seizure of an aircraft carrying illegal drugs belonging to the Canadian
applicant had not infringed Article 1 of the First Protocol of the European
Convention on Human Rights. The court did not find it persuasive the applicant
was a resident in Canada but applied the European law of human rights.

As U.S.-based software publishers and platforms go global, one-sided terms of

use will increasingly be under scrutiny in European Union (EU) countries and
other nations with radically different legal traditions. It is likely that European
courts will extend the mandatory consumer rules to U.S. companies with
subsidiaries in Europe. Similarly, European courts will apply mandatory
consumer rules such as the “home court rule” if a European consumer files a
lawsuit against a U.S. company. U.S. companies that include one-sided choice of
law and forum clauses in their terms of service cannot be confident that
European courts will respect them outside of business-to-business contracts.
In addition to the Brussels Regulation, the EU has enacted the Rome I
Regulation, which provides mandatory business-to-consumer rules for
determining choice of law. Choice of law principles are employed by courts to
determine which law applies when parties do not use a choice of law clause. The
parties to a contract may choose the law in business-to-business transactions.
Rome I establishes default rules unless the parties otherwise provide for services,
the sale of goods and franchise agreements. The general default is the law
applies in the country with the closest connection to the transaction with
exceptions. While parties generally have autonomy to select their own law, one
notable exception is consumer transactions where mandatory rules apply.
EU consumers have the non-waivable right to consumer protection in the
country where they reside. Council Regulation 593/2008, of the

European Parliament and of the Council of 17 June 2008 on the Law

Applicable to Contractual Obligations, 2008 O.J. (L 177/6) (EC). Article 6
defines a consumer as “being outside his trade or profession … with another
person acting in the exercise of his trade or profession….” Rome I adopts the
consumer’s home court rule, which means that the governing law for consumers
is where she has her “habitual residence.” As with the Brussels Regulation, the
parties to a business-to-business transaction are free to choose what law applies
with a parties’ choice of law clause.
The next chapter examines how parties structure contracts in an online legal
environment. In the information-based economy, the licensing of software and
other digital information is rapidly displacing sales and leases.
87
CHAPTER 4
INTERNET-RELATED CONTRACT LAW

The greatest story never told about Internet-related contract law is how license
agreements protect intangible assets such as software, data, and other
intangibles. The software industry invented the shrinkwrap license agreement,
the earliest form of mass-market license, in the 1970s, and vendors began using
this contracting form by the early 1980s. Licensing is beginning to displace sales
and leases as the chief means of transferring value in the information-based
society already the third ranked segment of the American economy.
This chapter examines many of these developments including the rise of
shrinkwrap, clickwrap and browsewrap. The chapter focuses on the concepts and
methods of licensing, which is the chief means of transferring value in an
information-based economy. Licensing software permits software publishers to
commodify their intellectual property assets, while retaining control of its uses.

§ 4-1. Licensing & the Internet

(A) DEFINITION OF LICENSING
The licensor is the party that agrees to transfer software or to grant access to
other computer information. The licensee’s duty is to pay the licensing fee to the
licensor in order to obtain access to or use of information under the terms and

conditions specified in the agreement. Typically, content that is downloaded

from the Internet is subject to a license agreement. Software licenses impose
duties that survive termination such as the duty to keep the other party’s trade
secrets confidential. A license is first a contract, generally between two parties—
the licensor and the licensee—although licenses may also be assigned or
sublicensed. Like a lease for personal property, a license agreement gives the
licensee the right to use property under stated guidelines. For leases, it is the
right to use personal property as opposed to intangible assets.
Software publishers and content creators typically use licensing as the chief
method of transferring value for mass-market software products. Comparable to
the creation of the corporation or the limited liability company, the invention of
the software license agreement is equally significant. Licensing enables the
software developer to prohibit assignments or transfers of their product so the
initial purchaser may not resell or reproduce the copy. The legal invention of
licensing makes it possible for a software publisher to retain title to its
information-based product and impose significant transfer restrictions. Software
publishers have different fee schedules for databases depending upon whether
the user is a large corporation, a community library, a small business, or a
noncommercial user.

(B) GRANTING CLAUSE

The granting clause is the “action section” of any license agreement. This
clause determines what rights are conferred and under what conditions. Oracle,
Adobe, and Microsoft, for example, make it clear in their license agreement that
they are only granting a right to use software rather than selling it. Granting
clauses may address the question of whether the licensee has a right to
sublicense or assign rights to a third party. An example of a broad granting
clause in a license agreement is “of all possible rights and all media even media
yet to be developed.”
A narrow license agreement would grant the licensee a right to only use the
software in consumer transactions in Montenegro for a three-month period.
Licensing agreements are either perpetual or non-Perpetual. The term,
‘perpetual’ in a license agreement means that the contract has no expiration date
unless the licensee violates the terms of use or other conditions specified in the
agreement.
(C) FIRST SALE DOCTRINE
The first sale doctrine gives the purchaser of a copyrighted work the right to
“sell or otherwise dispose of the possession of that copy” without interference by
the copyright owner. Bobbs-Merrell Co. v. Straus, 210 U.S. 339 (S. Ct. 1908).
The first sale doctrine applies in all fields of intellectual property law. In
Kirtsaeng v. John Wiley & Sons, Inc., 2013 WL 6722887 (S. Ct. 2013), Supap

90
Kirtsaeng, a citizen of Thailand, asked his friends and family to buy copies of
foreign edition English-language textbooks at Thai bookshops, where they sold
at low prices, and mail them to him in the United States.
Kirtsaeng would then sell the books, reimburse his family and friends, and
retain the profits from these grey market sales. The U.S. Supreme Court held the
“first sale” doctrine—which permits lawfully acquired copies of copyrighted
works to be resold by their owners—also applies to works lawfully made abroad
including the books manufactured in Thailand. Because the first sale doctrine
applied, Kirtsaeng was free to engage in grey market sales.
With licensing, there is a “first license,” but not a “first sale.” Software
licenses, unlike sales of goods, enable the licensor to retain control of intellectual
property rights underlying the code or digital data. In Vernor v. Autodesk, Inc.,
621 F.3d 1102 (9th Cir. 2010), a first sale dispute arose out of Timothy Vernor’s
purchase of Autodesk software at a garage sales and other secondhand sales.
Architects, engineers, and manufacturers used this high-priced software to
design blueprints and model data in their practice.
Vernor, who sold tens of thousands of items on eBay, had his account
suspended by the online auction site after it received Digital Millennium
Copyright Act takedown notices from Autodesk, protesting Vernor’s eBay sales
of used Autodesk software. Vernor then filed suit against Autodesk,

seeking a declaratory judgment to establish that he was a lawful owner of the

software and had a right to resell it because of the first sale doctrine.
The Ninth Circuit rejected Vernor’s first sale argument, ruling that the design
software was licensed, not sold, and therefore subject to the transfer and user
restrictions that accompanied the product. The court developed a three-part test
to determine whether a software user was a licensee or owner of a copy where
the copyright owner: (1) specifies that the user is granted a license, (2)
significantly restricts the user’s ability to transfer the software, and (3) imposes
notable use restrictions.
(D) MASS-MARKET LICENSES
Mass-market licenses are standard form contracts marketed to consumers with
identical terms and no likelihood of individual negotiation. Typically, mass-
market licenses are one-sided contracts that eliminate warranties and remedies.
They are presented to the customer on a “take-it or leave it” basis with identical,
non-negotiable terms for all licensees. They are generally single-user licenses
but may be bundled in multi-pack license, which delineates the number of users.
When an end-user of software downloads a product, they are given a legal
notice that the software is licensed, not sold, and that their use of the product is
subject to the terms of the licensing agreement, which is presented in the login
screen. In a typical standard-form end user licensing

agreement (EULA), the licensee is not permitted to download the software

until they have clicked “I agree” to the terms of service or other license
agreement. Academics use imaginative terms such as shrinkwrap, installwrap,
clickstream, or browsewrap to refer to mass-market licenses.
“The chart below depicts the major form of mass license agreements in wide
currency on the Internet. Each mass-market form is an adhesive contract where
the licensee adheres to the terms of the licensor and there is no semblance of
balanced terms.
Types of Mass-Market License Agreements

93
94

(E) TYPES OF MASS-MARKET LICENSES

(1) Shrinkwrap Agreements

Software makers used shrinkwrap licenses in the early 1980s, prior to the
development of the World Wide Web. Shrinkwrap contracts are license
agreements or other terms and conditions of a putatively contractual nature,
which can only be read and accepted by the consumer after they break open the
plastic wrapping surrounding the boxed software. Shrinkwrap is cynically
referred as “sneakwrap” as captured in a well-known Dilbert cartoon. Dilbert
states: “I didn’t read all of the shrinkwrap license agreement on my new
software until after I opened it,”—and concludes with Dilbert lamenting:
“Apparently, I agreed to spend the rest of my life as a towel boy in Bill Gates’
new mansion.”
The first paragraph of a shrinkwrap license typically provides that the opening
of the package indicates acceptance of the license terms because a licensor needs
to reference the fact that the software is licensed. Internet related shrinkwrap
rarely provides meaningful warranties and limits remedies by choice of forum
clauses that often require the user to litigate in their licensor’s home court.

(2) Clickwrap Agreement

A click wrap agreement typically requires users to click “I agree” box after
being presented with terms of agreement. Fteja v. Facebook, Inc., 841 F. Supp.
2d 829, 837–38 (S.D.N.Y. 2012). The standard for enforceability is whether the
user has a reasonable opportunity to review terms and manifest assent.
Clickwrap agreements were distinguished from shrinkwrap agreements in Stomp
Inc. v. Neato, 61 F. Supp. 2d 1074, 1080 n. 11 (C.D. Cal. 1999). The Stompo
court explained:
A ‘clickwrap agreement’ allows the consumer to manifest its assent to the
terms of a contract by “clicking” on an acceptance button on the website. If
the consumer does not agree to the contract terms, the website will not
accept the consumer’s order. Such agreements are common on websites that
sell or distribute software programs that the consumer downloads from the
website.
In Nicosia v. Amazon.com, Inc., 2015 WL 500180 (E.D. N.Y., Feb. 2, 2015),
the court held that the user assented to conditions of use posted on Amazon.com
each time he completed a purchase, “[g]iven (1) the conspicuous placement of
the hyperlink to the current conditions of use on the checkout page, (2) the
express warning at checkout that his purchases were subject to the terms of the
current [c]onditions of use, and (3) the fact that he expressly agreed, when
signing-up for an Amazon.com account, to be bound by the terms of

96
the conditions of use (including a provision notifying him that the conditions
are subject to change).”
Like all mass-market licenses, the clickwrap spells out permitted and restricted
uses by licensees. U.S. courts will enforce clickwrap agreements so long as the
user has an opportunity to review the terms and manifest assent, even though
most users fail to read the terms before clicking the “I agree” button. “Mutual
manifestation of assent’ is the ‘touchstone’ of a binding contract. A
“transaction,” even if created online, in order to be a contract, requires a
manifestation of agreement between the parties as to its terms.” Berkson v. Gogo
LLC, 2015 WL 1600755 (E.D.N.Y. Apr. 8, 2015).
In State ex rel. U-Haul Co. of West Virginia v. Zakaib, 232 W.Va. 432, 752
S.E.2d 586 (W.Va. 2013), the West Virginia Supreme Court held that an oblique
reference to an addendum in truck and trailer rental company’s pre-printed rental
contracts and electronic clickwrap contracts was insufficient to incorporate the
addendum and its terms, including its inclusion of an arbitration agreement, into
the contracts by reference. The references to the addendum were quite general,
with no detail provided to ensure that customers were aware of the addendum
and its terms, which was compounded by the fact that the addendum itself was
designed to look more like a document folder advertising products, services, and
drop-off procedures, rather than a legally binding contractual agreement.

(3) Browsewrap
“Browsewraps can take various forms but basically the website will contain a
notice that—by merely using the services of, obtaining information from, or
initiating applications within the website—the user is agreeing to and is bound
by the site’s terms of service.” United States v. Drew, 259 F.R.D. 449, 462 n.22
(C.D. Cal. 2009).
The defining feature of browsewrap agreements is that the user can continue
to use the website or its services without visiting the page hosting the
browsewrap agreement or even knowing that such a webpage exists.” Be In, Inc.
v. Google Inc., No. 12-CV-03373-LHK, 2013 WL 5568706, at *6 (N.D.Cal. Oct.
9, 2013). The Ninth Circuit in Nguyen v. Barnes & Noble, Inc., 763 F.3d 1171
(9th Cir. 2014) stated that the:
defining feature of browsewrap agreements is that the user can continue to
use the website or its services without visiting the page hosting the
browsewrap agreement or even knowing that such a webpage exists. No
affirmative action is required by the website user to agree to the terms of a
contract other than his or her use of the website. The determination of the
validity of the contract turns on whether the user has actual or constructive
knowledge of a website’s terms and conditions. By “refusing to enforce
browsewrap finding no evidence that the plaintiff had actual notice of the
arbitration clause that was part of the browsewrap; close

proximity of hyperlink to the button did not create constructive notice.”

Courts are disinclined to enforce browsewrap because of the problem of proof
that the consumer had notice of the terms. In Hines v. Overstock.com, Inc., 668
F. Supp. 2d 362, 365 (E.D.N.Y. 2009), the federal court denied the defendant’s
motion to dismiss because the consumer had no notice of the “terms and
conditions” on the retailer’s website and therefore the browsewrap was
unenforceable. The court noted that the website did not give the user a prompt to
review the terms and the link was inconspicuously displayed.
Similarly, in In re Zappos.com, Inc., Customer Data Breach Sec. Litig., 893 F.
Supp. 2d 1058 (D. Nev. 2012) the court held that a mass market agreement was
unenforceable where the hyperlink to the “ ‘terms of use’ was ‘inconspicuous,
buried in the middle to bottom of every [defendant] webpage among many other
links.” Courts are disinclined to enforce browsewrap because of the problem of
proof that the consumer had notice of the terms.
In Hines v. Overstock.com, Inc., 668 F. Supp. 2d 362, 365 (E.D.N.Y. 2009),
the federal court denied the defendant’s motion to dismiss because the consumer
had no notice of the “terms and conditions” on the retailer’s website and
therefore the browsewrap was unenforceable.
The court noted that the website did not give the user a prompt to review the
terms and the link was inconspicuously displayed. Similarly, in In re
Zappos.com, Inc., Customer Data Breach Sec. Litig.,

893 F. Supp. 2d 1058 (D. Nev. 2012) the court held that a browsewrap
agreement was unenforceable where the hyperlink to the “ ‘terms of use’ was
‘inconspicuous, buried in the middle to bottom of every [defendant] webpage
among many other links, and the website never directs a user to the Terms of
Use’). Courts will not enforce agreements where there is not at least inquiry
notice as in Knutson v. Sirius XM, 12–56120 (9th Cir. Nov. 10, 2014). The
Knutson court refused to compel arbitration finding no evidence that a Toyota
purchaser would also perceive that they were simultaneously bound to a
customer agreement for a Sirius XM satellite radio, for which he had a 90 day
trial subscription. About a month after his trial subscription was activated,
Knutson received a Sirius XM ‘welcome containing a Customer Agreement with
an arbitration clause. The court held that a reasonable person could not be
expected to understand that when he purchased a vehicle, he was also
simultaneously bound to a contract with Sirius XM mandating arbitration.
Because the Knutson court refused to compel arbitration finding no
manifestation of assent that there was an agreement to arbitrate.
(4) Scrollwrap & Sign-in-Wrap

Judge Jack Weinstein’s opinion in Berkson v. Gogo LLC, 2015 WL 1600755

(E.D. N.Y. Apr. 8, 2015) recognized two new hybrid wrap contracts: the
scrollwrap and sign-in-wrap contract. The federal court stated that these hybrid
wraps had some features of browsewraps and clickwraps stating:

100

Browsewrap exists where the online host dictates that assent is given merely
by using the site. Clickwrap refers to the assent process by which a user
must click “I agree,” but not necessarily view the contract to which she is
assenting. Scrollwrap requires users to physically scroll through an internet
agreement and click on a separate “I agree” button in order to assent to the
terms and conditions of the host website. Sign-in-wrap couples assent to the
terms of a website with signing up for use of the site’s services; it is the
form used by Gogo in the instant case.
The court distinguished “online agreements that a user must view because of
the nature of the website’s construction and design—i.e., scrollwraps—and those
that merely require a user to click an “I agree” box that appears next to a
hyperlink containing “terms of use”—i.e., clickwraps.” Next, the court described
sign-in-wraps that “do not require the user to click on a box showing acceptance
of the ‘terms of use’ in order to continue. Rather, the website is designed so that
a user is notified of the existence and applicability of the site’s ‘terms of use’
when proceeding through the website’s initial sign-in or login process. The
Berkson court noted that U.S. federal appeals courts have yet to weigh in on the
enforceability and validity of sign-in-wraps.
(F) ENFORCEABILITY ISSUES
In the 1980s, there was a swirl of uncertainty over the enforceability of mass-
market licenses as

101

courts routinely struck them down on diverse contractual grounds. However,

the recent trend is for U.S. courts to enforce mass-market licenses in contrast to
the more consumer-friendly laws of Europe. The leading case against
enforceability of inconspicuous terms is Specht v. Netscape Communications
Corp., 306 F.3d 17 (2d Cir. 2002). In Specht, the Second Circuit refused to
enforce a mass-market license agreement with a predispute mandatory
arbitration clause in a website contract because it was unclear whether a
consumer had an opportunity to review the terms of a clickwrap agreement prior
to manifesting assent. In Specht, Netscape urged users to download Netscape’s
free software with an immediate click of a button with only a reference to the
existence of a license located on a submerged screen. Netscape’s reference
stated: “Please review and agree to the terms of the Netscape SmartDownload
software license agreement before downloading and using the software.”
As the representative of a class action of Netscape users, Specht contended
that the SmartDownload contained cookies and keys that identified and tracked
users, violating their privacy. The Computer Fraud & Abuse Act and Electronic
Communications Privacy Act claims charged Netscape with secretly monitoring
their online activities without the users’ awareness or permission. In a rare
consumer licensing victory, the Second Circuit refused to enforce a predispute
mandatory arbitration clause that included an anti-class action provision, finding
that users did not have

102

reasonable notice of the license terms or an opportunity to manifest assent

prior to downloading this plug-in program.
In addition, Netscape had not requested that the consumer click agreement to
the SmartDownload license, only for Netscape’s Communicator. In Scherillo v.
Dun & Bradstreet Inc., 684 F. Supp. 2d 313 (E.D. N.Y. 2010), a more typical
court decision, the federal judge upheld a clickwrap forum selection clause
finding it to be reasonably communicated to the plaintiff, even though the user
had to scroll down the page to view the “terms of use.”
The court gave no credence to the plaintiff’s argument that he “checked” the
terms and conditions box inadvertently and therefore had not assented to the
agreement. In general, a software licensor can create a “safe harbor” for proving
manifestation of assent by using a “double assent procedure” that requires the
user to reaffirm assent. A licensor must give the licensee a right to a refund if the
licensee has not had an opportunity to review the terms and manifest assent prior
to payment. Recently, courts have struck down browsewrap agreements on
grounds of inconspicuousness as well as contract formation grounds. See, e.g.,
Berkson v. Gogo LLC, 2015 WL 1600755 (E.D. N.Y. Apr. 8, 2015).
(G) ROLLING CONTRACTS
Courts have recognized a “layered” or “rolling” system of electronic contract
formation, which is an

103

extension of the layered contract formation industry practice in durable goods

sales. With a layered contract, licensors structure their agreements so that a
customer will manifest assent to different terms at different points in time. For
example, a cell phone contract may introduce new terms after the initial monthly
agreement by posting them on a website.
Instagram’s terms of service are structured as a rolling contract. Instagram
ended up altering its position as to the intellectual property rights of photographs
posted on its service, creating a firestorm in the user community. The recent
trend in judicial decisions is that courts enforce “cash now, terms later” licenses
so long as the licensor gives reasonable notice to the user and an opportunity to
decline the terms.
(1) ProCD, Inc. v. Zeidenberg: A Game-Changer

In ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996), the Seventh
Circuit upheld a shrinkwrap agreement in which the licensee paid for boxed
software that included a software license inside the box. ProCD’s software
consisted of a CD-ROM containing a computer database consisting of more than
3,000 telephone directories called Select Phone compiled at the cost of $10
million. Matthew Zeidenberg purchased a single copy of ProCD’s software at a
cost of $150 and formed a company to resell access to the ProCD software over
the Internet.

104

ProCD filed a copyright infringement lawsuit, seeking an injunction against

Zeidenberg that restrained him from further sales of its software. The federal
district court held ProCD’s license agreement was unenforceable since its terms
did not appear on the outside of the package and a customer could not be bound
by terms that were secret at the time of sale. The Seventh Circuit disagreed,
ruling that ProCD’s license agreements were enforceable under a “pay now,
terms later” contract paradigm. The Seventh Circuit applied U.C.C. Article 2 to
the license agreement, noting contract formation may be manifested in any
manner sufficient to show agreement.
The ProCD court held that terms presented inside of a box of software bind
consumers because they have an opportunity to read the license agreement and
to reject it by returning the product. The court also rejected Zeidenberg’s
argument that shrinkwrap license agreements must be conspicuous to be
enforced. The Seventh Circuit also rejected the argument that the U.S. Copyright
Act preempts software licenses because the rights created by ProCD’s license
agreement were not found to be equivalent to any of the exclusive rights of the
U.S. Copyright Act. A copyright holder has exclusive rights to use and to
authorize the use of his work in five qualified ways: (1) to reproduce the work;
(2) to prepare derivative works; (3) to distribute copies of the work to the public;
(4) to perform the work publicly; and (5) to display the work publicly. The
ProCD case legitimated the use of shrinkwrap licenses to bypass the first sale
doctrine of copyright

105

law. The licensor is able to impose conditions on the use of software after sale
of a CD-ROM because the transaction is structured as a license not a sale.
(2) Hill v. Gateway 2000, Inc.
In Hill v. Gateway 2000, Inc., 105 F.3d 1147 (7th Cir. 1997), a consumer
ordered and paid for a Gateway personal computer during a telephone
conversation with a company representative. Gateway’s standard business
practice was to send its computer system—with a software license agreement
included inside the box—through the mail to the customer. The license
agreement stated that the consumer must submit any dispute to mandatory
arbitration unless they returned the personal computer within 30 days. Under
classical contract law, silence or inaction by a party generally does not constitute
assent.
Nevertheless, the Seventh Circuit upheld Gateway’s delayed contract
formation policy, including the arbitration clause, finding that the failure of a
consumer to return the computer to Gateway within 30 days constituted a
manifestation of assent. Hill was found to be the offeree and Gateway the offeror
who had the power to specify the manner of acceptance. The Seventh Circuit
ruled that the “terms inside Gateway’s box stand or fall together.” U.C.C. § 2–
207, the battle of the forms, was inapplicable, since there was not an exchange of
forms at all but a single form drafted by Gateway.
Judge Easterbrook’s interpretation of the battle of the forms conflicts with
Official Comment #1 to

106

U.C.C. § 2–207 that makes it clear that the battle of the forms also applies to a
written confirmation of an earlier oral agreement as in this case. U.C.C. § 2–207
would apply because Gateway’s form could be construed as a written
confirmation of the earlier oral agreement made between Hill and the company’s
authorized representative on the telephone.
U.C.C. § 2–207(2) would construe the additional or different terms as
“proposals for addition to the contract” since the transaction was not between
merchants. The consumer would need to agree specifically to the arbitration term
in order for it to be part of the contract. The contract had already been completed
by the time Gateway placed the license agreement inside the box. Despite the
court’s incorrect reading of U.C.C. Article 2, U.S. courts continue to cite the Hill
decision, another example of the pro-industry trend.
§ 4-2. Uniform Electronic Transactions Act
The Uniform Electronic Transactions Act (UETA) is a model state law
proposed by the National Conference of Commissioners on Uniform State Laws
(NCCUSL) to create more uniformity for electronic transactions. UETA is not a
substantive contract law statute, but rather has the purpose of validating records
and e-signatures as the functional equivalents of writings and pen signatures.
UETA substitutes the “record” for a paper-based writing and treats signatures in
electronic form as the equivalent of signatures made by pen.

107

Forty-seven of the fifty states and the District of Columbia, as well as the
territories of Puerto Rico and the Virgin Islands have enacted UETA. The
purpose of UETA is to remove barriers to E-Commerce, implement reasonable
practices, and harmonize contracting procedural rules by enabling the electronic
retention and transmission of digital information.

§ 4-3. The Electronic Signatures in Global and National

Commerce Act
The Electronic Signatures in Global and National Commerce Act (E-Sign) is a
federal statute that overlaps with UETA by also legitimating digital signatures
and electronic records. E-Sign insures that courts may not deny the legal effect
or the enforceability of contracts solely because the parties formed the contract
through electronic signatures or electronic records. E-Sign establishes the ground
rules for validating electronic signatures, authenticating the identity of the sender
of a message or the signer of a document, and ultimately ensuring electronic
documents are not modified.
E-SIGN § 101(C) requires consumers to affirmatively consent before an
electronic communication or record can be sent in lieu of a physical writing.
Consumers also have the right to withdraw consent at any time. Consumers are
entitled to disclosures if an electronic record is substituted for a paper-based
record. Section 101(C) gives consumers the right to demand that sellers or
services providers make a record available on paper or in another electronic
form. Congress took the

108
unusual step of incorporating a saving clause, which defers to UETA where
there is a conflict with E-SIGN. The vast majority of states had already enacted
UETA by the time Congress passed E-Sign in June of 2000. The legal
significance of E-Sign and UETA is that it legitimated digital signatures and
records as the functional equivalent for paper-based signatures and writings.

§ 4-4. Uniform Computer Information Transactions Act

(UCITA)
(A) STATUTORY PURPOSE
The Uniform Computer Information Transactions Act (UCITA) is a state
statute that develops the ground rules for contracting in cyberspace. UCITA
harmonizes legal infrastructure for Website linking agreements, affiliate
agreements, legal notices, license agreements, access contracts, clickwrap
agreements, end-user agreements, online shopping, auction bidding agreements,
terms of services agreements, and online licenses of all kinds. The concepts and
methods for attribution procedures, authentication, computer information,
electronic agents, electronic events, electronic messages, and online contracting
update contract law for the age of the Internet.
Maryland and Virginia are the only states to have enacted UCITA, a useful
template for a wide array of software licensing transactions. UCITA is divided
into nine parts: (1) General Provisions, (2) Formation and Terms, (3)
Construction, (4) Warranties, (5) Transfer of Interests and Rights, (6)

109

Performance, (7) Breach of Contract, (8) Remedies and (9) Miscellaneous

Provisions. Lawyers frequently import UCITA provisions into their mass-market
license agreement because of their flexibility.

§ 4-5. Principles of the Law of Software Contracts

The ALI proposed the Principles of the Law of Software Contracts
(Principles) because of the failure of UCITA to be widely adopted by state
legislatures. The ALI Reporters of the Principles concluded: “Perhaps no other
commercial subject matter is in greater need of harmonization and clarification”
than software contracts. These Restatement-like Principles address legal issues
for transferring software for consideration, whether by lease, license or sale. The
ALI Reporters address four issues: (1) the nature of software transactions, (2)
contract formation and how industry practices govern terms, (3) the juncture
between federal intellectual property rights and software contract law, and (4)
software contracting terms such as warranties, remedies, and transfer rules. The
goal of the Principles is similar to a Restatement into providing guidance for
courts and legislatures when addressing software contracting issues.
(A) SPHERE OF APPLICATION
The Principles are inapplicable to physical media on which software is stored
or transferred such as a CD-ROM, or firmware. Software contracts may be
hybrid transactions consisting of sales, leases, and

110

licenses. Section 107 applies a “predominant purpose” test, which asks

whether the transaction is predominately goods or software. If goods are the
predominant part, U.C.C. Article 2 applies not the Principles. The Principles
apply to all software contracts where there is consideration.
(B) PRELIMINARY CONCERNS
The prefatory Principles (Chapter 1) provide a legal infrastructure including
definitions, scope, and general terms, digital content, record, software, choice of
forum, choice of law and unconscionability. The Principles’ Reporter makes it
clear that the parties’ choice of law must give way to federal intellectual property
rules to the contrary. A software contract is unenforceable if it “(A) conflicts
with a mandatory rule of federal intellectual property law, or (B) conflicts
impermissibly with the purposes and policies of federal intellectual property law,
or (C) would constitute federal intellectual property misuse in an infringement
proceeding.” Principles of the Law of Software Contracts, § 1.09.
The Principles of the Law of Software Contracts guide courts in policing
unfair or unconscionable license agreements. Section 1.09, illus. #8 for example,
would invalidate a provision in a license agreement where a transferee of a
spreadsheet software program is asked to agree not to implement ideas or
develop a competing program for 99 years. A few software licensors prohibit
licensees from publicly criticizing software, a practice that is also challengeable
under Section 109.
111

(C) FORMATION
(1) Liberal Formation Rules
The Principles adopt the liberal contract formation rules from U.C.C. Article
2. Section 2.01 covers standard form as well as customized software licenses.
Software license agreements or other transfers may be made in any method as
long as it shows the parties have reached an agreement. The Principles also
validate “rolling contracts” even if presented to the consumer in a take-it-or-
leave-it standard form. With a rolling contract, manifestation of assent does not
occur at a single point in time.
Under webwrap contracts, a party will manifest assent to different terms at
different points in time. Terms of service agreements, for example, reserve the
right to modify the terms of use or service. The licensor or buyer requires
payment first and provides terms later. The recent trend in judicial decisions is
that courts enforce “cash now, terms later” licenses so long as the licensor gives
reasonable notice to the user and an opportunity to decline the terms. The
Principles validate electronic records as the functional equivalent of a physical
writing to satisfy the Statute of Frauds.
(2) Battle of the Forms Provision
The Principles also adopt a simple battle of the forms provision in which the
contract consists in terms found in both terms and gap-fillers. The ALI Reporters
substitute electronic records for physical

112

forms, thus updating U.C.C. § 2–207 to the Internet. Section 2.02 applies
special rules for standard or mass-market transfers of generally available
software. The transferee will be deemed to have adopted a standard form if the
standard form is reasonable accessible before the transfer and they must have
access to the standard form before notice of payment.
Section 2.02 addresses standard form transfers of generally available software.
The contract rules for electronic and prepackaged software adopt an objective
theory of contract formation in Section 2.01(B) where a transferee is deemed to
have adopted a standard form where a reasonable transferor would believe that
the other party intends to be bound.
(3) Formation Safe Harbors

The Principles of the Law of Software Contracts validate mass-market license

agreements such as clickwrap, shrinkwrap but not browsewrap. The ALI
Reporters note that clickwrap supports the safe harbor of presumed
enforceability while browsewrap does not suffice.
The Principles adopt the “opportunity to review” test in UCITA, which gives
the licensee reasonable accessibility to terms prior to the transfer. Clickwrap, for
example, should be structured so that the “I accept” radio button appears either
at the end of, or adjacent to, the license to pass the “opportunity to review” test.
Under § 2.02(D), a transferor of software must give the transferee the capacity to
store and reproduce the license or other

113

standard form. The ALI Reporters noted that clickwrap is the functional
equivalent of the signature in the bricks and mortar world.
(4) Parol Evidence Rule

Section 3.08 adopts a parol evidence rule within the rules of admissibility to
reduce fraudulent assertions of the existence of license agreements and other
transfers. A license agreement does not fail for indefiniteness merely because the
licensor does not specify all of the key terms; the Principles adopt a simple battle
of the forms provision where the contract exists in terms found in both
definitions and gap fillers. Section 3.08’s parol evidence rule distinguishes
between fully integrated and partially integrated records.
(5) Contract Modification
Under the Principles, as with UCITA, modifications of software contracts
require no consideration to be binding. Section 2.03 validates no-oral-
modifications clauses unless waived by both parties. Section 2.03 also provides
that contractual modifications require no particular form; they “may be formed
in any manner sufficient to show an agreement.” For electronic transfers of
software, e-notices of modification are enforceable provided the transferee
receives a reasonable electronic notice of the modification and the transferee
electronically signifies agreement.

114
114

(6) General Principles of Integration

The Principles recognize a hierarchy of contract terms, which begins with the
language of the entire agreement but also considers the parties course of
performance, course of dealing and usage of trade in that order. If there is a
disagreement over meaning of a term in a record, courts are to apply the standard
of reasonable integration. Section 3.10 articulates two exceptions to 3.09(A)’s
objective interpretation rule. The first exception arises if the parties to a software
contract disagree over the meaning of words or conduct.
The court will determine that the meaning intended by one of them should be
enforced if, at the time the parties made the agreement, the other party did not
know or have reason to know of any different meaning intended by the other
party. The second exception occurs when parties disagree over the meaning of
an ambiguous fundamental term or terms.
(D) SOFTWARE CONTRACTING WARRANTIES
Section 3.01 gives licensees and other transferees a lesser infringement
warranty than what buyers receive under U.C.C. § 2–312. Sections 3.02 through
3.07 in the Principles import warranties concepts from U.C.C. Article 2 and
UCITA with some significant differences.
(1) Express Warranties
The quality warranties outlined in Chapter 3 of the Principles closely track
U.C.C. Article 2, while

115

accommodating them to software commercial realities. Section 3.02 of the

Principles makes the transferor liable for express warranties to any transferee in
the distribution chain, including all intermediate parties and end users. The
creation of an express warranty is not dependent upon whether a transferor uses
formal words such as “warrant” or “guarantee” or that it has a specific intention
to make a warranty.
The ALI Reporters import Section 3.02 of the Principles from both UCITA
and Article 2 of the U.C.C. This section creates a cause of action for the licensee
if the delivered software fails to conform to the description in advertising or
packaging. If an employee of the software licensor demonstrates the software to
a licensee, the software must conform to the demonstration. A licensor is
potentially liable for express warranties to any transferee in the distributional
chain, including intermediaries and end users.
(2) Implied Warranty of Merchantability
The Principles downsize U.C.C. Article 2’s six-part test for merchantability to
three quality standards in Section 3.01(B) for merchant transferors.
Merchantable software, at a minimum, must (1) pass without objection in the
trade under the software contract, (2) be fit for the ordinary purposes for which
such software is used, and (3) be adequately packaged and labeled.
The Principles draw upon software industry standards in determining the
minimal standards of

116

merchantability. Section 3.04 of the Principles is drawn from U.C.C. § 2–312

and UCITA § 405. The Principles do not extend the implied warranty of
merchantability to open source software because software developers will
frequently have little control over quality.
(3) Systems Integration & Fitness Warranties
The ALI Reporters imported Section 3.04 of the Principles from U.C.C. § 2–
312 and UCITA § 405. Section 3.04 of the Principles requires the licensor know,
or have a reason to know, of the particular purpose of the licensee to make a
fitness type warranty. If a software developer warrants its software will function
with a given computer system, the company will be liable for the warranty of
fitness for a particular purpose under § 3.04. A licensor violates a fitness
warranty when it selects software for the particular purpose of the licensee.
Fitness warranties may be created in part by product advertising or sales
representations. Companies claiming that they are systems integration specialists
may create fitness warranties. Vendors frequently must address system
integration tasks to make hardware and software compatible. For example,
systems integration is required to link a given firewall system with other security
systems such as surveillance products. Systems integration is a software
engineering term meaning an engineer’s ability to combine software components
so they work as an integrated whole, which is also known as interoperability.

117
Like the fitness warranty, the systems integration warranty requires a showing
of reliance of the customer on the licensor’s representation that software will
work or is integrated with a given computer system. For example, if a software
developer warrants that their software will function with Microsoft’s Word 10,
the software maker will be liable for the systems integration warranty if this is
not true.
(4) Non-Infringement Warranties
The Principles generally follow the contours of warranties set forth in Article
2 of the U.C.C.—except for the non-infringement warranty. Under the
Principles, a licensor is not liable for unknowingly transferring software that
infringes the patent claims of others. Similarly, Section 3.02 creates a
nondisclaimable warranty that its software or product does not have hidden
defects of which it is aware at the time of transfer.
The U.C.C.’s non-infringement warranty does not turn upon the seller’s
knowledge because it is a strict liability-like obligation. Article 2 of the U.C.C.
imposes a strict liability regime for transferring goods infringing the patents or
other intellectual property rights of third parties, while the Principles adopt a
negligence standard. Section 3.01 gives licensees and other transferees a lesser
infringement warranty than U.C.C. Article 2 does. Like U.C.C. Article 2,
Section 3.01 permits software vendors to disclaim their implied indemnification
obligations. Licensors routinely disclaim non-infringement warranties because of
the uncertainty

118

in patent law, which is a topic discussed in Chapter 13.

(5) Nondisclaimable Warranty for Hidden Defects

Section 3.05(A) creates a nondisclaimable warranty that its software does not
have hidden defects of which it is aware at the time of transfer; “The ALI
Principles include three kinds of disclosure: disclosure of facts (concerning the
quality of software), disclosure of terms (of standard forms), and disclosure of
post-contract intentions (to pursue remote disablement of software).” Robert A.
Hillman & Maureen O’Rourke, Defending Disclosure in Software Licensing, 78
U. CHI. L. REV. 95, 95 (2011).
Section 3.05(B) provides that a party that transfers software by sale, license, or
otherwise, and receives money or a monetary obligation warrants that they are
unaware of any material hidden defects at the time of transfer. This provision
created a firestorm of protest because it prohibits software vendors from
disclaiming liability for known software defects. Developmental software
projects frequently contain known bugs that are slowly remedied by patches in
their environment of use.
(E) SOFTWARE PERFORMANCE STANDARDS
(1) Breach and Material Breach
“A breach occurs if a party without legal excuse fails to perform an obligation
as required by the

119

agreement. The ALI Reporters import concepts such as tender, acceptance,

rejection, repudiation, anticipatory repudiation, adequate assurance of
performance, or other performance-related topics such as inspection from U.C.C.
Article 2 and the common law without substantial reworking.
(2) Material Breach

The Principles import the concept of material breach from the Restatement
(Second) of Contracts § 241 and UCITA § 701 in determining what constitutes a
material breach. Section 3.11 defines a material breach as an electronic agent
that allows the nonbreaching party to declare the end of the contract. A material
breach occurs where transferors breach the warranty of § 3.05(B) (duty to
disclose material hidden defects), a limited remedy fails of its essential purpose
(§ 4.01), or the transferor breaches the contract by failing to comply with § 4.03,
which is the provision for automatic disablement. In determining whether a
breach is material, significant factors include:
(1) the terms of the agreement;
(2) usage of trade, course of dealing, and course of performance;
(3) the extent to which the aggrieved party will be deprived of the benefit
reasonably expected;
(4) the extent to which the aggrieved party can be adequately compensated
for the part of the benefit deprived;
120

(5) the degree of harm or likely harm to the aggrieved party; and
(6) the extent to which the behavior of the party failing to perform or to
offer to perform departs from standards of good faith and fair dealing.
ALI, The Principles of the Law of Software Contracts § 3.11(c) (2010).
In addition to these six factors, it is a material breach, if a licensor breaches
the warranty of not disclosing a hidden material defect, when a contract fails of
its essential purpose, and “the transferor breaches the agreement to comply with
§ 4.03.” Principles of the Law of Software Contracts § 3.11(d) (2010). Section
4.03 is the provision dealing with the automated disablement of software. A
licensor that programs a “time bomb” into the software that disables its operation
at the end of that limited period is an example of an automated disablement.
“Section 4.03 places meaningful limitations on the right to disable software by
automated means as a remedial matter, and these protections may not be waived
by agreement. Transferors may not disable software in the non-negotiated
context of the standard-form transfer of generally available software or against
consumers in any context. Automated disablement is a viable option only in
other agreements in which the transferee is on notice of the provision and on
notice of the particular breach for which the transferor plans to use automated
disablement.” § 3.11, cmt. b. Either

121

party proving a material breach may cancel the contract.

(3) Right to Cure

The Principles of the Law of Software Contracts imported the concept of cure
from UCITA, which essentially gives software licensors a second chance to get
things right. “It provides a breaching party with a right to cure under certain
circumstances. Certainly, the agreement itself can prohibit cure or otherwise
limit it. Indeed, many, if not most, software agreements address a breaching
party’s right to cure in the agreement.” Principles of the Law of Software
Contracts § 3.12, cmt. a (2010).
Breaching parties have the right to cure at their own expense where the time
for performance has not yet expired or there are reasonable grounds to believe
the nonconforming software would be acceptable to the licensee. Software
licensors also often give licensees a period of acceptance testing in addition to
the cure.
(4) Cancellation
“An aggrieved party may cancel a contract on a material breach of the whole
contract if the breach has not been cured under § 3.12 or waived.” Principles of
the Law of Software Contracts § 4.04(a) (2010). This section “gives the
aggrieved party the option to cancel the contract in the event of a material breach
of the whole contract if the breach has not been cured or waived. The concept of
material breach of the whole contract may be

122

relevant when the agreement calls for repeated performance.” § 4.04, cmt. a.
(F) REMEDIES FOR BREACH
(1) Expectation Interest

Chapter 4 of the Principles “addresses the issue of the appropriate remedies

for breach of an agreement governed by the Principles. Remedial issues are, of
course, central to contract law and in software agreements as in other contracts,
expectation damages are appropriate.” Principles of the Law of Software
Contracts 4 Overview (2010). When the parties have not concluded an
enforceable agreement on remedies, but one of them has breached, § 4.05 of the
Principles calls for the award of expectancy damages.
The Principles of Software Contracts validate the parties’ agreements as to
what the remedies should be much like UCITA and U.C.C. Article 2. The ALI
Reporters assume parties to software contracts will adapt well-established
principles from sales such resale, market price, specific performance, and
liquidated damages to software contracts. In the absence of agreement, the
drafters adopted the expectation theory of damages. The nonbreaching party is
entitled to remedies for breach where the software fails to perform according to
contract specifications. A single-user licensee that makes multiple copies of the
code infringes copyright and breaches the agreement.

123

(2) Use of Automated Disablement of Software

The Principles of the Law of Software Contracts limit the ability of a software
licensor to remotely remove or disable software. Section 4.03 balances the
interests of licensors and licensees by permitting automated disablement under
certain limited circumstances, but strictly prohibiting disablement as a self-help
remedy. Electronic disablement is strictly prohibited in standard form transfers
of generally available software and all consumer transactions. Licensors using
electronic disablement contrary to the Principles are subject to liability for direct,
incidental, and consequential damages.
(3) Liquidated Damages
Section 4.02 provides for liquidated damages but these clauses may not be
penal provisions. The guideposts in U.C.C. § 2–718 were imported to the
Principles. If the court strikes compensation or liquated damages clauses, the
remedies are available as if the clause not been included. The ALI Reporters
decline to develop precise formulas for measuring damages in software
contracts, but direct courts to U.C.C. Article for guidance.
As with U.C.C. 2–718, § 4.02 states, “A term fixing unreasonably large
liquidated damages is void as a penalty.” … It is unnecessary because it is
redundant with the reasonableness requirement for enforcement, and misleading
because it focuses only on unreasonably large damages—a liquidated-damages
provision calling for unreasonably small

124

damages would likewise be unenforceable.” Principles of the Law of Software

Contracts § 4.02, cmt. a. (2010). Liquidated damages clauses in all software
contracts are enforceable so long as they are reasonable. Terms with
unreasonably large are “void as a penalty.”
(4) Cancellation & Expectancy Damages

An aggrieved party in a software contract may cancel the contract so long as

they can prove a material breach of the entire contract. As with U.C.C. Article 2,
Section 4.04 states that the nonbreaching party has no right to cancel absent
notice to the breaching party, which then triggers a right to cure. The Principles
of the Law of Software Contracts adopts the goal of expectation damages, which
places the injured party in the same position in the absence of breach. Section
4.05 notes that damages for lost expectancy include direct, incidential, and
consequential damages, less expenses saved in consequence of the breach. The
ALI Reporters of the Principles of the Law of Software Contracts do not offer
formulas for measuring damages because software contracts involve so many
“divergent contexts.” See 4.05, cmt. b. The ALI Reporters note that U.C.C.
Article 2 remedies (§§ 2–706 and 2–708), UCITA (§ 808) and the Restatement
Second of Contracts (§§ 344–355) provide guidance for crafting software
contracting remedies.

125

(5) Specific Performance

Section 4.06 recognizes the equitable remedy of specific performance where

software is unique or the licensee proves other proper circumstances. Specific
performance is not available for computer contracts that are predominately
personal services as opposed to software or information transfers. The ALI
Reporters note that “the decree for specific performance may extend to such
terms and conditions as to payment of the price, damages, confidentiality, and
rights in the software as the court may deem just.” See § 4.06(b).
(6) Limitations of Remedies

Section 4.01 adopts the concepts of a minimum adequate remedy. Section 4.01
“balances contractual freedom to limit remedies with safeguards should the
exclusive or limited remedy fail of its essential purpose. Contractual freedom,
however, is inappropriate in the cases of: (i) the implied warranty of no hidden
material defects (§ 3.05(b)); and (ii) unauthorized automated disablement (§
4.03(e)). Sections 4.01(a)(1) and 4.01(c) therefore do not permit limitation or
alteration of damages in those cases.” Section 4.01 imports the concept of a
minimally adequate remedy.
(7) Failure of Essential Purpose

“The focus of § 4.01(b) is not on the bargaining process that produced the
remedial term, but on application of the exclusive or limited remedy if the

126

software is defective. An exclusive or limited remedy fails of its essential

purpose when the transferor is unable or unwilling to provide the transferee with
conforming software within a reasonable time regardless of the transferor’s best
or good-faith efforts.” Id at § 4.01, cmt. c. “For example, when the exclusive
remedy calls for repair of the software, if the transferor attempts in good faith to
repair and is willing to continue attempting repair, the remedy nevertheless fails
of its essential purpose after a commercially reasonable time.”

§ 4-6. Cloud Computing Service Agreements

Businesses around the world as well as consumers are entering into “service
level agreements” with cloud computing providers. The term, cloud computing,
is a metaphor that describes public as well as private providers of software
access or storage.
(A) CLOUD COMPUTING SERVICE MODELS
The National Institute of Standards and Technology (NIST) definition of
cloud computing consists of five essential characteristics: (1) On-demand self-
service, (2) Broad network access, (3) Resource pooling, (4) Rapid elasticity,
and (5) Measured Service. Cloud providers deploy three basic service models (1)
Cloud Software as a Service (SaaS), (2) Cloud Platform as a Service (PaaS), and
(3) Cloud Infrastructure as a Service (IaaS). The four most common deployment
models are (1) Private cloud, (2) Community cloud, (3) Public cloud,

127

and (4) Hybrid cloud.” National Institute of Standards, NIST Cloud Computing
Program (2013).
Cloud providers have developed the next generation of IT services, storing
data and running applications and permitting users access data and collaborate
on any device, from any location 24/7. Ideally, data or software can be accessed,
edited, and shared securely from any location on any device. To date, cloud-
computing providers have adopted a services paradigm.
(B) TERMS IN SERVICE-LEVEL AGREEMENTS
Cloud providers commonly use Subscription, Lease, Usage, Feature Based,
End-date and Perpetual Access contracts. A typical provision, for example,
makes a term of service automatically renewable in perpetuity, subject only to
written cancellation by the customer. The fees are generally in form of monthly
service fees with upgrades. Service credits are issued to customer accounts to
offset future billable services. Service credits are not typically transferable to
other account holders.
§ 4-7. Cross-Border Contracts
(A) SOURCES OF E-CONTRACT LAW
The Internet, by its very nature, is international, yet there is no uniform legal
infrastructure for commercial transactions harmonized for the global
marketplace. In the absence of international conventions, domestic law applies to
license agreements and terms of service. There is great

128

uncertainty as to whose law will govern online commerce, which knows no

international borders. Uniform rules for safeguarding commercial information
transfers would be a desirable international development.
Contract law in cyberspace must take into account radically different social,
economic, and legal systems. A growing number of companies are engaged in
cross-border electronic commerce. The movement to devise uniform rules to be
used in private international law has evolved rapidly over the past century. Many
Internet-related contracts are mass-market agreements such as terms of service
agreements or software license agreements.
As software companies go global, online contracts will be subject to radically
different legal systems. U.S. style terms of use widely enforced in the United
States are unenforceable in the European Union because they violate the Unfair
Contract Terms Directive, the Brussels Regulation, and the Rome I Regulation.
A new legal paradigm is necessary to facilitate E-Commerce, which may soon
eclipse brick-and-mortar commerce. Paper-based signatures are rapidly giving
way to digital signature in E-Commerce. Electronic agents with or without
human review are increasingly forming contracts. Trading partner agreements
form rules in advance for protocols for the ordering of goods and payment
through electronic messages.

129

(B) UNCITRAL’S DIGITAL SIGNATURE

The United Nations Commission for International Trade (UNCITRAL); the
International Institute for the Unification of Private Law (UNIDROIT); the
Council on Europe (Council); and the International Chamber of Commerce
(ICC) have all spearheaded past efforts to create international commercial law.
The European Commission contends that E-Commerce will increase only if
consumers are convinced they have a minimal adequate remedy when entering
into cross-border sales and services. UNCITRAL’s Model Law on Electronic
Commerce is consistent with UCITA’s E-Commerce infrastructure in addressing
business-to-business but not business-to-consumer rules.
131
CHAPTER 5
CONSUMER LAW IN CYBERSPACE

§ 5-1. FTC’s Role in Internet Consumer Law

The Federal Trade Commission (FTC) administers diverse laws applicable to
cyberspace activities including The Undertaking Spam, Spyware, and Fraud
Enforcement With Enforcers Beyond Borders Act of 2006 (Safe Web). Safe
Web amended Section 5’s “unfair or deceptive acts or practices” to include
“such acts or practices involving foreign commerce” causing reasonably
foreseeable injury within the United States. The FTC alleged that such unfair
and deceptive practices violated Section 5(a) of the FTC Act, 15 U.S.C. § 45(a).
The Safe Web statute immunizes Internet Service Providers and consumer
reporting agencies from liability for voluntary disclosures to the Commission
about suspected online fraud or deception. The FTC takes the position that the
Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. is applicable to those who
aggregate information from social media sites.
The Federal Trade Commission agreed to investigate whether Google’s
YouTube Kids application was unfair and deceptive. Consumer groups
conducted a content analysis of YouTube Kids and uncovered videos that were
disturbing for young children and potentially harmful:
• Explicit sexual language presented amidst cartoon animation

132

• A profanity-laced parody of the film Casino featuring Bert and Ernie

from Sesame Street
• Graphic adult discussions about family violence, pornography and child
suicide
• Jokes about pedophilia and drug use
• Modeling of unsafe behaviors such as playing with lit matches
• Advertising for alcohol products. May 9, 2015 Letter to FTC from Center
for Digital Democracy.
(A) FRAUDULENT TRADE PRACTICES
(1) Fraudulent Internet Businesses
Section 5 of the FTC Act prohibits, in part, “unfair … acts or practices in or
affecting commerce.” 15 U.S.C. § 45(a). The FTC has deployed its Section 5
powers to punish and deter Internet-related deception. Beginning in the mid-
1990s, the FTC has vigilantly patrolled websites to ensure that they do not
contain unfair or deceptive advertisements. An act or practice is deceptive if: (1)
there is a representation, omission, or practice; (2) that is likely to mislead
consumers acting reasonably under the circumstances; and (3) the representation,
omission, or practice is material. FTC v. Stefanchik, 559 F.3d 924, 928 (9th Cir.
2009) (citation omitted). Deception may be found based on the “net impression”
created by a representation. FTC v. Cyberspace.com LLC, 453 F.3d 1196, 1200
(9th Cir. 2006). In FTC v. Cyberspace.com, 2002 WL

133

32060289 (W.D. Wash. July 10, 2002), the defendants used solicitation
checks as a means of marketing Internet services, using wholly-owned
companies. Cyberspace “mailed approximately 4.4 million solicitations, 3.3
million of which were sent to small businesses and the remaining 1.1 million
were sent to individuals. The solicitations varied in style, but all of them
included a check, usually for $3.50, with an attached form that looked like an
invoice.
“The check was made out to the individual or small business to whom it was
sent, with the consumer’s phone number in the ‘re’ line…. The fronts of the
checks and the invoices were generally devoid of any indication that the mailing
was an offer for services or that by cashing the check, the consumer was
contracting for internet access.” The FTC contended that the placement of the
disclosures was inconspicuous. “Along with the check/invoice document, most
of the solicitations also included an advertising insert touting the importance of
good internet access and the offeror’s ability to provide it “for the low, low price
of only $29.95 per month, which, when the enclosed check is endorsed and
cashed or deposited, will be billed conveniently to the customer’s local phone
bill.” The court noted that:
[T]he misleading and deceptive nature of the check/invoice solicitations is
not only plain on its face, but is also proved by its results. Letters and
testimony in the record show that some of the recipients were deceived by
the form of the solicitation or, at the very least, ended up
134

paying for a service that they did not want and/or could not use.
The court found misrepresentation as a matter of law. The court held that the
defaulting defendants, Cyberspace and EPV were subjected to the terms of the
stipulated permanent injunction.
In FTC v. Sale Slash, LLC, No. CV15–03107, Apr. 27, 2015), a California
court issued a temporary restraining order against spammers who deceptively
sold fraudulent weight-loss products online. The FTC charged Jonathan Eborn
with perpetrating a deceptive work-at-home scheme. To settle these charges,
Eborn agreed to pay a $29 million judgment, but concealed at least $369,547.80
from the FTC and his victims. After reviewing the evidence, the district court
held that Eborn failed to disclose $61,519 in cash, his control over two
companies, and at least $274,828.80 in income or assets he received or had
earned from third parties. He also misrepresented the value of his real and
personal property. In the 2014 Consumer Sentinel Report, the FTC found:
Identity Theft was the number one complaint category in the CSN for
calendar year 2014 with 13% of the overall complaints, followed by Debt
Collection (11%); Impostor Scams (11%); Telephone and Mobile Services
(7%); Banks and Lenders (5%); Prizes, Sweepstakes and Lotteries (4%);
Auto-Related Complaints (3%); Shop-at-Home and Catalog Sales (3%);
Television and Electronic Media (2%); and Internet Services (2%).

135

FTC’s enforcers have identified the top ten dot cons: (1) Internet Auctions, (2)
Internet Access Services, (3) Credit Card Fraud, (4) International Modem
Dialing, (5) Web Cramming, (6) Multilevel Marketing Plans/Pyramids, (7)
Travel and Vacation Schemes, (8) Business Opportunities, (9) Investments, and
(10) Health Care Products/Services. In addition, social media sites must comply
with Section 5 and other consumer laws governing Internet advertisements, sales
of securities, taxation, unfair and deceptive trade practices, pricing laws, and
general state and federal consumer statutes.
In FTC v. Johnson, 2015 WL 1471329 (D. Nev. Mar. 31, 2015), the FTC filed
an action against the operators of Internet websites that offered “free or risk-
free” information about government grants to pay personal expenses and about
money-making opportunities through “Google ‘Adwords.’ ” The FTC complaint
noted that:
The government grant sites contained testimonials that gave the false
impression that consumers would likely get the same results from the
products or programs as the people in the testimonials. The websites asked
consumers to fill out a form and provide their credit card or bank account
information to pay for the shipping and handling of a CD with information
on Defendants’ products or programs. The websites’ disclosures often stated
that consumers were actually being enrolled in negative option membership
plans and upsells bundled with the core product. The

136

negative option plans would charge an initiation fee and recurring monthly
fees for a membership. The upsells would also contain separate and
recurring monthly fees.
The FTC contends that the website’s practices violate the Federal Trade
Commission Act (FTCA) and the Electronic Fund Transfer Act (EFTA). The
FTC filed motion for summary judgment, which the district court granted in part.
The court held that the defendant’s websites falsely implied that consumers were
likely to receive government grants for personal expenses. The court also found
disclosures regarding mandatory enrollment in negative option membership
plans to be inadequate.
The court agreed with the Commission that consumers were likely to be
misled by representations that websites were offering “free or risk-free”
information. The court found fact issues existed as to the accuracy of the
representations and testimonials regarding amount of income that consumers
were likely to earn from search engine advertisements. The court also found fact
issues existed as to substantial injury, which is an element for unfair act or
practice.
These policies apply in the “clicks” world just as in the brick-and-mortar
worlds. In FTC v. Fortuna Alliance, L.L.C., et al., Civ. No. C96–799M (W.D.
Wash. 1996), the FTC shut down an Internet marketed pyramid scheme that
defrauded 25,000 consumers. The fraudulent scheme was not a legitimate
investment opportunity; it was “nothing but a high-tech chain letter, with certain
losses for
137

the great majority of investors and tremendous profits for the defendants.”
(2) Deceptive Advertising Claims

The FTC takes the position that Section 5 of the Federal Trade Commission
Act (15 U.S.C. § 45) prohibiting “unfair or deceptive acts or practices” stretches
to cyberspace applying three basic principles: (1) online advertisements must be
truthful and not misleading, (2) online advertisers must have evidence to back up
their claims (substantiation), and (3) they cannot be unfair. The FTC has filed
hundreds of Section 5 actions to enjoin fraud and deception on the Internet. The
FTC investigates deception and unfairness in banner ads, pop ups, social media
reviews, blogger endorsements, Geotagging offers, online targeted ads, and even
in-game advertising.
In FTC v. Corzine, CIV-S-94-1446 (E.D. Cal. 1994), Corzine ran online
advertisements, offering a $99 credit repair kit, on America Online. He
represented that purchasers of his credit repair kit could legally establish a clean
credit record. The FTC filed a complaint, charging Corzine with
misrepresentations in violation of Section 5. The court entered an ex parte
Temporary Restraining Order, freezing all of Corzine’s assets. The court then
entered a Consent Decree, enjoining Corzine from making future
misrepresentations and requiring him to reimburse defrauded customers. The
FTC will treat an advertisement as deceptive if there is a material
misrepresentation, omission, or

138

other practice that misleads the consumer acting reasonably in the

circumstances.
(3) Online Endorsements

False or deceptive endorsements in a social media site or website also violate

Section 5 of the FTCA. In December of 2009, the FTC issued new guidelines for
online endorsements, prohibiting statements by bloggers and other online
reviewers is deceptive if made by advertisers. 16 C.F.R. § 255(1)(A). The FTC
guideposts include, for example, illustrations such as new marketing campaigns
where paid bloggers fail to disclose material connections to the endorsed
products or services. Both advertisers and bloggers are subject to liability for
misleading or unsubstantiated statements made in social media or website
endorsements. The FTC used the example of a blogger promoting a skin care
product:
If an advertiser requests that a blogger try a new body lotion and writes a
review of the product on her blog, she has an affirmative duty to disclose
any financial remuneration or connection that may have influenced her
endorsement.
In Legacy Learning Systems, Inc. v. Federal Trade Commission, C–4323
(FTC 2011), the FTC entered into a consent order for $250,000 to settle
charges that the company deceptively used online affiliate marketers that
masqueraded as ordinary consumers, when they were paid representatives.
In that case, Learning Systems was selling guitar lesson

139

DVDs by using online affiliates who were masquerading as ordinary

consumers reviewing the product. A positive review by someone affiliated
with the seller is a deceptive endorsement.
(4) FTC Mandatory Website Disclosures
The FTC requires online advertisers “to ensure that consumers receive
material information about the terms of a transaction … [and they] must be clear
and conspicuous.” FTC, Dot.com Disclosures (2012) at 1. The FTC’s rules on
disclosure and proximity extend to advertisements on social media or other
websites. In addition, the FTC also requires Internet advertisers to consider the
prominence of disclosures and whether audio messages are in adequate volume
and cadence to reach consumers. The FTC requires that visual disclosures must
appear for a sufficient duration and in a language understandable to the intended
audience.
(B) PROTECTING CONSUMER PRIVACY
The FTC has initiated a formal enforcement action against well-known
companies. The FTC asked Microsoft, Google, Mozilla, and other browser
designers to incorporate a “do not track” option so consumers can opt out of
tracking software. In early 2012, the FTC joined European agencies in launching
an investigation into Google for alleged privacy violations. The FTC filed suit to
enjoin Toysmart.com’s proposed sale of customer lists and profiles as a Section
5 violation of consumer privacy. Toysmart.com represented that it would
“never”

140

disclose, sell, or offer customers’ personal information for sale. Before the
federal bankruptcy court’s distribution of assets, Toysmart.com entered into a
settlement agreement with the FTC to protect the privacy of its customer list.
(C) CHILDREN’S PRIVACY
“The Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. § 6501)
makes it illegal for companies to harvest personally identifiable information
from children aged 13 and under without their parents’ consent.” The COPPA
Rule applies “to operators of commercial websites and online services (including
mobile apps) directed at children under 13 that collect, use, or disclose personal
information from children, and operators of general audience websites or online
services with actual knowledge that they are collecting, using, or disclosing
personal information from children under 13.” FTC, Complying with COPPA
(Apr. 13, 2013). Chapter 7 has a more complete discussion of the FTC and
COPPA.
(D) REGULATION OF ONLINE SPAM
Spam is defined as unsolicited bulk e-mail (UBE), or, unsolicited commercial
e-mail (UCE). A 1970 Monty Python Flying Circus sketch inspired the term
spam where a waiter recited a menu where every breakfast dish included spam.
In a typical day, the average consumer has an e-mail inbox full of virtual offers
to make fast money. A self-proclaimed spam king bragged: “When you’re
sending out 250 million e-mails, even a blind squirrel will find a nut.” The

141

Telephone Consumer Protection Act of 1991 (TCPA) has been stretched to

Internet telemarketing. 47 U.S.C. § 227.
The Seventh Circuit allowed an Illinois class action against the Path
Messenger Service to proceed. The class action contends that Path violated the
Telephone Consumer Protection Act (TCPA) by using automated services to
transmit bulk Short Message Service (SMS) messages without the recipient’s
consent. The Federal Communications Commission (FCC) is the chief agency
that enforces the TCPA although private attorneys general can also file suit. The
FTC entered into a settlement agreement with Path that requires the messenger
service to establish a comprehensive privacy policy with review by independent
privacy assessments each year. The FTC needs to update its anti-spam
guideposts to address the growing problem of junk messages on mobile devices
as well as the rapidly evolving cloud computing legal environment.
(1) CAN-SPAM
Congress enacted the Controlling the Assault of Non-Solicited Pornography
and Marketing Act of 2003 (CAN-SPAM), 15 U.S.C. §§ 7701–7713. CAN-
SPAM prohibits fraudulent, abusive and deceptive commercial e-mail. The
federal anti-spam statute provides for enforcement of the Act by the FTC as well
as by Internet service providers (ISPs). CAN-SPAM requires the commercial
emailer to include a functioning return e-mail address and a method for opting
out of future messages.

142

E-mailers must honor consumers’ requests for removal made using e-mail or
websites mechanisms within 10 business days. CAN-SPAM is less effective than
it might have been because Congress limited enforcement to federal agencies,
states, and Internet Service providers. Victims of spam e-mail have no standing
to file suit against e-mailers, and the federal statute preempts state anti-spam
measures.
To state a claim under the CAN-SPAM Act, the government or a service
provider must allege that the spammer sent an e-mail containing “materially
false or materially misleading” header information. CAN-SPAM defines false or
materially misleading headers to includes a false and fraudulent electronic mail
address, domain name, or Internet Protocol address: CAN-SPAM prohibits false
or misleading transmission information, deceptive headers, and requires e-
mailers to give an easy to use opt out method.
The CAN-SPAM Act creates a cause of action normally pursued by FTC
enforcers. Service providers do not have standing to file CAN-SPAM lawsuits
unless they prove they were “adversely affected” by spam. Adverse effects
include spam-related network crashes, a higher bandwidth utilization because of
the flood of messages, increased costs for hardware and software upgrades,
network expansion, as well as the costs of additional employees responding to
complaints.
Section 7 of the CAN-SPAM Act provides for exclusive enforcement by the
FTC and the

143

Department of Justice. The FTC does not permit state attorneys general to file
anti-spam lawsuits if there is a pending federal civil or administrative
enforcement action. Furthermore, the new federal anti-spam statute preempts all
state anti-spam legislation, even those providing consumers with a cause of
action against commercial e-mailers. For text messages, CAN-SPAM needs
consumers to give “prior express authorization” prior to transmittal. Commercial
messages must identify the company and include an opt-out mechanism
functioning for at least 30 days. If the consumer elects to unsubscribe from
receiving more messages, the company must stop sending any other promotional
messages within 10 days. CAN-SPAM does not authorize private lawsuits by
aggrieved consumers.
(2) Emblematic CAN-SPAM Awards

A federal court in Yahoo! Inc. v. XYZ Companies, No. 08–4581 (S.D. N.Y.
2011), imposed a $600 million damage award against a spam emailer that used
Yahoo!’s marks in over eleven million fraudulent e-mails. The court awarded
half of the maximum statutory damages, “$50 per wrongful communication,”
declining to award treble damages under the Lanham Act given the size of the
CAN-SPAM award. 15 U.S.C. § 7704(a)(1). Facebook was awarded $711
million in damages against Sanford Wallace, “the King of Spam” for false and
misleading marketing emails. In 2008, the court ordered the King of Spam to
pay MySpace $234 million for the consequences of its spamming activities. In
December 2011, a court ordered a

144

Nigerian spammer to pay Yahoo! $610 million arising out of a massive spam
attack that infringed the service provider’s trademarks. The CAN-SPAM verdict
arising out of the Nigerian Advance Free Fraud is likely not collectible. Courts
may fine, but not imprison CAN-SPAM violators.

§ 5-2. Federal Communications Commission

(A) THE COMMUNICATIONS ACT OF 1934
The Federal Communications Commission (FCC) is an independent United
States government agency established by the Communications Act of 1934, 47
U.S.C. § 151. The FCC regulates interstate and international communications
through radio, television, wire, satellite, and cable. The FCC jurisdiction covers
the fifty states, the District of Columbia, and unincorporated territories. The
1934 Act combined previous statutes governing telephone voice service and
radio broadcasting. The Telecommunications Act of 1996 amended and updated
the 1934 Act with the goal of promoting competition in all communications
sectors. The FCC enforces the Telecommunications Act of 1996 (TCA), which
applies to Internet communications. In 2013, the FCC repealed approximately
150 regulations, many of which were rendered legal fossils because of the
Internet.
In National Cable & Telecommunications Association v. Brand X Internet
Services, 545 U.S. 967 (2005), the United States Supreme Court upheld the
FCC’s authority to classify methods of broadband Internet access into pre-
existing

145

definitions of the TCA. In that case, the Court upheld the FCC’s classification
of broadband cable Internet service as an “information service,” and the FCC’s
conclusion that broadband cable Internet service was not a telecommunications
service.
(B) NET NEUTRALITY
The policy debate over “net neutrality” concerns what role the government
should have in regulating broadband Internet providers transmitting and
delivering Internet traffic over their networks. A telecommunications carrier
violated network neutrality when they blocked Web traffic over their networks.
The major policy issue centers on what types and degrees of control the
government should impose on broadband providers. The consumer interest in net
neutrality is to prevent broadband providers from blocking or slowing traffic
based upon content or the type of customer.

§ 5-3. Global Consumer Law

Counsel representing U.S. companies need to conduct audits to determine
whether standard mass-market licenses comply with consumer law in countries
where they do business. For example, the following table demonstrates how U.S.
style standard form contracts used in Internet transactions violate mandatory
European consumer directives and regulations. The illustrative clauses in the
table highlight diametrically opposed mass-market licensing paradigms between
the United States and Europe. Many standard clauses violate the 1993 Unfair
Contract Terms Directive, which

146

defines unfair terms as causing a significant imbalance to the detriment of the

consumer.
The U.S. market-based approach is antithetical to European consumer law,
which provides consumers with uniform procedural and substantive rights across
borders. Chapter 3 introduced the Brussels Regulation governing cross-border
transactions in the EU. Chapter 4 examined the substantive provisions of mass-
market licenses. The table below demonstrates the U.S. style mass-market
licenses will frequently violate multiple provision of EU consumer law.
Provisions in consumer transactions such as choice of law, choice of forum,
mandatory arbitration clauses and the elimination of warranties and meaningful
remedies violate the Unfair Contract Terms Directive as well as other national
law throughout the European Union. The lesson for Internet businesses is that
they must adjust their contracting practices to comply with mandatory, non-
waivable consumer protection.
Internet contracts violate European mandatory consumer law. European courts
take the position that even if a consumer assents to an abusive term, it is
unenforceable as a matter of law and European consumers, unlike their
American counterparts, cannot be hauled into distant forums and be divested of
mandatory consumer protection. The purpose of the EU was to create a seamless
body of consumer protection, providing certainty for consumers and
predictability for the business community. U.S. companies targeting foreign
countries on the Internet must localize their contracts to avoid enforcement
actions by public

147
regulators. The lessons from European consumer rule may also apply to other
countries around the globe.
149
CHAPTER 6
GLOBAL INTERNET TORTS

§ 6-1. Overview of Cybertorts

(A) DEFINING CYBERTORTS
Torts in cyberspace are referred to as e-torts, cybertorts, or Internet torts.
Internet-related torts arise on Twitter, blogs, e-mail transmissions, and website
postings. Cybertort law must once again be fundamentally reshaped because the
Internet is shattering existing precedent by redefining distance, time, privacy and
the meaning of territoriality. The phenomenal growth in traffic on the World
Wide Web requires established legal principles for torts be adapted to
cyberspace. In this chapter, the term “cybertort” is used to describe civil
litigation arising out of e-mail, social media sites, and other computer related
injuries.
Among the subjects covered in this chapter are intentional torts, personal
property torts, information-based torts, privacy, negligent security, information
products liability, foreign Internet torts or delicts, common law defenses, and
Section 230 of the Communications Decency Act (CDA) discussed later in the
chapter.
(B) SECTION 230 OF THE CDA
Section 230(c)(1) of the CDA, entitled “Protection for private blocking and
screening of offensive material” states that “[n]o provider or user of an
interactive computer service shall be treated as the

150

publisher or speaker of any information provided by another information

content provider.” 47 U.S.C. § 230(c)(1). Section 230(f)(3) defines an
“information content provider” as “any person or entity that is responsible, in
whole or in part, for the creation or development of information provided
through the Internet or any other interactive computer service.” 47 U.S.C. §
230(c)(2).
To qualify for CDA Section 230 immunity, a website must show: (1) it is an
interactive service provider or user of such a service, (2) the cause of action
considers the defendant as the publisher or speaker, and (3) the information at
issue is provided by a third-party information content provider.
Under Section 230 of the Communications Decency Act (CDA), a defendant
is immune from state law liability if it is (1) a provider or user of an interactive
computer service; (2) the complaint seeks to hold the defendant liable as a
“publisher or speaker”; and (3) the action is based on information provided by
another information content provider. Communications Decency Act of 1996, §
509(C), 47 U.S.C. § 230(c)(1). The result of Section 230 is that website are not
liable for content supplied by third parties, even though it may be tortious or
even criminal.
(C) DISTRIBUTOR LIABILITY
Section 230’s express terms apply to publishers, but not distributors. Courts
have long distinguished between primary publishers—i.e. newspapers or book
publishers—and secondary publishers or

151

distributors—i.e. bookstores, libraries, or newsstands—in common law

defamation lawsuits. A newspaper is a republisher with the same liability as the
person who originally published a story or article if the newspaper has notice of
any defamatory content. Republishers are classified as primary publishers and
held to the same liability standard as the author of a defamatory work because of
their active role in the publication.
Distributors traditionally are mere conduits, such as telegraph and telephone
companies, who have no liability for content created by others unless they have
specific knowledge of the defamatory messages. In the pre-Section 230 case of
Cubby v. CompuServe, 776 F. Supp. 135 (S.D. NY. 1991), the court ruled that
the service provider was not liable for third party content posted on its online
bulletin board because the service provider was merely a distributor akin to a
bookstore, library, or newsstand. In Stratton Oakmont, Inc. v. Prodigy Services
Co., 1995 WL 323710 (N.Y. Sup. Ct. 1995), a New York trial court held that
online service providers could be held liable for the speech of their users. In that
case, an anonymous poster on Prodigy’s Money Talk bulletin board posted a
statement that Stratton Oakmont, a New York securities investment banking firm
(and its officer), committed criminal and fraudulent acts in connection with the
initial public offering of stock.
When Congress enacted Section 230, its purpose was to adopt the Cubby
court’s view that websites are distributors, not publishers as opposed to a New
York trial court that imposed publisher liability.

152

Courts have stretched Section 230 to encompass distributors as well as

publishers. See Zeran v. America Online, 129 F.3d 327 (4th Cir. 1997) (holding
AOL was not liable for the postings of third parties even if it was a distributor).
After Zeran, the distinction between publishers and distributors on the Internet is
non-existent. Websites and other service liability are not liable for the
defamatory postings of third parties absent proof that they are content creators.
(D) FAILURE TO REMOVE CONTENT
Section 230 provides no right of victims of defamatory or tortious content to
request a website to remove postings even if patently false or defamatory. The
victims of ongoing torts have no action against websites for third party postings
even if they have notice that the postings constitute an ongoing tort or crime. In
general, the U.S. recognizes no right to be forgotten even if postings are untrue.
This no takedown duty approach deviates markedly from the European Union’s
Electronic Commerce Directive, which has implemented a takedown policy for
material constituting ongoing torts.
In Obado v. Magedson, 2014 WL 3778261 (D. N.J. July 31, 2014), the court
attempted to hold search engines liable for failing to remove defamatory
postings. The court made it clear that online intermediaries have no duty to
remove postings even if defamatory or otherwise tortious: 153
Plaintiff also asserts that Defendants have failed to remove the alleged
defamatory blogs in violation of each Defendant’s terms of use and privacy
policies … However, § 230 immunity extends to the service provider’s
decisions about how to treat potentially objectionable material.
As the Third Circuit has explained, § 230 “specifically proscribes
liability” in situations where an interactive service provider makes a
decision “relating to the monitoring, screening, and deletion of content from
its network-actions quintessentially related to a publisher’s role.”
Defendants cannot be held liable for failing to withdraw any of the alleged
defamatory statements, just as they cannot be found liable for “deciding” to
publish any such statements through its search results.
U.S. courts have ruled consistently that service providers are not liable for
ongoing torts (or crimes) committed by third parties on their services even after
they have received notice. Internet service providers have no affirmative duty to
either monitor or takedown objectionable content even if they have notice of a
third party’s ongoing cybertorts on the website or other service. In Zeran v.
America Online, 129 F.3d 327 (4th Cir. 1997), a malicious anonymous poster
instructed members of the public to call Kenneth M. Zeran to order merchandise
displaying tasteless slogans celebrating the 1995 bombing of the Alfred P.
Murrah Federal Court Building in Oklahoma City. The incendiary messages by
the hoaxer included Zeran’s name and

154

telephone number. An Oklahoma City radio broadcaster denounced Zeran on

the air.
In the aftermath of the radio program, Zeran was deluged with threatening
calls and even death threats but could not change his telephone number because
it was also his business number. Zeran contended that AOL was negligent in
failing to remove the incendiary posting from its service and for allowing the
anonymous prankster to continue posting on AOL bulletin boards, even after the
service provider was given notice of this continuing tort. AOL defended on that
grounds that it was Congress’ intent to immunize service providers from tort
liability in order to maintain robust Internet communications.
The Fourth Circuit agreed, ruling that a service provider such as AOL was
insulated from both publisher and distributor defamation lawsuits despite the fact
that Section 230 only addresses publisher liability. The court held that the CDA
prohibits all lawsuits that seek to hold service providers for all of a publisher’s
traditional editorial functions, which includes the decision to publish or alter
content. The Zeran case established that intermediaries have no obligation to
take down information posted by third parties, which is unlike their duty under
copyright law under the takedown rules of the Digital Millennium Copyright Act
covered in Chapter 10.

155
(E) EXCEPTIONS TO CDA SECTION 230
(1) Website Is Deemed a Content Creator

A few courts have ruled that Section 230 immunity is not available if a
website is too closely connected to the creation of content posted by third
parties. In Fair Housing Council of San Fernando Valley v. Roommates.com,
521 F.3d 1157 (9th Cir. 2008), the Ninth Circuit, sitting en banc, ruled that
Section 230 did not immunize roommates matching service website designed to
match people seeking housing. The Roommates.com website required its users
to answer potentially discriminatory questions about such things as age, race,
and sexual orientation in order to complete a profile prior to getting suggested
matches. The Roommates site also encouraged subscribers to provide additional
comments, which encouraged them to make discriminatory selections.
The Fair Housing Council (FHC) filed suit against Roommates for violating
the federal Fair Housing Act (FHA) and California’s housing discrimination
laws. The FHC contended that the website was the functional equivalent of a
housing broker “doing online what it may not lawfully do offline.”
The Ninth Circuit stated: “The message to website operators is clear: if you
don’t encourage illegal content, or design your website to require users to input
illegal content, you will be immune.” The federal district court held that
Roommates.com was immunized under CDA Section 230 dismissing the FHC
claims without determining whether

156

Roommates violated the FHA. The court declined jurisdiction over the
California housing discrimination claims. The Ninth Circuit reversed ruling that
Roommates.com was not entitled to Section 230 immunity.
The Roomates.com court observed that a website is a content provider for
content that it creates itself—whether in whole or in part. The court concluded a
website might be immune from liability for some of the content it displays to the
public but be subject to liability for content it had a significant role in creating.
The Ninth Circuit held that the roommate matching service was responsible for
the alleged discrimination by requiring users to submit protected characteristics
and hiding listings based on those submissions. The appeals court reasoned:
Roommates was not entitled to CDA immunity for the operation of its search
system, which filters listings or its email notification system, which directs
emails to subscribers according to its discriminatory criteria.
While the court ruled that Roommate was divested of its Section 230 shield
for asking discriminatory questions, it made no determination whether
Roommates actually violated state and federal law. Its holding only addressed
only whether Section 230 immunity applied to the website. The Ninth Circuit
ultimately ruled that the website did not violate the Fair Housing Act since
federal law does not apply to shared dwellings. Fair Housing Council of San
Fernando Valley v. Roommates.com, LLC, 663 F.3d 1216 (9th Cir. 2012).

157

In Dirty World Entertainment v. Jones, 755 F.3d 398 (6th Cir. 2014), a former
Cincinnati Bengals cheerleader and schoolteacher filed a defamation action
against The Dirty, an online tabloid. The Dirty website enables users to
anonymously upload comments, “photographs, and video, which Richie then
selects and publishes along with his own distinct, editorial comments. In short,
the website is a user-generated tabloid primarily targeting nonpublic figures.”
An anonymous visitor to www.TheDirty.com submitted two photographs of
Jones and a male companion and the following post: THE DIRTY ARMY: Nik,
this is Sara J, Cincinnati Bengal Cheerleader. She’s been spotted around town
lately with the infamous Shayne Graham. She has also slept with every other
Bengal Football player. This girl is a teacher too!! You would think with
Graham’s paycheck he could attract something a little easier on the eyes Nik!
Richie, the Dirty website operator, added a caustic and allegedly defamatory
commentary appearing directly beneath this post: Everyone in Cincinnati knows
this kicker is a Sex Addict. It is no secret … he can’t even keep relationships
because his Red Rocket has freckles that need to be touched constantly.—nik.
Richie refused to remove the allegedly defamatory postings or his
commentary about Jones and she filed a lawsuit for defamation, libel per se,
false light, and intentional inflection of emotional distress. The U.S. district
court ruled that Section 230 did not shield these claims and the case was

158

submitted to the second jury, which returned a verdict in favor of Jones for
$38,000 in compensatory damages and $300,000 in punitive damages.
The court entered a judgment in favor of Jones ruling that Dirty World and its
founder were liable because they “encouraged” users to post tortious and
defamatory content. The sole issue on appeal was whether Dirty World’s and
Richie’s motion for judgment as a matter of law by holding that the CDA bars
Jones’s state tort claims.
The Sixth Circuit adopted a “material contribution” to determine whether a
website is liable for the content. The court expressly declined to adopt the
definition of “development” set forth by the lower court. The appeals court ruled
that: Dirty World and Richie did not author the statements at issue; however,
they did select the statements for publication. Nevertheless, the court held that
neither Richie nor Dirty World could be found to have materially contributed to
the defamatory content of the statements posted on the Dirty Website. The Sixth
Circuit also rejected an “encouragement” test. The appeals court observed that
unlike in the Roommates.com case, The Dirty did not require users to post illegal
or actionable content as a condition of use.
The Sixth Circuit vacated the judgment in favor of Jones and reversed the
district court’s denial of Dirty World’s and Richie’s motion for judgment as a
matter of law with instructions to enter judgment as a matter of law in their
favor. The Sixth Circuit

159

reversed holding that Section 230 barred Jones’ defamation claim. The court
declined to adopt the district court’s encouragement test of immunity under the
CDA.
In Opperman v. Path, Inc., 2014 WL 1973378 (N.D. Cal., May 4, 2014),
Apple was the defendant in a class action because their devices such as iPhone
and iPads “make it possible for third parties to access and copy Plaintiffs’
address books without their knowledge.” The plaintiffs asserted multiple tort
actions including intrusion upon seclusion, public disclosure of private facts,
trespass to property, conversion, misappropriation, strict products liability
(design defect and failure to warn), and secondary tort liability (vicarious
liability). Apple moved to dismiss these claims based upon Apple’s
misrepresentation because of CDA Section 230. The court did not grant Apple’s
motion finding that it was a “developer of information” and thus not immunized
by Section 230. Plaintiffs asserting tort actions against service providers for third
party postings seldom prevail.
(2) FTC Action & Section 230

In FTC v. Accusearch Inc., 570 F.3d 1187 (10th Cir. 2009), the Tenth Circuit
ruled that CDA Section 230 does not immunize an Internet information broker
from a FTC Section 5 action for unfair and deceptive trade practices. The FTC
filed suit against Accusearch, the operator of website that sold various personal
data, including telephone records, in an attempt to curtail the sale of confidential
information and to require it to disgorge its profits

160

from the sale of information in telephone records. Accusearch charges

subscribers for information on customers that include personal telephone
numbers.

§ 6-2. Intentional Cybertorts Against the Person

An intentional tort is committed where the defendant has acted with the desire
to cause the consequence, or the desired consequence is substantially certain to
occur. A virtual hate posting or online stalking is the gift that keeps on giving.
Nevertheless, words alone do not make the actor liable for assault unless the
plaintiff is placed in reasonable apprehension of an imminent harmful or
offensive contact with his person.
In Klayman v. Zuckerberg, 753 F.3d 1354 (D.C. Cir. 2014), a social media
user filed an assault case against Facebook and its founder for failing to remove
Facebook pages calling for a Third Intifada against Israel’s Jewish population.
The Facebook page urged Palestinians “to take to the streets after Friday prayers
on May 15, 2011, and commence an uprising in the vein of the first two popular
intifadas. ‘Judgment Day will be brought upon us only once the Muslims have
killed all of the Jews,’ read the call. The page reportedly garnered more than
340,000 fans.” Robin Walters, Facebook, Zuckerberg Sued for $1 Billion After
Not Removing a Page Fast Enough, TECHCRUNCH (April 1, 2011).
The D.C. Circuit ruled that Section 230 of the Communications Decency Act
preempted Klayman’s assault (and negligence) case against Facebook. The

161
imminence requirement would have been a barrier in this lawsuit if there had
been no Section 230 shield. Battery, too, is virtually impossible because there
can be neither a harmful or offensive contact nor an imminent apprehension of
such a contact in cyberspace. See RESTATEMENT THIRD OF TORTS: LIABILITY FOR
PHYSICAL AND EMOTIONAL HARM § 18, § 21 (2009).
(A) TORT OF OUTRAGE
To support the tort of outrage or what the intentional infliction of emotional
distress, conduct must be so outrageous in character, and so extreme in degree,
as to go beyond all possible bounds of decency. RESTATEMENT (3RD) TORTS § 46.
The tort of the intentional infliction of emotional distress (IIED) or outrage is
often pleaded in online stalking or anonymous bullying cases. A plaintiff must
satisfy three requirements to state a claim for intentional infliction of emotional
distress (IIED): (1) the conduct involved must be truly extreme and outrageous,
i.e., it must go beyond all bounds of decency and be considered intolerable in a
civilized community; (2) the actor must either intend that his conduct will inflict
severe emotional distress or know that there is at least a high probability that his
conduct will cause severe emotional distress; and (3) the conduct must in fact
cause severe emotional distress. Huon v. Breaking Media LLC, 2014 WL 684866
(N.D. Ill. 2014).
States adopting Section 46 of the RESTATEMENT (SECOND) OF TORTS require
mere recklessness to prove IIED. Other states require the plaintiff to

162

prove intent and recklessness will not suffice. The test for outrageous online
conduct is conduct “so extreme as to exceed all bounds of that usually tolerated
in a civilized community.” The Restatement (Third) illustrates the tort of outrage
by a stalking scenario adaptable to Internet stalking. See RESTATEMENT (THIRD)
OF TORTS, § 46, illus. 1.

The tort of outrage is not cognizable for “demeaning comments” that a

company made on an ex-employee’s Facebook page. Murdock v. L.A. Fitness,
2012 WL 5331224 (D. Minn. 2012). Specifically, Murdock based his IIED claim
on L.A. Fitness employees “humiliating, bullying, making racially offensive
statements … [and] posting demeaning comments on its Facebook [page].” The
court stated that while these comments are insensitive, they do not amount to
extreme or outrageous conduct.
To qualify for IIED, conduct must be so atrocious that it passes the
“boundaries of decency and is utterly intolerable to the civilized community.”
See RESTATEMENT (SECOND) TORTS § 46, cmt. 1. To be held liable for the tort of
outrage, the Internet actor “must do more than intentionally or recklessly cause
emotional harm. The actor must act in a way that is extreme and outrageous.”
RESTATEMENT (THIRD) TORTS, § 46, cmt. d. The First Amendment of the U.S.
Constitution trumps the tort of outrage when the statements are classified as
protected speech. “Thus, a court may decide that although the First Amendment
does not bar liability, the protection of speech is nonetheless a weighty enough
concern in a given context that liability for intentionally inflicted

163

emotional harm should not be imposed.” RESTATEMENT (THIRD) TORTS, § 46,

cmt. b
(B) TRESPASS TO VIRTUAL CHATTELS
Trespass to chattels, the tort William Prosser dubbed conversion’s little
brother, is a personal property tort that is committed by intentionally: (1)
dispossessing another of a chattel, or (2) using or intermeddling with a chattel in
the possession of another.
(1) Spam E-Mail
Trespass to chattels occurs “when one party intentionally uses or intermeddles
with personal property in rightful possession of another without authorization,”
and “the chattel is impaired as to its condition, quality, or value.” American
Online, Inc. v. LCGM, Inc., 46 F. Supp. 2d 444, 451–52 (E.D.Va.1998). The
federal CAN-SPAM Act does not preempt trespass to chattels actions deployed
against spam e-mailers. See 15 U.S.C. § 7707(b)(2)(A) (providing CAN-SPAM
does not preempt state “trespass” laws). The first U.S. court to stretch trespass to
chattels to email spamming was CompuServe v. Cyberpromotions, Inc., 962 F.
Supp. 1015 (S.D. Ohio 1997). CompuServe filed for a preliminary injunction
against Cyberpromotions, a bulk emailer. The court held that CompuServe had a
viable trespass to chattels claim against Cyberpromotions because it sent a
substantial volume of spam and continued to side step the service provider’s
blocking software to protect its computer system from the unsolicited e-mail.
The

164
164

CompuServe court ruled that the provider did not violate the spammer’s First
Amendment rights in seeking to enjoin the spam.
The court also found Cyberpromotion’s falsification of point of origin
information was proof that it had misused the plaintiff’s computer network. The
“injury element” of trespass to chattels was the spammer’s drain on the
processing speed and disk space of the spammed computers. The CompuServe
court explained that a service provider could sustain an action for trespass to
chattels but not conversion without a showing of substantial interference with its
right to possession of its computer system. Under the logic of this modern case,
physical contact is satisfied by the mere reception of electrons. Plaintiffs in
Internet-related trespass cases often have a difficult burden of proving concrete
injuries amounting to damages. This issue arose in Intel Corp. v. Hamidi, 30 Cal.
4th 1342, 71 P.3d 296, 1 Cal. Rptr. 3d 32 (Cal. Sup. Ct. 2003), a trespass to
chattels case in which the Intel Corporation filed suit against Kourosh Kenneth
Hamidi, an ex-employee.
Ken Hamidi created and operated “FACE-Intel,” a website that castigated
Intel’s employment, and personnel policies and practices targeting all current
Intel employees. Intel demanded Hamidi stop sending the messages, but he
refused and bypassed Intel’s firewall. When Intel was unsuccessful in blocking
or otherwise filtering out Hamidi’s messages, it filed suit, and the case
eventually was appealed to the California Supreme Court. The court found no
evidence that Hamidi

165

breached Intel’s computer security in transmitting email messages. Nor did the
court find evidence that Hamidi’s e-mails damaged Intel’s computer system or
even slowed it down and therefore there were no damages, a necessary element
for a cognizable trespass to chattels case. California’s trespass to chattels tort
does not encompass unwanted emails where there is neither damages to the
recipient’s computer system nor impairment to the computer system. The
Hamidi court rejected Intel’s argument that the company lost productivity
because employees were reading and reacting to Hamidi’s emails messages.
Hamidi stands for the proposition that nominal damages alone are insufficient
for a trespass to chattels action.
(2) Bots as Trespassers
A web robot, or “bot,” gathers and mines data from third party web sites. Most
bot related litigation arises out of the misuse of bots that enable Internet users to
submit auction bids. In eBay Inc. v. Bidder’s Edge Inc., 100 F. Supp. 2d 1058
(N.D. Cal. 2000), eBay, filed suit against Bidder’s Edge (BE), an aggregate
auction website, that enables consumers to do comparison-shopping. ‘BE’s
bots,’ or ‘spiders’ searched and copied files on bidding activity from eBay and
other online auction websites for use on its comparative, or aggregate, shopping
auction site.
EBay’s software enabled it to monitor the extraordinary number of incoming
requests from BE’s IP address. EBay blocked 169 IP addresses it believed BE
was using to query eBay’s system. However, BE’s bots continued crawling on
eBay’s

166

site using proxy servers to evade eBay’s filters, constituting trespass to

chattels. BE argued its robot activity constituted no more than 1.1% of eBay’s
requests. The eBay court found it unclear whether eBay’s User Agreement
included an anti-bot or spider term at the time BE was searching and copying
listings from eBay’s website but BE’s web crawlers exceeded the scope of any
such consent when they began acting like robots by making repeated queries.
The U.S. federal district court enjoined BE, finding eBay would suffer
irreparable harm and be run out of business if BE was allowed to continue to
crawl the eBay site. The court found that the balance of the equities favored
enjoining BE.
In Microsoft v. Does 1–18, 2014 WL 1338677 (E.D. Va. 2014), the federal
court ruled that Microsoft alleged sufficient facts to demonstrate that the
defendant that operated the Bamital computer botnet, which infected a large
number of computers, committed the common law tort of trespass to chattels.
The defendant allegedly used various techniques to lure victims to websites
where malicious botnet code was secretly installed on their computers.
After the botnet was installed, the defendant was then able to make
unauthorized changes to infected computers, bring them under his control, and
force users’ web browsers to websites of his choosing. The code also created
invisible browser instances that generated fraudulent clicks on advertisements
and websites identified by the defendant. The defendant monetized these
activities through the online

167

advertising ecosystem, and caused injury to Microsoft, its customers, and the
general public in a variety of ways.
(3) Spyware as Trespass to Chattels

In Sotelo v. DirectRevenue, 384 F. Supp. 2d 1219 (N.D Ill. 2000), the plaintiff
sued the defendant for surreptitiously installing spyware on its computers. Direct
Revenue’s spyware delivered advertisements to consumers’ computer screens
through the Internet. To induce consumers to view the ads, the company offered
them free software applications, such as screensavers, or games. When the
consumer downloaded the free application, another piece of software known as
an “advertising client” that generated the pop-up ads was also installed. The ads
could be discarded by clicking on an “X” in the upper right hand corner of the
display-box in which they appeared.
In Sotelo, the plaintiff claimed the spyware took up bandwidth, causing its
computers to slow down and resulting in increased Internet charges. The Sotelo
court found that the spam e-mailers caused an actionable injury to the provider’s
computer system. The court also refused to dismiss the plaintiff’s Illinois
Consumer Fraud Act and negligence claim that Direct Revenue breached its duty
not to harm Sotelo’s computers, as well as a computer-tampering claim.
Trespass to chattels, born in the fifteenth century, has been successfully
stretched to wide-ranging Internet interferences with computer systems and
devices.

168

(4) Trespass to Digital Information

In Ogbolumani v. Young, No. 141930-U, 2015 IL (Ill. App. Ct., March 20,
2015), the plaintiff, who was employed by Kellogg Company as Director of
Global IT Security, argued that a company manager committed trespass to
chattels when he confiscated a USB drive. Ogbolumani filed actions for
defamation, trespass to chattels, invasion of privacy, and the intentional
infliction of emotional distress against the Kellogg Company, his former
supervisor and the director of human resources. Ogbolumani argued that he had
a conversation with his supervisor regarding a matter “relating to his
employment status” and, after the conversation, the manager seized the
plaintiff’s company-issued laptop and a USB flash drive belonging to the
plaintiff, which was attached to the laptop.
Ogbolumani contended that he protested and demanded the USB drive
because it contained his school work and personal notes that belonged to him.
He claimed Kellogg Company “still maintains possession of [his] chattel and
continues to trespass on it and [he] continues to suffer harm as he is unable to
retrieve and use his data.” Ogbolumani resigned his employment with Kellogg
on April 19, 2013. The trial court dismissed the plaintiff’s trespass to chattels
claim. The Illinois appeals court affirmed. The court acknowledged that the
plaintiff was claiming trespass to both the physical USB drive and to his
personal digital information contained on the drive.

169

The Illinois appeals court found it unclear whether the plaintiff based his
claim on the USB drive or the digital data on it. The court held that there is no
recognized cause of action in Illinois for a trespass to chattel claim based on
trespass to an intangible such as digital information contained on a USB drive.
Since digital information on a USB drive is not tangible property, the plaintiff
had no trespass to chattels action.
(C) CONVERSION IN CYBERSPACE
Cyberconversion is the wrongful exercise of dominion over personal property
on the Internet. This tort is committed by: (1) intentionally dispossessing another
of a chattel, (2) intentionally destroying or altering a chattel in the actor’s
possession, (3) using a chattel in the actor’s possession without authority, (4)
receiving a chattel pursuant to sale, lease, pledge, gift or other transaction
intending to acquire for himself or for another a proprietary interest in it, (5)
disposing of a chattel by a sale, lease, pledge, gift or other transaction intending
to transfer a proprietary interest in it, (6) misdelivering a chattel, or (7) refusing
to surrender a chattel on demand.
(1) Domain Name Conversion

Conversion was originally a remedy for tangible goods appropriated by the

defendant, not intangible assets such as a domain name. In Kremen v. Cohen,
337 F.3d 1024 (9th Cir. 2003), ex-convict Stephen Cohen forged a letter to a
domain name registrar, Network Solutions. In the letter, Cohen masqueraded

170

as the new contact person for Online Classifieds, Inc., the owner of the
domain name, sex.com, requesting Network Solutions to deregister sex.com
from Kremen and reregister it to him. Network Solutions, then the exclusive
domain name registrar, transferred sex.com without making any effort to
determine the authenticity of Cohen’s letter.
This Ninth Circuit case was the first time in Anglo-American legal history that
a court stretched the tort of conversion to the misappropriation of a domain
name. The court reasoned that corporations could be liable when they take away
someone’s shares of stock, which are pieces of paper symbolizing intangible
assets. Since Kremen, other California courts have held that a domain name
could be converted under California tort law despite it being an intangible. Few
other U.S. jurisdictions have followed suit.
(2) Conversion of Websites
In Budsgunshop.com (BGS) v. Security Safe Outlet, Inc., 2012 WL 1899851
(E.D. Ky. 2012), a federal court ruled that the U.S. Copyright Act did not
preempt a plaintiff’s conversion claim arising out of the dispute over the
ownership of a website. SSO and its officer expanded its online business selling
firearms and its accessories through the www.budsgunshop.com website. SSO
hired a consultant to oversee and improve its websites. The consultant and a co-
defendant began to spin out the online business operations of SSO as a separate
entity, which the plaintiff alleged was conversion,

171

breach of fiduciary duty, and diversion of corporate assets.

SSO responded with a counterclaim against BGS, asserting a conversion claim
centering on three items of property: (1) The www.budsgunshop.com website
and all data pertaining to that website, including the e-mail database; (2) the …
data stored on the SSO server located in Paris, Kentucky, which also includes
contact information for customers and other dealers; and (3) the
www.SecuritySafeOutlet.com website and all data and electronic information
stored within and pertaining to that website.
The federal court ruled that the U.S. Copyright Act did not preempt SSO’s
conversion claim, finding no authority that disputes over the ownership of
websites were addressed by federal copyright law. The Kentucky ruling that the
U.S. Copyright Act may not preempt conversion claims is a cautious first step to
recognizing broader cyberconversion claims over websites and other virtual data.
Battery, assault, false imprisonment and other intentional torts against the person
have yet to evolve in cyberspace.
(D) MALICIOUS PROSECUTION
The victims of frivolous cybertort lawsuits may file malicious prosecution
claims if they can prove three elements: (1) that the prior action was commenced
by or at the direction of the defendant and was pursued to a legal termination in
the plaintiff’s favor; (2) was brought without probable

172

cause; and (3) the lawsuit was initiated with malice. “A litigant will lack
probable cause for his action either if (1) he relies upon facts which he has no
reasonable cause to believe to be true, or (2) he seeks recovery upon a legal
theory which is untenable under the facts known to him.” Sangster v. Paetkau,
80 Cal.Rptr.2d 66, 75 (Cal. Ct. of App. 1998).
In Xcentric Ventures L.L.C. v. Borodkin, No. 2:12-cv-01426-GMS (D. Az.,
June 13, 2013), the defendants in a malicious prosecution action sued
RipOffReport.com for a RICO racketeering claim and lost. Ripoff Report then
filed suit against the unsuccessful plaintiffs for malicious prosecution and aiding
and abetting tortious conduct. The court found that Xcentric alleged sufficient
facts to claim that the plaintiffs lacked probable cause to initiate an extortion
claims. The court was persuaded that the plaintiffs’ extortion claim relied
primarily upon conversations that were substantially revised in their own
affidavits thus casting doubt on whether there was sufficient cause for them to
bring an extortion claim.
(E) ABUSE OF PROCESS
Abuse of process is misusing legal process for an unlawful purpose. To
establish an abuse of process claim, a plaintiff must show that the defendant “(1)
used a legal process against the plaintiff, (2) primarily to accomplish a purpose
for which the process was not designed, and (3) harm has been caused to the
plaintiff.” McNeil v. Jordan, 586 Pa. 413, 894 A.2d 1260, 1275 (2006).

173

In Ghrist v. CBS Broadcasting, Inc., 40 F. Supp. 3d 623 (W.D. Pa. 2014),

Christopher William Ghrist had a similar name to Christopher Wayne Ghrist, a
convicted drug dealer. The plaintiff filed suit against the television company
alleging false light, invasion of privacy, defamation, intentional infliction of
emotional distress (IIED), and abuse of process, for wrongly identifying him and
using his likeness in an Internet news story regarding the convicted criminal.
The plaintiff’s abuse of process claim was based upon the television
company’s motion to dismiss his case. The Ghrist court found this allegation
“wholly insufficient to plead a cause of action for abuse of process.” The court
found no evidence that the motion to dismiss was being used for an unlawful
purpose that caused the plaintiff harm. “Simply put, the Plaintiff cannot base its
abuse of process claim on the Defendant’s efforts under Rule 12 to defend itself
against the Plaintiff’s lawsuit.”

§ 6-3. Intentional Business Cybertorts

Business cybertorts are often the last line of defense to protect intellectual
property rights such as the right of publicity, trade secrets misappropriation,
unfair competition and false advertising. Business torts include interference with
contract, fraud, misrepresentation, trade libel, and the misappropriation of trade
secrets.

174

(A) INTERNET-RELATED BUSINESS TORTS

(1) Unfair Competition

The Restatement (Third) of Unfair Competition treats the appropriation of

another company’s intangible assets as unfair competition. Courts subdivide
state unfair competition claims arising out of the defendant’s misuse of
trademarks into two general types: (1) consumer confusion as to the source of
products, and (2) unfair trade practices, a residual category of unfair competition
laws. Historically, trademark infringement was a tort; today the 1946 Lanham
Act as well as state statutes govern trademarks. Chapter 11 will cover trademark-
related unfair competition causes of action in addition. Misstatements in
advertisements and palming off are regarded as frauds against the consuming
public. The FTC may prosecute unfair competition cases, a topic covered in
Chapter 5 of this nutshell.
(2) Misappropriation of Intangible Data
In NBA v. Motorola, 105 F.3d 841 (2d Cir. 1997), the NBA filed an action
against Motorola, the maker of hand-held pagers that provided real-time
statistics about NBA games. The NBA alleged copyright infringement,
commercial misappropriation, false advertising and false designation under the
federal Lanham Act governing trademarks. The Second Circuit held that (1)
NBA basketball games were not classifiable as original works of authorship
under the U.S. Copyright Act; (2) the NBA’s misappropriation

175

claims were preempted by the Copyright Act and (3) misstatements in

advertising for the pagers were not material and therefore did not violate the
Lanham Act. The court held that Motorola’s transmission of “real-time” NBA
scores and information tabulated from TV and radio broadcasts while the game
was in progress did not constitute a misappropriation of ‘hot news’ that is the
property of the NBA.
In the NBA v. Motorola case, the Second Circuit refined the “hot news”
misappropriation tort further as having five factors: (1) a plaintiff generates or
gathers information at a cost; (2) the information is time-sensitive; (3) a
defendant’s use of the information constitutes free riding on the plaintiff’s
efforts; (4) the defendant is in direct competition with a product or service
offered by the plaintiffs; and (5) the ability of other parties to free-ride on the
efforts of the plaintiff or others would so reduce the incentive to produce the
product or service that its existence or quality would be substantially threatened.
In that case, STATS, Inc. used Motorola’s pagers to retransmit “real-time” NBA
game scores and statistics taken from broadcasts of games in progress to Internet
sites. The court found that the NBA had not established misappropriation on
these facts and vacated an injunction ordered by the Second Circuit.
In Barclays Capital Inc. v. Theflyonthewall.com, 650 F.3d 876 (2d Cir. 2011),
Barclays filed an action against Fly, an Internet-based subscription service
alleging ‘hot news’ misappropriation and copyright infringement. In Barclays
Capital, the Second Circuit

176

found an Internet aggregator of financial data not to be liable for “hot news”
misappropriation because the U.S. Copyright Act preempted the claim because it
used its own resources to aggregate factual news information and was not
diverting profits from Barclays and other companies. The court found no
misappropriation claim since Fly is reporting financial news—factual
information based on firm recommendations requiring a substantial
organizational effort. Because Fly’s service collects, summarizes and
disseminates the news of the Firms’ Recommendations, there is no “non-
preempted cause of action for misappropriation.”
(3) Interference with Business Contracts
The elements of a tortious interference with contractual relations claim are: (1)
an advantageous (2) business relationship (3) under which plaintiff has legal
rights, plus (4) an intentional and (5) unjustified (6) interference with that
relationship (7) by the defendant which (8) causes (9) a breach of that business
relationship and (10) consequential damages. In contrast, the interference with
prospective contractual relations requires the plaintiff to prove: (1) the defendant
intentionally interfered with the plaintiff’s existing or potential economic
relations (2) for an improper purpose or by improper means and (3) causes injury
to the plaintiff. Plaintiffs deploy this tort in pop-up cases on the theory that these
advertisements interfere with prospective economic relations. These business
cybertorts are often pleaded but seldom successful.

177

(4) Misappropriation of Trade Secrets

Confidential information is information that a company protects from

unlimited disclosure. Trade secret law protects confidential proprietary
information against misappropriation of proprietary by third parties, including
competitors. 415 University Community Co. v. Lykes-Youngstown Corp., 504
F.2d 518 (5th Cir. 1974). Misappropriation is defined as either acquisition of a
trade secret by improper means or disclosure of a trade secret without
permission.
Trade secrets may not be patentable or subject to copyright, because these
forms of intellectual property protection require disclosure in return for a limited
monopoly. In addition to the tort of misappropriation for trade secrets covered in
Chapter 12, there is also a tort action for breach of confidence, sometimes
asserted in disputes over website development. All but a few states have enacted
the Uniform Trade Secrets Act, which is a state statute that preempts common
law causes of action.

§ 6-4. Intentional Information-Based Torts

(A) CYBERFRAUD
The elements of a cyberfraud claim are the same as in the brick and mortar
world: (1) a knowingly false representation by the defendant, (2) an intent to
deceive or induce reliance, (3) justifiable reliance by the plaintiff, and (4)
resulting damages. Fraud or misrepresentation includes willfully deceiving

178

another with intent to induce a person to alter their position to their detriment.
Despite the ubiquity of fraud on the Internet, relatively few plaintiffs have been
successful in pursuing cyberfrauds. A common form of cyberfraud occurs when
website owners pay people to click ads repeatedly in order to artificially increase
advertising revenue.
(B) TRADE LIBEL IN CYBERSPACE
To prevail in a claim for trade libel, a plaintiff must demonstrate that the
defendant: (1) made a statement that disparages the quality of the plaintiff’s
product; (2) that the offending statement was couched as fact, not opinion; (3)
that the statement was false; (4) that the statement was made with malice; and
(5) that the statement resulted in monetary loss. “Statements that do not contain
verifiable facts, such as opinions or rhetorical hyperbole, are not actionable as
defamation.” Huon v. Breaking Media LLC, 2014 WL 6845866 (N.D. Ill. Dec. 4,
2014).
It is an essential element that a company must present evidence of special
damages arising out of the online defamatory falsehood such as a Facebook
posting. A court may presume as a matter of law that the defendant intended to
make false statements (susceptible of only one meaning) that created public
hatred, contempt or ridicule.
Online “publication” requires proof that the libelous statement reached even a
single third person who understood both the defamatory meaning and its
connection to the plaintiff. Trade

179

libel requires proof of special damages, while libel per se does not have this
requirement. “Special damages” are limited to actual pecuniary losses that must
be specially pleaded and proved.
(C) INDIVIDUAL & MEDIA PRIMA FACIE CASE
To establish a prima facie defamation action against a media defendant, a
private figure plaintiff must prove: (1) publication; (2) of a defamatory
statement; (3) concerning the plaintiff; (4) in a negligent breach of the
professional standard of care; and (5) that resulted in demonstrable injury. When
deciding whether a statement is defamatory, a court must consider not only what
the defendant explicitly stated but also the meaning that is insinuated or implied.
In a virtual world, where user names are used as opposed to legal names, it may
be difficult to establish that he or she was the target of a defamatory posting.
(1) Libel Per Quod

Libel per quod applies to a communication—which may not be defamatory on

its face—that is defamatory when connected with other facts. To bring a libel
per quod claim, a plaintiff must prove: (1) a false and defamatory statement
concerning another, (2) an unprivileged publication to a third party, (3) fault
amounting at least to negligence on the part of the publisher, and (4) either
actionability of the statement irrespective of special harm or the existence of
special harm caused by the publication. An online review is protected as long as
it is opinion rather than fact-based.

180

An online “opinion” may be actionable if it implies the allegation of

undisclosed defamatory facts as the basis for the opinion. In Hammer v.
Amazon.com, 392 F. Supp. 2d 423 (E.D. N.Y. 2005), a self-published author
filed a defamation lawsuit against Amazon.com in relation to unfavorable
reviews of his books on their website. The court dismissed the action because the
reviews were pure opinion and therefore protected.
(2) Libel Per Se

Libel per se is available only when a private figure plaintiff sues a non-media
defendant regarding kinds of defamatory statements that do not concern a matter
of public importance. In these cases, if the alleged defamatory statements have a
natural tendency to provoke the plaintiff to wrath or expose him to public hatred,
contempt, or ridicule, the plaintiff need not prove that the statement actually
damaged her or him; damages are presumed.
Under the common law, libel per se (for trade libel or ordinary defamation)
requires proof that the plaintiff maliciously: (1) accused a person of commission
of crime, (2) imputed unchastity to a woman, (3) stated that a person had a
loathsome disease—e.g. AIDS, mental illness etc., or (4) made any statement
that damages a person in his business or standing in the community—e.g.
crooked lawyer. A plaintiff need not prove actual damages with defamation per
se; damages are presumed.

181

(3) Publishers & Conduits or Distributors

Defendants in defamation or trade libel cases may be classified as (1) primary

publishers (such as a book publisher), (2) conduits (such as a telephone
company), or (3) distributors (such as a bookstore). Distributors include conduits
such as “telegraph and telephone companies, libraries and news vendors.” DAN
B. DOBBS, THE LAW OF TORTS § 402, at 1123 (2000).
Distributors do not have liability for content created by others unless “the
distributor knows or should know of the defamatory content in materials he
distributes.” The common law libel rule makes a distributor liable where it has
knowledge of the facts and circumstances that are producing clearly libelous
activity, but takes no action to remove the material. A bookstore owner, for
example, would not be liable for defamatory statements made in books the store
sold absent actual knowledge.
Nevertheless, if a bookstore had notice of defamatory content, it could be
liable as a distributor. A publisher, in contrast, is liable for defamatory
statements in their works and the plaintiff need not prove the publisher had
knowledge of the defamatory content. Distributors are subject to an intermediate
standard between publishers and conduits. Conduits are common carrier type
defendants, who are generally not liable for defamatory content since they have
no ability to screen or control defamatory material.

182

(4) Single Publication Rule

Under U.S. law, the single publication rule limits tort liability arising out of
mass communications to a single cause of action accruing when it is first
published, thus preventing stale claims arising from a single publication. For
purposes of the statute of limitations in defamation claims, a book, magazine, or
newspaper has a single publication date, defined as when it was first posted or
made generally available to the public. Copies of the original are still part of the
single publication but republication in a new edition does create a new cause of
action. The Ninth Circuit in Yeager v. Bowlin, Nos. 10-15297 and 10-16503 (9th
Cir. 2012), applied the single publication rule to an allegedly defamatory
statement on a website that had not been modified since 2003. The court
reasoned that the fact that other materials on the website had been modified did
not restart the statute of limitations for the unaltered postings.
(5) State Action

Generally, the First Amendment does not apply to speech on private property,
such as a company’s website because of the doctrine of state action. In Noah v.
AOL Time-Warner, Inc., 261 F. Supp. 2d 532 (E.D. Va. 2003), the Virginia
district court ruled that AOL’s termination of an Internet service account
because of pro-Islamic statements raised no First Amendment claim because the
Constitution does not protect against actions taken by private entities. Public
entities, in contrast, are subject to

183

First Amendment actions because state action is satisfied.

(6) John Doe Subpoenas

John Doe subpoenas, also called subpoena duces tecum, are requested by
prosecutors or private litigants to unveil anonymous bloggers, posters, and others
potentially liable for trade libel or the infringement of intellectual property
rights. The leading test was for granting these subpoenas was articulated in
Dendrite Int’l, Inc. v. Doe, 775 A.2d 756 (N.J. Super. Ct., App. Div. 2001). The
Dendrite court held that a plaintiff seeking to unveil an anonymous speaker
must: (1) give notice, (2) identify the exact statements that constitute allegedly
actionable speech, (3) establish a prima facie cause of action against the
defendant based on the complaint and all information provided to the court, and
(4) produce sufficient evidence supporting each element of its cause of action,
on a prima facie basis, prior to a court ordering the disclosure of the identity of
the unnamed defendant.
Assuming the plaintiff establishes a prima facie cause of action; the court
must balance the defendant’s First Amendment rights against the strength of the
case presented, considering the importance disclosing the anonymous
defendant’s identity to allow the plaintiff to prove her case. Courts are
disinclined to issue a John Doe subpoena unless the ISP gives notice to the
anonymous speaker and an opportunity to be heard. A New Hampshire Jane Doe
plaintiff filed suit against Friendfinder.com, an adult networking site, for

184

defamatory third party postings under the screen name “petra03755.”

The anonymous poster created a false defamatory profile of the Jane Doe
plaintiff, which depicted her as a “swinger.” The court granted
Friendfinder.com’s motion to dismiss the plaintiff’s claims for invasion of
privacy and defamation on grounds of the federal immunity under Section 230 of
the Communications Decency Act. The federal court ruled that Friendfinder.com
was not transformed into a content provider merely because it changed the
wording about the age of Jane Doe’s profile from age 40 or 41 into “early
forties.” However, a website operator making extensive editorial modifications
risks losing its Section 230 immunity. See Doe v. Friendfinder Network, 2008
WL 2001745 (D. N.H. 2008).
(D) DEFAMATION DEFENSES
(1) Public Official

If a plaintiff is a public official, he or she must demonstrate by clear and

convincing evidence that a false and defamatory statement was made against
him or her with actual malice. The statement must be false or made with reckless
disregard as to the truth or falsity of the avowal. The rule requiring public
officials to prove actual malice is based on First Amendment principles,
reflecting the U.S. Supreme Court’s consideration of the national commitment to
robust and wide-open debate of public issues.

185

(2) General Purpose Public Figure

Public figures may be celebrities such as movie stars, athletes, or other well-
known individuals. As with elected or appointed public officials, a celebrity
must prove that a defamatory statement was made with malice. In 1967, the
Court expanded New York Times v. Sullivan, 376 U.S. 254 (1964)’s framework
from public officials to public figures in Curtis Publ’g Co. v. Butts, 388 U.S. 130
(1967). The Court in Gertz v. Robert Welch, Inc., 418 U.S. 323 (1974),
distinguished between general-purpose public figures and limited public figures.
General-purpose public figures are individuals who achieve pervasive fame or
notoriety so that they qualify as public figures for all purposes and in all
contexts.
To be liable for the defamation of a public figure, a distributor of allegedly
defamatory material must act with actual malice—that is, with knowledge that
the material was false or with reckless disregard of whether it was false or not.
To prevail in a defamation action against a media defendant, a plaintiff must
prove some sort of cognizable injury, such as injury to reputation. Hurt feelings
alone cannot serve as the basis of a defamation action. When suing media
defendants for defamation, plaintiffs no longer benefit from presumed fault or
damages. Both public officials and private individuals must prove the falsity of
the challenged statements.

186

(3) Limited Purpose Public Figure

“Limited purpose” public figures are only public figures on issues where they
inject themselves into a public controversy. The U.S. Supreme Court created the
“limited purpose” public figure classification to accommodate tort law to the
First Amendment. It is unclear what level of Internet articulation turns a blogger
or other Internet speaker into a limited purpose public figure. The Georgia
Supreme Court in Mathis v. Cannon, 573 S.E.2d 376 (Ga. 2002) held that a
poster to a Yahoo! message board qualified as a limited-purpose public figure in
a controversy involving the county’s recycling facility.
Mathis posted several incendiary messages about Cannon on an Internet
bulletin board as part of a local controversy about the unprofitable operation of a
solid waste recovery facility. The Georgia Supreme Court reversed the lower
court that conceptualized Matthias as a private person, concluding that he was a
limited public figure. The court, however, dismissed the action because of the
plaintiff’s failure to demand a retraction, a requirement under Georgia’s tort law.
(4) Liability Standard for Private Persons
In online defamation cases against ordinary private individuals (not public
figures or public officials), the plaintiff must prove: (1) a false and defamatory
statement concerning another, (2) unprivileged publication to third party, (3)
fault amounting to at least negligence on the publisher’s part, and (4) either
actionability of statement

187

irrespective of special harm, or existence of special harm caused by

publication.
(5) Truth as a Complete Defense

Under the law of defamation, truth is a complete defense. In U.S. defamation

actions, the defense of truth is constitutionally required where the subject of the
publication is a public official or public figure. The courts require only that the
defendant establish that the gist of an Internet-related posting is true.
(6) Privileges and Qualified Privileges

A qualified privilege of common interest applies to communications made in

good faith on any subject matter in which the party making the communication
has an interest or in reference to which he has a duty, public or private, legal,
either moral, or social, if made to a person having a corresponding interest or
duty. An ex-employer giving an evaluation of an ex-employee will have a
qualified privilege.
(7) Anti-SLAPP Suit Statutes
A number of states have enacted Strategic Lawsuits Against Public
Participation Statutes (Anti-SLAPP) that give a cause of action to a person who
is sued while exercising their or free speech discussing public issue. Anti-
SLAPP actions apply to either the First Amendment or an expression right
recognized by a state constitution. California’s Anti-SLAPP Statute, for
example, was enacted in response to a “disturbing increase in lawsuits brought
primarily to chill the valid exercise of the

188

constitutional rights of freedom of speech.” Manufactured Home Communities

Inc. v. County of San Diego, 544 F.3d 959 (9th Cir. 2008).
In order to dismiss a cause of action under California’s Anti-SLAPP Statute,
the court must determine two things: (1) the court must decide whether the
defendant has made a sufficient threshold showing that the challenged cause of
action is subject to a special motion to strike and (2) the threshold showing has
been made. The court must find that the plaintiff has demonstrated sufficient
minimal merit to be allowed to proceed.
A California appellate court ruled that websites were accessible to the public
—thus being public forums for the purposes of California’s Anti-SLAPP statute.
Kroneymer v. Internet Movie Database Inc., 150 Cal. App. 4th 941 (Cal. Ct.
App. 2007). To date, many defendants who post derogatory statements on so-
called “gripe websites” have successfully deployed anti-SLAPP suits.
(8) Retraction Statutes

Thirty-one U.S. states have enacted retraction statutes that require the plaintiff
to demand a retraction before filing a libel lawsuit. In the physical world,
retraction statutes are effective for many defamed individuals who are merely
seeking to have their reputation repaired while avoiding costly and invasive
litigation. In cyberspace, with its mirrored websites and Wayback machines, it is
almost impossible to repair a reputation once lost.

189

Retraction of defamatory statements is as futile as holding the ocean back with

a broom.
(E) PRIVACY BASED CYBERTORTS
The right of privacy includes four causes of action: (1) the right to be free
from invasion into one’s solitude or intrusion upon seclusion, (2) the right to be
free from public disclosure of private facts, (3) the right to be free from
placement in a false light, and (4) the right not to have one’s identity
appropriated for commercial purposes.
(1) Intrusion upon Seclusion
The elements required to state a claim for the intrusion upon seclusion
invasion of privacy tort are: “(1) an unauthorized intrusion or prying into a
plaintiff’s seclusion; (2) the intrusion would be ‘highly offensive or
objectionable to a reasonable person;’ (3) the matters upon which the intrusion
occurred were private; and (4) the intrusion caused anguish and suffering.” Huon
v. Breaking Media LLC, 2014 WL 6845866 (N.D. Ill. Dec. 4, 2014). “The nature
of this tort depends upon some type of highly offensive prying into the physical
boundaries or affairs of another person. The basis of the tort is not mere
publication or publicity, but breaching social norms about intruding upon the
space of another.
Rather, the core of this tort is the offensive prying into the private domain of
another.” “Examples of prying into private matters are opening a person’s mail,
searching a person’s safe or wallet, and reviewing a person’s banking
information.” A

190

plaintiff must prove that they had an actual expectation of seclusion, or

objectively reasonable solitude. The rise of the Internet and of e-mail threatens
privacy today just as the invention of the telephone or photography did in the
early twentieth century. Eavesdropping, wiretapping, or intercepting e-mails
could qualify as intrusions upon seclusion.
(2) Appropriation & Right of Publicity

The common law elements of the tort of the right of publicity are: (1) the
defendant’s use of the plaintiff’s identity, (2) the appropriation of plaintiff’s
name or likeness to defendant’s advantage, commercially or otherwise, and (3)
the plaintiff has not given the defendant consent. The right of publicity applies to
“[o]ne who appropriates the commercial value of a person’s identity by using
without consent the person’s name, likeness, or other indicia of identity for
purposes of trade is subject to liability.” RESTATEMENT (THIRD) OF UNFAIR
COMPETITION § 46 (2005).
The federal district court enjoined an adult entertainment website from
distributing the video sex tape of Pamela Anderson Lee and musician Brett
Michaels on its subscription website. The court found the site liable for
copyright infringement, for infringing the celebrities’ rights of privacy and
publicity, and other intellectual property rights. Michaels v. Internet Ent. Group
Inc., 5 F. Supp. 2d 823 (C.D. Cal. 1998).

191

(3) Public Disclosure of Private Fact

In order to state a claim for public disclosure of private facts, the facts must
not only be private but the matter revealed must be highly offensive to a
reasonable person. To pursue a public disclosure of private facts action, the
plaintiff must plead that: (1) publicity was given to the disclosure of private
facts, (2) the facts were private, not public, (3) the matter made public was such
as to be highly offensive to a reasonable person, and (4) the matter publicized
was not one of legitimate public concern. “The tort of public disclosure of
private facts is meant to protect against the disclosure of ‘intimate … details the
publicizing of which would be not merely embarrassing and painful but deeply
shocking to the average person subjected to such exposure.” Chisholm v.
Foothill Capital Corp., 3 F. Supp. 2d 925 (N.D. Ill. 1998).
A Maine federal court considered a case in which a plaintiff filed a public
disclosure of private facts case against a former classmate who published a book
about their prolonged high school feud called, “Help Us Get Mia.” The court
rejected the plaintiff’s claim for public disclosure for private facts since she had
had posted many of the statements on her MySpace page. Sandler v. Calcagni,
565 F. Supp. 2d 184 (D. Me. 2008).
(4) False Light

One who gives publicity to a matter concerning another in a way that places
the other before the public in a false light is subject to liability to the

192

other for invasion of his privacy, if (1) the false light in which the other was
placed would be highly offensive to a reasonable person; and (2) the actor had
knowledge of or acted in reckless disregard as to the falsity of the publicized
matter and the false light in which the other would be placed. False light is not a
strict liability tort but rather requires proof that the defendant must have
knowledge of or have acted in reckless disregard as to the falsity of the
published facts to be liable.
In 2007, a chiropractor’s former patient posted negative reviews of his San
Francisco chiropractic services on the website, Yelp.com. The defendant’s
postings suggested that the chiropractor was dishonest and engaged in insurance
fraud through dishonest “time of service” billing practices. The plaintiff
contended that the postings placed him in a false light in the public eye and that
the publicity created by the Yelp.com posting was offensive and objectionable.
False light, like the other privacy-based torts, is constrained by the First
Amendment.

§ 6-5. Negligence Based Actions

(A) INTERNET RELATED NEGLIGENCE
(1) Elements of Internet-Related Negligence

The elements of negligence are duty, breach, causation (cause-in-fact and

legal causation), and damages. Duty is a legal obligation to conform to a
reasonable person standard of care in order to protect others against
unreasonable risks of harm. A breach of the duty of care is the failure of a

193

defendant to conform to the standard of reasonable care. Courts construct tests

for reasonable care such as whether the defendant has violated a statute, industry
standard, or customary usage of trade. Software vendors, not computer users, are
in the best position to design software that deters cyber-intruders. Software
defects should be detected by software engineers before a product’s release.
(B) NEGLIGENT ENABLEMENT
Hardly a week goes by without a major security breach compromising
personally identifiable data of employees and consumers. On February 5, 2015,
“as many as 80 million customers of the nation’s second-largest health insurance
company, Anthem Inc.,” had their “account information stolen by unknown
hackers.” Elizabeth Weiss, Massive Breach at Health Care Company Anthem
Inc. USA Today (Feb. 5, 2015). Eighty million Americans had their names,
birthdays, medical IDs, Social Security numbers, street addresses, e-mail
addresses and employment information, including income data misappropriated
in this single incident. In 2015, the Sony Pictures studio’s website was attacked
by North Korea, thus exposing company emails and personally identifiable
information of employees.
The watchword of negligence liability is risk—the greater the risk, the greater
the duty. The failure to implement reasonable cybersecurity poses great risks to
our networked society. Increasingly, the world’s infrastructure is software-driven
and networked, which creates new vulnerabilities. LinkedIn.com, for example,
used outdated methods to secure

194

information of subscribers that enabled 6.5 million passwords to be purloined

by some unknown cybercriminal. The biggest barrier to a negligent enablement
claim for stolen passwords is for plaintiffs to demonstrate a nexus between
substandard security and a concrete injury they suffered assuming they are able
to prove duty and breach.
To date, consumers have rarely prevailed in negligent Internet security cases
because they are unable to demonstrate a present injury. None of the millions of
consumers whose credit card numbers were stolen in the T.J. Maxx data heist
will have a cause of action unless they can prove a concrete loss from the theft.
The recognition of new tort duties is inevitably a policy-based determination.
Michael L. Rustad & Thomas H. Koenig, The Tort of Negligent Enablement of
Cybercrime, 20 BERKELEY TECH. L.J. 1553, 1598 (2005).
In determining new duties, courts typically balance such factors as the
foreseeability of the harm of computer viruses, or other breaches of security; the
degree of certainty between software vulnerabilities and harm; the connection
between lax Internet security practices and the injury suffered by a computer
user; the policy of preventing future intrusions; the burden on the information
industry and the consequences to the community of imposing a duty to maintain
adequate security; and the availability, costs, and prevalence of security
solutions and insurance.

195

Courts have been slow to recognize a company’s duty to secure their website
or computers system to prevent hackers from compromising their computer
system. Plaintiffs in inadequate computer security cases are customers harmed
when data is compromised. In Lone Star Nat. Bank, N.A. v. Heartland Payments
Sys., 2013 WL 4728445 (5th Cir., Sept. 3, 2013), the Fifth Circuit applying New
Jersey law held that the economic loss doctrine did not bar credit card issuer
banks’ negligence claim against the processer of credit card transactions.
(C) NEGLIGENCE PER SE
The plaintiff must prove three things to establish negligence per se: (1) the
injury must have been caused by the violation, (2) the injury must be the type
intended to be prevented by the statute, and (3) the injured party must be one of
the class intended to be protected by the statute. The negligence per se doctrine
is based on the rule that a presumption of negligence arises from the violation of
a statute that was enacted to protect a class of persons—of which the plaintiff is
a member—against the type of harm the plaintiff suffered as a result of the
violation.
Therefore, a party who seeks to prevail on a cause of action premised on the
negligence per se doctrine must establish, among other elements, which the
party is one of the class of persons who is protected by the statute, ordinance, or
regulation. Defendants may use negligence per se to demonstrate a plaintiff’s
contributory negligence, if a user violates their statutory duty to secure their
computer system or Internet passwords. President Barack Obama

196

signed an Executive Order in 2013 mandating that the National Institute of

Standards and Technology (NIST) publish a draft cybersecurity framework for
critical infrastructure owners and operators by February 2014.
Formulating NIST standards is a modest first step in developing statutory
standards of care for Internet security, which can serve as surrogates for
negligence. When federal cybersecurity standards are formulated, plaintiffs will
be able to establish duty and breach in negligence per se actions. Nevertheless,
jurisdictions vary as to whether the violation of the statute is conclusive proof,
presumptive proof, or just evidence of negligence.
(D) COMPUTER PROFESSIONAL NEGLIGENCE
No U.S. court has recognized an action for computer or Internet security
malpractice. New York, for example, does not recognize a cause of action for
malpractice by computer professionals, Nielsen Media Research Inc. v.
Microsystems Software Inc., No. 99 Civ. 10876 (S.D. 2002). U.S. courts have
consistently held that computer consultants are not professionals and therefore
not held to standard of computer professionals.
As cybertorts evolve further, it is likely that software developers, website
designers and Internet security specialists will begin to professionalize by
developing industry standards of care. U.S. courts are just beginning to construct
new duties for

197

Internet security so it is unlikely that courts will recognize computer

malpractice any time soon.
(E) NEGLIGENT DATA BROKERING
The issue is whether an information broker who sells information to a client
pertaining to a third party has a cognizable legal duty to that third party with
respect to the sale of the information. In Remsburg v. Docusearch, Inc., 816
A.2d 1001 (N.H. 2003), the New Hampshire Supreme Court held that an online
data broker owed a duty to Amy Boyer, a murder victim, because it breached a
duty of care in providing the killer with her Social Security number and other
personal contact information without taking steps to determine how the data
would be used. On July 29, 1999, New Hampshire resident Liam Youens
contacted Docusearch through its Internet website and requested the date of birth
for Amy Lynn Boyer, a former high school classmate.
Youens provided Docusearch his name, New Hampshire address, and a
contact telephone number along with a $20 fee. Youens emailed Docusearch
inquiring whether it would be possible to get better results using Boyer’s home
address, which he provided, giving Docusearch a different contact phone
number. Later that same day, Youens again contacted Docusearch and placed an
order for Boyer’s social security number (SSN), paying the $45 fee by credit
card. On August 2, 1999, Docusearch obtained Boyer’s social security number
from a credit-reporting agency and provided it to Youens.

198
The next day, Youens placed an order with Docusearch for Boyer’s
employment information, paying the $109 fee by credit card, and giving
Docusearch the same phone number he had provided originally. Shortly after
obtaining information from Docusearch, Youens drove to Boyer’s workplace
and fatally shot her as she left work. Youens then shot and killed himself. The
New Hampshire Supreme Court ruled that the data broker owed a duty to third
persons whose information was disclosed if the company was subjecting them an
unreasonable risk of harm. The plaintiff convinced the N.H. Supreme Court that
the harm of selling information was foreseeable based upon Docusearch’s own
knowledge as well as the danger inherent in selling personal information. To
date, this is the only negligent data broker case where the broker was held liable
for contributing to the harm by supplying personal information or data to a
criminal or stalker.

§ 6-6. Strict Liability in Cyberspace

(A) DEFECTIVE INFORMATION
Courts have yet to apply strict liability to defective software or substandard
website design. The term “products liability action” is broadly defined to include
any action against a manufacturer or seller for recovery of damages, or other
relief for harm allegedly caused by a defective product, whether the action is
based on strict products liability, negligence, misrepresentation, breach of
express or implied warranty, or any other theory or combination of

199

theories, and whether the relief sought is recovery of damages or any other
legal or equitable relief, including a suit for: (1) injury, damage to or loss of real
or personal property, (2) personal injury, (3) wrongful death, (4) economic loss,
or (5) declaratory, injunctive, or other equitable relief.
Section 402A of the Restatement (Second) of Torts holds a manufacturer
strictly liable for harm to person or property caused by “any product in a
defective condition unreasonably dangerous to the user.” RESTATEMENT
(SECOND) TORTS § 402(A)(1). U.S. courts have recognized three paradigmatic
types of defects in products litigation: (1) manufacturing defects, (2) design
defects, and (3) the failure to warn or inadequate warnings. Courts have largely
displaced the consumer expectation test with the risk utility test but California
and a few other jurisdictions permit jury instructions on both tests.
The Restatement (Third) of Torts: Products Liability requires the plaintiff to
prove that there is a reasonable alternative design that will avert the risk of
impugned design. Another products liability cause of action is based upon the
adequacy of warning or instructions. Products liability potentially applies to
distributors of defective computer hardware and may even stretch to software.
Software malfunctions of key infrastructure may have latent defects that prove
deadly or economically disastrous.
The Sixth Circuit rejected a products liability claim arising out of a Kentucky
school shooting. The

200

plaintiffs contended the school shooter “regularly played video games,

watched movies, and viewed Internet sites produced by the firms.” James v.
Meow Media Inc., 300 F.3d 683 (6th Cir. 2002). The plaintiffs contended that
the defendant’s games “desensitized the shooter to violence” and caused the
shooter to attack his classmates. Courts have generally been reluctant to classify
Internet transmissions as “products” for purposes of products liability.
Nevertheless, the 24/7 virtual marketplace makes it even more likely that
products liability cases will originate from a website sale.
The duty to warn licensees of known latent defects gives the customer the
knowledge they need to protect themselves—much like the consumer of
products. Section 3.05 of The Principles of the Law of Software Contracts
discussed in Chapter 4 would also hold a computer vendor liable for statements
for failing to disclose known material defects in software. This duty to warn of
known defects is nondisclaimable. In Doe II v. MySpace Inc., 175 Cal. App. 4th
561, 96 Cal. Rptr. 3d 148 (Cal. App. 2009), the parents of teenage girls filed
strict products liability and negligence claims against MySpace, alleging that
men they met through the site sexually assaulted them. The Doe II court
sustained MySpace’s demurrers without leave to amend and dismissed the
complaints on the grounds of Section 230 immunity.
(B) ECONOMIC LOSS RULE
Under the economic loss rule (ELR), plaintiffs that incur only economic loss,
as opposed to physical

201
201

injury or collateral property damages, are limited to a contract remedy. In East

River Steamship Corp. v. Transamerica Deval Inc., 476 U.S. 858 (1986), the
U.S. Supreme Court held that a tort claimant could not recover for mere
economic losses for product liability in admiralty. In East River, the problem
was with the product itself, a massive turbine that continually malfunctioned.
The Court recognized the availability of strict products liability in admiralty
but established a boundary line between tort actions for physical harm and
problems with the product itself. Tort damages are generally not recoverable in
actions predicated upon bungled contract performance such as a defective
computer system. The Court’s distinction between injury to “the product itself”
and “other property” is part of a continuing struggle to define the contours of the
economic loss doctrine.
The ELR originated in the field of products liability but courts have stretched
this doctrine beyond defective products cases to negligence, fraud, and virtually
every other tort. The ELR shields design professionals from negligence claims
for purely economic losses and privity is not an issue. In many Internet security
cases, the loss is primarily the loss of data due to the failure of the firewall or
other security precaution.

§ 6-7. Transborder Torts

Websites in the United Kingdom do not enjoy immunity for third party
postings. In Tamiz v. Google, Inc., No. 2013 EWCA Civ 68 (EWWA 2013),

202

an English and Welsh court ruled that Google Inc. could be held liable as the
publisher of an allegedly defamatory blog posting because of its failure to
remove the post after receiving a complaint. Plaintiffs have filed few lawsuits for
tortious third party postings in European courts. The strong administrative state
in many civil code countries is an alternative to a strong cybertort regime. In
Sweden, for example, claimants look to insurance first and to torts second. In
Sweden, the tort system serves as a backup for those few individuals, such as
foreigners, not covered by the nation’s social security compensation agency, the
Forsakringskassan.
In Europe, cybertorts are patrolled by consumer regulatory agencies, not
private litigants. The United States is the only country connected to the Internet
that depends so greatly upon the tort system to fulfill public law functions. The
countries of the European Union, for example, arm consumer regulatory
agencies with roving powers to protect privacy and other rights of persons.
203
CHAPTER 7
INTERNET-RELATED PRIVACY

Cyberspace privacy laws are in flux as legislatures attempt to accommodate to

an ever-changing Internet. Private litigants have filed a number of high profile
privacy lawsuits against Facebook, Google, Apple, and other Internet
powerhouses. Apple was the target of a large number of class action lawsuits
arising out of Apple-approved apps that collected personally identifiable
information from iPhone, iPad, and iPod Touch users. The class action charged
that Apple violated users’ privacy by transmitting this information to third
parties. In re iPhone Application Litigation, 2011 WL 4403963 (N.D. Cal.
2011).
To date, the most effective online privacy enforcement has been spearheaded
by public attorneys general not private litigants. The Federal Trade Commission
(FTC) uses its Section 5 powers to prosecute unfair and deceptive practices but it
is also has specific jurisdiction to enforce targeted privacy laws, which includes
websites that target children. The FTC has brought civil lawsuits against a who’s
who of Internet-related companies such as Google, Facebook, Twitter,
Microsoft, and MySpace, as well as lesser-known companies.

§ 7-1. Online Privacy Issues

(A) GOOGLE PRIVACY POLICY
Google has historically maintained separate privacy policies for each of its
scores of products and

204

services. Prior to 2012, each Google privacy policy represented that the search
engine used a user’s personally identifiable information (PII) for a particular
product. These policies also stated that Google would not use the PII for any
other purpose without the user’s explicit consent. As Google’s privacy policy
stated:
[w]hen you sign up for a particular service that requires registration, we ask
you to provide personal information. If we use this information in a manner
different than the purpose for which it was collected, then we will ask for
your consent prior to such use.
On March 1, 2012, Google revised its privacy policy, which allowed the
search engine to collect device and mobile network information including the
hardware model, operating system version, unique device identifiers, and the
consumer’s phone number. Google’s single, universal privacy policy represented
that the search engine mogul may combine a user’s PII across multiple Google
products. Google explained the basis for the change in its privacy policy in the
following paragraph:
Our new Privacy Policy makes clear that, if you’re signed in, we may
combine information that you’ve provided from one service with
information from other services. In short, we’ll treat you as a single user
across all our products, which will mean simpler, more intuitive Google
experience.
The Google Privacy Policy Litigation arose out of a class action filed by
Google account holders that

205

objected to the company’s commingling of PII harvested from the some

seventy Google web-based products. Targeted advertising and users of mobile
devices supported many of these Google products and services. The plaintiffs
contended that the new policy enabled Google to merge user data generated
through platforms such as Gmail, Google Maps and YouTube. Users complained
that Google made this change without their consent and with no way to opt out,
in a bid to compete for ad revenue against Facebook and other social media
companies.
In In re Google, Inc., Privacy Policy Litig., 2015 WL 4317479 (N.D. Ca. July
15, 2015) the federal district court dismissed the plaintiff’s complaint after
having given them an opportunity to amend their complaint. The court dismissed
the remaining two causes of action for breach of contract and fraud by users of
Android-powered devices who had downloaded at least one Android application
through Google Play. The court had dismissed other claims in prior cases.
(B) GOOGLE G-MAIL LITIGATION
In re Google Inc. Gmail Litig., 2013 WL 5423918 (N.D. Cal., Sept. 26, 2013),
Google account holders contended that the search engine’s operation of Gmail
violated both the state and federal Electronic Communications Privacy Act
(ECPA). The Consolidated Complaint sought damages on behalf of a number of
classes of Gmail users and non-Gmail users for Google’s interception of emails
over a period of several years. Google’s defense was that scanning users’ email
messages was an ordinary

206

business practice, which is a defense to both the state and federal wiretap
claims. The plaintiffs contended that the Google’s scanning to find words and
information of relevance to Google’s advertisers was done without their prior
consent, thus violated their right of privacy.
The federal district court denied Google’s motion to dismiss the action,
concluding that “the statutory scheme suggests that Congress did not intend to
allow electronic communication service providers unlimited leeway to engage in
any interception that would benefit their business models, as Google contends.”
Google’s defended against the plaintiffs’ state and federal wiretap claims by
contending that the plaintiffs consented to any email interception.
The court also rejected Google’s “ordinary course of business” defense to the
state and federal ECPA causes of action. The court found “Google’s alleged
interceptions are neither instrumental to the provision of email services, nor are
they an incidental effect of providing these services,” The court concluded that
the objected to interceptions were outside Google’s ordinary course of business.”
The court ruled that Google may be violating wiretap law when it scans the e-
mails of non-Gmail users and allowed a lawsuit against the company to move
forward.
(C) GOOGLE WALLET
In Svenson v. Google, 2014 WL 3962820 (N.D. Cal., Aug. 12, 2014), the
plaintiff purchased an App in the Google Play store using Google Wallet.

207

Svenson contended that she “paid $1.77 for the ‘SMS MMS to Email’ App
published by third-party vendor YCDroid; upon purchase, the App was instantly
downloaded for use on Plaintiff’s mobile device.” The essence of Svenson’s
complaint was that Google transmitted her contact information to YCDroid.
Svenson’s complaint was for: “(1) breach of contract; (2) breach of the
implied covenant of good faith and fair dealing; (3) violation of the Stored
Communications Act, 18 U.S.C. § 2701; (4) violation of the Stored
Communications Act, 18 U.S.C. § 2702; and (5) violation of California’s Unfair
Competition Law, Cal. Bus. & Prof. Code § 17200.” The Svenson court found
Svenson’s contract claims to be defective in that she did not prove that she paid
anything to Google for the “asserted privacy protections.”
The court gave the plaintiff leave to amend her complaint and on April 1, 2015
permitted some of her claims to go forward. In Svenson v. Google, Inc., 2015
WL 1503429 (N.D. Cal., Apr. 1, 2015), the court denied Google’s motion to
dismiss for lack of Article III standing and allowed Svenson’s benefit of the
bargain claim to go forward. In Sevenson’s amended complaint she “clarified
her contract theory” in contending that Google had access to personal
information which had value to Google and also was to “retain a percentage of
the App’s purchase price.”
The Svenson court also noted that the Ninth Circuit recognizes that “Google’s
conduct in making

208

her personal information available to YCDroid diminished the sales value of

that personal information.” The federal district court stated that: “Svenson’s
allegations of diminution in value of her personal information are sufficient to
show contract damages for pleading purposes.” The court also found that the
Svenson pleaded sufficient facts for an implied covenant of good faith and fair
dealing. The court granted Google’s motion to dismiss Svenson’s SCA claims
but giving plaintiff leave to amend her complaint. Finally, the court denied
Google’s motion to dismiss Svenson’s claim that the search engine violated
California’s Unfair Competition Law.

§ 7-2. FTC’s Role as Chief Privacy Regulator

(A) FTC PRIVACY DISCLOSURES
In May 2012, the FTC hosted a mobile privacy panel discussion. The FTC
noted that app stores are offering an interface between users and hundreds of
thousands of apps and therefore, are in the best position to make privacy
disclosures. The FTC recommends just in time disclosures and implanting an
express means of expressing consent. FTC, FTC Staff Report, Mobile Privacy
Disclosures: Building Trust Through Transparency (Feb. 2013).
The FTC will have jurisdiction to regulate and the proposed Student Digital
Privacy and Parental Rights Act, Under the House bill, “ ‘operators’ that provide
cloud computing and other online services to schools would be prohibited from
targeting advertising to a student, selling a student’s

209

information to a third party, or creating a personal profile of a student for a

non-school-related purpose.” Alexei Alexis, House Bill for ‘Operators’
Handling Student Data, BLOOMBERG BNA COMPUTER TECHNOLOGY LAW REPORT
(Apr. 29, 2015).
(B) FTC PRIVACY ENFORCEMENT
The FTC has initiated a formal enforcement action against many information
industry companies. The FTC asked Microsoft, Google, Mozilla, and other
browser designers to incorporate a “do not track” option so consumers can opt
out of tracking software. In early 2012, the FTC joined European agencies in
launching an investigation into Google for alleged privacy violations.
(C) COPPA
The Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. § 6501)
makes it illegal for companies to harvest personally identifiable information
from children aged 13 and under without their parents’ consent. The COPPA
Rule applies “to operators of commercial websites and online services (including
mobile apps) directed to children under 13 that collect, use, or disclose personal
information from children, and operators of general audience websites or online
services with actual knowledge that they are collecting, using, or disclosing
personal information from children under 13.” FTC, Complying with COPPA
(Apr. 13, 2013).
The FTC’s COPPA regulation mandates that the site operator obtain verifiable
parental consent and

210
give conspicuous notice of their information practices. A website may not
condition a child’s use of the website in its terms of service on disclosing
personal information. The FTC requires a website give a child’s parents the
opportunity to restrain further use or collection of information. A website must
have reasonable security to protect the confidentiality, security, and integrity of
personal information collected from children.
The FTC’s COPPA Rule provides websites with safe harbor if they comply
with approved self-regulatory guidelines formulated by marketing or online
industries. Self-regulatory guidelines must subject operators to the same or
greater protections for children as contained in Sections 312.2 through 312.9 of
the FTC’s COPPA Rule. All websites are required to conduct periodic reviews
of subject operators’ information practices. The FTC states the website must
comply with COPPA if the operator has a “general audience web site and actual
knowledge that they are collecting personal information” from children aged 13
or under. 16 C.F.R. § 312.
The Commission issued an amended Rule on December 19, 2012. The
amended Rule became effective on July 1, 2013. In 2013, the FTC issued
guidance on the updated definitions of personal information to include
geolocation, screen names, audio files, thus accommodating COPPA to social
media. FTC, Complying with COPPA (Apr. 13, 2013). “The amended Rule,
which goes into effect on July 1, 2013, added four new categories of information
to the definition of personal information. The amended

211

Rule of course applies to any personal information that is collected after the
effective date of the Rule.” Websites that have collected geolocation information
and have not obtained parental consent must do so immediately.

§ 7-3. Third Party Disclosure of Private Information

In Bartnicki v. Vopper, 532 U.S. 514 (2001), the U.S. Supreme Court held that
a journalist had an absolute First Amendment privilege to broadcast a private
recording that was surreptitiously intercepted by an unknown person. Bartnicki
was the teacher’s union’s chief negotiator in a contentious labor dispute with a
high school. A third party intercepted his cell phone conversation with the union
president in which the union president threatened to “blow off their front
porches.” A secretly taped copy of this cell phone statement was left in the
journalist’s mailbox by an unknown third party. The Court held the journalist
was not liable for violation of the Electronic Communications Privacy Act
(ECPA) for broadcasting the illegally taped conversation. The Court
commented, “The normal method of deterring unlawful conduct is to impose an
appropriate punishment on the person who engages in it.”
The Bartnicki Court noted it would be unusual to punish a law-abiding
journalist for the criminal act of an anonymous third party interceptor. The U.S.
Supreme Court in Bartnicki held the First Amendment prohibited imposition of
civil liability for the journalist’s disclosure of an illegally intercepted

212

cell-phone call. This case “has significant implications for Internet law
because of the vast opportunities for republication of information enabled by the
Internet.” MARK LEMLEY, ET AL., SOFTWARE AND INTERNET LAW 955 (3rd ed.
2006). Notably, Chief Justice William Rehnquist commented, “We are placed in
the uncomfortable position of not knowing who might have access to our
personal and business e-mails, our medical and financial records, or our cordless
and cellular telephone conversations.”

§ 7-4. Consumer Privacy Bill of Rights

In February of 2012, the Obama Administration presented a Consumer
Privacy Bill of Rights to extend consumer rights to commercial sectors that are
not subject to other federal data privacy laws. The Consumer Bill of Rights
incorporated privacy principles formulated by The Organization for Economic
Cooperation and Development (OECD), which were incorporated into the
Directive on Data Protection that went into effect in October 1998 in the
European Union.
Online activities are increasingly likely to be subject to European privacy
regulations in the interconnected world of the Internet. The proposed Consumer
Privacy Bill of Rights, drawn in large part, from OECD principles, states:
Individual Control: Consumers have a right to exercise control over what
personal data companies collect from them and how they use it.

213
Transparency: Consumers have a right to easily understandable and
accessible information about privacy and security practices.
Respect for Context: Consumers have a right to expect that companies will
collect, use, and disclose personal data in ways that are consistent with the
context in which consumers provide the data.
Security: Consumers have a right to secure and responsible handling of
personal data.
Access and Accuracy: Consumers have a right to access and correct
personal data in usable formats, in a manner that is appropriate to the
sensitivity of the data and the risk of adverse consequences to consumers if
the data is inaccurate.
Focused Collection: Consumers have a right to reasonable limits on the
personal data that companies collect and retain.
Accountability: Consumers have a right to have personal data handled by
companies with appropriate measures in place to assure they adhere to the
Consumer Privacy Bill of Rights.
THE WHITE HOUSE, CONSUMER DATA PRIVACY IN A NETWORKED WORLD
(2012).
The Obama Administration seeks to improve global interoperability between the
U.S. consumer data privacy framework and other countries’ frameworks,
through mutual recognition, the development of codes of conduct through multi-
stakeholder

214

processes, and enforcement cooperation. If Congress enacts this proposed

statute, it will help to harmonize U.S. privacy law with the Eurozone’s Data
Protection Directive.

§ 7-5. State Security Breach Notification

Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin
Islands have enacted legislation requiring notification of security breaches
involving personal information. Data breach notification statutes require entities
that maintain personally identifiable information to give notice if there is a
breach in the security of the information. In 2013, California’s state senate
approved a proposal to extend their data protection statute to address “email
addresses, passwords, user names, and security questions and answers for online
accounts.” Data Breaches: California Data Breach Notice Law Would Apply to
User Names, Passwords, BLOOMBERG BNA, ELECTRONIC COMMERCE & LAW
REPORT (May 22, 2013).
Massachusetts, for example, defines “breach of security” as “the unauthorized
acquisition or unauthorized use of unencrypted data or, encrypted electronic data
and the confidential process or key that is capable of compromising the security,
confidentiality, or integrity of personal information, maintained by a person or
agency that creates a substantial risk of identity theft or fraud against a resident
of the commonwealth.” Mass. Gen. Laws § 93H–1 et seq.

215

Many states limit the data breach notification requirement to unencrypted data.
Massachusetts, like other states, imposes civil penalties for failing to give
consumers notice of security breaches. Data breaches for e-commerce
companies, for example, will rarely affect citizens in a single state. Counsel must
ensure that their client complies with the data breach statutes for all states.

§ 7-6. Global Privacy Issues

(A) DATA PROTECTION DIRECTIVE
The Data Protection Directive, Directive 95/46/EC, was adopted in 1995 with
two objectives in mind: to protect the fundamental right to data protection and to
guarantee the free flow of personal data between Member States. The underlying
jurisprudence behind the Data Protection Directive is to give European data
subjects control over their presentations of self. In particular, the Directive
achieves this by giving data subjects control over the collection, transmission,
and use of personal information. The Directive gives data subjects the right to be
notified of all uses and disclosures about how their personal data is collected and
processed. Directive 95/46/EC.
The Directive implemented the OECD Privacy Principles as does other EU
national privacy legislation. The Directive employs much of the vocabulary of
the OECD such as data controllers and adopts concepts such as data quality and
transparency. The Data Protection Directive of October 1995 commands any EU
company to comply

216

with specific rules for processing and transferring European consumer data.
Each EU Member State has enacted legislation fulfilling the legal grounds
defined in the Directive: consent, contract, legal obligation, vital interest of the
data subject, and the balance between the legitimate interests of the people
controlling the data versus the people on whom data is held (i.e., data subjects).

(B) GOOGLE SPAIN V. AEPD1

Google Spain v. AEPD, Case C-131/12, Google Spain SL v. Agencia Española
de Protección de Datos (May 13, 2013), is the decision of the Court of Justice of
the European Union that read a right to be forgotten under the extant Data
Protection Directive. In 2010, Mario Costeja González, a Spanish national, filed
a complaint with the Spanish Data Protection Agency (Agencia Española de
Protección de Datos, (AEPD) against La Vanguardia Ediciones SL, a large
publisher of daily news in Spain, as well as Google Spain and Google Inc.
González, the data subject seeking erasure, contended that when Internet users
entered his name in a Google search, the results linked to La Vanguardia
newspaper articles containing announcements for a real-estate auction related to
attachment proceedings that began after González failed to pay social security
debts. He contended

217

that the articles, “although truthful, injured his reputation and invaded his
privacy.”
González demanded that the Spanish newspaper erase them because they were
no longer relevant, since the proceedings had concluded more than a decade ago.
The newspaper publisher refused to erase the articles because the Ministry of
Labour and Social Affairs had ordered their publication. Next, the plaintiff
demanded that Google remove the link to those stories and thereby eliminate any
association to his name.
(1) Procedural History of Google Spain v. AEPD

The AEPD ruled that Google was responsible as a data controller for
removing results about the plaintiff from its search engine. After the AEPD’s
decision, Google brought action before the Audiencia Nacional, Spain’s highest
court, which referred the case to the Court of Justice of the European Union. On
June 25, 2013, Advocate General Niilo Jääskinen issued his advisory opinion,
finding that Google had no responsibility to remove any links on its search
engine based on a privacy claim. He reasoned that suppressing legitimate and
legal information already in the public domain would interfere with freedom of
expression and undermine the objectivity of information on the Internet.
The CJEU rejected the Advocate General’s argument and recognized a broad
right to be forgotten under Spain’s implementation of Directive 95/46/EC. The
court found that Google, as an

218

indexer of information, was processing personal data and therefore subject to

the Directive’s obligations for data controllers. The court drew upon Articles
12(b) and 14(a) of the Directive to hold that Google owed a duty to erase
information from its search index. The CJEU rejected Google’s argument that
imposing a duty to remove personal data violated the principle of
proportionality, and that such removal must be addressed to the publisher of the
website because the publisher was responsible for making the information
public.
The CJEU reasoned that search engines make access to this information
effortlessly available, because they enable users to obtain information about a
data subject by simply typing the subject’s name. Due to their preeminent role in
organizing data, search engines like Google are far more likely to interfere with
the data subject’s right to privacy than the original website publisher.
(2) Aftermath of Google Spain v. AEPD
After Google Spain v. AEPD, data subjects in Europe gained a right to demand
that Google delete links to websites that appear when searching for their names
unless there are legitimate reasons not to remove them, even if the original
website has not taken down the content and the data is truthful and otherwise
lawful. However, the original information about González will not be scrubbed
from the Internet; it is only removed from a Google search of his name. Thus,
requiring a search engine to provide Internet users with a right to be forgotten is

219
219

not about deleting or forgetting content, but making it more difficult to locate.
Further, Google may not be technically eliminating the connection between
the data subject and the published information because the deleted link could
still be available in Google’s backup files. Indeed, links that Google removes
from EU search results will remain in searches made from non-EU domains.
Erasing social media posts that have gone viral is akin to attempting to hold back
the ocean with a single whiskbroom.
In the debate over the right to be forgotten, the sole focus on Google is also
misplaced as there are numerous other search engines including Microsoft’s
Bing, which have a sizable share of the search engine market. Critics from the
House of Lords in the United Kingdom emphasize that the CJEU did not
consider the ruling’s effect on smaller search engines, which are “unlikely to
have the resources to process thousands of removal requests.” Furthermore, they
argue that it is “ ‘wrong in principle’ to leave it to search engines to decide
whether or not to delete information, based on ‘vague, ambiguous and unhelpful’
criteria.”
(C) SCHREMS’ SAFE HARBOR CASE
The Court of Justice of the European Union (CJEU) considered the case of
Maximillian Schrems v. Data Protection Commissioner, C-362/14, (July 25,
2014). The Shrems case was referred to the CJEU on July 25, 2014 from a
preliminary ruling from Ireland’s High Court of Justice for a ruling

220

whether the U.S.-E.U. Safe Harbor, provides an adequate protection for

transfers of EU consumers’ personal data.
The case arose out of an Austrian law student and Facebook user’s complaint
to Ireland’s Data Protection Commissioner that Facebook Ireland’s transfer of
his personal data to the U.S. could not guarantee an adequate level of protection
given the National Security Agency surveillance program known as PRISM.
NSA’s Prism Project harvested data from Facebook, Google, and numerous
other Internet-related institutions. “The key issue of the referral is the question of
whether the decision of the European Commission on Safe Harbor is binding on
national authorities.” Stefan Schuppert and Tim Wybitul, Hogan, Lovells, Irish
High Court Refers Questions to European Court of Justice: Can National DPAs
Disregard Safe Harbor? (July 10, 2014). If the CJEU rules that the U.S. cannot
guarantee an adequate protection for personally identifiable data, the Data
Protection Safe Harbor will either need to be renegotiated or another program
instituted.
(D) PROPOSED GENERAL DATA PROTECTION REGULATION
On January 1, 2012, the EC proposed the Regulation on the Protection of
Individuals with Regard to the Processing of Personal Data and on the Free
Movement of Such Data (General Data Protection Regulation). The proposed
General Data Protection Regulation will displace the Data

221

Protection Directives (Directive 95/46/EC) when it goes into effect sometime

in 2017.
(1) Updating the Data Protection Directive

The EU Commission seeks to update the data protection framework by

proposing it as a regulation rather than the former directive. Perhaps, the most
significant reason for enacting a regulation rather than a revised directive is that
a regulation automatically in force, while a directive requires each of the twenty-
eight states to enact enabling national legislation. Safeguarding Privacy in a
Connected World—A European Data Protection Framework for the 21st
Century” COM (2012) 9 final.
(2) Automatically Applicable Regulation
The General Data Protection Regulation is directly applicable to all of the
Member States and “will reduce legal fragmentation and provide greater legal
certainty by introducing a harmonized set of core rules, improving the protection
of fundamental rights.” Proposal for a Regulation of the European Parliament
and of the Council on the Protection of Individuals with Regard to the
Processing of Personal Data and on the Free Movement of Such Data (General
Data Protection Regulation) (Jan. 25, 2012) at 3.2.
(3) Overview of GDRP

The proposed Data Protection Regulation consists of 88 articles. The key

provisions of the General Data Protection Regulation are: (1) an expanded

222
222

jurisdictional reach applied to non-European companies that process the data

of European consumers; (2) the duty to notify consumers of a data breach within
24 hours; (3) require companies to obtain a “specific, informed and explicit”
consent before collecting personal data (opt-in provision); and (4) a company’s
duty to erase personal data upon demand (right to be forgotten). Jeffrey M.
Goetz, A New World of EU Data Protection, MARTINDALE.COM (Feb. 2,
2012). The chief provisions of the General Data Protection are:
• A single set of rules on data protection, valid across the EU. Unnecessary
administrative requirements, such as notification requirements for
companies, will be removed. This will save businesses around €2.3 billion
a year.
• Instead of the current obligation of all companies to notify all data
protection activities to data protection supervisors—a requirement that
has led to unnecessary paperwork and costs businesses €130 million per
year—the Regulation provides for increased responsibility and
accountability for those processing personal data.
• For example, companies and organizations must notify the national
supervisory authority of serious data breaches as soon as possible (if
feasible, within 24 hours).
• Organizations will only have to deal with a single national data
protection authority in the EU country where they have their main

223

establishment. Likewise, people can refer to the data protection authority in

their country, even when their data is processed by a company based
outside the EU. Wherever consent is required for data to be processed, it
is clarified that it has to be given explicitly, rather than assumed.
• People will have easier access to their own data and be able to transfer
personal data from one service provider to another more easily (right to
data portability). This will improve competition among services.
• A “right to be forgotten” will help people better manage data protection
risks online: people will be able to delete their data if there are no
legitimate grounds for retaining it.
• EU rules must apply if personal data is handled abroad by companies that
are active in the EU market and offer their services to EU citizens.
• Independent national data protection authorities will be strengthened so
they can better enforce the EU rules at home. They will be empowered to
fine companies that violate EU data protection rules. This can lead to
penalties of up to €1 million or up to 2% of the global annual turnover of
a company.
The proposed Regulation will apply general data protection principles and
rules for police and judicial cooperation in criminal matters. The rules will

224

apply to both domestic and cross-border transfers of data. European

Commission, Commission Proposes a Comprehensive Reform of Data
Protection Rules to Increase Users’ Control of Their Data and to Cut Costs for
Business, Brussels, Jan. 25, 2012.
(4) Article 17: Right to Be Forgotten
The European Union right to be forgotten can be conceptualized as taking
three forms: (1) the right to have information deleted after a preset period; (2)
the right to have a clean slate; and (3) the right to be connected to current
information and delinked from outdated information. See Bert-Jaap Koops,
Forgetting Footprints, Shunning Shadows. A Critical Analysis of the “Right To
Be Forgotten” in Big Data Practice, 8 SCRIPTED 229, 236 (2011). A data subject
has the right to erase links to data relating to him or her if the information is:
no longer necessary in relation to the purposes for which [it was] collected
or otherwise processed, where data subjects have withdrawn their consent
for processing or where they object to the processing of personal data
concerning them or where the processing of their personal data otherwise
does not comply with this Regulation.
Article 17 provides the data subject’s right to be forgotten and to erasure. Article
17 further elaborates and specifies the right of erasure provided for in Article
12(b) of Directive 95/46/EC and provides the conditions of the right to be
forgotten, including the obligation of the controller

225
which has made the personal data public to inform third parties on the data
subject’s request to erase any links to, or copy or replication of that personal
data. It also integrates the right to have the processing restricted in certain cases,
avoiding the ambiguous terminology “blocking.” The EU Commission’s
Explanatory Memorandum makes a policy-based decision that the data
controller, not the data subject, must notify third-party websites that a data
subject has requested that it “erase any links to, or copy or replication of …
personal data.” Article 17(1) sets forth the ground rules for when data subjects
have a right to be forgotten:
The data subject shall have the right to obtain from the controller the erasure
of personal data relating to them and the abstention from further
dissemination of such data, especially in relation to personal data, which are
made available by the data subject while he or she was a child, where one of
the following grounds applies:
(a) the data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based
according to point (a) of Article 6(1), or when the storage period
consented to has expired, and where there is no other legal ground for
the processing of the data;
(c) the data subject objects to the processing of personal data pursuant to
Article 19;

226

(d) the processing of the data does not comply with this Regulation for
other reasons.
Article 17(2) states, “Where the controller referred to in paragraph 1 has made
the personal data public, it shall take all reasonable steps, including technical
measures, in relation to data for the publication of which the controller is
responsible, to inform third parties which are processing such data, that a data
subject requests them to erase any links to, or copy or replication of that personal
data.” Academic commentators caution that the proposed Regulation’s vague
admonitions create boundless liability for data controllers.
(5) Exceptions to the Right to Be Forgotten
The data controller is not required to initiate erasure if the subject of the data
request falls into one of four exceptions in Article 17(3). Article 17(3) makes it
clear that the right to be forgotten is subject to other fundamental rights such as
expression as noted below:
(a) for exercising the right of freedom of expression in accordance with
Article 80;
(b) for reasons of public interest in the area of public health in accordance
with Article 81;
(c) for historical, statistical and scientific research purposes in accordance
with Article 83;
(d) for compliance with a legal obligation to retain the personal data by
Union or Member State law to which the controller

227

is subject; Member State laws shall meet an objective of public interest,

respect the essence of the right to the protection of personal data and be
proportionate to the legitimate aim pursued.
The EU Commission does not provide data controllers with a template for
determining whether a given data request collides with the right of expression.
Other sources of EU law flesh out the contours and limitations of expression, but
these are broad standards, not the bright-line rules needed by data controllers
that must process hundreds of thousands of data requests per year. Article 11 of
the Charter, which corresponds to Article 10 of the ECHR, states that European
citizens have a broad freedom of expression that includes the freedom to hold
opinions and to receive and impart information and ideas without the
interference of a public authority.
The EU’s freedom of expression encompasses not only the freedom of speech
and information but also guaranteed access to the public. However, the freedom
of expression is not absolute; it does not include a right to defame or to use
speech to threaten public safety, national security, crime prevention, the
protection of health and morals, the prevention of disclosure of information
received in confidence, and the authority and impartiality of the judiciary.
The European Commission also provides little guidance on how to respond to
data requests to accommodate the policy interest in public health. Similarly, it is
unclear how data controllers should

228

determine what data requests are important for historical, statistical, or

scientific purposes.
Finally, Article 17(3) sets forth a general standard that data controllers can
retain personal data if retention accords with EU or member state law, which
inevitably requires balancing a data subject’s request against the public interest,
“respect[ing] the essence” of the right to data protection, and remaining
“proportionate to the legitimate aim pursued.” However, the Commission has yet
to formulate a template for how search engines should weigh or balance these
factors in making the decision to grant or reject a data subject’s demand to
delink. At present, the right to be forgotten is not a global right, but applies only
to data subjects in the EU.
(E) FOREIGN LITIGATION
In the U.S., Section 230 immunizes websites for postings by third parties even
if they invade the privacy of users. In the U.S., no court has ordered a website to
remove third party content that invades privacy or is otherwise tortious. In
contrast, in Lefebure v. Lacambre, Ref. 55181/98, No. 1/JP (Tribunal de Grande
Instance de Paris, 1998), a French court found an ISP liable for publishing erotic
images of the plaintiff on its Web site. “Under French law, an Internet Service
Provider is responsible for the morality of the content distributed via the client-
operated Web sites it hosts, and may be liable for violations of privacy.” The
French plaintiff contended that the ISP violated her privacy and damaged her
professional

229

reputation by allowing a subscriber to publish nude photographs of her on a

website. The French court ordered the offending website be shut down under the
threat of a fine of 100,000 francs per day.
The French data protection agency, the Commission Nationale de
I’information et des Liberties (CNIL), (Deliberation No. 2013–420, CNIL),
fined Google €150,000 for not sufficiently informing its users of the conditions
that their personal data is processed nor the purpose of the processing. Moreover,
CNIL found that Google does not comply with its obligations to obtain user
consent prior to the storage of cookies on their terminals. Google combines all of
the data it collects about its users without any legal basis, according to the CNIL.
In addition to the monetary penalty, the CNIL ordered Google to publish a copy
of the order on its French version of its site for a 48-hour period.
The Federation of German Consumer Organizations (VZBV) filed an action
against Facebook for violation of German consumer and privacy law in
November 2010. A Regional Court of Berlin ruled that Facebook’s “Friend
Finder” and its terms of use agreement violated the Unfair Commercial Practices
Directive as well as that country’s data protection directive. Under the German
court order, users must be clearly advised about how personal data is handled.
Computer monitoring software permits workplace surveillance without the
employees’ knowledge. In January 2014, a German appeals court ruled that
Facebook’s ‘Friend Finder’ function violated German data protection law and
constituted an unfair trade

230

practice. Karin Retzer, German Court Rules Against Facebook’s ‘Friend

Finder,’ Socially Aware: The Law and Business of Social Media (March 3,
2014).
In VZVB v. Apple, a Berlin Regional Court held that Apple’s standard data
protection clauses violated Germany data protection law. The Federation of
German Consumer Organization (VZBV) challenged thirteen clauses in
Google’s privacy policy and twelve clauses in its standard terms of use
agreement. Loek Essers, Berlin Court Rules Google Privacy Policy Violates
Data Protection Law, IDG NEWS SERVICE (Nov. 20, 2013). The VZBV
challenged problematic clauses that enabled Google “to collect device-specific
information; may collect and process information about a user’s location and
may combine personal information from one service with information from other
Google services.”
The French data protection agency, the Commission Nationale de
I’information et des Liberties (CNIL) Commission Nationale de I’information et
des Liberties (CNIL), imposed a 150,000 euros fine on Google because it failed
to sufficiently inform users of the conditions and purposes of the processing of
personally identified data. Google agreed to drop its appeal. In re Societe
Google, Inc., CE, No. 374594, order closing appeal (Feb. 2, 2014). In addition,
to the French action, Google faced enforcement actions in the United Kingdom,
Netherlands, and Spain arising out of its unified privacy policy. Rick Mitchell,
Google Drops Appeal of French Fine Over Single Privacy Policy Across
Products, BNA Bloomberg, Privacy and Data Security Law Resource Center
(Feb. 6, 2015).
___________
1 The right to be forgotten discussion in based in part upon ideas in Michael L.

Rustad & Sanna Kulevska, Reconceptualizing the Right to Be Forgotten to

Enable Transatlantic Data Flow, 28 HARV. J. L. & TECH. 351 (2015).
231
CHAPTER 8
INTERNET-RELATED CRIMES

§ 8-1. Overview of Cybercrimes

In the new millennium, cybercrime encompasses violations of criminal law
perpetrated online or using the Internet as an instrumentality. Cybercrime
respects no national borders and is often difficult to detect because although
online criminals sometimes leave digital footprints, there is no traditional crime
scene. Internet crimes, unlike traditional crimes, do not involve face-to-face
criminality, although traditional crimes may be enabled by careless behavior in
cyberspace. The Internet has lowered the barrier of perpetuating bricks and
mortar crimes because victim’s personal information is posted on websites. For
example, the BBC reported that an Australian teenager posted a picture of a
massive cache of cash that she was helping to count. Within hours, masked men
appeared at the door and demanded the money at gunpoint.
The Internet has also created new categories of crime such as virtual trespass,
identity theft, online stalking, hacking into websites, and the misappropriation of
intangible data. The Internet of Things (IoT) is the network of physical objects
or “things” that employs software to connect to Internet-related devices. With
the IoT, “your smartphone will be able to lock your house, turn on the air
conditioning, check whether the milk is out of date, or even heat up your iron.”
Nevertheless,

232

IOT also creates the possibility of hackers taking over “home life, gathering
valuable personal data, or even use stolen information to extort money from
victims.” A security firm “took over those switches, turning them into
poltergeists that could turn on heaters and irons—a fire hazard and electricity-
waster.” Hackers taking over household devices are likely to occur with billions
of everyday devices now connected to the Internet.
Cybercriminals, for example, maintain websites where one can buy names,
addresses, and Social Security or credit card numbers to be used in financial
crimes. Cybercrimes often occur across borders creating difficult problems of
detection. For causes of action based upon privacy violations or espionage, there
may be little by way of provable damages. This chapter covers substantive
cybercrime law as opposed to procedural cybercrime law.
(A) OVERVIEW OF COMPUTER CRIMES
(1) What Computer Crime Includes
The first computer crime statutes were enacted in the 1980s at both the U.S.
state and federal level. Orin Kerr divides computer crime into two categories:
computer misuse crimes and traditional crimes. ORIN S. KERR, COMPUTER CRIME
LAW 1 (2d ed. 2009). Computer misuse is a relatively new category of computer
crime, involving deliberate interference with the functioning of the computer.
Traditional computer crimes, which use the computer to facilitate long-
established crimes such

233

as child pornography, trade secret misappropriation, and stalking, take on new

forms in the Internet age. For example, online stalking does not fit neatly into the
traditional tort of assault because it lacks the element of imminence except
perhaps in the case of a live chat. Orin Kerr identifies three major legal
controversies in computer crime: (1) Fourth Amendment search and seizure
(procedural computer crime law), (2) Statutory Privacy Law, which includes the
Electronic Communications Privacy Act (ECPA) or federal wiretap act) and the
Stored Communications Act (SCA), and (3) Disputes where the victim and the
defendant are in different jurisdictions. Questions regarding cross border
enforcement of state criminal statutes often arise in the field of cybercrime.
(2) The Nature of Computer Crime

Computer crimes are often more difficult to detect and resolve than crime in
the streets. Most cybercriminals are not physically present at the crime scene.
The Internet enables anonymous communications that are difficult to trace
because of false e-mail headers and anonymous re-mailers. Relational crimes are
easier to prosecute in the physical world because police can focus on multiple
physical clues and eliminate suspects who were not in the area when the crime
was committed. Internet crimes may involve creating small economic losses for
many consumers, making it unlikely that any one victim will report it or file a
claim. Victims may be unaware that their information or identity has been

234
234

stolen until long after the crime has been completed. See generally, ORIN S.
KERR, COMPUTER CRIME LAW (2006).
(3) Defining Cybercrimes
Cybercrime is the use of the Internet and related technologies to commit
crimes. The U.S. Department of Justice’s Office of U.S. attorneys note, “The
range of threats and the challenges they present for law enforcement expand just
as rapidly as technology evolves.” U.S. DEPT. OF JUSTICE, CYBERCRIMES (2015).
Cybercrimes can be broadly divided into three categories: “[1] organized crime
groups that are primarily threatening the financial services sector, and they are
expanding the scope of their attacks; [2] state sponsors—foreign governments
that are interested in pilfering data, including intellectual property and research
and development data from major manufacturers, government agencies, and
defense contractors; and [3] increasingly there are terrorist groups who want to
impact this country the same way they did on 9/11 by flying planes into
buildings.” Federal Bureau of Investigation, The Cyber Threat: Part I: On the
Front Lines with Shawn Henry (Mar. 27, 2012).
They are seeking to use the network to challenge the United States by looking
at critical infrastructure to disrupt or harm the viability of our way of life.
Examples of computer crime include computer intrusions, denial of service
attacks, viruses, and worms but not child pornography, which is a traditional
crime only enabled by the

235

Internet. Cybercrimes differ from traditional crime in that the criminal is not
physically at the crime scene and often leaves few clues.

§ 8-2. Computer Fraud and Abuse Act

(A) CRIMINAL LAW PROVISIONS
The most important federal statute used to prosecute cybercrime is the
Computer Fraud and Abuse Act (CFAA), which punishes and deters computer
hackers, e.g., ‘electronic trespassers.’ 18 U.S.C. § 1030. The CFAA prohibits
seven types of computer crimes mainly involving accessing computers without
authorization or in excess of authorization, and then obtaining information or
damaging computer data. 18 U.S.C. § 1030(a). The CFAA creates liability for a
person who: (1) intentionally accesses a computer without authorization or
exceeds authorized access, and thereby obtains information from any protected
computer, in violation of § 1030(a)(2)(C), (2) knowingly and with intent to
defraud, accesses a protected computer without authorization, or exceeds
authorized access, and by means of such conduct furthers the intended fraud and
obtains anything of value, in violation of § 1030(a)(4), or (3) intentionally
accesses a protected computer without authorization, and as a result of such
conduct, recklessly causes damage, or causes damage and loss, in violation of §
1030(a)(5)(B)–(C).
The CFAA prohibits anyone from intentionally accessing a computer used in
interstate or foreign commerce without authorization (or by exceeding

236

authorized access) and thereby obtains access to information. 18 U.S.C. §

1030(a)(2)(C). Exceeding authorized access is defined as accessing a computer
with authorization but then using such access to obtain or alter information that
the computer user is not entitled to acquire or change. 18 U.S.C. § 1040(e)(6).
The CFAA refers to “exceed[ing] authorized access” and accessing a
computer “without authorization” but there is some question as to whether these
terms are interchangeable or have different meanings. 18 U.S.C. § 1030(a)(1); §
1030(a)(5)(A)(I). Prosecutors in Internet crime cases deploy the CFAA to punish
the release of viruses, worms or malware to penetrate a computer’s firewall in
order to steal or destroy data. 18 U.S.C. § 1030(a)(5). Section 1030(a)(5)
criminalizes those who deliberately attack computers or infect data with harmful
code. The CFAA sanctions the following actions:
(1) computer trespassing (e.g., hacking) in a government computer, 18
U.S.C. § 1030(a)(3); (2) computer trespassing (e.g., hacking) resulting in
exposure to certain governmental, credit, financial, or computer-housed
information, 18 U.S.C. § 1030(a)(2); (3) damaging a government computer,
a bank computer, or a computer used in, or affecting, interstate or foreign
commerce (e.g., a worm, computer virus, Trojan horse, time bomb, a denial
of service attack, and other forms of cyber attack, cyber crime, or cyber
terrorism), 18 U.S.C. § 1030(a)(5); (4) committing fraud an

237
integral part of which involves unauthorized access to a government
computer, a bank computer, or a computer used in, or affecting, interstate or
foreign commerce, 18 U.S.C. § 1030(a)(4); (5) threatening to damage a
government computer, a bank computer, or a computer used in, or affecting,
interstate or foreign commerce, 18 U.S.C. § 1030(a)(7); (6)trafficking in
passwords for a government computer, or when the trafficking affects
interstate or foreign commerce, 18 U.S.C. § 1030(a)(6); and (7) accessing a
computer to commit espionage, 18 U.S.C. § 1030(a)(1).
Charles Doyle, Cybercrime: An Overview of the Federal Computer Fraud &
Abuse Statute & Related Federal Criminal Law, CONGRESSIONAL RESEARCH
SERVICE (Oct. 15, 2014).
Originally, only a criminal statute, the CFAA now enables the victims of
computer crimes to file civil actions against cybercriminals, provided the access
is either “without authorization” or “exceeds authorized access.” 18 U.S.C. §
1030(g). The civil action provision is covered later in this chapter.
Summary of Computer Fraud & Abuse Act

238
239

(1) Obtaining National Security Information

The elements of an (a)(1) criminal offense require that a defendant: (1)

knowingly accessed computer without or in excess of authorization, (2) obtained
national security information, (3) had reason to believe the information could
injure the U.S. or benefit a foreign nation, and (4) made a willful
communication, delivery, transmission (or attempt) or willfully retained the
information. National security cybercrimes are rarely prosecuted; most computer
crime enforcement is directed at domestic cybercriminals.
(2) Accessing Computer Without Authorization

The CFAA prohibits exceeding authorized access to a computer and obtaining

information. 18 U.S.C. § 1030(a)(2). The Fourth Circuit in WEC Carolina
Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012) held that an ex-
employee who downloaded trade secrets during the course of his employment
and used that information for a

240

presentation to his new employer did not access his employer’s computer
without authorization. While still employed by WEC the energy company
provided “him with a laptop computer and cell phone, and authorized his access
to the company’s intranet and computer servers.” Miller had access to numerous
confidential and trade secret documents stored on the company’s computer
servers. WEC instituted a policy to protect its trade secrets that prohibited using
the information without authorization or downloading it to a personal computer.
These policies did not restrict Miller’s authorization to access the information.
The court ruled that the CFAA does not impose liability for a mere violation
of a terms of use policy. Under the WEC court’s narrow reading of the CFAA,
the terms “without authorization” and “exceeds authorized access” only apply
when an individual accesses a computer without permission, or obtains or alters
information on a computer beyond that which he is authorized to access. The
path of CFAA law suggests that employers will find it difficult to pursue civil
actions against ex-employees.
(3) Trespassing in a Government Computer

Trespassing against a government computer and obtaining information is

covered by 18 U.S.C. § 1030(a)(3). Under (a)(3), the government must prove
that the defendant: (1) intentionally accessed, (2) without authorization, (3) a
nonpublic computer that was exclusively for the use of the U.S.

241

Government, or was used by or affected by the use of a U.S. Government

computer.
(4) Accessing to Defraud
The CFAA provides that whoever “knowingly and with intent to defraud,
accesses” a computer covered by the Act “without authorization, or exceeds
authorized access, and by means of such conduct furthers the intended fraud and
obtains anything of value” shall be punished as provided in the Act. In an
“unauthorized use” case, the CFAA requires a defendant to: (1) knowingly and
(2) with intent to defraud (3) access a protected computer (4) without
authorization or exceeding authorized access (5) in order to further the intended
fraud and (6) the defendant obtained something of value, including use of the
computer or data that exceeded $5,000 over a one-year period. 18 U.S.C. §
1030(a)(4). In Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc.,
119 F. Supp. 2d 1121 (W.D. Wash. 2000), the court determined that a plaintiff
need not prove common law fraud in order to have a CFFA action under 1030(a)
(4). In denying the defendant’s motion to dismiss this civil CFAA action, the
court held that the word “fraud” as used in section 1030(a)(4) simply means
“wrongdoing.”
(5) Damaging Computers or Data
Damaging a computer or its information is addressed by 18 U.S.C. § 1030(a)
(5), which criminalizes multiple offenses. Section 1030(a)(5)(A) makes it a
crime to knowingly cause transmission of a program, information, code, or
command such as a

242

computer virus that intentionally causes damage. Similarly, Section 1030(a)(5)

(B) criminalizes the intentional access of a computer without authorization
resulting in damage. Finally, Section 1030(a)(5)(C) makes it a crime to
intentionally access a protected computer without authorization causing damage
or loss.
Section 1030(a)(5)’s offenses are felonies if they result in damage or loss of
$5,000 during the year, or, modify medical care of a person, cause physical
injury, threaten public health or safety, or damage computer systems used for
justice, national defense, national security, or civil liability. Finally, it is a felony
to affect ten or more protected computers during a year regardless of damages or
loss. U.S. DEP’T OF JUSTICE, PROSECUTING COMPUTER CRIMES 35 (2012).
(6) Trafficking in Passwords
Section 1030(a)(6) prohibits a person from knowingly trafficking in computer
passwords and similar information with intent to defraud, when the trafficking
affects interstate or foreign commerce, or when the password may be used to
access a computer used by or for the U.S. Government without authorization.
The elements of the CFAA for trafficking in passwords include: (1) trafficking,
(2) in computer password or similar information, (3) knowingly and with intent
to defraud, and (4) trafficking affects interstate or foreign commerce or a
computer used by or for the U.S. Government. The term “trafficking” in section
1030(a)(6) is defined by reference to the definition of

243

the same term in 18 U.S.C. § 1029, and means “transfer, or otherwise dispose
of, to another, or obtain control of with intent to transfer or dispose.”
(7) Threatening to Harm a Computer

Section 1030(a)(7) addresses extortion, which prohibits threats to harm a

computer or data. Prosecutors must prove that the defendant has: (1) intent to
extort money or any other thing of value, (2) transmitted the threat in interstate
or foreign commerce, and (3) made a threat to damage a protected computer,
reveal confidential information, or demand money in connection with the
extortion. Attempts and conspiracy to commit computer crimes are crimes
addressed in amendments to the CFAA. Inchoate offenses such as attempt,
conspiracy, and aiding and abetting are commonly covered in federal computer
statutes. However, to date, federal prosecutors are unable to prosecute inchoate
or attempted cybercrime.
(B) CFAA’S CIVIL LIABILITY
The CFAA extends a private cause of action to a victim who suffers “loss”
because of a violation of the Act’s prohibitions. The CFAA allows for a private
right of action if the violation caused:
(I) loss to one or more persons during any [one]-year period (and, for
purposes of an investigation, prosecution, or other proceeding brought by
the United States only, loss resulting from conduct affecting one or more

244

other protected computers) aggregating at least $5,000 in value;

(II) the modification or impairment, or potential modification or
impairment, of the medical examination, diagnosis, treatment, or care of
[one] or more individuals;
(III) physical injury to any person;
(IV) a threat to public health or safety; [or]
(V) damage affecting a computer used by or for an entity of the United
States Government in furtherance of the administration of justice, national
defense, or national security … 18 U.S.C. § 1030(g).
The act defines “damage” as “any impairment to the integrity or availability of
data, a system, or information.” 18 U.S.C. § 1030(e)(8). “Loss” under the CFAA
is defined broadly as “any reasonable cost to any victim, including the cost of
responding to an offense, conducting a damage assessment, and restoring the
data, program, system, or information to its condition prior to the offense, and
any revenue lost, cost incurred, or other consequential damages incurred because
of interruption of service.” 18 U.S.C. § 1030(e)(11). The loss suffered from a
violation must exceed $5,000 before a civil suit may be filed. 18 U.S.C. §
1030(c)(4)(A)(i)(I).
Courts cite the same CFAA cases for civil and criminal cases because the
elements are the same. One of the most contested issues is how to treat
“exceeded authorization” cases on either the civil or the criminal side. In CFAA
civil cases, the critical

245

issues are whether unauthorized access has occurred and how to prove loss or
damages. Mark T. Krotoski and Brock Dahl summarize the controversy of
whether and when exceeded authorization violates the CFAA:
When a trusted employee steals company trade secrets and confidential
business information using the company’s computer, does this conduct
violate federal computer crime laws? Surprisingly, the answer currently
depends on where the theft occurred. Whether the employee has “exceeded”
his “authorized access,” a critical determination in whether the employee
violated the Computer Fraud and Abuse Act (CFAA) (the primary federal
computer crime statute) turns on how the courts construe key terms in the
statute. For more than five years, the courts have been divided on whether
this stealing of information violates the CFAA.
Mark T. Krotoski & Brock Dahl, Stealing Trade Secrets and Confidential
Information With Computers: Time to Resolve the Lingering Circuit Split,
BLOOMBERG BNA: COMPUTER TECHNOLOGY LAW REPORT (Mar. 6, 2015).
(1) Cases Recognizing That Violating TOS Constitutes Without Authorization
Many CFAA cases center on the meaning of using a protected computer
“without authorization” or in a manner that “exceeds authorized access.” In Int’l
Airport Centers v. Citrin, 440 F.3d 418 (7th Cir.

246

2006), Citrin was employed by International Airport Centers (IAC), a real

estate business. IAC issued Citrin a computer so that he could compile data on
properties. When Citrin left the company, he deleted data from his corporate-
issued computer before returning it, and erased the backup files. IAC filed a
CFAA lawsuit against Citrin that did not even allege that he accessed a
computer; much less, that he had exceeded authorization.
Judge Richard Posner, writing for the Seventh Circuit panel, nevertheless
found that Citrin violated the CFAA because, by writing over backup files, he
exceeded authorized access. Citrin is cited for the proposition that a breach of
loyalty alone is enough to render an employee to be “without authorization.”
U.S. DEPT. OF JUSTICE, MANUAL ON PROSECUTING COMPUTER CRIMES 7 (2012).
(2) Cases Rejecting View That Violation of TOS Constitutes CFAA Offense
(a) LVRC Holding v. Brekka

In LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2011), the Ninth
Circuit determined that an employee does not exceed authorized access to a
computer by accessing information unless the employee has no authority to
access the information under any circumstances. Brekka was an employee at an
addiction treatment center who was negotiating with his employer, LVRC
Holdings, for an ownership stake in the business. During negotiations, Brekka
emailed several business

247

documents to himself and to his wife’s personal e-mail accounts.

The negotiations broke down and Brekka left his employment with LVRC.
LVRC later discovered Brekka’s emails and filed suit under 18 U.S.C. §
1030(g), which provides “for a private right of action.” The Ninth Circuit held in
Brekka that the employer’s policies determine whether an employee acts without
authorization or not and not just the language of the statute. The court reasoned
that there would have been no dispute if Brekka had accessed LVRC’s
information on their website after he left the company in September 2003.
(b) United States v. Nosal

The Ninth Circuit, in an en banc opinion, rejected the Brekka court’s

expansive interpretation of the CFAA in its decision in United States v. Nosal,
676 F.3d 854 (9th Cir. 2012). In Nosal, a former employee of Korn-Ferry no
longer had access to the search firm’s computer system. Nosal convinced current
employees to use their legitimate credentials to access Korn-Ferry’s computer
system and download data from the firm’s computer system, which he used to
form a competing executive recruiting firm. The court reasoned that the plain
language of the CFAA addresses unauthorized access rather than misuse of
computer data.
The court rejected the government’s argument that the CFAA could apply to
someone who has unrestricted physical access to a protected

248

computer, but is limited in the uses to which he can make of the information.
A court applying Nosal will not find a CFAA violation if an employee or ex-
employee simply exceeds authorization. In contrast, a court applying Brekka will
stretch the CFAA to treat violations of use restrictions as a federal criminal
offense. Recently, more courts are following Nosal’s conservative reading of
CFAA that merely exceeding authorized access is not a CFAA offense. See
Serbite Agency Inc. v. Platt, No. 11–3526 (D. Minn. 2012).
(c) Weingand v. Harland Financial Solutions

In Weingand v. Harland Financial Solutions, 2012 WL 2327660 (N.D. Cal.

2012), Michael Weingand filed suit against his ex-employer, contending that
Harland Financial wrongfully terminated him. Harland Financial counterclaimed
that Weingand violated the CFAA, accessing business files without permission
by misrepresenting that he was only retrieving his personal files. The court held
that the ex-employee violated the CFAA when he exceeded the scope of
authorized access, even though he had legitimate access to the company’s
network for his own records. The court also ruled that a number of business torts
claimed by the company survived summary judgment.

249

§ 8-3. Electronic Communications Privacy Act

(A) OVERVIEW OF THE ECPA
Congress enacted the Electronic Communications Privacy Act (ECPA) in
1986 to “clarify federal privacy protections and standards in light of dramatic
changes in new computer and telecommunication technologies.” 132 Cong. Rec.
S. 14441 (1986). Many states have enacted functionally equivalent wiretap
statutes, which are often referred to as little ECPA statutes. The ECPA prohibits
the interception of any wire, oral, or electronic communication in the absence of
a defense such as consent, business necessity, or a warrant. Title I of the ECPA
amended the federal wiretap statute to update the meaning of interception of
electronic communications to accommodate new technologies. The term
“electronic communication” now applies broadly to e-mail or other Internet-
related communications.
The ECPA imposes liability on a person who “intentionally intercepts … any
wire, oral, or electronic communication,” 18 U.S.C. § 2511(1)(a), subject to a
number of exemptions. See 18 U.S.C. § 2511(2)(a)–(h). “Electronic
communication” includes communication by radio, 18 U.S.C. § 2510(12), and
“ ‘readily accessible to the general public’ means, with respect to a radio
communication” that the communication is “not … scrambled or encrypted,” 18
U.S.C. § 2510(16)(A). Second, the Act exempts intercepting “radio
communication” by “any station for the use of the general public;” by certain
governmental

250

communication systems “readily accessible to the general public,” including

police, fire, and civil defense agencies; by a station operating on an authorized
frequency for “amateur, citizens band, or general mobile radio services;” or by a
marine or aeronautical communications system. 18 U.S.C. § 2511(2)(g)(ii)(I)–
(IV).
Title I of the ECPA criminalizes three types of activities: (1) intercepting or
endeavoring to intercept electronic communications, (2) disclosing or
endeavoring to disclose unlawfully intercepted information, and (3) using the
content of unlawfully intercepted information. The ECPA recognizes a civil act
for private plaintiffs who have been victimized by the unauthorized or
unconsented interception or access of electronic communications. The ECPA
requires proof that the defendant knew or had reason to know the electronic
communication had been illegally intercepted. The ECPA defines electronic
communication to include “any transfer of signs, signals, writing, images,
sounds, data, or intelligence of any nature transmitted in whole or in part by a
wire, radio, electromagnetic, photoelectric, or photo-optical system that affects
interstate or foreign commerce, with certain exceptions.” 18 U.S.C. § 2510(12).
Under the ECPA, federal courts may order Internet service providers to
disclose stored communications and transaction records. The ECPA requires
prosecutors to prove facts, capable of articulation, illustrating reasonable
grounds relevant to a criminal investigation to support orders for service
providers to turn over confidential

251

customer information. The subscriber whose information is turned over to the

government has no reasonable expectation of privacy and is thus not protected
under the Fourth Amendment.
The prohibitions enumerated in the ECPA are subject to certain specific
exceptions. Providers of wire or electronic communications services may
monitor their services to ensure adequacy. The “ordinary course of business”
exception allows employers to access stored or electronic communications,
which enables them to monitor their employees’ e-mail. To meet the “ordinary
course of business” exception, the employer has to show: (1) the device used to
intercept the electronic communication, and (2) the device is used by the
employer within the ordinary course of the business. The employer is only
allowed to intercept electronic communications long enough to determine the
topic being discussed. If the communication is personal, the employer must stop
intercepting the communications further.
ECPA Key Provisions
252

Within the ECPA, Congress also created a private action that authorizes
plaintiffs to seek monetary damages against a person who “intentionally
intercepts, endeavors to intercept, or procures any other person to intercept or
endeavor to intercept, any wire, oral, or electronic communication.” 18 U.S.C. §
2511(1)(a). To establish a prima facie case for a civil violation of § 2511(1)(a), a
plaintiff must prove five elements: that a defendant (1) intentionally (2)
intercepted, endeavored to intercept or procured another person to intercept or
endeavor to intercept (3) the contents of (4) an electronic communication (5)
using a device.
(B) ECPA DEFENSES
The ECPA exempts intercepting “an electronic communication made through
an electronic communication system” if the system is configured so that it is
“readily accessible to the general public.” 18 U.S.C. § 2511(2)(g)(i). As noted
above, the ECPA also includes two statutory exceptions: the “ordinary course of
business” exception and for activities incidental to rendering services. The
business exception to ECPA provides that a provider may intercept electronic
communications within its network for incidental activities. The ECPA allows
service providers or anyone else to intercept and disclose an electronic
communication where either the sender or recipient of the message has
effectively consented to disclosure, explicitly or implicitly. Section 2511(2)(d)
of the ECPA prohibits employers from intercepting e-mail messages, but the
ECPA does not apply if an employee consents to

253

e-mail monitoring. Consent, as defined by the ECPA, also encompasses

implied consent, which in the context of e-mail monitoring, is an employer’s
prior notice that it will monitor Internet usage and e-mail.
The USA Patriot Act amended the ECPA to list crimes for which investigators
may get a wiretap order for wire communications. The Act permits federal
government agents to intercept e-mail and monitor other Internet activities in
order to battle terrorism. The FBI can seek National Security Letters (NSL) that
enables it to gain access to subscriber information in order to investigate
terrorism. A NSL is defined as an administrative subpoena that allows the FBI to
gain access to, among other things, subscriber information, or electronic
communication transactional records held by Internet service providers when
this information is relevant to international terrorism or clandestine intelligence
activities.

§ 8-4. Stored Communications Act

(A) SCA PRIMA FACIE CASE
Congress enacted the Stored Communications Act (SCA), 18 U.S.C. §§ 2701–
2711 in 1986 as Title II of the ECPA, governs the privacy of stored Internet
communications. An SCA violation requires a person: (1) intentionally access
without authorization a facility through which an electronic communication
service is provided or intentionally exceed authorization to access that facility,
and (2) thereby obtain, alter, or prevent authorized access

254

to an electronic communication while it is in electronic storage. Section

2701(c)(1) exempts from subsection (A) “conduct authorized by the person or
entity providing a wire or electronic communications service.” 18 U.S.C. §
2701(c)(1).
The SCA creates rights held by “customers” and “subscribers” of network
service providers in both content and non-content information held by two
particular types of providers. The SCA bars electronic communications service
providers from divulging to any person or entity the contents of a
communication while held in their electronic storage. The SCA created a service
provider exception for the provider of that service. Service providers are within
the definition of “electronic communication service” or “remote computing
service.”
Title II of the ECPA or the SCA addresses access to stored wire and electronic
communications and transactional records. Generally, the SCA prevents
providers of communication services from divulging private communications to
certain entities and/or individuals. The SCA defines an electronic
communication service (ECS) as “any service which provides to users thereof
the ability to send or receive wire or electronic communications.” 18 U.S.C. §
2510(5). The SCA creates a civil right of action to protect against persons who
gain unauthorized access to an electronic communication storage facility. A
person violates § 2701 if he or she “intentionally accesses without authorization
a facility through which an electronic communication service is provided; or
intentionally exceeds an

255

authorization to access that facility; and thereby obtains, alters, or prevents

authorized access to a wire or electronic communication while it is in electronic
storage in such system.” 18 U.S.C. § 2701.
An Internet actor such as employer will violate the SCA by intentionally
accessing an e-mail server through which they provide an electronic
communication service. Service providers are prohibited from disclosing stored
communications absent the consent of the sender or other exceptions. The SCA
requires the government to obtain a search warrant for electronic
communications in storage for 180 days or less. For information stored greater
than 180 days, the government can obtain a search warrant and rely upon either a
subpoena or a court order so long as the owner of the information has prior
notice.
(B) SCA DEFENSES
The SCA posits a statutory exception for conduct that is authorized by the
person or entity providing the electronic communications service. This means a
company providing e-mail service to its employees may access the service
without violating the SCA. Non-providers do not violate the SCA by accessing
computer communications in electronic storage if it acts with the knowledge and
consent of the person or entity that provides the electronic communication
service. The SCA explicitly provides that good faith reliance on a warrant is a
complete defense to a civil action. Defendants in ECPA cases will have a
functionally equivalent defense for good faith
256

reliance on a warrant. Many states have enacted “little SCA” that are state law
equivalents.

§ 8-5. Computer Crime Case Law

(A) FEATURED ECPA CASES
(1) U.S. v. Councilman

The First Circuit in United States v. Councilman, 418 F.3d 67 (1st Cir. 2005),
held e-mail messages no longer in electronic storage could not be intercepted
under the ECPA. In Councilman, the defendant, both a book dealer and an e-
mail service provider, created software that redirected incoming e-mails from
Amazon.com to customers of the defendant’s company. Federal prosecutors
charged the defendant with conspiring to intercept electronic communications.
The First Circuit dismissed the indictment against Councilman, reasoning that he
copied incoming e-mails from Amazon already in storage. By definition, a
message in storage cannot be intercepted. E-mails already in storage (opened or
unopened) could not be intercepted but were subject to the SCA.
(2) U.S. v. Riggs

In United States v. Riggs, 739 F. Supp. 414 (N.D. Ill. 1990), the court held that
defendants were in violation of the ECPA when they gained unauthorized access
to Bell South computers. The violation arose when hackers, known as “Prophet”
and “Knight Lightning,” gained unauthorized access to Bell South’s 911
computer files and published

257

them in a hacker’s newsletter. The defendants also sent communications to

each other via electronic mail and published an issue of PHRACK, which
contained a series of tutorials about breaking into computer systems. Similarly,
many of the U.S. Justice Department’s prosecutions under the Economic
Espionage Act also bring charges arising from the ECPA as well as the CFAA.
One of the greatest dangers for companies is that malicious hackers, disaffected
employees, or unknown third parties will maliciously divulge trade secrets
online.
(3) Bohach v. City of Reno
The court rejected an ECPA claim by two police officers in Bohach v. City of
Reno, 932 F. Supp. 1232 (D. Nev. 1996). While under internal investigation, the
police officers sought an injunction pursuant to the ECPA, to prevent disclosure
of the contents of electronic messages sent between them. The issue in Bohach
was whether a government employee has a reasonable expectation of privacy in
messages sent through government-issued communications equipment when his
employer has notified him that his use of the equipment is subject to monitoring
without notice. The Bohach court held that the police officers had no right to
restrain disclosure of electronic messages and that the police department had a
right to retrieve pager text messages saved on the department’s computer system
under Title II of the ECPA.
The Bohach court reasoned that the department was a provider of electronic
communications services and that stored transmissions of a paging

258

system are in storage, irrespective of whether the storage of paging messages

was classifiable as temporary, intermediate, or incidental electronic
transmission. The court found that the employee had no expectation of privacy
in police pagers because users knew that the department stored all messages by
logging them into a system. The court held that the retrieval of alphanumeric
pager messages stored in computer files did not constitute an interception for
purposes of the ECPA.
(4) In re Pharmatrak, Inc.
In re Pharmatrak, Inc., 329 F.3d 9 (1st Cir. 2003), the First Circuit reversed a
lower court ruling that Pharmatrak violated the ECPA with website monitoring
software that captured personally identifiable information including name,
address, telephone number, and e-mail address-entered by users visiting the
software maker’s customers’ web pages. Pharmatrak assured their
pharmaceutical company customers that their software product did not compile
or store information about individual website visitors. In fact, the software
routinely recorded the full URLs of the web pages accessed by a user before and
after visiting a client pharmaceutical company’s website and on occasion
recorded personal information appended to the next URL.
The court found that Pharmatrak’s monitoring software qualified as a “device”
under ECPA and because the software captured consumer personally identifiable
information, there was an “interception.” The software’s capture of personally

259

identifiable information was not by design and only captured data from a very
small number of users. The affected plaintiffs filed a class action against
Pharmatrak and the pharmaceutical companies, asserting an ECPA complaint.
The First Circuit held that the lower court incorrectly interpreted the “consent”
exception to the ECPA and remanded the case for further proceedings. The court
ruled Pharmatrak had the burden to prove it had the consent of the few users on
whom it collected data. The court concluded that it did not need to address the
“real-time requirement” of the ECPA since Pharmatrak acquired the information
contemporaneously with transmission by the Internet users. The court held that
Pharmatrak intercepted electronic communications without their consent. The
court observed, “traveling the Internet, electronic communications are often—
perhaps constantly—both “in transit” and “in storage” simultaneously, a
linguistic but not a technological paradox.”
(5) Joffee v. Google
In Joffee v. Google, 746 F.3d 920 (9th Cir. 2013), plaintiffs filed a class action
contending that Google violated the ECPA and state law by collecting data from
unencrypted wireless local area (Wi-Fi) networks in capturing its Street View
photographs. Google acknowledged in that its Street View vehicles had been
collecting fragments of payload data from unencrypted Wi-Fi networks. In total,
Google’s Street View cars collected about 600 gigabytes of data transmitted over
Wi-Fi networks

260

in more than 30 countries. Google publicly apologized, but plaintiffs sued

under federal and state law, including the Wiretap Act, 18 U.S.C. § 2511.
Google argued that its data collection did not violate the Act because data
transmitted over a Wi-Fi network is an “electronic communication” that is
“readily accessible to the general public” and exempt under the Act. 18 U.S.C. §
2511(2)(g)(i). The Ninth Circuit affirmed holding:
that the phrase “radio communication” in 18 U.S.C. § 2510(16) excludes
payload data transmitted over a Wi-Fi network. As a consequence, the
definition of “readily accessible to the general public with respect to a radio
communication” set forth in § 2510(16) does not apply to the exemption for
an “electronic communication” that is “readily accessible to the general
public” under 18 U.S.C. § 2511(2)(g)(i).”
The Ninth Circuit agreed with the district court that data transmitted over a
Wi-Fi network is not a “radio communication” under 18 U.S.C. § 2510(16).
(B) FEATURED SCA CASES
(1) Konop v. Hawaiian Airlines
In Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002), a Hawaiian
Airlines pilot filed suit against the airlines for violation of the SCA claiming the
airline had viewed his secure website without his consent. Konop controlled
access to his website by requiring visitors to log in with a user

261

name and password. At the request of a Hawaiian Airlines vice president, one
of the authorized users allowed management to access Konop’s website. The
pilot who revealed the password had permission to access Konop’s site, but had
never accessed it prior to turning it over to management.
The SCA exempts conduct authorized by a user of an electronic
communication service from liability. Later that day, the pilot received word that
the Hawaiian Airlines VP was upset by the contents of Konop’s website, leading
the authorized users to suspect that management was secretly monitoring their
website. The Ninth Circuit affirmed the lower court’s ruling that the airline did
not violate Title I of the ECPA because the pilot’s website was not intercepted
during transmission, but rather while in electronic storage.
The Konop court’s en banc opinion reasoned that they were following
precedent in construing the definition of intercept narrowly when it comes to
electronic communications. The seizure of unread e-mail residing on a host
computer does not match up well with the narrow meaning of “intercept”
required by Title I of the Wiretap Act. The Wiretap Act contemplates “intercept”
as occurring during or contemporaneously with transmission. Since the Konop
case, Congress has amended the ECPA to eliminate storage from the definition
of wire communication.
262

(2) United States v. Lang

In United States v. Lang, 2015 WL 327338 (E.D. Ill., Jan. 23, 2015), Kevin
Johnson and Tyler Lang were charged in a two count indictment with violating
the Animal Enterprise Terrorism Act and conspiracy. The defendants were
charged with conspiring to damage a mink farm. The government filed an
application under the Stored Communications Act (SCA), 18 U.S.C. § 2703(d),
that would require the service provider to provide them with historical cell site
information and toll records for a three and a half month period. After law
enforcement arrested Johnson and Lang, they seized two cell phones from their
vehicle. The government obtained a search warrant to search the cell phone
records under the Stored Communications Act (SCA) 18 U.S.C. § 2703(d). The
Lang court held that Lang had no reasonable expectation of privacy in their cell
site information since he voluntarily disclosed this data to his provider. The
court found that the government met its burden of having reasonable grounds for
obtaining this information for both defendants.
Title II of the Electronic Communications Privacy Act, the Stored
Communications Act (SCA), governs requests for access to stored records,
including historical cell site data or CSLI. Under the SCA, the government may
obtain an order to access such records “only if the government entity offers
specific and articulable facts showing that there are reasonable grounds to
believe that the contents of a wire or electronic communication, or the records or
other information sought, are relevant and material

263

to an ongoing criminal investigation.” 18 U.S.C. § 2703(d).

The SCA provides that a court may issue an order for disclosure of historical
cell site records “only if the governmental entity offers specific and articulable
facts showing that there are reasonable grounds to believe that the contents of a
wire or electronic communication, or the records or other information sought,
are relevant and material to an ongoing criminal investigation.” 18 U.S.C. §
2703(d). The government sought the historical cell site records to obtain the
location of Subject Phone 3 for a designated period. The court disagreed with the
defendant’s argument that because obtaining the historical cell site information
from the third party service providers amounts to a search under the Fourth
Amendment, the government must first obtain a warrant to acquire this
information. The court found that the government had reasonable grounds to
believe that the cell phone records were relevant to an ongoing investigation.
(3) SCA and Cell Tower Records
In the Matter of Application for Cell Tower Records Under 18 U.S.C. §
2703(d), 2015 WL 1022018 (S.D. Tex. Mar. 9, 2015), the government filed a
SCA application compelling seven different cell phone providers to release
historical cell tower data. The court approved an order compelling the cell phone
service providers to release historical cell tower data for towers providing
service to a crime scene within ten minutes of the crime in order to assist the
government with identifying a criminal

264

suspect. Private security video at the crime scene recorded a criminal suspect
holding a wireless device, entering the business to commit a crime, and then
fleeing the scene.

§ 8-6. Other Internet-Related Criminal Statutes

(A) IDENTITY THEFT
The Identity Theft Penalty Enhancement Act (ITPEA), which took effect July
15, 2004, established a new offense of aggravated identity theft. 18 U.S.C. §
1028(A). Section 1028A applies when a defendant “knowingly transfers,
possesses, or uses, without lawful authority, a means of identification of another
person” during and in relation to any felony violation of certain enumerated
federal offenses. This statute can be deployed against hackers that steal credit
card information or “phishers,” who misappropriate trade secrets or other
information through fraudulent e-mails. In general, those who violate section
1028A are subject to a mandatory two-year term of imprisonment. In cases of
terrorism related aggravated identity theft, including that related to section
1030(A)(1), Section 1028A imposes an additional five-year term of
imprisonment.
(B) ACCESS DEVICE FRAUD
Access device fraud is a relatively new cybercrime to address theft using
payment devices. 18 U.S.C. § 1029. Congress defined access broadly to avoid
the problem of legal lag as new technologies evolve.

265

“Unauthorized” access devices include lost, stolen, or revoked devices,

whereas “counterfeit” ones include fictitious, altered, or forged devices. 18
U.S.C. § 1029(E)(2) & (3). Conviction for access device fraud may result in a
10-year prison sentence. 18 U.S.C. § 1029(a)(E) & (c)(1)(A)(i).
(C) ANTI-STALKING
Scores of states have enacted anti-stalking criminal law statutes. Nevertheless,
litigants have been more likely to use the federal anti-stalking statute. To prove
stalking, the government must establish that defendants: (1) employed a facility
of interstate commerce, (2) to engage in a course of conduct with the intent to
place a person in reasonable fear of death or serious bodily injury either to that
person or to a partner or immediate family member, and (3) the course of
conduct actually put that person in reasonable fear of death or serious bodily
injury to himself or his partner or immediate family member. Anti-stalking
statutes are notoriously difficult to draft.
To prove a conspiracy to commit interstate stalking, the government must also
prove that the charged defendants agreed to participate in this conspiracy.
Finally, with regard to aiding and abetting, a defendant is punishable as the
principal if the government establishes, beyond a reasonable doubt, that the
defendant committed the stalking or aided, abetted, counseled, commanded,
induced or procured the substantive act of stalking by another person. 18 U.S.C.
§ 2.

266

(D) FEDERAL THREATS

A federal statute makes it a crime to transmit in interstate commerce “any
communication containing any threat … to injure the person of another.” 18
U.S.C. § 875(c). The U.S. Supreme Court in United States v. Elonis, 2015 WL
2464051 (U.S., June 1, 2015), Elonis, under the pseudonym “Tone Dougie,”
used Facebook to post self-styled rap lyrics containing graphically violent
language and imagery concerning his wife, co-workers, a kindergarten class, and
state and federal law enforcement. The Court held that the defendant was not
guilty of violating the federal threat law because a reasonable person would have
regarded the posts as threatening.
Similarly, online stalking does not fit neatly into the traditional tort of assault
because it lacks the element of imminence except perhaps in the case of a live
chat. Questions regarding cross border enforcement of state criminal statutes
often arise in the field of cybercrime.” Instead, the federal district court
instructed the jury that Elonis could be found guilty if a reasonable person would
foresee that his statements would be interpreted as a threat, which is a
negligence-based standard.
Elonis was convicted on four of the five counts and renewed his jury
instruction challenge on appeal. The Third Circuit affirmed, holding that Section
875(c) requires only the intent to communicate words that the defendant
understands, and that a reasonable person would view as a threat. The Court held
that the defendant

267

was not guilty of violating the federal threat law because a reasonable person
would not have regarded the posts as threatening. The Court stated:
Elonis’s conviction, however, was premised solely on how his posts would
be understood by a reasonable person. Such a “reasonable person” standard
is a familiar feature of civil liability in tort law, but is inconsistent with “the
conventional requirement for criminal conduct—awareness of some
wrongdoing.”
The Court reversed Elonis’ conviction stating:
Elonis’s conviction cannot stand. The court instructed the jury that the
Government need prove only that a reasonable person would regard
Elonis’s communications as threats, and that was error. Federal criminal
liability generally does not turn solely on the results of an act without
considering the defendant’s mental state. That understanding “took deep
and early root in American soil” and Congress left it intact here: Under
Section 875(c), “wrongdoing must be conscious to be criminal.
(E) SEX TRAFFICKING
President Obama signed The Justice for Victims of Trafficking Act of 2015
(JVTA) into law. Section 1 of the JVTA established a fund to cover the costs of
the programs it authorizes, which is paid for by a $5,000 special penalty
assessment for convicted sex offenders, human smugglers, and human
traffickers. Section 105 increases restitution to the victims of sex trafficking. The
JVTA uses forfeited

268

assets to satisfy restitution orders for victims, and thus gives giving law
enforcement more and better tools to fight sex trafficking.

§ 8-7. International Cybercrime Enforcement

At present, there is no Internet wide treaty addressing cybercrimes or even the
procedural aspects of policing cybercrime. Not all countries connected to the
Internet regard computer attacks as crimes. Many countries connected to the
global Internet do not embrace U.S. style free expression and have no equivalent
to U.S. constitutionally based legal norms and values. The Convention on
Cybercrime, sponsored by the Council of Europe (COE), is the first international
treaty addressing computer crime and Internet-related crime. The Cybercrime
Convention, concluded in Budapest in 2001, is an international treaty to improve
cooperation between nation states in the fight against cybercrime, harmonize the
law, and improve investigative techniques. The United States became a signatory
country in 2006.
Articles 2–4 of the Cybercrime Convention compel signatory states to enact
national legislation addressing computer crimes such as illegal access, illegal
interception, and data interference. Article 5 criminalizes the creation or
transmission of computer viruses or malware and expects states to enact
legislation adopting the doctrine of corporate liability for cybercrimes. Articles 7
and 8 of the Convention criminalize computer related forgery and fraud. Article
9 constitutes an agreement to criminalize the production and distribution of child

269

pornography. In Articles 10 and 11, the signatories agreed to criminalize

copyright infringement, as well as aiding and abetting computer crimes. Article
17 of the Cybercrime Convention also treats computer crime as an extraditable
offense and calls for mutual assistance in the investigation and prosecution of
computer crimes. Article 24 provides mechanisms for obtaining an “expeditious
preservation of data” on a computer system or server in another territory.
The European Council’s Framework Decision of February 24, 2005 addresses
the problem of attacks against information systems. The Framework Decision
acknowledges the need for a response at the level of the European Union against
terrorist attacks against information systems and organized crime. The
Framework Decision acknowledges the “transnational and borderless character
of modern information systems,” that means that attacks against such systems
are often transborder in action. The Framework Decision calls for all EU
Member States to encourage judicial cooperation in implementing “effective,
proportionate, and dissuasive criminal penalties.”
271
CHAPTER 9
CONTENT REGULATION ON THE INTERNET

§ 9-1. Overview of Internet Regulations

This chapter examines the controversial issue of Internet content regulation
covering leading developments around the world. The Internet is, by definition a
cross-border legal environment linking hundreds of countries. As of May 25,
2015 at 6 pm, there were 947,770,000 websites. The blurring of national
boundaries creates a variety of new dilemmas in regulating content on hundreds
of millions of websites originated in radically different cultures. “We’re in
Marshall McLuhan’s ‘Global Village’ and we’re inventing the roadmap.”
Perhaps, the most challenging issue is to determine how to handle content
regulation in a cross-border legal environment. Billions of Internet users around
the world, who come from radically different legal cultures, interact in
cyberspace. An effective response to content regulation requires a
comprehensive approach that considers differences in legal cultures. Significant
gaps and differences in countries’ law of content regulation will complicate the
problem of harmonization.
Four basic options for Internet regulations are: (1) international regulation, (2)
Federal or national regulation, (3) State or local regulation, or (4) Market-based
or industry self-regulation. International regulation of the Internet is

272

ultimately the solution for deterring cybercrimes where the perpetrator and
victim are often in different countries. The harmonization in national differences
about content regulation is a subject discussed in this chapter.
This chapter examines problems of regulating content that originates on the
World Wide Web. Internet businesses targeting China’s 1.4 billion consumers
will need to comply with that country’s Internet regulations. Carnegie-Mellon
researchers found widespread evidence that the Chinese government was
deleting messages containing politically sensitive terms from popular micro
blogs.
§ 9-2. Indecent Speech & Censorship
(A) COMMUNICATIONS DECENCY ACT
In 1996, Congress enacted the Communications Decency Act (CDA) through
Title V of the Telecommunications Act. The CDA criminalized the transmission
of materials deemed to be either “obscene or indecent” for Internet users under
the age of eighteen. In Reno v. ACLU, 521 U.S. 844 (1997) a lower court
declared the CDA to be unconstitutional. A three-judge panel of the federal
appeals court enjoined enforcement of the CDA’s framework for controlling
obscenity on the Internet. In Reno v. ACLU, 521 U.S. 844 (1997), the U.S.
Supreme Court upheld the lower court’s determination that the CDA violated the
First Amendment because it was overly vague. Section 223(a) of the CDA
criminalizes the transmission via a telecommunications device of a “suggestion,

273

proposal, image, or other communication which is obscene, lewd, lascivious,

filthy, or indecent, with intent to annoy, abuse, threaten, or harass another
person.” 47 U.S.C. § 223(a). In particular, the Court found the CDA’s
“contemporaneous community standard” for obscene materials to be overly
broad. The local community test is inappropriate for a cross-border Internet, with
radically different communities and groups likely to be offended by a given
message. Section 230, which as noted in Chapter 6, immunizes providers for
third parties’ postings, is all that survives from the original legislation. The
CDA’s Good Samaritan provision was also upheld. This provision states in
relevant part that service providers are not liable for “Good Samaritan” block
and screening of offensive material. Section 223(a) of the CDA criminalizes the
transmission of a “suggestion, proposal, image, or other communication which is
obscene, lewd, lascivious, filthy, or indecent, with intent to annoy, abuse,
threaten, or harass another person” via a telecommunications device. 47 U.S.C. §
223(a).
(B) CHILD ONLINE PROTECTION ACT
After the U.S. Supreme Court struck down the CDA in Reno v. American
Civil Liberties Union, Congress enacted the Child Online Protection Act
(COPA). 47 U.S.C. § 231. COPA prohibits any person from knowingly and with
knowledge of the character of the material, in interstate or foreign commerce by
means of the World Wide Web, making any communication for commercial
purposes harmful to minors. COPA imposes criminal

274

penalties of six months in prison and a $50,000 fine. COPA’s scope was
restricted to obscene materials on the World Wide Web, whereas the earlier
statute applied to all electronically disseminated information.
Under COPA, whether material published on the World Wide Web is
“harmful to minors” is governed by a three-part test: (1) Would the average
person, applying contemporary community standards, find after taking the
material as a whole and with respect to minors, to pander to the prurient
interest?, (2) Does the material depict, describe, or represent, in a manner
patently offensive with respect to minors, an actual or simulated sexual act or
sexual contact, an actual or simulated normal or perverted sexual act, or a lewd
exhibition of the genitals or post-pubescent female breast?, and (3) Taken as a
whole, does the material lack serious literary, artistic, political, or scientific
value for minors? The dictionary definition of prurient interest is that it is
evidenced by or arousing an immoderate or unwholesome interest or sexual
desire. COPA sought to use digital certificates to verify users were old enough to
view online pornography. Websites could assert, as a complete defense, that they
restrict access to minors by requiring a credit card, debit card, or access cards.
After a decade of litigation and a remand from the U.S. Supreme Court,
COPA was struck down after a complicated series of opinions. In ACLU v. Reno,
31 F. Supp. 2d 473 (E.D. Pa. 2009), the federal court granted a preliminary
injunction enjoining enforcement of COPA. The United States Supreme

275

Court vacated and remanded for consideration, on the narrow question of

whether COPA’s use of “community standards” to identify material that was
harmful to minors violated the First Amendment.
The U.S. Supreme Court vacated the Third Circuit’s judgment in Ashcroft v.
ACLU, 535 U.S. 564 (2002). The Ashcroft Court found that COPA’s reliance on
“community standards” to identify what material is harmful to minors did not by
itself make COPA substantially overbroad. The Court did not decide whether
COPA was unconstitutionally vague or could withstand strict scrutiny.
In ACLU v. Mukasey, 534 F.3d 181 (3d Cir. 2008), the Third Circuit
considered these issues on remand and again struck down COPA on grounds of
vagueness and overbreadth, finding the statute violated the First Amendment in
failing to tailor its restrictions to survive strict scrutiny. The Third Circuit held
that the government failed to demonstrate that COPA was a more effective and
less restrictive alternative to the use of filters.
(C) CHILDREN’S INTERNET PROTECTION ACT
In 2000, Congress enacted the Children’s Internet Protection Act (CIPA),
which requires public libraries and schools to install software filters to block
obscene or pornographic images. Schools and libraries subject to CIPA are
required to adopt and implement an Internet safety policy addressing: (1) access
by minors to inappropriate matter on the

276

Internet, (2) the safety and security of minors when using electronic mail, chat
rooms and other forms of direct electronic communications, (3) unauthorized
access, including so-called “hacking,” and other unlawful activities by minors
online, (4) unauthorized disclosure, use, and dissemination of personal
information regarding minors, and (5) measures restricting minors’ access to
materials harmful to them.
In United States v. American Library Ass’n, 539 U.S. 194 (2003), the Court
upheld CIPA, reasoning that the statute did not violate the First Amendment
because the purpose of the software was to block obscene or pornographic
images and to prevent minors from obtaining access to harmful material. The
plurality opinion stated that the federal assistance programs for helping libraries
secure Internet access was a valid statutory purpose. “Under the Spending
Clause of the Constitution, Congress has “wide latitude” to appropriate public
funds, and to place conditions on the appropriation of public funds, in
furtherance of the general welfare.” Const. Art. I, § 8, cl. 1.
Justice Rehnquist’s plurality opinion found that Internet access in public
libraries is neither a “traditional” nor a “designated” public forum. The plurality
stated that any concerns over filtering software’s alleged tendency to erroneously
“overblock” access to constitutionally protected speech was dispelled by the ease
with which library patrons could have the filtering software disabled. The Court
also observed that because public libraries had traditionally excluded
pornographic

277

material from their collections, they could impose a parallel limitation on its
Internet assistance programs. In PFLAG v. Camdenton R-III School Dist., 2012
WL 510877 (3d Cir. 2011), a court entered an injunction against a school
district’s use of filters to block websites directed at lesbian, gay, bisexual, and
transgendered (LGBT) youth.
(D) THE CHILD PORNOGRAPHY PREVENTION ACT
The Child Pornography Prevention Act of 1996 (CPPA) made it a crime to
create sexually explicit images that appear to depict minors but were produced
without using any real children. The statute prohibits, in specific circumstances,
possessing or distributing these computer images, which may be created by
using adults who appear under the age of consent.
In Ashcroft v. Free Speech Coalition, 535 U.S. 234 (2002), the U.S. Supreme
Court held that the ban on virtual child pornography was unconstitutionally
overbroad since it proscribed speech that was neither child pornography nor
obscene and thus abridged the freedom to engage in a substantial amount of
lawful speech. The Court also held that the government was not permitted to bar
protected virtual child pornography as a means of enforcing its proper ban of
actual child pornography.
(E) THE PROTECT ACT OF 2003
After the Court’s decision in Free Speech Coalition, Congress enacted the
Prosecutorial

278

Remedies and Other Tools to end the Exploitation of Children Today (Protect
Act of 2003). The Protect Act criminally sanctions the advertising, promotion,
presentation, distribution, and solicitation of child pornography. This federal
criminal statute also penalizes speech accompanying, or seeking the transfer of,
child pornography via reproduction or physical delivery, from one person to
another. 18 U.S.C. § 2252A(a)(3)(B).
The Protect Act classifies primary producers as including anyone who creates
a visual representation of actual sexually explicit conduct, through videotaping,
photographing, or computer manipulation. Secondary producers upload such
images to a website or otherwise manage the content of the website. The
producer must inspect the depicted individual’s government issued picture
identification and determine her or his name and date of birth. 18 U.S.C. §
2257(b)(1).
In United States v. Williams, 128 S. Ct. 1830 (2008), the U.S. Supreme Court
upheld the pandering provision of the Protect Act of 2003 that makes it illegal to
send material, or purported material, in a way that “reflects the belief, or is
intended to cause another to believe,” that the material contains illegal child
pornography. 18 U.S.C. § 2252A(a)(3)(B). In Williams, the defendant used a
sexually explicit screen name, signed in to a public Internet chat room and
conversed with a Secret Service agent masquerading as a mother of a young
child.
The defendant offered to trade the agent sexually explicit pictures of his four-
year-old daughter in

279

exchange for similar photos. His chat room message said “Dad of toddler has
“good” pics of her an [sic] me for swap of your toddler pics, or live cam.” The
defendant was charged with one count of promoting, or “pandering,” material
intended to cause another to believe the material contained illegal child
pornography and carried a sixty-month mandatory minimum sentence.
The defendant challenged the constitutionality of the Protect Act’s pandering
provision and the Eleventh Circuit found this part of the statute both
substantially overbroad and vague, and therefore facially unconstitutional. In a
7–2 opinion, the U.S. Supreme Court reversed the Eleventh Circuit. Justice
Scalia’s majority opinion concluded that the federal anti-child pornography
statute did not, on its face, violate the First Amendment’s right to free speech.
The Williams Court found offers to provide or obtain child pornography to be
categorically excluded from the First Amendment.
(F) SCHOOL CENSORSHIP OF INTERNET CONTENT
School districts around the United States face difficult policy decisions about
social media postings that “threaten academic environments when they are used
to bully, defame or engage in hate speech against students, administrators, and
faculty.” Karen M. Bradshaw & Souvik Saha, Academic Administrators and the
Challenge of Social Networking Sites in SAUL LEVMORE & MARTHA NUSSBAUM,
THE OFFENSIVE INTERNET: PRIVACY, SPEECH, AND REPUTATION (2010).

280

In Layshock v. Hermitage Sch. Dist., the school district suspended Justin

Layshock for ten days and demoted him to an academically inferior educational
program because of his Internet posting that mocked his high school principal.
The issue in Layshock was whether the school district violated a student’s First
Amendment free speech rights. The federal court granted the student summary
judgment as to his expression claim, but ruled in favor of the district as to the
due process claim. The Third Circuit in Layshock v. Hermitage Sch. Dist., 593
F.3d 249 (3d Cir. 2005) also ruled that the school district violated the student’s
First Amendment rights. The Third Circuit en banc opinion also agreed that the
school district violated the student’s free speech rights.
One unsettled issue worth considering is whether the school district has any
authority to punish students for Internet postings that defame administrators,
teachers, or fellow students, which was a case that the Third Circuit decided the
same day as Layshock. In J.S. v. Blue Mt. Sch. Dist., 650 F.3d 915 (3d Cir.
2011), the Third Circuit held that a student’s sexually explicit internet “profile”
of her principal caused no substantial disruption in school, as it was not taken
seriously, access was limited to her friends, and it did not identify him. The court
held that her suspension due to the website profile violated the First
Amendment. The principal basis for this finding was that the school’s policy
purported to control a student’s home use of their computer.

281

§ 9-3. Applying the First Amendment in Cyberspace

The Federal Communications Commission controls decency in broadcast
media but has no jurisdiction to control decency on the Internet. In Sable
Communications Inc. v. FCC, 492 U.S. 115 (1989), the U.S. Supreme Court
struck down a Communications Act provision that would have prohibited all
indecent “dial-a-porn” telephone messages. The Court’s reasoning was that the
First Amendment protects sexual expression that is indecent but not obscene.
The Sable Court required the prosecution to demonstrate that it was promoting a
compelling interest and it choose the least restrictive means to further that
interest. As a content based restriction on expression, the statute will be subject
to strict scrutiny. A court will strike down government regulations unless the
legislature has narrowly tailored it to serve a compelling government interest.
(A) DORMANT OR NEGATIVE COMMERCE CLAUSE
A “dormant” or “negative” aspect of this grant of power is that a state’s
authority to impinge on interstate commerce may be limited in some situations.
In Am. Library Ass’n v. Pataki, 969 F. Supp. 160 (S.D.N.Y. 1997), libraries
challenged the constitutionality of a New York state statute that attempted to
keep people from transmitting material harmful to minors via the Internet. The
plaintiffs filed a lawsuit seeking declaratory and injunctive relief, contending
that the state statute

282

violated the First Amendment and burdened interstate commerce in violation

of the Commerce Clause.
The court granted the preliminary injunction, holding that the plaintiffs
showed a likelihood of success on the merits. The Pataki court analogized the
Internet to highways and railroads in reaching its decision. In Pataki, the court
held that the burden on interstate commerce exceeded the benefits of preventing
indecent materials from being available to minors.
(B) CONTENT-SPECIFIC REGULATIONS
An injunction enjoining Internet speech is a prior restraint, which will be
upheld only in the most exceptional circumstances. Geoffrey R. Stone, Content
Regulation and the First Amendment, 25 WM. & MARY L. REV. 189 (1983). In
Federal Communications Commission v. Pacifica Foundation, 438 U.S. 726
(1978), the U.S. Supreme Court upheld the Federal Communications
Commission’s ability to restrict the use of “indecent” material in broadcasting.
(C) CONTENT-NEUTRAL REGULATIONS
In the context of the First Amendment, “a content neutral regulation with an
incidental effect on speech component must serve a substantial governmental
interest, the interest must be unrelated to the suppression of free expression, and
the incidental restriction on speech must not burden substantially more speech
than is necessary to further that

283

interest.” Geoffrey R. Stone, Content Regulation and the First Amendment, 25

WM. & MARY L. REV. 189 (1983). A content neutral regulation need not employ
the least restrictive means but it must avoid burdening “substantially more
speech than is necessary to further the government’s legitimate interests.” Courts
uphold content neutral restrictions on the time, place, or manner of protected
speech so long as the government narrowly tailors the regulation to serve a
significant governmental interest. City of Renton v. Playtime Theatre, 475 U.S.
41 (1986).
(D) FACIAL ATTACKS ON INTERNET SPEECH
A court considering a facial challenge on either overbreadth or vagueness
must first determine whether and to what extent the statute reaches protected
conduct or speech.
(1) Vagueness
Void for vagueness occurs when a regulation is so ambiguous a person cannot
know with certainty what acts are proscribed. Plaintiffs may challenge content-
based restrictions of speech on vagueness grounds. The vagueness doctrine is an
outgrowth of the Due Process Clause of the Fifth Amendment. In Reno v.
American Civil Liberties Union, 521 U.S. 844 (1997), the Court struck down a
part of the Communications Decency Act (CDA) on grounds of vagueness and
over breadth. The Court reasoned the CDA’s use of the undefined terms
“indecent” and “patently offensive” would have a chilling effect on speakers and
therefore, raised special First Amendment concerns.

284

The CDA’s vagueness undermined the likelihood it had been carefully tailored
to the congressional goal of protecting minors from potentially harmful
materials.
(2) Overbreadth

Overbreadth is the constitutional infirmity where a regulation prohibits more

conduct or protected speech than is necessary. The First Amendment’s
“overbreadth doctrine” is a tool for striking down Internet-related content
regulations as facially invalid if they prohibit a substantial amount of protected
speech. The breadth of this content-based restriction of speech imposes an
especially heavy burden on the Government to explain why a less restrictive
provision would not be as effective. Reno v. ACLU, 521 U.S. 844, 879 (1997).
The Court in Reno found the CDA’s expansive coverage of content
unprecedented, and acknowledged that the breadth of the content-based
restriction placed a heavy burden on the government to explain why they could
not enact a less restrictive provision.
(E) CATEGORIES OF UNPROTECTED SPEECH
The Virginia Supreme Court struck down a notorious spammer’s criminal
conviction on First Amendment overbreadth grounds. In Jaynes v.
Commonwealth of Virginia, 666 S.E.2d 303 (Va. 2008), the court upheld the
conviction of a defendant who violated Virginia’s Computer Crime Act by
sending over 10,000 commercial e-mails within a 24-hour period to subscribers
of America Online, Inc. (AOL) on each of three separate occasions. The

285

spammer used routing and transmission information, bypassing AOL’s

security controls, which trespassed on AOL’s proprietary network.
Jaynes intentionally falsified the header information and sender domain names
before transmitting the e-mails to the recipients. The Jaynes court found
Virginia’s statute criminalizing the falsification of IP addresses as overly broad
and unacceptably burdening the right to engage in anonymous speech,
prohibiting communications that contained political, religious, or other speech.
The court applied the strict scrutiny standard, requiring the state computer crime
statute to be narrowly tailored. The Jaynes court found the computer crime
statute was overbroad in prohibiting communications that contained political,
religious, or other speech.
In United States v. Kilbride, 584 F.3d 1240 (9th Cir. 2009), an e-mail
spammer was indicted under an eight-count complaint, including the CAN-
SPAM Act, for distributing pornographic e-mail spam messages. The spammers
were convicted of transmitting e-mails with materially false header information
because they used fictitious e-mail addresses and registered domain names using
a false contact name and phone number.
The court also found that Kilbride materially falsified information within the
meaning of Section 1037, when he had a third party alter headings. The federal
appeals court affirmed the defendants’ convictions and sentences for CAN-
SPAM, fraud and conspiracy to commit fraud in connection with electronic mail,
interstate transportation and

286

interstate transportation for sale of obscene materials, and conspiracy to

commit money laundering.

§ 9-4. Cyberbullying
(A) FEDERAL LEGISLATIVE PROPOSALS
In 2008, the U.S. House of Representatives introduced the Cyberbullying
Prevention Act in response to a middle-aged woman whose cyberbullying
caused a thirteen-year-old girl to commit suicide. This federal statute states:
“Whoever transmits in interstate or foreign commerce any communication, with
intent to coerce, intimidate, harass, or cause substantial emotional distress to a
person, using electronic means to support severe, repeated, and hostile behavior,
shall be fined under this title or imprisoned.” Cyberbully Prevention Act, H.R.
6123, 110th Congress (2d sess. 2008). The proposed statute would make
cyberbullying a federal crime, but it will not survive constitutional scrutiny, as it
is likely to be overly broad or too vague.
(B) STATE ANTI-BULLYING LEGISLATION
New Jersey enacted the Anti-Bullying Bill of Rights after Tyler Clemente, a
Rutgers undergraduate, committed suicide because a roommate used a webcam
to record him kissing a male. The roommate streamed the secret video on the
Internet and tweeted about it. The Berkman Center found that forty-eight states
have enacted statutes addressing school bullying.

287

§ 9-5. Adult Entertainment & Pornography

Many federal courts apply the standard of Miller v. California, 413 U.S. 15
(1973) in determining whether an Internet-related work is subject to regulation
as obscenity. The Miller test has three prongs: (1) whether the average person,
applying contemporary community standards would find that the work, taken as
a whole, appeals to the prurient interest, (2) whether the work depicts or
describes, in a patently offensive way, sexual conduct specifically defined and
(3) whether the work, taken as a whole, lacks serious literary, artistic, political,
or scientific value.
Federal criminal statutes also address Internet pornography. Section 2252A(a)
(2) prohibits any person from knowingly receiving or distributing child
pornography that has traveled in interstate or foreign commerce. The statute
requires proof that the defendants knowingly possessed and distributed
photographs of minors. Section 2257 requires publishers of pornographic
material to verify the age of models and this provision applies equally well to
cyberspace.
In Breitfeller v. Playboy, No. 8:05CV405 T30TGW, 2007 WL 294233 (M.D.
Fla. 2007), the 17-year-old girls filed suit against several defendants for
distributing a video of them that was taken when the girls were participating in a
wet t-shirt contest. The court ruled that Playboy knew or should have known that
there was a risk the images contained minors, and that its decision to remain
ignorant as

288

to the plaintiffs’ ages therefore satisfied the statute’s knowingly requirement.

Underage minors have been charged with violating 18 U.S.C. § 2252(A), by
taking sexually explicit photos of themselves and sending them to friends. In
Clark v. Roccanova, 2011 WL 665621 (E.D. Ky. 2011), the court ruled that
sexting by a 14 year old girl to other minors could constitute a violation by the
girl of child pornography laws. Criminal prosecutions for online pornography
often turn on whether a community standard has been violated. Courts differ as
to whether there should be a national versus a local community standard in
Internet-related obscenity cases.

§ 9-6. Cross-Border Content Regulation

The global Internet’s legal environment makes it inevitable that there will be
conflict as one country’s content regulation will clash with another country’s
content regulations. Jihadists employ ISIS digital propaganda as a recruitment
bulletin board for radical Islam. The National Security Agency manipulates
content by constructing “ ‘victim blog posts,’ ‘false flag operations,’ ‘honey
traps’ and psychological manipulation to target online activists, monitor visitors
to WikiLeaks, and spy on YouTube and Facebook users” according to Edward
Snowden’s revelations. Jon Gueally, Greenwald: Leaked Documents, Common
Dreams (July 15, 2014).
“Hamas also launched new official accounts on social networks with a
Facebook page and two

289

Twitter accounts: @hamasinfo and @hamasinfoen. Hamas now also has a

YouTube channel and an Instagram page.” Tower.org (Mar. 23, 2015). Thailand,
for example, demanded that Google remove 149 YouTube videos for allegedly
insulting the monarchy. Google blocked access to a 14-minute trailer entitled
“Innocence of Muslims” in a few Islamic nations. Nevertheless, the U.S.
government refused to cede to demands by seventeen countries to remove the
controversial video. In the widely circulated film trailer, Mohammed, the
founder of Islam, is depicted as a child molester, sexual deviant, and as an
uncouth barbarian. Fundamentalist clerics called for a fatwā, advocating that
Muslims kill the film’s director, actors, actresses and others who helped to make
this controversial film.
Immediately after the translation of the film trailer into Arabic and its posting
on YouTube, it incited violence in many countries including Afghanistan,
Somalia, Syria, Turkey and the United Kingdom. The cascading after effects of
posting this amateurish, low budget film trailer on YouTube illustrates how the
Internet can be used to incite violence on a scale far greater than with the use of
traditional media.
The U.S. government is no longer in a position to control Internet governance.
U.S. companies, for example, must comply with the EU’s regulations for data
protection, distance sales, jurisdiction, choice of law, and mandatory consumer
rules. E-Businesses must continually respond and adapt to diverse legal systems.
Google, for example, received over 1,000

290
requests to remove content in the second half of 2011. Google’s 2012
Transparency Report acknowledges that foreign governments make routine
demands for them to censor or remove content they find objectionable.
A large number of countries connected to the Internet do not have a strong
tradition of the right of expression. A traditional Islamic jurist would likely find
an unveiled female face on a social media site to be shameful. Not just Islamic
republics have blasphemy laws. The Republic of Ireland outlaws cyberspace
incitement including “blasphemous Internet statements in defiance of the law.”
DAVID NASH, BLASPHEMY IN THE CHRISTIAN WORLD (2012) at Preface.
On August 7, 2014, China’s state Internet Information Office issued regulation
on instant messaging apps, which also requires real name registration similar to
the “Microblogging Rules.” To date, it is unclear when the real name registration
will be fully implemented by social media providers. The Beijing Municipal
Law on microblogging enacted in 2011 specifically addresses what conduct on
social media violates national security. This language was prefigured in a 1997
PRC computer law statute and likely evolved from a 1994 computer law statute.
291
CHAPTER 10
COPYRIGHTS IN CYBERSPACE

What would have been different about copyright law if the Internet had never
been invented? The list would begin with the 1976 Copyright Act’s amendments
protecting digital technologies. Internet-related copyright litigation over the
ownership of user-generated content, deep linking, liability for remote links,
framing, peer-to-peer file sharing, and the Digital Millennium Copyright Act’s
immunities and anti-circumvention rules were enacted to accommodate
copyright law to the digital world. The Internet has spawned a copyright
infringement ecosystem with “one-click hosters or “cyberlockers” such as
Rapidshare, Megaupload, Mediafire, and Hotfile.
“Whether in the virtual or real world, the legal standards are the same
regarding: (1) the definition of a copyright and the purpose underlying copyright
protection; (2) the requirements for a work to be protected by copyright; and (3)
what constitutes infringement of a copyright.” Courts have extended copyright
law through cases and statutes that preserve the idea of property interests in
cyberspace. While the World Wide Web did not become part of mainstream
American culture until the mid-1990s, the widespread use of the Internet
dramatically changed the course of copyright law. The requirements for
copyright protection are the same in cyberspace as they are in the brick-and-
mortar world. Copyright comprises the brick-and-mortar of the knowledge
economy. Courts have had

292

little difficulty in applying well-worn groves of intellectual property law to

cyberspace.
This chapter will focus on the unique copyright issues posed by Internet-
related transmission and distribution. The law governing copyright protection
was once a sleepy backwater but today Internet copyright disputes are the
subject of weekly front-page stories in the Wall Street Journal and The
Economist. The Internet is the world’s largest copyright infringement enabler. It
is now difficult to imagine the contours of copyright law outside the context of
bandwidth, browsers, and digital data.
§ 10-1. Overview of Copyright Law
(A) WHAT IS PROTECTABLE UNDER COPYRIGHT LAW
Copyright is a form of protection provided by many legal systems to the
authors of “original works of authorship,” including literary, dramatic, musical,
artistic, and other creations of the mind. It is well settled that copyright
protection is available to works stored on computer servers. Perfect 10, Inc. v.
Amazon.com, Inc., 508 F.3d 1146, 1160 (9th Cir. 2007).
In general, courts have had little difficulty extending copyright protection to
software, websites, and other Internet-related intellectual property. Copyright
owners secure protection automatically when the work is created. A work is
“created” when it is fixed in a copy or phonorecord for the first time.

293

(B) EXCLUSIVE RIGHTS OF COPYRIGHT OWNERS

Authors receive a bundle of rights under Section 106 that include the right: (1)
to reproduce the copyrighted work in copies or phonorecords, (2) to prepare
derivative works based upon the copyrighted work, (3) to distribute copies or
phonorecords of the copyrighted work to the public by sale or other transfer or
ownership, or by rental, lease, or lending, (4) in the case of literary, musical,
dramatic, and choreographic works, pantomimes, motion pictures, and other
audiovisual works, to perform the copyrighted work publicly, (5) in the case of
literary, musical, dramatic, and choreographic works, pantomimes and pictorial,
graphic, or sculptural works—including the individual images of a motion
picture or other audiovisual work—to display the copyrighted work publicly,
and (6) in the case of sound recordings, to perform the copyrighted work
publicly by means of a digital audio transmission. 17 U.S.C. § 116.
(C) THE PATH OF COPYRIGHT LAW

§ 10-2. Elements of Copyright Law

Copyright protection, whether on a website, social media, or any other
Internet-related medium, applies only if a work satisfies two criteria: originality,
and fixation. Section 102(a) of the Copyright Act describes copyright subject
matter: “Copyright protection subsists in original works of authorship fixed in
any tangible medium of expression, now known or later developed, from which
they can be perceived,

294

reproduced, or otherwise communicated, either directly or with the aid of a

machine or a device.” 17 U.S.C. § 102. A website that consists of
predominately-historical facts receives “thin” protection versus the “thick”
protection provided to a digital work of authorship that is purely expressive.
The copyright owner is generally the author of original works that satisfy the
fixation requirement. However, under the Copyright Act, a notable exception to
this general rule occurs where an employee creates the work in the scope of their
employment. Under such circumstances, the Copyright Act conclusively
presumes that the copyright vests with the employer, a legal policy that is
sharply at odds with European practices.
To register a U.S. copyright, an owner must: (1) file a simple application; (2)
pay a nominal fee ($35 for a single application by a single author and the work is
not made for hire) and (3) deposit copies of the work with U.S. Copyright
Office. Unlike patent or trademark examination, the Copyright Office does not
complete a complex examination before approving an application.
(A) ORIGINALITY
“Original,” as the term is used in copyright, means the work originated with
the author and had some minimum degree of creativity. In Feist Publications,
Inc. v. Rural Telephone Service Co., 499 U.S. 340 (1989), the U.S. Supreme
Court held the plaintiff’s database composed of “white pages” telephone number
listings was not entitled to

295

copyright protection because it did not fulfill the minimum threshold of

originality required under the U.S. Copyright Act. The Feist Court conceded that
a compilation of facts could possess the requisite originality if the author made
choices as to what facts to include, their ordering, and arrangement.
However, even under these circumstances copyright protection extends only to
those components of the work that are original to the author—not to the
telephone numbers. This fact/expression dichotomy severely limits the scope of
protection in fact-based works such as databases. The Feist Court rejected a
“sweat of the brow” theory adopted by the European Union, which extends a
compilation’s copyright protection beyond selection and arrangement to the facts
themselves.
(B) FIXATION
An author must fix a work of authorship in a tangible medium of expression to
satisfy the fixation requirement. A work is “fixed” in a tangible medium of
expression when it is “sufficiently permanent or stable to permit it to be
perceived, reproduced, or otherwise communicated for a period of more than
transitory duration.” 17 U.S.C. § 101. The creator may communicate the fixation
with the help of a machine or device.
The acts of transmitting an e-mail or viewing a web page—both of which store
copies in the user’s computer RAM—qualify as copies for purposes of the
Copyright Act. However, it is unclear whether

296

something in dynamic RAM is fixed for establishing a copyright. The Ninth

Circuit, in MAI Systems Corp. v. Peak Computer, 991 F.2d 511 (9th Cir. 2003),
held that simply loading a computer operating system into RAM, which is
accomplished by turning the computer on, created a fixed copy for purposes of
the Copyright Act.
Internet copying, such as caching temporary copies of websites, would qualify
as a fixed copy under the reasoning of the MAI court. Generally, a “cache” is “a
computer memory with very short access time used for storage of frequently or
recently used instructions or data.” United States v. Ziegler, 474 F.3d 1184, 1186
(9th Cir. 2007). Title III of the Digital Millennium Copyright Act modifies MAI
v. Peak by amending the U.S. Copyright Act (Section 117) to permit limited
copies to be made in the course of computer repair.
(C) WHAT IS NOT PROTECTABLE
Works that have not been fixed in a tangible form of expression or lack a
modicum of originality are not protectable. Titles, names, familiar symbols,
designs, variations of lettering, and a list of ingredients or contents are not
protectable either. Idea, procedures, concepts or principles are outside copyright
law’s sphere of application as our works consisting entirely of public domain
material without a scintilla of original authorship.

297

(1) Idea/Expression
Copyright protects expression, not ideas. The U.S. Supreme Court in Baker v.
Selden, 101 U.S. 199 (1880) first conceptualized the “idea/expression”
dichotomy. Selden copyrighted a book in which he described a method of
bookkeeping and sued Baker when the latter published a book on bookkeeping
with functionally equivalent methods, but with different columns and headings.
The Court ruled that Selden could not copyright his method of accounting
because it was an idea, but could copyright the forms used to implement his
system of bookkeeping, which was expression. In practice, it is difficult to
separate functionality from expression. Courts, for example, hold that
mannequins and Halloween costumes are entitled to copyright protection, even
though the aesthetic aspects of those works are inseparable from their
functionality.
(2) Governmental Works

Works of the U.S. government, or its employees acting within the scope of
their professional duties, are not protectable by copyright.
(3) Functionality or Utility
The functionality or utility of any work of authorship is not protectable. Thus,
a website, protocol, or programming language’s utility does not qualify for
copyright protection but still may be covered by patent law.

298

(4) Public Domain Information

Copyright law does not encompass information in the public domain. For
example, a code writing organization could not enjoin a website operator from
posting the text of a city’s model building code because the code was in the
public domain and not protected by copyright, notwithstanding software
licensing agreement and a copyright notice prohibiting copying and distribution.
(5) Fair Use
The fair use doctrine evolved from a common law doctrine and is now
codified as Section 107 of the Copyright Act. “Fair use” is a statutory exception
to the copyright owner’s exclusive right “to reproduce the copyrighted work in
copies.” 17 U.S.C. § 106(1). See 17 U.S.C. § 107 (“[T]he fair use of a
copyrighted work … is not an infringement of copyright.”). A defendant has the
burden of proof and production “Fair use doctrine” is an affirmative defense to a
copyright infringement claim, and it presumes that unauthorized copying has
occurred and is instead aimed at whether the defendant’s use was fair. 17 U.S.C.
§ 107. The Copyright Act’s four statutory factors that determine whether a given
copyrighted work constitutes fair use are:
(1) The purpose and character of the use including whether such use is of a
commercial nature or is for nonprofit educational purposes, (2) the nature of
the copyrighted work, (3) the amount and substantiality of the portion used
in relation to the copyrighted work as a whole,

299

and (4) the effect of the use upon the potential market for or value of the
copyrighted work. 17 U.S.C. § 107.
To date, no court has addressed how fair use applies to Twitter and hundreds
of other social networking sites. Social media sites raise a host of new copyright
issues:
If Pinterest users post or pin another’s work without permission, have
they violated copyright law? Does it matter if the work posted or pinned by
a user was originally posted to Pinterest by the author or creator of the
work? If users impermissibly post or pin a copyrighted work, are they then
contributing to infringement when another user in turn re-posts it or pins it
on their own page? There is a surplus of questions but is a shortage of
answers. Mary Ann L. Wymore, Social Media and Fair Use: Pinterest as a
Case Study, Bloomberglaw.com (2013).
It is difficult to predict how courts will rule on these questions creating a
borderline between infringement and fair use.
(D) DERIVATIVE WORKS
A “derivative work” is a work based upon one or more preexisting works such
as “a translation, musical arrangement, dramatization, fictionalization, motion
picture version, sound recording, art reproduction, abridgment, condensation, or
any other form in which a work may be recast, transformed, or adapted.” 17
U.S.C. § 101. Films based upon books

300

are classifiable as derivative works. Editorial revisions, annotations,

elaborations, or other modifications such as an altered or updated website, may
qualify as a derivative work.
(E) COPYRIGHT CREATION & REGISTRATION
Copyright arises automatically during creation of a work of authorship—even
if the author does not include a copyright notice or fails to register the work with
the U.S. Copyright Office. It is advisable, however, to include a copyright notice
—i.e. the letter c in a circle: ©, or the word “Copyright” and the first year of a
publication of a work (e.g. Copyright 2016, Michael L. Rustad)—because
registration and notice confer benefits to the copyright owner.
Copyright registration is inexpensive (costing between $35 and $55) and
contains three essential elements: a completed application form, a nonrefundable
filing fee, and a nonreturnable deposit. Section 407 requires the copyright
applicant to provide two copies of published works and one copy of unpublished
works. The Copyright Office prefers:
[o]nline registration through the electronic Copyright Office (eCO) is the
preferred way to register basic claims for literary works; visual arts works;
performing arts works, including motion pictures; sound recordings; and
single serial issues. The filing fee is $35 if you register one work by a single
author who is also the claimant and the work is not made for hire.

301

To register a copyright, an owner must: (1) file a simple application; (2) pay a
nominal fee ($35 for a single application by a single author and the work is not
made for hire) and (3) deposit copies of the work with U.S. Copyright Office.
Unlike patent or trademark examination, the Copyright Office does not complete
a complex examination before approving an application.
A defendant in a copyright infringement suit cannot use an “innocent
infringer” defense to mitigate actual or statutory damages if there is a proper
copyright notice affixed to a work, 17 U.S.C. § 401(d). Registration serves as
notice to the public that material is protected by copyright and shows the year of
first publication.
(F) WORK MADE FOR HIRE
In general, the creator of a copyrightable work is the rights holder. The “work
for hire” doctrine is an exception to this general rule; it applies where a person
creates, but is not the owner of a copyrightable work. The “Work for Hire”
doctrine makes an employer the copyright owner for works prepared by their
employee within the scope of employment—even if the employer does nothing
more than hire the employee who creates the work.

§ 10-3. Overview of Copyright Infringement

In the past two decades, courts have generated a distinct body of copyright law
to accommodate cyberspace. The discussion of direct and secondary
infringement cases demonstrates how the Internet

302

shapes and will continue to shape copyright law for the foreseeable future.
In the past ten years, the cutting edge of online copyright law is peer-to-peer
(P2P) software litigation. The ten-year war against P2P file sharing networks has
resulted in a number of high profile victories for copyright owners, but has done
little to stem the tide of P2P sharing, particularly among younger web users.
REBECCA GIBLIN, CODE WARS: 10 YEARS OF P2P SOFTWARE LITIGATION vi (2011)
(foreword by Jane Ginsburg). Social-media related-copyright cases have
dominated the legal landscape in recent years.
(A) DIRECT INFRINGEMENT
“To allege a prima facie case of direct copyright infringement, Plaintiff must
satisfy two requirements: (1) it must show ownership of the allegedly infringed
material, and (2) it must demonstrate that Defendants committed an act of
“copying” this material.” Perfect 10, Inc. v. Giganews, Inc., 2013 WL 2109963
(C.D. Cal. 2013). “The word ‘copying’ is shorthand for the infringing of any of
the copyright owner’s five exclusive rights” under 17 U.S.C. § 106.

303
(B) SECONDARY COPYRIGHT INFRINGEMENT
Secondary Copyright Liability

All three indirect infringement theories turn on a showing of underlying direct

infringement. Secondary copyright infringement is analogous to aiding and
abetting on the criminal side of the law. Evidence of active steps to induce direct
copyright infringement includes activities such as advertising an infringing use
or instructing users how to access infringing content. Until the last few years,
nearly all P2P copyright infringement enforcement actions targeted the
secondary infringers rather than the primary users.

304

(1) Contributory Infringement

Contributory infringement is a doctrine drawn in large part from tort law. To

prevail in a contributory copyright infringement lawsuit, the plaintiff must
prove: (1) direct copyright infringement by a third party, (2) knowledge by the
defendant, the third party, of direct infringement, and (3) defendant’s material
contribution to the infringement. In an Internet case, plaintiffs will have a claim
for contributory copyright infringement if a third-party website hosts and
distributes infringing content while contributing to this infringing conduct. In
P2P copyright infringement cases, the meaning of the secondary infringer’s
“knowledge” and the definition of materially contribute is unsettled doctrine.
(2) Vicarious Infringement
A defendant is liable for vicarious copyright infringement if the defendant
“profit[s] from direct infringement while declining to exercise a right to stop or
limit it.” Metro-Goldwyn Mayer Studios v. Grokster, 545 U.S. 913 (2005). To
state a claim for vicarious copyright infringement, a plaintiff must allege the
defendant has: (1) the right and ability to supervise the infringing conduct and
(2) a direct financial interest in the infringing activity.
(3) Inducement
Inducement is an avant-garde theory first articulated by Justice Breyer in
MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 (2005). The inducement rule
holds that “one who distributes a

305

device with the object of promoting its use to infringe copyright.” It is unclear
whether inducement is just another subtype of contributory or vicarious
infringement or a separate theory of secondary liability.

§ 10-4. The Path of Peer-to-Peer File Sharing

Peer-to-Peer (P2P) sharing of video and music files is an Internet-related
development that has shaped the law of secondary copyright infringement.
Sharing music or video files on BitTorrent, for example, is an infringement of
the copyright owner’s distribution right if unauthorized. BitTorrent technology, a
P2P technology, enables users to find and share film, games, music and other
materials over the Internet but does not store files in a central repository, thus
enabling any user to find and share material with others over the Internet, with
no access to a centralized repository of files necessary to do so. BitTorrent
permits users to download different pieces of a file from different peers at the
same time.
Once all the pieces have been downloaded, the file is automatically assembled
into its original form. In the past fifteen years, the U.S. music and film industry
has filed numerous secondary copyright infringement lawsuits against the
enablers of infringement as well direct infringement lawsuits against the
individuals who share copyrighted files on P2P services.

306
(A) NAPSTER
Napster.com (Napster) was the pioneering P2P sharing service, permitting the
exchange of MP3 music files stored on individual computer hard drives with
other Napster users. Record companies and music publishers filed copyright
infringement lawsuits against Napster for facilitating the P2P transmission and
retention of copyrighted content. A & M Records v. Napster, Inc., 239 F.3d 1004
(9th Cir. 2001). The Ninth Circuit found that Napster had diminished the
copyright owners’ commercial sales because users were downloading content
without paying royalties or fees. The court rejected Napster’s fair use argument,
finding that commercial use of the copyrighted material occurred because
Napster’s users repeatedly downloaded and retained “unauthorized copies of
copyrighted works … made to save the expense [of] purchasing authorized
copies.”
The federal appeals court rejected Napster’s argument that it was not liable for
direct or contributory copyright infringement, ruling that DMCA § 512(a) did
not protect Napster’s referencing and indexing activities. In addition, the court
held Napster liable for contributory infringement because Napster not only had
knowledge of the infringing activity, it also contributed to the infringing
conduct. Napster was also found to be vicariously liable because it had a direct
financial interest in the visitors’ infringing activities.

307

(B) GROKSTER
In Metro-Goldwin-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 (2005),
the plaintiffs filed a contributory infringement lawsuit against the developers of
P2P file sharing program. Grokster and the other P2P file sharing defendants
contended that their file-sharing programs were capable of supporting substantial
noninfringing works under the Sony rule. The defendants offered evidence that
Grokster users employed the program to exchange some authorized files,
including authorized digital recordings, digital files of public domain books, and
authorized software files. The defendants also argued that, in the future, users
would exchange even more authorized content through Grokster, including
academic research, public domain files, and user-created audio and video files.
The Supreme Court unanimously held that “one who distributes a device with
the object of promoting its use to infringe copyright, as shown by clear
expression or other affirmative steps taken to foster infringement is liable for the
resulting acts of infringement by third parties.” The Grokster Court enunciated
an inducement rule imported from patent law providing that “one who
distributes a device with the object of promoting its use to infringe copyright, as
shown by clear expression or other affirmative steps taken to foster
infringement, is liable for the resulting acts of infringement by third parties.”
The Court’s inducement rule would find contributory infringement if the
defendant induced or encouraged direct infringement.

308

The Grokster Court decided the case on an “intentional inducement” theory,

declining to rule on the continuing vitality of the Sony test for contributory
infringement. In Contributory copyright infringement doctrine, a defendant is
contributorily liable when it, “with knowledge of the infringing activity, induces,
causes or materially contributes to the infringing conduct of another.” Gershwin
Publishing Corp. v. Columbia Artists Mgmt., 443 F.2d 1159, 1162 (2d Cir.
1971).
The Grokster Court based its inducement theory upon evidence that Grokster
and Streamcast P2P networks intended and encouraged the use of their products
for file sharing. In the wake of Grokster, it remains unclear whether inducement
is a separate secondary copyright cause of action or merely a type of
contributory copyright infringement.
Congress thus established a comprehensive set of safe harbors to provide: (1)
“strong incentives for service providers and copyright owners to cooperate to
detect and deal with copyright infringements that take place in the digital
networked environment”; and (2) “greater certainty to service providers
concerning their legal exposure for infringements that may occur in the course of
their activities.” Section 512 of the DMCA gives websites like Viacom a safe
harbor for secondary copyright infringement so long as they comply with
statutory steps such as promptly responding to takedown notices. In Viacom
Int’l, Inc. v. YouTube, Inc., 676 F.3d 19 (2d Cir. 2012), the Second Circuit
affirmed in part, vacated in part, reversed in part and remanded the case back to
the lower court affirming the lower

309
court’s holding that the § 512(c) safe harbor requires knowledge or awareness
of specific infringing activity. The appeals court stated that the “first and most
important question on appeal is whether the DMCA safe harbor at issue requires
“actual knowledge” or “aware[ness]” of facts or circumstances indicating
“specific and identifiable infringements.” The Second Circuit instructed the
lower court to consider first the scope of the statutory provision and then its
application to the record in this case.
Nevertheless, the court vacated the lower court’s entry of summary judgment
ruling, “[a] reasonable jury could find that YouTube had actual knowledge or
awareness of specific infringing activity on its website.” The lower court erred
by interpreting the “right and ability to control” infringing activity to require
“item-specific” knowledge. Finally, the court affirmed the district court’s
holding that three of the challenged YouTube software functions fell within the
safe harbor for infringement that occurs “by reason of” storage at the direction of
the user, and remanded for further fact-finding with respect to a fourth software
function.
Liability for inducement of copyright infringement has four elements: (1) the
distribution of a device or product, (2) acts of infringement, (3) an object of
promoting its use to infringe copyright, and (4) causation. Columbia Industries v.
Fung, 710 F.3d 1020, 1032 (9th Cir. 2013), In Fung, the Ninth Circuit affirmed a
lower court’s decision finding liability for inducement of copyright infringement

310

against the owner and operator of websites using BitTorrent.

§ 10-5. Links, Framing, Bookmarks, and Thumbnails

(A) HYPERLINKS
Typically, there is no copyright infringement when merely linking to a third
party’s website that contains infringing materials. In Bernstein v. J.C. Penney,
1998 WL 906644 (C.D. Cal. 1998), a federal court in California dismissed a
copyright infringement claim against J.C. Penney for linking to a Swedish
website with infringing content.
In Bernstein, the site with the infringing material was several simple links
distant from J.C. Penney’s website. The Canadian Supreme Court in Crookes v.
Newton, 2011 SCC 47 (SCC 2011) agreed that a mere hyperlink could not be
considered a publication and therefore there was no infringing activity.
“Deep linking” occurs when a defendant’s link bypasses the principal web
page containing the trademark owner’s logo and third party advertising. In 2002,
the Danish Maritime and Commercial Court ruled that a Danish company named
Newsbooster violated copyright law when it used deep links to individual
articles from online newspapers. However, only four years later, the court found
deep linking to be legal in a case where an online real estate site was linking
directly to individual homes bypassing the front page. Karim

311

Petersen, Deep Linking is Legal in Denmark, EDRi (2006).

(B) FRAMING
“Framing” is displaying content from another website while still maintaining
advertisements from the original site. Framing allows the user to visit one
website while remaining in a prior one. This method of online advertising causes
a second website to appear on a part of another site. Eugene R. Quinn Jr., Web
Surfing 101: The Evolving Law of Hyperlinking, 2 BARRY L. REV. 37, 46, 59
(2001). To date, no appellate court has weighed in on framing. In Washington
Post v. Total News, Inc., No. 97 Civ. 1190 (S.D. N.Y. 2011), the Washington
Post along with other publishers charged that Total News infringed its
copyrights and trademarks, and misappropriated their news material but the case
settled before an appellate opinion. In 2013, a German appellate court, the BGH,
held that a vendor’s framing of content by a third party on YouTube did not
violate the German Copyright Act. You’ve Been Framed: Deep Linking & the
Law, JGR.web (May 23, 2013). In 2014, the Court of Justice of the European
Union (CJEU) ruled that using framing was not a “communication to the public
according to Art. 3(1) 2001/29/EC, the InfoSec Directive.” Benjamin Schuetze,
Germany: No Digitisation Without Reproduction, KLUWER COPYRIGHT BLOG
(May 29, 2015). In 2014, the CJEU ruled that neither linking nor framing
“directing users of a website to copyright content hosted on another site” did not
“constitute communication to a

312
‘new’ public” as required by EU copyright law. Paul Joseph, CJEU Rules That
Linking & Framing Is Not Copyright Infringement, LEXOLOGY (Feb. 13, 2014).
(C) BOOKMARKS
The Seventh Circuit in Flava Works v. Gunter, 689 F.3d 754 (7th Cir. 2012),
determined that myVidster was not a contributory infringer merely because a
website visitor bookmarks a video and later clicks on the bookmark and views
the video. The federal district court issued a preliminary injunction against the
social media site, which was vacated by the U.S. Court of Appeals. Flava Works
produced and distributed videos “of black men engaged in homosexual acts.”
The court acknowledged that myVidster “may have done a bad thing by
bypassing “Flava’s pay wall” by enabling viewing the uploaded copy, but it does
not constitute copyright infringement.” The direct infringers are Flava’s
customers who copied his copyrighted videos and posted them to the Internet.
The court stated that myVidster could be liable for contributory infringement
under an inducement theory but there was no evidence in the record supporting
that claim.
(D) THUMBNAILS OF IMAGES
In Kelly v. Arriba Soft Corp., 77 F. Supp. 2d 1116 (C.D. Cal. 1999), ditto.com,
a search engine, retrieved images by matching the keyword searched with the
description of image files sorted in Ditto’s

313

database. Leslie Kelly, a Western art photographer filed suit against ditto.com
for reproducing and displaying his copyrighted art on its search engine in
miniature. Ditto would index the images and “display them in ‘thumbnail’ form
on the search results page.” The Ninth Circuit found Arriba Soft’s use of
thumbnails was transformative because the greatly reduced copies of
copyrighted images used in the thumbnails were for a different purpose.
In 2002, the Ninth Circuit affirmed the district court’s holding that thumbnails
infringed Kelly’s copyrighted photographs, but fair use permitted the use of the
thumbnails in Ditto.com’s image index. In a 2003, decision, the Ninth Circuit
upheld the panel’s ruling that search engines could use thumbnails of images,
but withdrew the portion of the opinion dealing with inline linking or framing.
In Perfect 10, Inc. v. Google, Inc., 508 F.3d 1146 (9th Cir. 2007), the plaintiff
created photographs of nude models for commercial distribution. After
publishing its magazine, Perfect 10, began offering access to these pictures on its
password protected paid subscription website. Google’s search engine used a
web crawler to copy thumbnail images of Perfect 10’s copyrighted photographs
for use in its search engine. In Perfect 10, the Ninth Circuit held Google’s
thumbnail sized reproduction of entire copyrighted images in its search engine
results page to be “highly transformative.”
Google’s use of the copyrighted images was to find content, which was a
radically different purpose than the original copyright owner’s use. The Ninth

314

Circuit held that Perfect 10 was not likely to prevail it its copyright
infringement arising out of Google’s “in-line links” that allowed Internet users to
view infringing copyrighted images on third party’s websites. In addition, the
court found no vicarious or contributory infringement in its use of thumbnails or
in-line links.

§ 10-6. Database Protection

As noted earlier in this chapter, in 1991, the U.S. Supreme Court held in Feist
Publications, Inc., v. Rural Telephone Service Co. (1989) that compiling
information alone without a minimum of original creativity does not satisfy the
originality element of the U.S. Copyright Act. The Court rejected Rural’s “sweat
of the brow” argument, finding that there was no infringement since Rural had
no copyright in the telephone white databases. The U.S. rejection of sweat of the
brow diverges sharply with the EU’s approach. The European Union enacted the
Database Directive in 1996, granting legal protection of databases in any form.
Article 6 of the Directive provides for copyright protection for databases,
while Article 9 provides for a sui generis right of protection. Article 7 notes that
the object of “protection” is to protect database developers who have made
“qualitatively and/or quantitatively a substantial investment in either the
obtaining, verification or presentation of the contents to prevent extraction.”
Under EU’s dual system for protecting databases, copyright law protects
compilations meeting the requirements of fixation, and origination, for a 70-year
term.

315
315

§ 10-7. Limitations on Exclusive Rights

Under the “first sale” doctrine, a topic covered in Chapter 4, once the
copyright holder sells a copy of the copyrighted work, the owner of the copy can
“sell or otherwise dispose of the possession of that copy” without the copyright
holder’s consent. Because of the first sale doctrine, the owners of software
license rather than sell copies of software. In UMG Recordings, Inc. v. Augusto,
558 F. Supp. 2d 1055 (C.D. Cal. 2009), the federal court held that the boilerplate
language used on a promotional CD did not create a license, and therefore the
resale of these already-distributed copies was protected by the first sale doctrine.
Courts determine whether there has been a sale or a license using an economic
realities test, as opposed to the labels used by the parties in a given transaction.
Calling an agreement a license does not make it so.

§ 10-8. Digital Millennium Copyright Act

(A) OVERVIEW OF THE DMCA
Congress enacted the Digital Millennium Copyright Act (DMCA), 17 U.S.C.
§ 1201 et seq. to fulfill its obligations under the 1996 World Intellectual Property
Organization (WIPO) Copyright treaties. The DMCA created both civil
remedies, see 17 U.S.C. § 1203 and criminal sanctions against circumventing
copyright protection or marketing anti-circumvention devices. See 17 U.S.C. §
1204. The DMCA specifically

316

authorizes a court to grant temporary and permanent injunctions on such

terms, as it deems reasonable to prevent or restrain a violation. See 17 U.S.C. §
1203(b)(1).
Congress enacted the DMCA in 1998 to carry out its obligations in two World
Intellectual Property Organization treaties: the WIPO Copyright Treaty (WCT),
and the WIPO Performances and Phonograms Treaty (WPPT). The DMCA also
addresses other significant copyright-related issues and is part of the frequently
amended U.S. Copyright Act. Title I, the “WIPO Copyright and Performances
and Phonograms Treaties Implementation Act of 1998,” implements the WIPO
Copyright and Performances and Phonographs Treaty Implementation Act by
criminalizing the circumvention or removal of Digital Rights Management
(DRM)—digital locks on copyrighted materials—and by prohibiting trafficking
in tools that are primarily designed, valued or marketed for such circumvention.
Title II of the DMCA—also known as the Online Copyright Infringement
Liability Limitation Act, codified at 17 U.S.C. § 512,—provides “[l]imitations
on liability relating to material online” for service providers through a series of
safe harbors. Title II, the “Online Copyright Infringement Liability Limitation
Act” (OCILLA) creates four “safe harbors” that enable qualifying service
providers to limit their liability for claims of copyright infringement when
engaging in certain types of activities.

317

(B) TITLE I’S PROVISIONS

Title I of the DMCA added Chapter 12, entitled “Copyright Protection and
Management Systems,” to the U.S. Copyright Act. The DMCA distinguishes
between circumvention and trafficking. Trafficking in qualified technology that
circumvents technological measures that controls either access to a copyrighted
work, or protects the author’s rights, are both prohibited, while the actual act of
circumvention is only prohibited when it circumvents a technological measure
that controls access, not protecting the author’s rights. The DMCA provides
legal protection for anti-copying technology as well as anti-access technology.
The WCT requires signatory powers to provide remedies against defendants
circumventing digital rights management tools or tampering with copyright
management information. DRM tools restrict the use and copying of digital
information such as music or movies. Congress had the statutory purpose of
facilitating “the robust development and worldwide expansion of electronic
commerce, communications, research, development, and education in the digital
age.” S. Rep. No. 105–190 (1998) at 1–2.
(1) Anti-Circumvention Provisions

The DMCA’a anti-circumvention rules are set forth in Section 201 et seq. of
Title 17. This section defines a technological measure that “effectively protects a
right of a copyright owner under this title” if the measure, in the ordinary course
of its

318
operation, prevents, restricts, or otherwise limits the exercise of a right of a
copyright owner under this title.” 17 U.S.C. § 1201(b)(2)(B).
Section 1201 prohibits the circumvention of anti-access technology as well as
the making and selling of anti-circumvention devices. To “circumvent a
technological measure” means that the defendant has descrambled a scrambled
work, decrypted an encrypted work, or bypassed a technological measure
protecting a copyrighted work. 17 U.S.C. § 1201(a)(3)(A). The DMCA makes it
a crime to “circumvent a technological protection measure that effectively
controls access” to copyrighted works. 17 U.S.C. § 1201(a)(1)(A).
“A technological measure “effectively controls access to a work” if the
measure, in the ordinary course of its operation, requires the application of
information, or a process, or a treatment, with the authority of the copyright
owner, to gain access to the work.” 17 U.S.C. § 1201(a)(3)(B). The DMCA
proscribes circumventing anti-access measures, but does not prohibit
circumventing anti-copying measures. Apple’s FairPlay and Microsoft Windows
Digital Rights Managers, for example, provide controls on the viewing or
playing of copyright materials, which is accessing a service.
Software “that circumvents “digital walls” in violation of the DMCA … is like
a skeleton key that can open a locked door, a combination that can open a safe,
or a device that can neutralize the security device attached to a store’s products”
or “a digital crowbar.” Universal City Studios v. Corley, 273 F.3d

319

429 (2d Cir. 2001). The DMCA’s anti-circumvention prohibitions essentially

criminalize picking digital locks guarding access to copyrighted materials. It
does not, however, prohibit circumvention of technological measures that protect
the exclusive rights of an author under § 106 of the Copyright Act, such as
copying or distribution, as such infringement may be protected by “fair use.”
This bifurcation between access and copying differs from the anti-trafficking
provisions, which proscribes both. In Lexmark Int. v. Static Control
Components, 387 F.3d 522 (6th Cir. 2004), the Sixth Circuit held that software
on a printer cartridge did not qualify as a protected access control device. The
court reasoned that computer code did not control access, but was to prevent
copying of the program.
(2) Anti-Trafficking Provisions
The DMCA’s anti-trafficking provisions cover those who traffic in, or
manufacture, import, offer to the public, or provide, any technology, product,
service, device, component, or part thereof, that can circumvent “a technological
measure” controlling access to a copyrighted work. 17 U.S.C. § 1201(a)(2). The
DMCA protects the rights of an author—such as copying, distribution, or any of
the other exclusive rights embodied in Section 106 of the Copyright Act.
A “Prohibited Device” is one that (1) is primarily designed for circumvention,
(2) has limited uses for legitimate commercial purposes (other than
circumvention), or (3) is marketed for use in

320

circumventing copyright protection. The penalty is up to five years

imprisonment for a defendant’s first offense in manufacturing, importing,
offering to the public, or trafficking in such a device, technology, product, or
service.
(C) TITLE II’S SAFE HARBORS
Title II of the DMCA, OCILLA, protects online service providers (OSPs) who
meet certain safe harbor requirements from liability for all monetary relief for
direct, vicarious, and contributory infringement. To qualify for protection under
any of the DMCA § 512 safe harbors, a party must meet a set of threshold
criteria. First, the party must in fact be a service provider, defined, in part, as an
OSP, network access administrator, or the operator of facilities. Secondly, a part
classifiable as an OSP must also satisfy certain conditions of eligibility,
including adopting, reasonably implementing, and informing subscribers of a
policy that provides for the termination of accounts of recidivist copyright
infringers. Thirdly, they must also accommodate, and not interfere with, standard
technical measures that are used by copyright owners to identify or protect
copyrighted works, or they are divested of the safe harbors of § 512(a)–(d).
Under the DMCA, OSPs are immunized from copyright liability claims based
on (1) transmitting, (2) caching, (3) storing or (4) information location tools.
Section 512(a) of the DMCA limits the liability of a service provider where the
ISP merely transmits digital information that may include infringing material.
The next section is a guide to

321
the four OSP safe harbors, which vary significantly in their preconditions. The
DMCA safe harbor provisions make clear that the responsibility for finding and
reporting third-party infringement lies with “the copyright holder, not the service
provider.” UMG Recordings, Inc. v. Veoh Networks Inc., 665 F. Supp. 2d 1099,
1111 (C.D. Cal. 2009), aff’d sub nom. UMG Recordings, Inc. v. Shelter Capital
Partners LLC, 718 F.3d 1006 (9th Cir. 2013).
(1) Transitory Network Communications
The DMCA immunizes OSPs for all copyright infringement “by reason of the
provider’s transmitting, routing, or providing connections for, material through a
system or network controlled or operated by or for the service provider, or by
reason of the intermediate and transient storage of that material.” 17 U.S.C. §
512(a). The definition of an OSP is narrower for transitory digital network
communications than the other safe harbors in § 512(b)–(d).
This safe harbor applies only to OSPs qualifying under OCILLA’s narrow
definition, which means those “entities that transmit, route, or provide
connections for digital online communications, between or among points
specified by user.” To qualify for the transitory digital network communications
safe harbor, OSPs may not modify content transmitted, routed, or connected.
Someone other than the OSP must initiate the transmission of the material.

322

(2) System Caching

The DMCA immunizes service providers for caching so long as they provide
online services or network access. 17 U.S.C. § 512(k)(1)(B). OSPs claiming the
caching safe harbor must expeditiously respond to takedown notices and
remove, or disable, objectionable content. Assuming these preconditions are
satisfied, Section 512(b) shields service providers from injunctive or monetary
remedies for caching copyrighted materials.
(3) Storage Exemption

The storage exemption safe harbor provision of DMCA limits the liability of
online service providers for copyright infringement that occurs, “by reason of the
storage at the direction of a user of material” residing on a system or network,
controlled, or operated by or for the service provider. 17 U.S.C. § 512(c)(1). To
qualify for this safe harbor, OSPs cannot have actual knowledge the material or
activity is infringing or be aware infringing activities are apparent.
In addition, they must: (1) perform a qualified storage or search function for
Internet users, (2) lack actual or imputed knowledge of the infringing activity,
(3) receive no financial benefit directly from such activity in a case where the
provider has the right and ability to control it, (4) act promptly to remove or
disable access to the material when the designated agent is notified that it is
infringing, (5) adopt, reasonably implement, and publicize a policy of
terminating repeat infringers, and (6)

323

accommodate and not interfere with standard technical measures used by

To qualify for the storage exemption safe harbor for information residing on
systems or networks, the OSP must designate an agent to receive notice from
copyright owners when there is a complaint of infringement. The OSP must also
post the agent’s name on its website and register the agent with the Library of
Congress’ Copyright Office and provide required information such as contact
telephone numbers and working e-mail addresses.
OSPs are required to maintain a DMCA agent to receive takedown notices and
respond expeditiously to takedown notices. Suffolk University Law School, for
example, must appoint an agent designated to receive notification of a claimed
copyright infringement under the DMCA. If a website did not maintain an agent,
or fulfill the other requirements of § 512, they would be subject to secondary
copyright liability arising out of third party postings, even when they are not the
content creator. A service provider must act “expeditiously to remove, or disable
access to, the material” when it (1) has actual knowledge, (2) is aware of facts or
circumstances from which infringing activity is apparent, or (3) has received
notification of claimed infringement meeting the requirements of § 512(c)(3).

324
(b) Takedown & Put-Back Rules

In order to meet the requirements of § 512(a)’s safe harbor, the ISP must meet
stringent criteria. Section 512(c) of the DMCA immunizes service providers
from copyright infringement claims so long as they do not have actual
knowledge of the infringing activity and promptly block allegedly infringing
activity once notified.
To qualify for such protection, an ISP must meet three requirements: (i) the
service provider must either lack both actual knowledge of the infringing activity
and awareness of facts or circumstances from which infringing activity should
be apparent, or it must promptly, upon gaining such knowledge move to prevent
the use of its service to further such infringing activity; (ii) the service provider
must not receive a financial benefit directly attributable to infringing activity it
has the ability to control; and (iii) the service provider must expeditiously
remove material from its service on receipt of an appropriate written notice in
order to qualify for safe harbor protection under the DMCA.
The DMCA’s complex notice, takedown, and put-back procedures are
triggered when a copyright owner, or an assignee, gives written notice to the
designated agent of the service provider under § 512(c)(3)(A). The copyright
owner is able to find the contact information for the service provider’s agent
because, as mentioned above, that information is posted on the website of the
U.S. Copyright Office. The copyright owner must give the provider’s designated
agent a written takedown

325

notice which includes: (1) a physical or electronic signature of a person

authorized to act on behalf of the copyright owner of the right allegedly
infringed, (2) identification of the copyrighted works allegedly infringing, (3)
identification of the parts of the copyrighted work that are infringing and thus
should be removed, (4) sufficient information to contact copyright owner or
complaining party, (5) a statement by the complainant in the good faith belief
that the material is infringing, and (6) a statement that the information in the
notice is accurate.
Congress’ ‘red flag’ test strips service providers of their immunity if they fail
to take action with regard to infringing material if they gain awareness of facts or
circumstances where infringement is apparent (red flags). Section 512(f)(1)–(2)
of the DMCA provides remedies if a person “knowingly materially
misrepresents” information “(1) that material or activity is infringing, or (2) that
material or activity was removed or disabled by mistake or misidentification.” 17
U.S.C. § 512(f)(1)–(2). Those persons who knowingly misrepresent the facts in
takedown notices:
shall be liable for any damages, including costs and attorneys’ fees, incurred
by the alleged infringer, by any copyright owner or copyright owner’s
authorized licensee or by a service provider, who is injured by such
misrepresentation, as the result of the service provider relying upon such
misrepresentation in removing or disabling access to the material or activity
claimed to be infringing, or in

326

replacing the removed material or ceasing to disable access to it. 17 U.S.C.

§ 512(f)(2).
Once the OSP’s designated agent receives a notice that substantially complies
with the DMCA’s requirements, it must expeditiously remove the identified
material. The DMCA provides that a user whose material has been removed or
disabled may have a right to a put back of the disputed content. After the user
who posted the objectionable material receives notice, he or she, has a statutory
right to send a written counter-notification to the OSP’s designated agent. The
counter notice must minimally contain the subscriber’s signature—physical or
digital—identify the material removed, and give a statement that the user has a
good-faith belief that the material was mistakenly removed or disabled. 17
U.S.C. § 512(g)(3)(C).
After receiving a counter-notification, the agent then must promptly (1)
provide the person who filed the original takedown notice with a copy of the
counter notification, and (2) advise that it will replace the removed material or
cease disabling access to it in ten business days. 17 U.S.C. § 512(g)(2)(B).
Unless the person who provided the takedown notice—the copyright owner or
their assignee—gives notice that he or she has filed a copyright infringement
lawsuit or other judicial action, the OSP must replace or reactivate the removed
material no sooner than 10, and no later than 14 business days. 17 U.S.C. §
512(g)(2)(C). The takedown procedures of the DMCA only apply to copyright
materials because a website has no duty to takedown material that constitutes
trademark

327

infringement, torts, crimes, or other ongoing wrongdoing.

(4) Information Location Tools
Section 512(d) is the OSP safe harbor used by search engines such as Google,
or Yahoo! The OSP safe harbor limits an Internet Service Provider’s liability for
monetary relief, as well as injunctive relief, for secondary copyright
infringement for activities such as “linking users to an online location containing
infringing material or infringing activity, by using information location tools”
such as “a directory, index, reference, pointer, or hypertext link.” 17 U.S.C. §
512(d).
(D) EXEMPTIONS & THE FIRST AMENDMENT
The DMCA exempts nonprofit libraries, archives, and educational institutions
so long as these organizations make a good faith determination when acquiring a
copy of a protected work. Academic commentators view these anti-
circumvention measures as an inappropriate extension of copyright impediments
to fair use. Courts are still determining the proper balance between the DMCA’s
copyright protection measures and the doctrine of fair use.
(E) TAKEDOWN AND PUTBACK CASES
In Lenz v. Universal Music Corp., 2008 WL 3884333 (N.D. Cal. 2008), a
California district court ruled that a copyright owner had to consider the fair use
doctrine in formulating good faith belief in connection with takedown notice
under the DMCA.

328

A California court held Universal acted in bad faith by issuing a takedown

notice for a 29-second video of her 18-month-old child dancing to Prince’s song,
Let’s Go Crazy that had been uploaded to YouTube. YouTube removed the
video and Lenz sent a counter notification pursuant to 17 U.S.C. § 512(g),
asserting that her family video constituted fair use of the song and thus did not
infringe Universal’s copyrights. Universal sent her a removal notice asserting
Prince’s wishes not to have his songs posted on YouTube.
The Lenz court found Universal’s failure to consider fair use as sufficient to
state a misrepresentation claim pursuant to the DMCA. The Lenz court also ruled
the plaintiff alleged a cognizable injury in responding to a bad faith takedown
notice. The court sent a deterrent message to copyright owners that mechanically
file DMCA takedown notices without considering fair use. In the post-Lenz
period, copyright owners risk being penalized for filing takedown notices for
material protected by fair use. The DMCA also creates liability for individuals
who abuse the takedown notice system by filing meritless claims of
infringement. 17 U.S.C. § 512(f).
Subsection 512(f) provides that any person who knowingly makes material
misrepresentations in filing a DMCA takedown notice “shall be liable for any
damages, including costs and attorneys’ fees[ ] incurred by the alleged infringer
… or by a service provider.”

329

(F) DMCA SUBPOENA TO UNVEIL ANONYMOUS INFRINGERS

The DMCA sets forth a statutory scheme for copyright holders to notify
internet service providers of the existence of allegedly copyrighted material on
their servers. 17 U.S.C. § 512(c)(3). A “safe harbor” is provided to service
providers who remove or disable access to allegedly infringing material
following receipt of a DMCA notice. A valid DMCA notification requires that
the infringing materials be present at the time notification is served. In re DMCA
Subpoena to eBay, Inc., 2015 WL 3555270 (S.D. Cal. June 5, 2015).
While the court found the subpoena valid to identify alleged copyright
infringers, the court reduced the scope of the subpoena. The court’s order
required “eBay to produce to Rosen the name, last known address, last known
telephone number, any electronic mail addresses associated with each account
from January 1, 2012, to the date of the subpoena and any logs of Internet
Protocol addresses used to access the subject accounts from January 1, 2012, to
the date of the subpoena.”
The court in In re Maximized Living v. Google, 2011 WL 6749017 (N.D. Cal.
Dec. 22, 2011) quashed a Section 512(h) subpoena because the allegedly
infringing material had already been removed from the blog. The court reasoned
that Section 512(h) did not provide for past infringement. The court stated:
John Doe highlights the present tense of the verbs used in the statute, which
requires “[i]dentification of the material that is claimed

330

to be infringing or to be the subject of infringing activity and that is to be

removed or access to which is to be disabled and information reasonably
sufficient to permit the service provider to locate the material.”
The court ruled “that § 512(h) does not authorize issuance of a subpoena to
obtain the identifying information as to past infringement in light of the plain
language and purpose of the DMCA, especially its “notice and takedown
provisions” to which the subpoena power is integrally related.

§ 10-9. Copyright Issues in the Cloud

Cloud computing raises new concerns for copyright owners seeking to protect
content from being illegally shared by mobile users. Cloud computing enables
copyrighted works to be illegally transmitted and distributed as never before.
Myxer.com, for example, is a cloud service that allows users to upload sound
files and create ringtones, which they can then download and send to their
phones. In Capitol Records Inc. v. MP3tunes LLC, No. 1:07-CV-09931-WHP-
FM (S.D. N.Y. 2011), a cloud music provider, ran a music locker service where
users could upload their music library onto MP3tunes servers and access their
music over the Internet.
The MP3tunes court ruled that the music locker business did not infringe on
copyright by observing that the cloud provider stored only one copy of a
particular song, no matter how many users added it to their music library. The
court held that the

331

DMCA does not require vigilant copyright monitoring by a company having

users that upload infringing content. A DMCA takedown notice for a song in the
locker of one user does not require removal of that song from all users’ accounts.

§ 10-10. International Issues

(A) EXTRATERRITORIALITY
Takedown disputes will increasingly involve parties in different countries,
which raise extraterritoriality issues. In general, intellectual property rights are
left to each nation to enforce. A copyright infringement claim may not be
brought in U.S. courts for conduct committed entirely outside the territorial
boundaries of the United States.
(B) SOPA
In the fall of 2011, Congress considered several controversial bills that would
allow blocking orders against infringing ISPs and the removal of pirate websites.
The Stop Online Piracy Act (SOPA) was a proposed U.S. House of
Representatives statute to expand the ability of U.S. law enforcement to fight
online trafficking in copyrighted works. The companion statute in the U.S.
Senate was the Protect IP ACT (PIPA). Reddit, TwitPic, and 7,000 other
websites went “black” to express their opposition to SOPA and PIPA. The
worldwide backlash against overly expansive online copyright forced
governments to withdraw their support.

332

(C) ACTA
The Anti-Counterfeiting Trade Agreement (ACTA) was a proposed
multinational treaty to establish uniform standards for enforcing intellectual
property rights. ACTA fortified the enforcement provisions of the TRIPS
agreement by targeting counterfeit goods, infringing generic goods, and
widespread copyright infringement. In March of 2012, the European Parliament
voted to refer ACTA to the European Court of Justice, which stalled ratification
for Eurozone countries.
(D) MORAL RIGHTS
The United States enacted the Visual Artists Rights Act of 1990 (VARA) to
implement the Berne Convention. Regardless of assignment or ownership of
rights, VARA protects the expectation that a visual work will not be revised,
altered, or distorted. VARA has little application to the Internet since it only
protects works of visual art that have attained the status of “recognized stature.”
“The Internet raises the potential for infringement of an author’s moral rights.
Issues raised specifically by the Internet include the circumstances”—where
their creations are presented when a website links to another site. MAREE
SANSBURY, MORAL RIGHTS AND THEIR APPLICATION IN AUSTRALIA 147 (2003).
While moral rights have been applied primarily to works of art created in a
tangible medium, they can apply to online modifications as well. “Two moral
rights are of primary importance in respect of works placed on the Internet: the
right of attribution and
333

the right of integrity.” PETER GRABOSKY & RUSSELL G. SMITH, CRIME IN THE
DIGITAL AGE: CONTROLLING TELECOMMUNICATIONS AND CYBERSPACE 116 (1998).
The right to false attribution could be extended to computer programs or website
creations. Similarly, manipulating an electronic or digitalized photograph could
violate the right not to have an artist’s work distorted, mutilated, or modified.
Any “assignment of economic rights is not accompanied by assignment of
moral rights … French rights, may provide a remedy where infringement
relating to a digital work is disseminated over the Internet.” CATHERINE COLSTON
& JONATHAN GALLOWAY, MODERN INTELLECTUAL PROPERTY 450 (2010).
(E) EXTRATERRITORIAL REACH
The Copyright Act has only limited extraterritorial reach. Litecubes LLC v.
Northern Light Products, Inc., 523 F.3d 1353 (Fed. Cir. 2008). The Copyright
Act provides that “[i]mportation into the United States, without the authority of
the owner of copyright under this title, of copies … of a work that have been
acquired outside the United States is an infringement of the exclusive right to
distribute copies … under section 106, 17 U.S.C. § 106. It is well established
that the Copyright Act does not “reach acts of infringement that take place
entirely abroad.” Subafilms Ltd. v. MGM-Pathe Commn’ns Co., 24 F.3d 1088
(9th Cir. 1994).

334

(F) EUROPEAN ISPS & NO DUTY TO MONITOR

The issue of whether Internet service providers should monitor illegal content
remains a contentious issue. The European Court of Justice (ECJ) in Belgische
Vereniging van Auteurs, Componisten en Uitgevers CVBA (Sabam v. Netlog NV,
2012) ruled that an Internet Service Provider had no obligation to monitor illegal
content. The court reasoned that imposing an injunction would be the functional
equivalent of requiring ISPs to monitor content, contrary to European Directives.
(G) FOREIGN COPYRIGHT-RELATED CASES
(1) Framing
The Federal Court of Justice of Germany held that a mere fact that a protected
work, freely available on an Internet site, is inserted into another Internet site by
means of a link using the ‘framing’ technique, such as that used in the case in the
main proceedings, cannot classified as ‘communication to the public’ within the
meaning of Article 3(1) of Directive 2001/29/EC of the European Parliament
and of the Council of 22 May 2001 on the harmonisation of certain aspects of
copyright and related rights in the information society. The court reasoned that
the work at issue is not transmitted to a new public or communicated a specific
technical method different from that of the original communication.

335

(2) Peer-to-Peer Sharing and ISPs

In Dallas Buyers Club LLC v. iiNet Limited, 2015 WL 1530657, [2015] FCA
317, the Federal Court of Australia granted an application for preliminary
discovery brought by Dallas Buyers Club LLC, a United States entity which
claims to be the owner of the copyright in the 2012 Jean-Marc Vallée film,
Dallas Buyers Club. In Australia, preliminary discovery is a procedure which
enables a party who is unable to identify the person who it wishes to sue to seek
the assistance of the Court in identifying that person. The application stated that
the plaintiff identified 4,726 unique IP addresses from which their film was
shared on-line using Bit Torrent, a peer-to-peer file sharing network, and that
this occurred without their permission violating Australia’s Copyright Act 1968.
The next step will be for the plaintiffs to send letters to the 4,726 individuals
whose identities are unveiled.
(3) Copyrightability of Metatags

In Red Label Vacations Inc. (redtag.ca) v. 411 Travel Buys Limited

(411travelbuys.ca), 2015 F.C. 19 (Fed. Ct. of Canada, Jan. 7, 2015). Red Label,
an online travel website filed a copyright and trademark lawsuit against 411
TravelBuys Limited, a competitor. Red Label is a travel business organized in
2004 offers online travel information services and bookings through its website
redtag.ca, catering mostly to the Canadian market. Red Label has three
registered trademarks: “redtag.ca” (TMA657,520), “redtag.ca vacations”
(TMA657,750), and “Shop. Compare. Payless!! Guaranteed”

336

(TMA675,219). The defendant, 411 TravelBuys, 4 also created bookings for

travel and travel-related services on its website, which went live in January of
2009.
The defendant registered domain names containing Red Label’s trademarks:
“redtagspecials.ca”, “redvacations.ca” and “411 redtagbuys.ca.” After Red Label
found a lull in its online business, it filed suit against 411 Travel Buys. The court
considered the issue of whether copyright subsist in Red Label’s metatags and
whether 411 Travel Buys infringed Red Label’s trademark by copying them and
using them on its website. Another issue was whether 411 Travel Buys infringed
Red Label’s copyright by copying the “look and feel” of Red Label’s website.
The court found no trademark or copyright infringement in 411 Travel Buys’
activities.
(H) WEBSITE BLOCKING & IN REM INJUNCTIONS
Website blocking is the use of injunctions against intermediaries, who have no
direct or indirect copyright liability for their own actions. U.S. courts seldom
issue in rem injunctions blocking websites in large part because of the First
Amendment of the U.S. Constitution. A growing number of European courts
engage in injunctions that block websites. Martin Husovec, In Rem
Jurisdictions: Case of Website Blocking, International Max Planck Research
School for Competition and Innovation (April 27, 2013).
337
CHAPTER 11
TRADEMARKS ON THE GLOBAL INTERNET

New goods and services are promoted online at “Internet speed,” creating
strains in trademark law. The Internet’s disregard of geographic borders creates
conflicts between concurrent users, which would never have arisen between
distant companies in the purely brick-and-mortar world. Courts have come to
recognize an “Internet trio” of confusion factors: (1) similarity of the marks, (2)
relatedness of the goods and services, and (3) simultaneous use of the Internet
for marketing.
While trademark law traditionally works well in product counterfeiting cases,
it is increasingly ill fitted to the Internet. The Internet marketplace is built upon
bedrock of trademarks and owners must develop new strategies for the
enforcement of trademark rights against online infringers and counterfeiters.
U.S. courts have largely resolved the issues arising out of Google’s AdWords by
rejecting claims for trademark infringement.
It is now difficult to imagine the contours of trademark law without
considering new methods of infringement enabled by bandwidth, browsers, and
digital data. “New legal theories will be developed and old laws will in turn be
modified, manipulated and in some cases mothballed. It is an exciting time to
gird oneself for battle on this new galactic front.” Darryl C. Wilson, Battle
Galactical: Recent Advances and Retreats in the Struggle for the

338

Preservation of Trademark Rights on the Internet, 12 J. HIGH TECH. L. 1, 1

(2011).
An emergent Internet-related issue is to the intersection between trademark
law and torts—such as trade secret misappropriation, defamation,
privacy/publicity and e-personation. New trademark issues such as using a
competitor’s name in metatags and/or domain names are also evolving at a rapid
pace. The latest trademark-related abuse is “username squatting,” where
entrepreneurs register usernames containing another’s mark with the intent to
sell the username to the mark holder for a profit. For example, Coca-Cola and
Nike were allegedly “victims of squatters of their Twitter identities.” Lisa P.
Ramsay, Brandjacking on Social Networks: Trademark Infringement for
Impersonation of Markholders, 58 BUFF. L. REV. 851, 852 (2010). Social media
such as Facebook and Twitter have created new venues for trademark
infringement. Trademark owners, like copyright owner, monitor social media for
trademark misuse. In contrast to copyright law, Congress has yet to enact
revisions to the trademark law covering notice-and-takedown procedures as they
did with the DMCA. Websites such as eBay monitor their sites and takedown
auctions involving infringing content.

§ 11-1. Overview of Internet-Related Trademark Law

The federal trademark statute establishes a system for the registration and
protection of trademarks used in commerce. U.S. trademark law

339

is found in the common law, state statutes and the federal Lanham Act of 1946
(Lanham Act), which provides a civil action against any person who shall,
without consent of the registrant, use in commerce any reproduction, counterfeit
copy, or colorable imitation of a registered mark in connection with the sale,
offering for sale, distribution, or advertising of any goods with which such use is
likely to cause confusion, or to cause mistake, or to deceive.” 15 U.S.C. §
1114(1)(a). The Lanham Act describes a trademark as being a limited property
right in a particular word, phrase, or symbol, and federal trademark protection is
only available for marks “used in commerce.” 15 U.S.C. § 1127.
The standard test of ownership under trademark law is priority of use. In the
twenty first century, trademark law has evolved to address the priority of use in
websites and domain names. Mobile application names and icons, for example,
constitute a new frontier for trademark protection.
(A) THE DISTENSION OF TRADEMARKS
Traditional or conventional trademarks are unique identifiers that employ
words, logos, pictures, symbols, or combinations of these elements. The
nonconventional use of trademark has expanded to include single color
trademarks, sound trademarks, three dimensional trademarks, shape trademarks
and even scent trademarks. In the last decades of the twentieth century, courts
expanded what could be trademarked. Coca-Cola®’s bottle was registered as a
three dimensional mark in 1977. In 1987, Owens-Corning was granted a
340

trademark for the color pink in insulation. Clarke’s Osewez® was granted a
trademark on a fragrance for use on their sewing thread and embroidery yarn in
1991.
(B) FEDERAL TRADEMARK REGISTRATION
The Trademark Act of 1946, as amended, 15 U.S.C. § 1051, governs the
federal registration of trademarks. Trademark applicants need to consider (1) the
mark they want to register, (2) the goods and/or services in connection with
which you wish to register the mark, and (3) whether they will be filing the
application based on actual existing use of the mark or a bona fide intention to
use the mark in the future. A trademark application “must specify the proper
“basis” for filing, whether current use of the mark in commerce or on an intent to
use the mark in commerce in the future.” The U.S. Trademark Office publishes
approved trademarks on the Principal Register of the United States Patent and
Trademark Office (USPTO). A trademark must be distinctive and thus functions
as a source identifier. American Express, for example, trademarked the phrase,
“Don’t Leave Home Without it.” Microsoft’s Window’s icon is an example of a
picture or symbol trademark. IBM is an example of trademark using letters.
Beginning in the late twentieth century, the Trademark Office recognizes more
nonconventional trademarks. A company will claim rights in its trademarks or
service marks by labeling its product with the “™,” “SM,” and “®” symbols. The
federal registration symbol may only be used once the mark is actually

341

registered in the U.S. Patent and Trademark Office. Both registered and
unregistered trade names and trademarks are protected under the Lanham Act.
Lanham Act, § 1 et seq., 15 U.S.C. § 1051 et seq. When proving ownership,
federal registration of a trademark constitutes prima facie evidence of the
validity of the registered mark and of the registrant’s exclusive right to use the
mark in commerce.
Service marks and trademarks are governed by identical standards and thus
like with trademarks, common law rights are acquired in a service mark by
adopting and using the mark in connection with services rendered. The USPTO
refers to the term, “trademark” to include both trademarks and service marks.
The USPTO has registered Internet Domain Names as trademarks since 1997.
The term of a federal trademark registration is 10 years and can be renewed
indefinitely for 10-year periods. Trademark owners must file an affidavit, or a
declaration of continued use, with the USPTO to keep the registration alive
between the fifth and sixth year after the date of initial registration. Failure of the
registrant to provide the affidavit results in cancellation of the trademark
registration. Trademarks may be established by using a mark in commerce,
without a federal registration. However, the USPTO explains the advantages of
owning a federal trademark registration on the Principal Register:
• Public notice of your claim of ownership of the mark;

342

• A legal presumption of your ownership of the mark and your exclusive

right to use the mark nationwide on or in connection with the
goods/services listed in the registration;
• The ability to bring an action concerning the mark in federal court;
• The use of the U.S. registration as a basis to obtain registration in foreign
countries;
• The ability to record the U.S. registration with the U.S. Customs and
Border Protection (CBP) Service to prevent importation of infringing
foreign goods;
• The right to use the federal registration symbol ® and
• Listing in the United States Patent and Trademark Office’s online
databases. USPTO, Trademark FAQs, What Are the Benefits of
Trademark Registration? (2012).
Famous trademarks like Coca-Cola will have trademark protection in
perpetuity; so long as they continue to renew their registration with the USPTO.
The two principal rights in a trademark are a federal trademark registration and
the right to use the mark. In general, the first party who either uses a mark in
commerce or files an application in the trademark office has the ultimate right to
register that mark. The date of first use anywhere is the date when the goods
were first sold or transported, or, the services were first rendered under the mark,
if such use is bona fide and in the ordinary course of trade. 15 U.S.C. § 1127.

343
343

Under U.S. trademark law, it is the first person to use a mark in interstate
commerce rather than the first person to register it who has the priority. Factors
determining first use include which party first affixed the mark to a product, or
whose party’s name appeared with the trademark. Other factors considered are
which party maintained the quality and uniformity of the product, or created the
good will associated with a product. Registration with the Trademark Office
gives the owner exclusive rights only in the United States. However, marks may
be registered in different countries; a practice that is recommended for
companies selling goods and rendering services on the Internet to foreign
countries.
The registration of trademarks signals constructive notice of mark ownership,
and creates a legal presumption in favor of ownership. Trademark registrants
have the right to bring infringement or dilution actions in federal court. Finally,
registration is a predicate to the U.S. Customs Department preventing the
importation of infringing goods.
(C) STATE TRADEMARK LAW
Trademark registration procedures vary widely from state to state. Under the
California state trademark law, online companies need to register their
trademarks to receive protection. However, under the Massachusetts
commonwealth trademark law, online companies need not register with the
Commonwealth to receive protection, but they may if they want to. In 2006,
Massachusetts adopted the International Trademark Association’s Revised

344

Model State Trademark Bill (INTA-MSTB); an online company, or an

individual, may register a trademark or service with the Corporation Division, so
long as the mark is used in the Commonwealth. The use must be bona fide, and
not to reserve a right in the mark.
A trademark is considered in use when it is affixed on the goods or containers,
and on the tags, labels, displays or documents associated with the goods, and
those goods are sold or transported within the Commonwealth. Similarly, service
marks are used or displayed in the sale or advertising of services. The Internet
has marginalized the value of state trademark registration because by definition,
cyberspace disputes are rarely between citizens of the same state.
(D) TRADEMARK APPLICATIONS
(1) Elements of an Application
Trademark applications, filed in the USPTO, must include: (1) the name of the
applicant, (2) a name and address for correspondence, (3) a clear drawing of the
mark, (4) a listing of the goods or services, and (5) the filing fee for at least one
class of goods or services. The Madrid system for the international registration
of trademarks is administered by the International Bureau of WIPO located in
Geneva, Switzerland. One of the advantages of the Madrid system is that a
trademark owner may obtain protection in several countries by filing a single
application within their own national or regional

345

trademark office provided they are members of the Madrid Union.

(2) Actual & Intent to Use Applications

The Lanham Act allows two types of use applications: (1) actual use, and (2)
intent to use (ITU). ITU applications require intent to use the trademark in
commerce in the future. The Lanham Act requires proof of “use in commerce”
meaning there is a bona fide use of a mark in the ordinary course of trade—the
mark cannot only be used to reserve a right to a particular mark. In the brick-
and-mortar world, the term “use in commerce” originated when trademarks
where affixed on goods or containers.
In website sales, in general, the first party who either uses a mark in
commerce or files an application in the U.S. Trademark Office holds the first
right to register that mark. The Trademark Office may accept evidence an
applicant has used a mark “in commerce” for five years as prima facie evidence
of distinctiveness. 15 U.S.C. § 1054. An owner will typically use trademarks on
its product and packaging, while service marks advertise services.
(E) THE SPECTRUM OF DISTINCTIVENESS
Courts considering whether a mark is sufficiently distinctive to warrant
trademark protection evaluate the mark based on a hierarchy of classifications.
Marks are classified on a continuum of increasing distinctiveness: (1) generic,
(2)
346

descriptive, (3) suggestive, (4) arbitrary, or (5) fanciful. Fanciful or “coined”

marks are the strongest marks, followed by arbitrary, suggestive, and descriptive
marks. “Context is critical to a distinctiveness analysis, and the level of
distinctiveness of a mark can be determined only by reference to the goods or
services that the mark identifies.” Advertise.com, Inc. v. AOL Adver., Inc., 616
F.3d 974 (9th Cir. 2010). For example, the mark ‘Super-encrypted software’
connotes computer security.
Notably, a weak descriptive mark may gain secondary meaning through online
advertising or publishing. “Courts classify the distinctiveness or conceptual
strength of a mark as either (1) generic, like ‘Diet Chocolate Fudge Soda’; (2)
descriptive, like ‘Security Center’, (3) suggestive, like ‘Coppertone’, or (4)
arbitrary or fanciful, like ‘Kodak.’ ” Sabinsa Corp. v. Creative Compounds, Inc.,
609 F.3d 175 (3d Cir. 2010).
To determine whether a term is generic, the court looks at whether consumers
understand the word as one that only refers to a particular producer’s goods, or
whether the consumer understands the word to refer specifically to the goods
themselves. A company may not register generic marks such as “website,” “e-
mail”, “spam” or “social media site.” In Elliot v. Google, Inc., 45 F. Supp. 3d
1156 (D. Az. 2014), registrants of a large number of domain names
incorporating the Google trademark filed an action seeking cancellation of
Google’s mark as generic.

347

The ’502 Mark covers “computer hardware; computer software for creating
indexes of information, indexes of web sites and indexes of other information
resources.” The domain name registrants contended that “the GOOGLE mark
has become generic because a majority of the public understands the word
google, when used as a verb, to mean the indiscriminate act of searching on the
internet without regard to the search engine used.” The domain name registrant
‘asserted, inter alia, that the GOOGLE mark has become generic and that he
should be permitted to use the Domain Names incorporating the GOOGLE mark
in furtherance of his business plans.”
The court reasoned that the word google has four possible meanings in this
case: (1) a trademark designating the Google search engine; (2) a verb referring
to the act of searching on the internet using the Google search engine; (3) a verb
referring to the act of searching on the internet using any search engine; and (4)
a common descriptive term for search engines in general. The court was
skeptical about the plaintiff’s expert and found that the domain name registrant
presented no evidence to support its “primary significance” contention that
Google’s trademark was generic. The court held that “the undisputed evidence is
that the consuming public overwhelmingly understands the word google to
identify a particular search engine, not to describe search engines in general.” A
mark is not generic when the primary significance of the term in the minds of the
consuming public is not the product but the producer.

348

(F) TRADE NAME

Apple is a “trade name,” meaning that it is a name used by a person to identify
his or her business or vocation. 15 U.S.C. § 1127. Amazon.com, eBay,
YouTube, and Facebook, are examples of Internet-related trade names. Trade
names, like trademarks, must be distinctive to be protectable. A domain name
may qualify as a trade name if the domain name is used to distinguish the
company, for instance to give information on that company and its activities.
GRAHAM J.H. SMITH, INTERNET LAW AND REGULATION 209 (2007). Domain
names may also be perceived as a trademark when the website itself is a product
or a service such as Amazon.com or eBay.
(G) SERVICE MARKS
A service mark, as its name suggests, identifies the source of services as
opposed to a source of goods. E*Trade, for example, is a service mark for online
investing. The U.S. Patent and Trademark Office uses the terms “trademark,”
and “mark” to refer to both trademarks and service marks whether they are word
marks or other types of marks. Those claiming rights in a mark will label their
products with the symbols “TM,” “SM,” or “®”. The Trademark Office allows a
company to use the “™” (trademark) or “SM” (service mark) designation, which
signals rights even if the mark has not been registered. However, a company
may not use the federal registration symbol “®” until the USPTO actually
registers a mark—not while an examination is still pending.

349
349

(H) FUNCTIONAL LIMITS OF TRADEMARKS

Congress adopted the functionality doctrine by explicitly prohibiting
trademark registration or protection under the Lanham Act for a functional
product. Section 1052(e)(5) prohibits the registration of a mark, which comprises
any matter that, as a whole, is functional, which means it is essential to the use
or purpose of the article or if it affects the cost or quality of the article. This
doctrine developed as a common law rule prohibiting trade dress or trademark
rights in the functional features of a product or its packaging in order to ensure
that the proper boundaries are kept between patent law and trademark law.
In Rosetta Stone Ltd. v. Google, Inc., 676 F.3d 144 (4th Cir. 2012), the Fourth
Circuit found that the functionality doctrine was inapplicable to the keywords,
reversing the district court’s conclusion that Rosetta Stone’s trademarked
keywords marks were functional product features “or that Rosetta Stone’s own
use of this phrase was somehow functional when it entered into Google’s
AdWord program.” While the keywords have an indexing function, they served
a classic trademark purpose identifying goods or services.
(I) WHAT A DOMAIN NAME IS
The Internet Corporation for Assigned Names and Numbers is seeking ways to
minimize deceptive and fraudulent practices as well as other abuses of domain
name registrations. Besides cybersquatting, forms of abuse include:

350

Gripe/Complaint Sites a.k.a. “Sucks Sites”: Websites that complain about a

company’s or entity’s products or services and uses a company’s trademark
in the domain name (e.g. companysucks.com).
Pornographic/Offensive Sites: Websites that contain adult or pornographic
content and uses a brand holder’s trademark in the domain name (e.g.
brandporn.com).
Offensive strings: Registration of stand-alone dirty words within a domain
name (with or without brand names).
Registration of deceptive domain names: Registration of domain names that
direct unsuspecting consumers to obscenity or direct minors to harmful
content—sometimes referred to as a form of “mousetrapping.”
INTERNET CORPORATION FOR ASSIGNED NAMES & NUMBERS (ICANN),
REGISTRATION ABUSE POLICIES WORKING GROUP FINAL REPORT (submitted 29
May 2010) at 36.

§ 11-2. Website Trade Dress

It is an unsettled issue whether trade dress can be protected for websites. The
design or packaging of a product may acquire distinctiveness, serving to identify
the product with its manufacturer or source. The Bubble Calculator, for example,
employs bubbly trade dress to call Internet consumer’s attention to the name of
trademarked product, “Bubble Calculator.” A design or package, which

351

acquires this secondary meaning, assuming other requisites are met, is a “trade
dress” which may not be used in a manner likely to cause confusion as to the
origin, sponsorship, or approval of the goods. In these respects, protection for
trade dress exists to promote competition. Trade dress generally refers to
characteristics of the visual appearance of a product or its packaging that signify
the source of the product to consumers. 1 MCCARTHY ON TRADEMARKS AND
UNFAIR COMPETITION § 8:1 (4th ed. 2012).
In Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763 (1992), the U.S.
Supreme Court decided that the term “trademark” extends to “trade dress,”
which means a product’s “total image and overall appearance” if it is a source
identifier. The Court also found trade dress to be protectable under Section 43(a)
of the Lanham Act prohibiting the use of false designations of origin, false
descriptions, and false representations in the advertising and sale of goods and
services.
Section 43(a) of the Lanham Act recognizes two distinct protectable interests:
(1) protection against unfair competition in the form of an action for false
advertising, and (2) protection against false association in the form of a lawsuit
for false endorsement. The Court explained that trade dress, which is inherently
distinctive, is protectable under Section 43(a) even if the plaintiff cannot
demonstrate secondary meaning since the trade dress itself identified products or
services as coming from a specific source.

352
352

The Court noted the shape and general appearance of the restaurant as well as
“the identifying sign, the interior kitchen floor plan, the decor, the menu, the
equipment used to serve food, the servers’ uniforms, and other features [all
reflected] on the total image of the restaurant.” Trade dress is entitled to
protection under the Lanham Act if: (1) it is inherently distinctive or has
acquired distinctiveness through secondary meaning, (2) it is primarily
nonfunctional, and (3) its imitation would result in a likelihood of confusion in
consumers’ minds as to the source of the product. Faegre & Benson v. Purdy,
367 F. Supp. 2d 1238 (D. Minn. 2005).

§ 11-3. Internet-Related Trademark Claims

Tens of thousands of domain name/trademark disputes have been decided over
the past decade. In a domain name infringement action, a trademark owner will
typically have causes of action such as: (1) trademark infringement, (2) state and
federal dilution, (3) false designation of origin, (4) false advertising and (5)
Anticybersquatting Act remedies.
Internet Trademark Cases

353
354
355

§ 11-4. Internet-Related Trademark Infringement

(A) DIRECT INFRINGEMENT
To establish trademark infringement under the Lanham Act, a plaintiff must
prove: (1) that it owns a valid mark; (2) that the defendant used the mark in
commerce and without plaintiff’s authorization; (3) that the defendant used the
mark (or an imitation of it) in connection with the sale, offering for sale,
distribution, or advertising of goods or services; and (4) that the defendant’s use
of the mark is likely to confuse consumers. 15 U.S.C. § 1114(a).
Similar elements are required in claims under 15 U.S.C. § 1125(a) for false
designation of origin. To state a claim for false designation of origin and false
advertising under the Lanham Act, plaintiff must allege that the defendant’s use
of the plaintiff’s mark in a manner in connection with goods or services used in
commerce is likely to confuse consumers about the source or sponsorship of the
goods or services. Lanham Act, § 43(a), 15 U.S.C. § 1125(a).
A federal cause of action for unfair competition derives from 15 U.S.C. §
1125(a), commonly known as section 43(a) of the Lanham Act. Different
categories of federal unfair competition exist under the Lanham Act including
passing off and false advertising. A federal cause of action for unfair
competition derives from 15 U.S.C. § 1125(a), commonly known as section
43(a) of the Lanham

356

Act. False advertising is a category of federal unfair competition.

Whether the court calls the violation infringement, unfair competition or false
designation of origin, the test is identical: is there a likelihood of confusion? In
general, the more unique or arbitrary a mark, the more protection a court will
afford it.
There are two requirements a plaintiff must allege to survive a Fed. R. Civ. P.
12(b)(1) motion to dismiss for lack of subject matter jurisdiction: (1) the
trademark violation was in connection with any goods or services, and (2) the
defendant used the trademark in commerce. To prevail in a trademark
infringement case, plaintiffs must meet a three-prong test: (1) Did the plaintiff
own a valid and enforceable mark? (2) Did the defendant cause confusion? (3)
Did the plaintiff use the mark in commerce? Stephen W. Feingold & Howard S.
Hogan, Unique Online Trademark Issues, Chapter 7 in G. PETER ALBERT, JR. AN
AIPLA, INTELLECTUAL PROPERTY IN CYBERSPACE (2d ed. 2011) at 308.
Under Section 32 of the Lanham Act, the owner of a mark registered with the
Patent and Trademark Office can bring a civil action against a person alleged to
have used the mark without the owner’s consent. 15 U.S.C. § 1114. The Lanham
Act specifically prohibits person from reproducing, counterfeiting, copying, or
colorably indicating a registered mark, which is likely to cause confusion. A
plaintiff claiming infringement of an incontestable

357

mark must show likelihood of consumer confusion as part of the prima facie
case. 15 U.S.C. § 1115(b).
Courts consider the following factors in determining whether there is a
likelihood of confusion or unfair competition: (1) strength or weakness of
plaintiff’s mark, (2) the degree of similarity with defendant’s mark, (3) class of
goods, (4) marketing channels used, (5) evidence of actual confusion, and (6)
intent of the defendant. No one factor is determinative as the likelihood of
confusion test considers the totality of facts under the circumstances. Under
Section 35 of the Lanham Act, a plaintiff seeking damages for counterfeiting and
infringement has the option of seeking either actual or statutory damages—but
not both. Feingold & Hogan, Issues Unique Online Trademark Issues, Id. at
308–309.
In AMF Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th Cir. 1979), this Court set
forth the following eight (8) factors to be considered in evaluating the likelihood
of confusion in trademark infringement cases: (1) similarity between the
plaintiff’s mark and the allegedly infringing mark; (2) relatedness or similarity
of the parties’ products or services; (3) the strength of the plaintiff’s mark; (4)
the marketing channels used by the parties; (5) the degree of care exercised by
the public in selecting the goods or services at issue; (6) the defendant’s intent;
(7) evidence of actual confusion; and (8) the likelihood of expansion of the
parties’ product lines.
Under a Sleekcraft test, no single factor is determinative, as the likelihood of
the confusion test

358

considers the totality of facts under the circumstances. The three most
important factors in conflicts between domain names and trademarks are: (1) the
similarity of the marks, (2) relatedness of the goods and services offered, and (3)
simultaneous use of the Internet as a marketing channel. In trademark
infringement cases based upon initial interest confusion, the owner of the mark
must demonstrate the likelihood of confusion, not just diversion of Internet
traffic.
In cybersquatting cases, a trademark owner may claim actual damages that
include the profits the domain name registrant made from his use of the mark, as
well as losses sustained by the mark holder as a result of the domain name
registrant’s actions, such as lost sales or harm to the mark’s reputation. Under
the Anticybersquatting Consumer Protection Act of 1999, the trademark owner
has the option of pursuing either actual damages or statutory damages, which
range between $1,000 and $100,000 per domain. 15 U.S.C. § 1117(d). The court
exercises its discretion to fix the actual amount awarded. In “exceptional cases,”
a trademark owner can recover attorney’s fees against the domain name
registrant found to have registered the infringing domain name in bad faith.
(B) CONTRIBUTORY TRADEMARK INFRINGEMENT
To be liable for contributory trademark infringement, a defendant must have:
(1) intentionally induced the primary infringer to infringe, or (2) continued to
supply an infringing

359

product to an infringer with knowledge that the infringer is mislabeling the

particular product supplied. To support a contributory trademark dilution claim,
plaintiff must show that defendants either encouraged others to dilute plaintiff’s
trademark, or continued to supply their product to one whom it knows or has
reason to know is engaging in trademark infringement. Lanham Act, § 43(c), 15
U.S.C. § 1125(c).
When the primary infringer supplies a service rather than a product, a court
must consider the extent of control exercised by the defendant over the third
party’s means of infringement. The knowledge requirement is objective and is
satisfied where the defendant knows or has reason to know of the infringing
activity.
Any liability for contributory infringement will depend upon whether or not
the contributing party intended to participate in the infringement, or actually
knew about the infringing activities. Secondary liability for infringement arises
when “a manufacturer or distributor intentionally induces another to infringe a
trademark, or … continues to supply its product to one whom it knows or has
reason to know is engaging in trademark infringement.” Inwood Labs., Inc. v.
Ives Labs., Inc., 456 U.S. 844 (1982).
When the alleged direct infringer supplies a service rather than a product,
under the second prong of this test, the court must consider the extent of control
exercised by the defendant over the third party’s means of infringement. For
liability to

360
attach there must be direct control and monitoring of the instrumentality used
by a third party to infringe the plaintiff’s mark. In Sony Corps. v. Universal City
Studios (1984), the U.S. Supreme Court determined the manufacturers of
Betamax video tape recorders were not secondarily liable because these
machines had a substantial legitimate use.
The first Internet-related case to address contributory trademark infringement
was Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d 980 (9th Cir.
1999), where the Ninth Circuit held that Network Solutions was not
contributorily liable for the trademark infringement of a domain name. In Gucci
America, Inc. v. Hall & Assocs., 135 F. Supp. 2d 409 (S.D.N.Y. 2001), the court
refused to dismiss Gucci’s claim against an ISP for contributory trademark
infringement predicated upon the claim it hosted a direct trademark infringer.
Mere knowledge of third party infringement is an insufficient basis for
contributory trademark infringement.
The ACPA does not create a cause of action for contributory cybersquatting in
Petroliam Nasional Berhad v. GoDaddy.com, Inc., 737 F.3d 546, 550 (9th Cir.
2013). Petroliam was a Malaysian corporation that developed petroleum
resources. Petroliam objected to the domain names petronastower.net and
petronastowers.net that were transferred to GoDaddy.com. Petroliam filed a
cybersquatting and contributory cybersquatting action against the registrar after
it did not take action against the disputed domain names.

361

The district court dismissed the claims for direct and contributory
cybersquatting and the Ninth Circuit affirmed reasoning that the ACPA does not
include a cause of action for contributory cybersquatting because: (1) the text of
the Act does not apply to the conduct that would be actionable under such a
theory; (2) Congress did not intend to implicitly include common law doctrines
applicable to trademark infringement because the ACPA created a new cause of
action that is distinct from traditional trademark remedies; and (3) allowing suits
against registrars for contributory cybersquatting would not advance the goals of
the statute.
The court found no language in the ACPA creating contributory
cybersquatting actions. The Petroliam court reasoned that imposing secondary
liability on domain name registrars would impermissibly expand the scope of the
ACPA. Petroliam filed a petition for a writ of certiorari asking the U.S. Supreme
Court to answer the question whether the rules of contributory infringement
apply to cybersquatting cases.
(C) SECONDARY TRADEMARK INFRINGEMENT
(1) Vicarious Liability
Vicarious liability for trademark infringement requires a finding that the
defendant and the infringer have an apparent or actual partnership, have
authority to bind one another in transactions with third parties or exercise joint
ownership or

362

control over the infringing product.” Perfect 10, Inc. v. Visa Int’l Serv. Ass’n,
494 F.3d 788, 807 (9th Cir. 2007). One of the greatest hurdles is to find an
apparent or actual partnership. Hard Rock Café Licensing Corp. v. Concession
Servs. Inc., 955 F.2d 1143 (7th Cir. 1992). Courts apply a four-part test to
determine partnership: (1) parties’ sharing of profits and losses, (2) parties’ joint
control and management of business, (3) contribution by each party of property,
financial resources, effort, skill, or knowledge to business, and (4) parties’
intention to be partners.
In Perfect 10 v. Visa International, 494 F.3d 788 (9th Cir. 2007), the Ninth
Circuit refused to find Visa vicariously liable for its role in enabling payment for
website access to content violating the copyrights and trademarks of a third party
magazine publisher. The appeals court uncovered no affirmative acts by the
defendants suggesting to third parties that they should infringe the publisher’s
trademarks. The Ninth Circuit said even if defendants allowed the infringing
merchants to use their logos, trade name, or trademarks, they would not be liable
for false advertising because they had no duty to investigate the truth of the
statements made by others. Moreover, the court found that Visa did not
encourage the improper conduct at issue; they merely processed credit card
payments.
(2) Contributory Infringement
To be liable for contributory trademark infringement, a defendant must have
(1)

363
363

‘intentionally induced’ the primary infringer to infringe, or (2) continued to

supply an infringing product to an infringer with knowledge that the infringer is
mislabeling the particular product supplied.” Id. (quoting Inwood Labs., Inc. v.
Ives Labs., Inc., 456 U.S. 844, 855 (1982). The tests for secondary trademark
infringement are even more difficult to satisfy than those required to find
secondary copyright infringement.” Perfect 10, Inc. v. Visa Int’l Serv. Ass’n, 494
F.3d 788, 806 (9th Cir. 2007).

§ 11-5. Trademark Dilution Revision Act of 2006

Federal dilution claims only extend to famous marks, those marks with such
powerful consumer associations that even non-competing uses can impinge on
their value. Under the statute, “a mark is famous if it is widely recognized by the
general consuming public of the United States as a designation of source of the
goods or services of the mark’s owner.” 15 U.S.C. § 1125(c)(2)(A). Federal
dilution claims require the plaintiff to show that its mark is famous and
distinctive, that the defendant began using its mark in commerce after the
plaintiff’s mark became famous and distinctive, and that the defendant’s mark is
likely to dilute the plaintiff’s mark. Congress enacted the Trademark Dilution
Revision Act of 2006 that displaced the FTDA of 1996. For § 1125(c)(1) to
apply, the defendant must have “commence[d]” a diluting use of the plaintiff’s
mark after the point at which the mark became famous.

364

The TDRA amended the Lanham Act to render one liable to the owner of a
trademark who, with “a bad faith intent to profit from that mark,” “registers,
traffics in or uses a domain name” that is either identical or confusingly similar
to a “distinctive” mark or is identical, confusingly similar or dilutive of a
“famous mark.” 15 U.S.C. § 1125(c). The Federal Trademark Dilution Act
(FTDA) recognized new remedies for the dilution of famous trademarks. The
FTDA factors include the duration and extent of use of the mark, the nature of
the advertising, and the acquired distinctiveness of the mark. 15 U.S.C. §
1125(c)(1).
To state a prima facie dilution claim under the TDRA, the plaintiff must show
the following:
(1) that the plaintiff owns a famous mark that is distinctive;
(2) that the defendant has commenced using a mark in commerce that
allegedly is diluting the famous mark;
(3) that a similarity between the defendant’s mark and the famous mark
gives rise to an association between the marks; and
(4) that the association is likely to impair the distinctiveness of the famous
mark or likely to harm the reputation of the famous mark. 15 U.S.C. §
1125(c).

365

(A) BASICS OF FEDERAL DILUTION CLAIMS

(1) Dilution by Blurring
The TDRA defines “dilution by blurring” as the “association arising from the
similarity between a mark or trade name and a famous mark that impairs the
distinctiveness of the famous mark.” 15 U.S.C. § 1125(c)(2)(B). Blurring under
the federal statute involves the classic “whittling away” of the selling power and
strength of the famous mark. The Domain Vault court interprets these two types
of blurring in the TDRA cases as follows:
Given this history, the Court concludes that Congress intended “dilutive” in
Subparagraph (iv) to draw its meaning from the definition of “dilution” in
15 U.S.C. § 1125(c). Thus, a “misrepresentation … that a domain name is
… dilutive of a mark,” 15 U.S.C. § 1114(2)(D)(iv), will usually mean a
misrepresentation that another’s domain name is causing dilution by
blurring or dilution by tarnishment.
Dilution by blurring means an “association arising from the similarity
between a mark or trade name and a famous mark that impairs the
distinctiveness of the famous mark.” § 1125(c)(2)(B). Dilution by
tarnishment means an “association arising from the similarity between a
mark or trade name and a famous mark that harms the reputation of the
famous mark.” § 1125(c)(2)(C).

366

The Court does not hold that a party must use the words “dilution,”
“blurring,” or “tarnishment” to trigger Subsection (iv). Allegations that
would support the elements of dilution by blurring or tarnishment may
suffice.
Domain Vault LLC v. Bush, 2015 WL 1598099 at *8 (D. Colo. Apr. 8, 2015).
A plaintiff seeking relief under the blurring prong of the TDRA must show
that its mark is famous and distinctive, that defendant began using its mark in
commerce after plaintiff’s mark became famous and distinctive, and that
defendant’s mark is likely to dilute plaintiff’s mark. In determining whether a
mark or trade name is likely to cause dilution violative of the Lanham Act by
blurring, the court may consider all relevant factors, including (i) the degree of
similarity between the mark or trade name and the famous mark, (ii) the degree
of inherent or acquired distinctiveness of the famous mark, (iii) the extent to
which the owner of the famous mark is engaging in substantially exclusive use
of the mark, (iv) the degree of recognition of the famous mark, (v) whether the
user of the mark or trade name intended to create an association with the famous
mark, and (vi) any actual association between the mark or trade name and the
famous mark. Lanham Act, § 43(c), 15 U.S.C. § 1125(c).
To prove dilution by blurring, the plaintiff must show that the association
between the plaintiff’s mark and the defendant’s mark weakens the mark’s
ability to evoke the first product in the minds of

367

consumers. (Jada Toys Inc. v. Mattel, Inc., 518 F.3d 628 (9th Cir. 2008). The
TDRA, 15 U.S.C. § 1125(c), grants: “[t]he owner of a famous mark” the right to
seek “an injunction against another person’s commercial use in commerce of a
mark or trade name, if such use begins after the mark has become famous and
causes dilution of the distinctive quality of the mark.”
(2) Dilution by Tarnishment

“[D]ilution by tarnishment” is defined as the “association arising from the

similarity between a mark or trade name and a famous mark that harms the
reputation of the famous mark.” 15 U.S.C. § 1125(c)(2)(C). Dilution by
tarnishment occurs where the plaintiff’s mark is linked with something unsavory
or degrading. This category includes things like X-rated movies, hard-core
pornography, revenge porn websites, crude humor, and pirated goods. The
TDRA applies when a website blurs a famous trademark by incorporating the
mark in a domain name. 15 U.S.C. § 1125(c). A domain name can tarnish a
famous trademark, as in Mattel, Inc. v. Jcom, Inc., 48 U.S. P.Q.2d (BNA) 1467
(S.D.N.Y. 1996), where the court held that the use of the Barbie trademark by an
adult entertainment web site, combined with particular fonts and color schemes,
tarnished the mark.
The TDRA amended the Trademark Act of 1946 to describe the factors
determining whether a mark is “distinctive and famous,” 15 U.S.C. § 1125(c)(1),
and defines “dilution” as “the lessening of the capacity of a famous mark to
identify and

368

distinguish goods or services,” 15 U.S.C. § 1127. The TDRA amended

Section 43(c) of the Lanham Act to enable trademark owners of famous
trademarks to file a federal anti-dilution action. This 2006 amendment to the
Lanham Act overrules the Supreme Court’s ruling in Moseley v. Victoria Secret
Catalogue, Inc., 537 U.S. 418 (2003), which interpreted the prior federal Anti-
Dilution Act to require prevailing plaintiffs to prove actual dilution. In Moseley,
the Court settled a circuit court split as to whether plaintiffs had to prove actual
dilution in a federal dilution action. The TDRA overturned Moseley when it
provided relief for “likely,” as opposed to actual, dilution. 15 U.S.C. § 1125(c)
(1).
Dilution, under the TDRA, is defined as lessening the capacity of a famous
mark to identify and distinguish goods or services regardless of the presence or
absence of: (1) competition between the owner of the famous mark and other
parties, or (2) likelihood of confusion, mistake, or deception. 15 U.S.C. § 1127.
In order to establish its trademark dilution claim, a plaintiff must show that: (1)
its marks are famous; (2) the defendant adopted its mark after its marks became
famous; (3) the defendant’s mark is likely to cause dilution of the trademark; and
(4) the defendant is using its mark in commerce for commercial purposes. Under
the TDRA, there is still a cause of action “regardless of the presence or absence
of actual or likely confusion, of competition, or of actual economic injury.” 15
U.S.C. § 1125(c)(1).
To obtain relief under the TDRA, a trademark owner must first show that their
mark is both

369
famous and distinct. The TDRA extends to those marks that are inherently
distinctive, and to those deriving distinctiveness from secondary meaning.
Second, the owner must show one of two forms of dilution: blurring and
tarnishment as first developed under the common law. Under the TDRA, there
are two types of dilution, but one, dilution by blurring, occurs when a mark
previously associated with one product also becomes associated with a second.
15 U.S.C. § 1125(c)(2)(B).
Blurring weakens the mark’s ability to evoke the first product in the minds of
consumers. Many courts describe blurring as a whittling away of a mark’s
distinctiveness. The TDRA states: (1), “dilution by blurring” is association
arising from the similarity between a mark or trade name and a famous mark that
impairs the distinctiveness of the famous mark. In determining whether a mark
or trade name is likely to cause dilution by blurring, the court may consider all
relevant factors, including the following:
(i) The degree of similarity between the mark or trade name and the famous
mark.
(ii) The degree of inherent or acquired distinctiveness of the famous mark.
(iii) The extent to which the owner of the famous mark is engaging in
substantially exclusive use of the mark.
(iv) The degree of recognition of the famous mark.

370

(v) Whether the user of the mark or trade name intended to create an
association with the famous mark.
(vi) Any actual association between the mark or trade name and the famous
mark.
15 U.S.C. § 1125(c)(2)(B).
Congress has enumerated factors courts may use to analyze the likelihood of
dilution, including the similarity between the two marks and the distinctiveness
and recognition of the plaintiff’s mark. 15 U.S.C. § 1125(c)(2)(B)(i). “Dilution
by tarnishing occurs when a junior mark’s similarity to a famous mark causes
consumers mistakenly to associate the famous mark with the defendant’s inferior
or offensive product.” Hasbro, Inc. v. Internet Entm’t Group, Ltd., 1996 WL
84853 (W.D. Wash. 1996).
The Ninth Circuit explains the essence of blurring as the weakening of the
ability of a trademark “to evoke the first product in the minds of consumers.
“For example, Tylenol snowboards, Netscape sex shops, and Harry Potter dry
cleaners would all weaken the ‘commercial magnetism’ of these marks and
diminish their ability to evoke their original associations.” Levi Strauss & Co. v.
Abercrombie & Fitch Trading Co., 633 F.3d 1158 (9th Cir. 2011).
Under the FTDA, “a mark is famous if it is widely recognized by the general
consuming public of the United States as a designation of source of the goods or
services.” 15 U.S.C. § 1125(c)(2)(A). The statute establishes that the junior user,
to be liable for

371

dilution, must use “a mark or trade name … after the mark has become
famous.” 15 U.S.C. § 1125(c)(1).
In Avery Dennison Corp. v. Sumpton, 189 F.3d 868 (9th Cir. 1999), the
trademark owner of the “AVERY” and “DENNISON” brands of office products
filed suit against Jerry Sumpton, an entrepreneur who sold vanity domain names
and registered domain names with these trademarks. The Ninth Circuit held that
Avery Dennison did not establish the “famousness” element and therefore had
no TDRA cause of action. The court also found that the plaintiff failed to
demonstrate commercial use by the defendant as Mr. Sumpton was selling the
domain names for use for surname domain names—not for commercial use.
The court did not find the words “AVERY” and “DENNISON” to constitute
famous marks although they had been used for over seventy years and had
generated sales of $3 billion. The lesson from this case is that the FTDA’s
delimiters of famousness and commercial use prevent many trademark owners
from pursuing a federal dilution claim.
(B) TDRA REMEDIES
The remedy under the TDRA is limited to an injunction, “… unless the person
against whom the injunction is sought willfully intended to trade on the owner’s
reputation or to cause dilution of the famous mark.” 15 U.S.C. § 1125(c)(2).
Under the FTDA, the owner of a famous mark may obtain injunctive relief
against any “person who, at any
372

time after the owner’s mark has become famous, commences use of a mark …
in commerce that is likely to cause dilution.” 15 U.S.C. § 1125(c)(1).
(C) TDRA DEFENSES
In response to First Amendment, or associational policy concerns, the TDRA
exempts certain uses of a famous mark. TDRA defenses include the following:
(1) the mark is not famous, (2) the use is classified as a parody, (3)
noncommercial use of the mark, (4) fair use of a famous mark is permitted in
comparative advertisements and (5) dilution is not likely. The TDRA expressly
excludes from its reach “[a]ny fair use, including a nominative or descriptive fair
use, or facilitation of such fair use, of a famous mark by another person other
than as a designation of source for the person’s own goods or services.” 15
U.S.C. § 1125(c)(3)(A).
The federal anti-dilution statute specifically provides comparative advertising
and parody as examples of non-dilutive fair uses. See 15 U.S.C. § 1125(c)(3)(A)
(i) & (ii). Just as with any trademark action, a defendant may assert a right to use
a trademark in a news commentary, a comparative advertisement. Fair use is a
statutory defense under the FTDA.

§ 11-6. False Designation of Origin

To prevail in a false designation of origin, or in an infringement case, the
plaintiff needs proof that defendant’s use of the trademark in cyberspace would
likely cause an appreciable number of

373

Internet users to be misled or confused as to the source, sponsorship, or

affiliation of defendant’s goods or services. The unfair competition or,
“consumer confusion” provision, of Section 43 of the Lanham Act, is intended to
prevent confusion, mistake, or deception regarding the source of goods or
services and applies equally well to cyberspace
The core element of any trademark infringement cause of action, or false
designation of origin, is whether there is a likelihood of confusion. Under
trademark infringement, unfair competition, or false designation of origin claim,
a plaintiff is required to show that its marks are valid and that a defendant’s use
of those marks is likely to cause consumer confusion.
In Ron Paul 2012 Presidential Campaign Comm., Inc. v. Does 1-10, 2012
U.S. Dist. LEXIS 30911 (N.D. Cal. Mar. 8, 2012), the defendants owned a
YouTube and Twitter account named “NHLiberty4Paul.” Under this
pseudonymous website, the defendants uploaded a video on YouTube entitled
“Jon Huntsman’s Values” that attacked the former Republican primary nominee
before concluding with the text: “American Values and Liberty—Vote Ron
Paul.” Shortly after the video’s release, the Ron Paul Campaign filed a complaint
asserting a claim for: (1) false designation of origin in violation of the Lanham
Act, (2) false description and representation in violation of the Lanham Act, and
(3) common law libel and defamation. The federal court denied the Paul
Campaign’s request for expedited discovery stating it had grave doubts

374

about whether the commercial use requirement for false designation was met.

§ 11-7. False Endorsement

To state a false endorsement claim, the plaintiff must allege facts that, if true,
would establish that his or her name was: (1) used in commerce, (2) is distinctive
and (3) a likelihood of confusion exists. The elements of a false endorsement
claim are akin to the tort of the right of publicity.
Section 43(a) of the Lanham Act covers a false or misleading
misrepresentation of fact, which “… is likely to cause confusion, or to cause
mistake, or to deceive as to the affiliation, connection, or association of such
person with another person, or as to the origin, sponsorship, or approval of his or
her goods, services, or commercial activities by another person.” 15 U.S.C. §
1125(a)(1)(A). A false endorsement claim requires allegations of an
unauthorized use of a celebrity’s identity and this includes their visual
characteristics, voice, or other distinctive qualities.

§ 11-8. Anticybersquatting Act of 1999

The Anticybersquatting Consumer Protection Act (ACPA) is the principal tool
used by trademark owners to reclaim domain names containing their trademarks
and trade names from cybersquatters. The ACPA, 15 U.S.C. § 1125(d), creates
civil liability for someone who registers, traffics in, or uses a domain name with
a bad faith intent to profit from the protected mark of another party. The ACPA,

375

which amended the Lanham Act, addresses the: (1) registration, use, or
trafficking in, a domain name, (2) that is identical or confusingly similar to a
distinctive or famous trademark, (3) with a bad-faith intent to profit from the
mark.
Cybersquatting is defined as the: “Offer to transfer, sell, or otherwise assign
the domain name to the mark owner or any third party for financial gain without
having used, or having an intent to use, the domain name in the bona fide
offering of any goods or services, or the person’s prior conduct indicating a
pattern of such conduct.” See Corsair Memory, Inc. v. Corsair7.com, 2008 WL
4820789 at *20 (N.D.Cal. Nov. 3, 2008) (noting that the “ACPA protects the
owner of a distinctive or famous trademark from another’s bad faith intent to
profit from the trademark owner’s mark by registering or using a domain name
which is identical or confusingly similar to, or dilutive of, the trademark owner’s
mark without regard to the goods or services of the parties.” 15 U.S.C. §
1125(d).
Under the ACPA, 15 U.S.C. § 1125(d), a person commits cybersquatting, if,
without regard to the goods or services of the parties, that person (i) has a bad
faith intent to profit from that mark, including a personal name which is
protected as a mark under this section; and (ii) registers, traffics in, or uses a
domain name that—(I) in the case of a mark that is distinctive at the time of
registration of the domain name, is identical or confusingly similar to that mark;
(II) in the case of a famous mark that is famous at the time of registration of the
domain name, is identical or confusingly similar to or

376

dilutive of that mark; or (III) is a protected trademark, word, or name. 15

U.S.C. § 1125(d).
(A) ELEMENTS OF ACPA CLAIMS
To prevail under the ACPA, a plaintiff must prove: “(1) its mark is distinctive
or famous and entitled to protection; (2) the defendant’s domain name is
identical or confusingly similar to the plaintiff’s mark; and (3) the defendant
registered or used the domain name with a bad faith intent to profit.” Bavaro
Palace, S.A. v. Vacation Tours, Inc., 203 F. App’x 252, 256 (11th Cir. 2006)
(citing Shields v. Zuccarini, 254 F.3d 476, 482 (3d Cir. 2001)).
The inquiry under the ACPA is “narrower than the traditional multifactor
likelihood of confusion test for trademark infringement.” Newport News
Holdings Corp. v. Virtual City Vision, 650 F.3d 423, 437 (4th Cir. 2011) (citing
Coca-Cola Co. v. Purdy, 382 F.3d 774, 783 (8th Cir. 2004)).
The ACPA provides that a court may order the cancellation of the domain
name or its transfer to the owner of the mark as remedy to the owner. See §
1125(d)(1)(C).The core element in a cybersquatting case is proof of a bad faith
intent to profit from a distinctive or famous mark. A trademark is famous only if
the owner can prove that the mark “is widely recognized by the general
consuming public of the United States as a designation of source of the goods or
services of the mark’s owner.” 15 U.S.C. § 1125(c)(2)(A).

377

The ACPA’s statutory purpose is to protect trademark holders from misuse of

domain names intending to “divert consumers from the mark owner’s online
location to a site accessible under the domain name that could harm the goodwill
represented by the mark, either for commercial gain or with the intent to tarnish
or disparage the mark, by creating a likelihood of confusion.” See 15 U.S.C. §
1125(d)(1)(B). The ACPA lists factors to assist courts in determining whether
there has been a registration of a domain name in bad faith.
(B) ACPA SAFE HARBOR
The ACPA recognizes a safe harbor provision for a defendant who acted in
good faith. If “the court determines that the person believed and had reasonable
grounds to believe that the use of the domain name was a fair use or otherwise
lawful,” then the defendant will not be held liable under the ACPA. 15 U.S.C. §
1125(d)(1)(B)(ii). In Panavision Int’l, L.P. v. Toeppen, 141 F.3d 1316 (9th Cir.
1998), Dennis Toeppen registered scores of domain names containing the
trademarks of famous companies, and then sought to sell them to the owners of
the marks for a profit. Toeppen posted an aerial vision of Pana, Illinois on the
website Panavision.com as a pre-textual gesture to try to prove legitimate use.
The federal court rejected this ploy finding Toeppen liable for
misappropriating the trademark of Panavision through his practice of registering
trademarks as domain names and then selling them to the trademark owners. The
court found that Dennis Toeppen registered the domain name

378

“panavision.com” in order to extort a ransom from Panavision.

Toeppen was using the domain panavision.com to display photographs of
Pana, Illinois and, when asked to cease using the domain name, he offered to sell
it for $13,000. After Panavision refused to buy the domain name from Toeppen,
he registered their other trademark, Panaflex, as a domain name. Because
Toeppen registered the “PANAVISION” mark as a domain name to palm off on
the recognition of the “PANAVISION” name and mark, the Ninth Circuit
determined that this misuse or exploitation of the value of the mark rose to the
level of commercial use under the Lanham Act, even though Toeppen never
used it to sell goods or services.
(C) IN REM JURISDICTION
The ACPA allows a trademark owner to file an in rem civil action against a
domain name and provides instructions on how to provide sufficient notice of
such an action. Specifically, the ACPA provides that service of process in an in
rem action may be accomplished by sending notice of the alleged violation and
intent to proceed under the ACPA to the registrant of the domain name at the
postal and e-mail addresses provided by the registrant to the registrar, and by
publishing notice of the action as the court may direct promptly after filing the
action. 15 U.S.C. § 1125(d)(2)(A) and (B).
Trademark owners may assert in rem jurisdiction only if the domain name is
confusingly similar or

379

identical to its mark and the abusive registrant is not locatable. A trademark
owner may proceed in personam against an infringer or, in certain
circumstances, in rem against the domain name only if they have exhausted
reasonable efforts to locate the bad faith registrant.
Trademark owners may seek an in rem remedy if the abusive domain name
registrant is not locatable despite a diligent effort to find him or her. An
illustrative case occurred in July of 2012 when a Virginia federal court ordered
VeriSign, an accredited domain name registrar, to transfer 265 “infringing
domain names” from VeriSign to Go Daddy.
The disputed domain names were registered in the name of Richemont
International, Ltd, but in fact, the registrants were based in China. The domain
names were being used to sell fake Mont Blanc pens, violating the pen
company’s famous trademarks. The court ordered that the domain names used in
selling knockoffs all be transferred to Mont Blanc.
The ACPA gives trademark owners the right to file an in rem action against
the domain name in the judicial district where the domain name registrar,
domain name registry, or other domain name authority registered or assigned the
domain name is located. See e.g., Cable News Network L.P., L.L.L.P. v.
cnnews.com, 162 F. Supp. 2d 484 (E.D. Va. 2001) (holding that plaintiff
properly perfected service under ACPA’s in rem service procedure in domain
name litigation).

380

(D) ACPA REMEDIES

Under the ACPA, plaintiff may elect as its measure of damages statutory
damages in the amount of not less than $1,000 and not more than $100,000 per
domain name, as the court considers just. 15 U.S.C. § 1117(d).

§ 11-9. Keyword Trademark Litigation

In keyword advertising cases such as Hearts on Fire Co. v. Blue Nile, Inc.,
603 F. Supp. 274 (D. Mass. 2009), the “likelihood of confusion is determined by
what the consumer saw on the screen and reasonably believed, given the
context.” In Hearts on Fire, a diamond wholesaler alleged that an Internet
diamond retailer infringed its trademark when it used the wholesaler’s trademark
as a keyword to trigger search engine advertisements known as “sponsored
links.”
The Massachusetts federal court determined that dismissal of the trademark
owner’s lawsuit was not warranted and found the purchase of trademarks to
trigger pop-up or banner advertisements to be use in commerce. The purchase of
the trademarked keyword to trigger sponsored links constituted a “use” within
the meaning of the Lanham Act because, on the facts of the case, a computer
user’s search for the trademarked phrase necessarily involved a display of that
trademark as part of the search-results list.
The court found the diamond wholesaler to have stated a claim for trademark
infringement, even where the Internet retailer’s sponsored links did not

381

display the protected mark. The court reasoned that the (1) initial interest
confusion could support a claim under the Lanham Act where the wholesaler
plausibly alleged that consumers were confused, and not simply diverted, and (2)
the wholesaler offered sufficient allegations to support its claim that consumers
were likely confused, and potentially misled, by the retailer’s use of the
trademark as a trigger for its sponsored links.
(A) THE MEANING OF USE IN COMMERCE
Many Internet-related cases turn on the element of “use in commerce,” which
is essential in a trademark infringement claim. In Intermatic Inc. v. Toeppen, 947
F. Supp. 1227 (N.D. Ill. 2006), the federal court held that the defendant’s use of
the Internet satisfied the “in commerce” requirement when the defendant
registered a domain name identical to the plaintiff’s trademark name and used it
on the Internet.
Commercial use, the third requirement of any trademark infringement lawsuit,
is a major obstacle especially where the use of the plaintiff’s trademark is
invisible. In more recent cases, the issue of commercial use often turns on
whether “use” of a trademark under the Lanham Act requires that the trademark
is displayed or visible to consumers. Many of the Internet-related commercial
use issues involve the question of whether covert use of trademarks by
advertisers constitutes “use in commerce under the Lanham Act.” In many of the
“covert use” cases, plaintiffs are unable to clear the use in commerce hurdle.

382

(B) KEYWORDS AND COMMERCIAL USE

Keywords “keyed” to famous trademarks that trigger pop-ups is an example of
the covert use of trademarks by online advertisers. The problem is that keywords
use a competitor’s trademark to tout the products and services of the competitor
rather than the keyworded trademark owner. Google “operates a program called
‘AdWords’ which allows advertisers to bid on advertising hyperlinks, also
known as “sponsored links,” that appear on an Internet user’s search results page
when the user has inputted certain keywords into Google’s search engine.” LBF
Travel, Inc. v. Fareportal, Inc., 2014 WL 5671853 at *2 (S.D. N.Y. Nov. 5,
2014). The LBF Travel court described how:
The sponsored link contains both an advertisement for the advertiser’s
business and a direct link that takes the Internet user directly to the
advertiser’s website when the user clicks on it. According to LBF, “[the]
‘sponsored links’ do not always clearly identify themselves as
advertisements, and Google’s layout of the ads does not conspicuously
identify them as such.” In particular, “[the] ads at the top of the search
results are designed by Google to look like part of the ‘non-sponsored’
search results, and by virtue of the fact that they appear at the top of the list
of Search Results, Internet users may infer that they are the most relevant
websites on the Search Results page.” Other search engines, such as Yahoo!
and Bing, offer similar SEM programs that typically “award the first
sponsored result

383

to the [advertiser] that has placed the highest bid on the keyword, i.e. the
[advertiser] that has agreed to the search engine operator the highest amount
each time an independent internet user takes a particular action (such as
searching a term or clicking on a link in the advertisement).
However, in recent years plaintiffs never prevail in competitive keyword cases
against Google and only have rare victories against competitors. Trademark
owners have filed multiple trademark infringement lawsuits against Google has
created the AdWords program, which, in effect, is a full-employment act for
trademark litigators. AdWords allows an advertiser to bid on keywords or terms
that an Internet user might enter into a Google search thereby triggering the
display of a sponsor’s advertisement. When a user enters a keyword, Google
displays the links generated by its own algorithm in the main part of the page,
along with the advertisements in a separate “sponsored links” section next to or
above the objective results. Trademark owners have filed multiple trademark
infringement lawsuits against Google and its customers arising out of the use of
the AdWords context-advertising program. None of these cases have been
successful in recent years.
A leading trademark scholar, views the issue as whether keyword placement is
unfairly “drawing [the] power and goodwill of these famous marks. The question
is whether this activity is fair competition or whether it is a form of unfair free
riding on the fame of well-known marks.” 4

384

MCCARTHY ON TRADEMARKS AND UNFAIR COMPETITION § 25–171 (4th ed.

2012). Eric Goldman summarizes the path of keyword law:
Keyword advertising using competitors’ trademarks is now so well-
accepted, it may be hard to remember that the practice used to generate
serious debate among lawyers and ethicists. In particular, the search engines
drew substantial legal fire from trademark owners for selling “their”
trademarks; at one point around 2010, I believe Google had about a dozen
simultaneously pending lawsuits.
Eric Goldman, (Forbes Cross-Post), TECHNOLOGY LAW & MARKETING BLOG
(June 8, 2015).
(1) 1-800 Contacts, Inc. v. WhenU.Com, Inc.

In 1-800 Contacts, Inc. v. WhenU.com, Inc., 414 F.3d 400 (2d Cir. 2005), the
Second Circuit reversed the district court’s issuance of a preliminary injunction
that enjoined WhenU.com from causing “pop up” advertisements to appear on
Internet user’s computer screens when they went to the 1–800 Contacts website
or each time a trademark is entered into a search engine.
The federal appeals court reasoned that WhenU.com’s use of 1–800 Contacts’
trademarks did not constitute “use in commerce,” a predicate for a finding of
trademark infringement under the Lanham Act. However, the plaintiff’s
trademark claim failed because WhenU.com’s pop-up ads did not actually
display the 1–800 Contacts’ trademark. The court found the defendant’s use of
the plaintiffs’

385

trademarks as “analogous to an individual’s private thoughts about a

trademark. Such conduct simply does not violate the Lanham Act.” The 1–800
Contacts case ended when the U.S. Supreme Court refused to accept the contact
maker’s writ of certiorari. Some courts have held that the use of keywords
satisfies the commercial use requirement of the Lanham Act.
(2) Rescuecom Corp. v. Google
In Rescuecom Corp. v. Google, 456 F. Supp. 2d 393 (2d Cir. 2009), the
Second Circuit held that Google used Rescuecom’s trademark in commerce
when Google sold keywords containing Rescuecom’s mark. Google used the
trademark in its Keyword Suggestion Tool, where it was suggested to potential
advertisers that the keyword was available for a fee. Thus, whenever an Internet
user typed “Rescuecom” as a search term, the competitor’s hyperlink appeared
linked to the competitors’ websites among the search results.
The court found Google’s use of Rescuecom’s trademark in a keyword did not
satisfy the “trademark use” requirement as it applies to 15 U.S.C. § 1051,
whereby it is necessary for establishing infringement and false origin actions.
Rescuecom was unable to establish “trademark use” because they could not
prove that: (1) any of the search results, except the links belonging to plaintiff,
displayed plaintiff’s trademark, that (2) defendant’s activities affected the
appearance or functionality of plaintiff’s website, or that (3)

386

defendant placed plaintiff’s trademark on any goods, containers, displays, or

advertisements.
(3) Google Keyword Cases

In Google, Inc. v. American Blind & Wallpaper Factory, Inc., 2007 WL

1848665 (N.D. Cal. 2007), the court found Google’s sale of trademarked terms
in its advertising program did constitute “use in commerce” for purposes of the
Lanham Act, and denied summary judgment to Google. In Rosetta Stone Ltd. v.
Google, Inc., 676 F.3d 144 (4th Cir. 2012), the Fourth Circuit affirmed the
district court’s order with respect to the vicarious infringement and unjust
enrichment claims, but vacated the court’s order with respect to the direct
infringement, contributory infringement and dilution claims and remanded these
claims for further proceeding.
In Network Automation, Inc. v. Advanced Systems Concepts, Inc., 638 F.3d
1137 (9th Cir. 2011), the Ninth Circuit ruled that Network Automation
Incorporated’s (Network) use of keywords incorporating Advanced System
Concepts (Systems) trademarks did not violate the Lanham Act. Network and
Systems were competitors, both selling job scheduling and management
software. Network purchased the keyword “ActiveBatch” from Google—
ActiveBatch being the name of the product produced by Systems.
When Internet users typed “ActiveBatch” into various search engines, a results
page was produced showing Network’s website as a sponsored link. The

387

Ninth Circuit court determined that the federal trial court was correct in
finding Network’s use of keywords to constitute the prerequisite “use in
commerce.”
Commercial use was found in Network’s use of System’s mark to purchase
keywords to advertise its products for sale on the Internet. Nevertheless, the
Ninth Circuit reversed the district court ruling that System was not entitled to an
injunction. The appellate court held that the district court did not apply the
Sleekcraft factors correctly and further that the lower court did not determine
whether there was a likelihood of confusion.

§ 11-10. Sponsored Banner Advertisements

Trademark infringement claims may be predicated upon the defendant’s use of
unidentified banner ads on the Internet user’s search page. Playboy, for example,
objected to a competitor’s ad appearing as a pop-up banner ad along the margin
of the search result when the searcher entered “Playboy” and/or “Playmate”—
both trademarked terms owned by Playboy. Playboy Enterprises v. Netscape
Communications Corp., 354 F.3d 1020 (9th Cir. 2004). The search engine
incorporated calibration keywords in its software application. The Playboy court
found the banner advertisements objectionable because they did not clearly
identify the sponsor of the ad, thereby creating a likelihood of confusion.

388

§ 11-11. Metatags
(A) INVISIBLE TRADEMARK VIOLATIONS
Some search engines index each discernible word on every web page, while
others index by metatags. A “metatag” is an invisible code in Hypertext Markup
Language (HTML) that describes the contents of a Web page. Trademark
owners file suit against individuals or companies that incorporated the metatags
of popular companies in their website to jump-start their page rank. The recent
trend is for courts to find that merely incorporating the plaintiff’s trademark in
invisible code does not demonstrate use in commerce.
Nevertheless, if a website uses metatags deceptively to misrepresent its sites,
courts will find liability for trademark infringement. A few courts continue to
find that use of a plaintiff’s trademark in metatags constitutes infringement.
(B) INITIAL INTEREST CONFUSION
Initial Interest Confusion (IIC) occurs on the Internet when a company creates
confusion “from the unauthorized use of trademarks to divert Internet traffic,
thereby capitalizing on a trademark holder’s goodwill.” Aust. Gold Inc. v.
Hatfield, 436 F.3d 1228 (10th Cir. 2006). IIC “… occurs when a customer is
lured to a product by the similarity of the mark, even if the customer realizes the
true source of the goods before the sale is consummated.” Initial interest
confusion is, in effect, a misappropriation of good will. What is important is

389

not the duration of the confusion; it is the misappropriation of goodwill. A

growing number of courts are skeptical about the continuing vitality of IIC.
Terri Welles graced the cover of Playboy in 1981 as the Playboy Playmate of
the Year. Playboy Enterprises International (PEI) challenged her use of the title
“Playboy Playmate of the Year 1981,” and her use of other trademarked terms
on her website. PEI contended that Welles infringed the following trademarked
terms on her website: (1) the terms “Playboy” and “Playmate” in the metatags of
the website, (2) the phrase “Playmate of the Year 1981” on the masthead of the
website, (3) the phrases “Playboy Playmate of the Year 1981” and “Playmate of
the Year 1981” on various banner ads, and (4) her repeated use of the
abbreviation “PMOY ’81” as the watermark on the pages of the website.
In Playboy Enterprises, Inc. v. Welles, 279 F.3d 796 (9th Cir. 2002), the Ninth
Circuit reversed a federal district court’s grant of a preliminary injunction that
restrained Welles from using the registered trademarks “Playboy” and
“Playmate” as metatags in her websites. Playboy sued Welles on various
theories, including a federal trademark dilution claim under the prior statute.
The appeals court determined that most of Welles’s use of “Playmate of the
Year” were nominative uses and, therefore, excepted from coverage. To use a
mark as a trademark, the defendant must attempt to identify the source of the
mark with the defendant itself. Trademark mention

390

is any other use of a mark, such as to refer to a particular product for purposes
of comparison, criticism, or point of reference.
The court found Welles’s use of the abbreviation “PMOY” on the wallpaper
of her site was not nominative, and, therefore was “not excepted from the anti-
dilution provisions.” In finding nominative use, the court ruled that Welles was
not trying to divert traffic from Playboy. A party raising the statutory affirmative
defense of nominative use to a claim of trademark infringement must prove she
is using the term fairly and in good faith and for description.

§ 11-12. Trademark Law Defenses

(A) NOMINATIVE FAIR USE
In order to assert a successful fair use defense to a trademark infringement
claim, the defendant must prove three elements: that the use was made (1) other
than as a mark, (2) in a descriptive sense, and (3) in good faith. 15 U.S.C. §
1115(b)(4). To qualify under nominative fair use, there are three requirements.
First, the product or service in question must not be readily identifiable without
use of the trademark. Second, the defendant may only use as much of the mark
as is reasonably necessary to identify the product or service. Third, the defendant
must not do anything in conjunction with the mark that would suggest
sponsorship or endorsement by the trademark holder.

391

The nominative fair use analysis allows a defendant to use the plaintiff’s mark
to describe the plaintiff’s product, so long as the goal is for the defendant to
describe her own product. A computer repair shop, for example, can advertise
that it fixes Dell laptops even though “Dell” is a registered trademark. In New
Kids On The Block v. News America Publishing, Inc., 971 F.2d 302 (9th Cir.
1992), the Ninth Circuit adopted a nominative fair use test in which the
defendant must prove that:
first, the product or service in question must be one not readily identifiable
without use of the trademark, second, only so much of the mark or marks
may be used as is reasonably necessary to identify the product or service,
and third, the user must do nothing that would, in conjunction with the
mark, suggest sponsorship or endorsement by the trademark holder.
Fair use also enables comparative advertising and the use of another’s
trademark in a manner such as the Pepsi Challenge that featured taste tests
between Coca-Cola and Pepsi in malls around the country in the 1980s.
(B) FIRST AMENDMENT IN CYBERSPACE
(1) Gripe Sites

Fan Sites, rogue sites, or grip sites that mention trademarks in the course of
criticizing companies are generally protected by the First Amendment unless a
court finds that those sites are deceptive, and create consumer confusion. Gripe
sites must

392

make it clear that they are not affiliated with trademarks. In Bihari v. Gross,
119 F. Supp. 2d 309 (S.D.N.Y. 2000), the court found that a “Gripe Site” that
was critical of the plaintiff’s interior design work did not violate Marianne
Bihari’s trademark because no reasonable consumer would believe that the
plaintiff or her company, Bihari Interiors, sponsored the site. The court also
found that the “Gripe Site” was not diverting users from the Bihari Interior site.
Companies will find it difficult to enjoin websites critical of their goods and
services, which have become ubiquitous on the Internet. In the early years of the
Internet, trademark owners often won lawsuits against domain name registrants
who incorporated their trade names or marks.
An early example of such a complaint occurs in, Bally Total Fitness Holding
Corp. v. Faber, 29 F. Supp. 2d 1161 (C.D. Cal. 1998), where a critic of the chain
of health clubs set up an anti-Bally website entitled, “Bally’s sucks” filed suit for
trademark dilution because the defendant was using its trademarks in an
unauthorized manner. The federal court in California granted summary judgment
in favor of Faber, reasoning, “no reasonable person would think Bally’s is
affiliated with or endorses [the anti-Bally site].” The court also found “fair use”
in the website’s use of Bally’s intellectual property.
In a UDRP proceeding, the domain name, AirFranceSucks.com, was
transferred to Air France but “the airline’s victory at arbitration was not without
controversy: panelists disagreed about what the word ‘sucks’ really means to
Internet users.”

393

Societé Air France v. Virtual Dates, Inc., Case No. D2005–0168 UDRP
2005).
(2) Lamparello v. Falwell

The Fourth Circuit found the FTDA applies only to a commercial use in
commerce of a mark, leaving no doubt, “that it did not intend for trademark laws
to impinge the First Amendment rights of critics and commentators.”
Lamparello v. Falwell, 420 F.3d 309 (4th Cir. 2005). In Lamparello, the Fourth
Circuit determined that Christopher Lamparello’s domain name,
www.fallwell.com, a website critical of Reverend Jerry Falwell and his views on
homosexuality, did not constitute cybersquatting. The appellate court reasoned
that Reverend Falwell was unable to show that Lamparello had a bad faith intent
to profit from his use of the fallwell.com domain name. Lamparello had not
engaged in the type of conduct described in the statutory factors as typifying the
bad faith intent to profit essential to a successful cybersquatting claim.
(C) TRADEMARK PARODIES
A parody is a “simple form of entertainment conveyed by juxtaposing the
irreverent representation of the trademark with the idealized image created by
the mark’s owners.” L.L. Bean, Inc. v. Drake Publishers, Inc., 811 F.2d 26 (1st
Cir. 1987). In Lyons Partnership v. Giannoulas, 179 F.3d 384 (5th Cir. 1999),
the Fifth Circuit ruled that the Ted Giannoulas creation of the sports mascot The
Famous Chicken stepping on a Barney lookalike constituted a parody protectable
by the First

394

Amendment of the U.S. Constitution. A parody makes a trademark the brunt

of its joke, or satirical message, and therefore does not infringe upon the
trademark.
In Louis Vuitton Mallettier S.A. v. Haute Diggity Dog, the Fourth Circuit ruled
that a “Chewy Vuiton” dog chew toy was a successful parody of the French
manufacturer’s luxury handbags and the “LOUIS VUITTON” marks and trade
dress used in marketing those handbags. To state a claim for trade dress
infringement, plaintiffs must show (1) their trade dress is primarily
nonfunctional; (2) the alleged infringement creates a likelihood of confusion;
and (3) the trade dress either is inherently distinctive or has acquired secondary
meaning. Lanham Act, § 43(a), 15 U.S.C. § 1125(a).
The Louis Vuitton court reasoned the “Chewy Vuiton” toy was obviously an
irreverent and intentional representation of the famous designer’s handbag. Louis
Vuitton Malletier, M.A. v. Haute Diggity Dog, 507 F.3d 252 (4th Cir. 2007). The
Louis Vuitton court found that the dog toy was not an “idealized image” of a
mark created by the manufacturer. Moreover, the toy’s name immediately
conveyed a joking and amusing parody by using something a dog would chew
on to poke fun at the elegance and exorbitance of the famous French designer’s
rather pricey handbags. The parody doctrine is not well developed outside the
United States.

395

(D) TRADEMARK LACHES

Laches is an equitable defense consisting of three elements (1) delay in
asserting one’s trademark rights, (2) lack of excuse for the delay, and (3) undue
prejudice to the alleged infringer caused by the delay. To avoid the equitable
defense of laches, or “sleeping on your rights,” trademark owners should
conduct public searches of social media and other websites. Non-generic, non-
misleading, genuine and continuous use of trademarks is necessary for
continuous protection. In cybersquatting cases, the trademark owner should not
wait too many years to file a complaint either in federal court or in a UDRP
dispute-resolution proceeding.

§ 11-13. False Advertising

To prevail in a Lanham Act false advertising case, the plaintiff must prove: (1)
the online advertisements of the defendant were false or misleading, (2) the
online ads deceived, or had the capacity to deceive website visitors, (3) the
deception had a material effect on purchasing decisions, (4) the misrepresented
product or service affects interstate commerce, and (5) the plaintiff has been, or
is likely to be, injured as a result of the false advertising. All states recognize
state false advertising claims as well. A court upheld a default judgment for false
advertising in Yelp v. Catron, 2014 WL 4966706 (N.D. Cal. Oct. 1, 2014). In
that case, a Yelp user offered to create paid reviews of businesses to post on the
‘Yelp’ website, in violation of the site’s terms of service.

396

“Catron used the Yelp Marks, without alteration, in connection with his
review-selling business without Yelp’s consent in a manner that is likely to
cause confusion, mistake, or to deceive. Catron sold Yelp reviews and
“displayed the Yelp Marks prominently on adblaze.com and BuyYelpReview.
com in connection with his business;” Yelp alleged trademark infringement,
unfair competition, dilution of a famous mark, and cybersquatting, in violation
of Lanham Act, and state law claims for unfair competition, false advertising,
breach of contract, and intentional interference with contractual relations. The
court found evidence supporting Yelp’s federal claims and state false advertising
claims also made him liable under California’s Unfair Competition Law.
“Typosquatting” is the practice of registering a domain name to benefit from
users who mistype a domain name. A classic example is the “typosquatter” who
registered domain names that employed misspellings of popular child oriented
websites. The typosquatter took advantage of children’s foreseeable misspellings
to receive a fee for each child’s clickstream. Typosquatters rely upon adult
Internet users mistyping domain names as well. Dotster, a domain name
registrar, registered the domain name “www.VulcanGolf.com,” which is a
period away from the domain name www.VulcanGolf.com. Vulcan Golf LLC v.
Google, Inc., 552 F. Supp. 2d 752, 760 (N.D. Ill. 2008).
Vulcan filed suit against Dotster claiming the defendant “intentionally
registered this domain name without the period after the ‘www,’ expecting

397

that a certain number of Internet users will mistype the name and will land on
the webpage.” Dotster was liable because it benefited from their blatantly
deceptive domain. Each time a user clicks on links or other online ads, Google,
the parking companies and domain name owners receive advertising revenue.
This is the business model for many commercial websites

§ 11-14. Domain Name Hijacking & Reverse Hijacking

Trademark hijacking is when a cybersquatter registers a domain name that is
identical or confusingly similar to a plaintiff’s trade name or trademark. In
contrast, a “reverse domain name hijacking” occurs when a cybersquatter or
person with no legitimate interest in a mark files a complaint against the domain
name registrant who does have a legitimate interest in the mark. Reverse
cybersquatting lawsuits are filed in order to extract a nuisance settlement. Under
the Lanham Act, “a domain name registrant who is aggrieved by an
overreaching trademark owner may commence an action to declare that the
domain name registration or use by the registrant is not unlawful under the
Lanham Act.” 15 U.S.C. § 1114(2)(D)(v).
To prevail on a reverse domain name hijacking claim under the Anti-
Cybersquatting Consumer Protection Act (ACPA), the plaintiff must show: (1)
that it is a domain name registrant; (2) that its domain name was suspended,
disabled, or transferred under a policy established by a registrar; (3) that the
owner of the mark that

398

prompted the domain name to be suspended, disabled, or transferred has

notice of the action by service or otherwise; and (4) that the plaintiff’s
registration or use of the domain name is not unlawful under the Act. 15 U.S.C.
§ 1114(2)(D)(v).
In Telemedia Network Inc. v. Sunshine Films, Inc., 2002 WL 31518870 (Cal.
Ct. App. 2d Dist. 2002), an adult entertainment company modified a domain
name to redirect traffic of a rival to its own website, a practice known as
“domain name hijacking.” The diversion of traffic occurred when customers
who were trying to access Sexnet found a website operated by Sunshine with no
content. Sunshine’s purpose was to raise revenue through deceptive means.

§ 11-15. Uniform Domain Name Resolution Policy

(A) OVERVIEW OF UDRP PROCEEDINGS
The World Intellectual Property Organization (WIPO) developed the Uniform
Domain Name Resolution Policy (UDRP) for the arbitration of domain name
disputes. WIPO is an agency of the United Nations that administers many
international treaties. WIPO, for example, entered into a cooperative agreement
with the World Trade Organization (WTO) in 1996.
WIPO’s UDRP policy and rules play a role in harmonizing IP law by
providing uniform remedies for trademark owners against cybersquatters and
other abusive domain name practices. In 2012

399

alone, trademark holders filed 2,884 cybersquatting cases covering 5,084

Internet domain names under procedures based on the Uniform Domain Name
Dispute Resolution Policy (UDRP). WIPO, WIPO Arbitration and Mediation
Center-2012 Review (2012). UDRP arbitral panels have the power to cancel or
transfer domain name registration. ICANN can also order such relief upon
receipt of an order from a court or arbitral tribunal. Nevertheless, UDRP panels
have no arbitral authority to award monetary damages, statutory damages, or any
other remedies typically other than the power to cancel or transfer domain
names.
The Lanham Act gives domain name registrants the right to challenge
Uniform Dispute Resolution Policy decisions that resulted in the suspension,
cancellation or transfer of their domain names. Section 1114(2)(D)(iv) provides
that if a registrar transfers a domain name based on a “knowing and material
misrepresentation” that a domain name is identical to, confusingly similar to, or
dilutive of a mark, the person making the misrepresentation shall be liable for
damages. 15 U.S.C. § 1114(2)(D)(iv).
(B) UDRP PROVIDERS
Under the UDRP, most types of trademark-based domain-name disputes are
resolvable by agreement, court action, or arbitration before a registrar will
cancel, suspend, or transfer a domain name. The UDRP arbitration panel decides
cases arising out of abusive registrations of domain names such as
cybersquatting. Under the UDRP’s expedited

400
proceedings, the owner of trademark rights files a complaint with an approved
dispute-resolution service provider.
UDRP panels are limited in what remedies they may impose. Panels may
order that a registrar cancel, transfer, or change a domain name registration but
have no authority to award monetary damages or attorney’s fees. The UDRP
rules have been adopted by ICANN and are incorporated by reference in every
new domain name registration. Jurisdiction is not an issue because the domain
name registrant has agreed in advance to submit to UDRP should a trademark
dispute arise.
(C) HOW THE UDRP WORKS
(1) Domain Name Registration

The year 1999 marked the release of the WIPO’s Uniform Dispute Resolution
Policy (UDRP). All ICANN-accredited registrars have adopted the UDRP.
Certain managers of country-code top-level domains (e.g., .nu, .tv, .ws) have
also adopted it. The UDRP policy provides trademark owners with an expedited
administrative procedure to resolve disputes over abusive practices such as
“cybersquatting,” “reverse cybersquatting”, and other abusive domain name
registration abuses.
A federal court described the three principal UDRP institutions key to
understanding the management of domain names:

401

First, companies called “registries” operate a database (or “registry”) for all
domain names within the scope of their authority. Second, companies called
“registrars” register domain names with registries on behalf of those who
own the names. Registrars maintain an ownership record for each domain
name they have registered with a registry. Action by a registrar is needed to
transfer ownership of a domain name from one registrant to another. Third,
individuals and companies called “registrants” own the domain names.
Registrants interact with the registrars, who in turn interact with the
registries. Office Depot Inc. v. Zuccarini, 2010 WL 5376380 (9th Cir.
2010).
Under the DNS, the registrant is the company or individual to whom the
domain name actually belongs. A website operator must signify an
administrative contact at the point of registration, who is a person authorized by
the registrant to make changes in the domain name. For example, the
administrative contact may transfer, cancel, or assign rights to the domain name.
Registrars are companies that register domain names and accredited by
ICANN. During the accreditation process, registrars agree to adhere to the
Uniform Domain Name Dispute Resolution Policy. ICANN posts a list of
Approved Dispute-Resolution Service Providers. In addition, to this Policy, there
are Rules for Uniform Domain Name Dispute Resolution Policy. Dispute-
Resolution service providers do the administrative work of

402

processing complaints, vetting arbitrators, and overseeing cases. Charges for

domain name registration are competitive, as little as $10.
Domain name registrants agree in advance to settle disputes with trademark
owners under the UDRP policy. “The Uniform Domain-Name Dispute
Resolution Policy (UDRP) has been adopted by ICANN-accredited registrars in
all gTLDs (.aero, .asia, .biz, .cat, .com, .coop, .info, .jobs, .mobi, .museum,
.name, .net, .org, .pro, .tel and .travel).” ICANN, UDRP Dispute Resolution
Policy (2012).
Domain name registrants agree to UDRP proceedings arising from alleged
abusive registrations of domain names—for example, cybersquatting—may be
initiated by a holder of trademark rights. In 2013, the ICANN will significantly
expand domain name space with internationalized domain names (IDNs) and
non-Latin characters such as Chinese, Cyrillic, and Arabic characters.
BLOOMBERG BNA, ELECTRONIC COMMERCE & LAW REPORT Keeping Up With the
Domain Name Explosion (Dec. 28, 2012).
Trademark owners will generally prevail under the UDRP if they can prove a
domain name is either identical or confusingly similar to their trademark or
service mark. Bad faith registrations may have their registration cancelled or
transferred to the true owner. The emblem of bad faith is when a registrant
obtains a domain name for the sole purpose of selling, renting, or transferring the
registration to the true owner for a profit, which is the classic test for
cybersquatting. Another test for

403
bad faith is whether the registrant registers the domain name to prevent the
true owners from using it.
(2) Liability of the Domain Name Registrars

The ACPA provides an immunity to domain name authorities, which includes

registrars, from damages claims “for the registration or maintenance of a domain
name for another absent a showing of bad faith intent to profit from such
registration or maintenance of the domain name.” 15 U.S.C. § 1114(2)(D)(iii). A
federal court in 1999 became the first to rule that a domain name registrar was
not liable for direct infringement or liable for dilution if it had not made
commercial use of the mark in its capacity as the sole and exclusive domain
name registrar.
Domain name registrars generally have no liability for direct, contributory, or
vicarious trademark infringement for accepting the registration of an Internet
domain name that is confusingly similar to a plaintiff’s service mark or
trademark. Domain name registries may not face liability for intellectual
property infringement, but may be liable for negligence, conversion, or other
torts, where they do not act reasonably.
In Academy of Motion Pictures Arts and Sciences v. GoDaddy.com, No. 2-10-
CV-03738 (C.D. Cal., June 21, 2013), a federal district court held that an
accredited domain name registrar was not entitled to ACPA immunity for its
“parked pages program.” This ad program enabled GoDaddy to share revenue

404

with its registrants. The court distinguished the “parked pages program” from
GoDaddy’s registrar function finding that the registrar was not entitled to
immunity because it used and trafficked in domain names.
(3) Appealing UDRP Decisions

The Lanham Act expressly permits registrants to challenge Uniform Dispute

Resolution Policy decisions that resulted in the suspension, cancellation or
transfer of their domain names. Section 1114(2)(D)(iv) (Subparagraph (iv))
provides that if a registrar transfers a domain name based on a “knowing and
material misrepresentation” that a domain name is identical to, confusingly
similar to, or dilutive of a mark, the person making the misrepresentation shall
be liable for damages.
§ 11-16. Types of UDRP Cases
The first WIPO UDRP proceeding was initiated in 2000 when the World
Wrestling Federation (WWF) submitted an electronic complaint to the World
Intellectual Property Organization’s Arbitration and Mediation Center in order to
gain control over the domain name www.worldwrestlingfederation.com. The
WIPO Panel ruled that the registrant of this domain name acted in bad faith
when it offered to sell the domain name to third parties for a significant profit.
The WIPO Panel decided the contested domain name was identical or
confusingly similar to the trademark and service mark in which the WWF had

405

rights. The WIPO panel transferred the disputed domain name to WWF, ruling
that the respondent had no legitimate rights in the domain name. Since this first
case, UDRP panels have decided tens of thousands of disputes between domain
name registrants and trademark owners.
Five paradigmatic categories of cases are typically decided by WIPO arbitral
panels in deciding whether a given domain name is “confusingly similar” to a
trademark: (1) cases where the domain name and trademark are wholly identical,
or, in cases where the trademark owner has a registered domain name, the
generic Top-Level Domain (gTLD) might be different, (2) cases where a
registrant’s domain name incorporates the surname of a celebrity, (3) cases
where a generic or descriptive word has been added to the trademark (such as
“my,” “direct,” or “e-”, (4) cases where anti-corporate websites append the word
“sucks” at the end of trade names, and (5) typosquatting cases where the domain
name registrant relies on Internet users mistyping famous trademark names.
(A) INCORPORATING ANOTHER’S TRADEMARK
The classic illustration of incorporating another’s trademark in a domain name
was Playboy Enterprises International, Inc. v. Good Samaritan Program,
D2001–0241 (WIPO, 2001). In this WIPO case, Playboy magazine founder and
complainant in the case, Hugh M. Hefner, objected to Good Samaritan’s
registration of the domain name “hughhefner.com” with BulkRegister, a domain
name

406
registry. Playboy Enterprises, which holds the trademark “Hugh M. Hefner,”
met the three elements of UDRP Policy 4(A) because: (1) Good Samaritan’s
domain name was identical to Playboy’s trademarks, (2) Good Samaritan had no
rights or legitimate interests in the domain name, and (3) Good Samaritan’s
domain name was registered and was used in bad faith.
The UDRP panel decided the case on the complaint given compelling
evidence Good Samaritan was a cybersquatter. The panel found it appears from
Good Samaritan’s own statements that it sought substantial consideration in the
form of celebrity endorsement or linkage to successful commercial websites in
return for its services. The UDRP panel concluded, “Good Samaritan registered
‘hughhefner.com’ for the purpose of transferring it to Playboy in return for
valuable consideration in excess of its costs directly related to the domain
name.”
(B) COMMON LAW TM RIGHTS OF CELEBRITIES
The USPTO maintains a database of trademarks. The complainant must prove
common law rights if the trademark or service mark is not registered. A
celebrity’s name alone is not protected under the UDRP or the common law. The
sine qua non of common law rights is that the personal name is a source of
goods or services. The purpose of trademark law is to protect consumers by
providing accurate product identification. Kevin Spacey, for example, has
common law rights in his name because he uses his name as a trademark as a
way of identifying his

407

performances. A single cybersquatter took advantage of the goodwill in the

names of well-known personalities by registering domain names that contained
the names of celebrities.
UDRP panels ruled against the cybersquatter who registered Kevin Spacey’s
name, as well as domain names containing the names of other well-known
celebrities including Larry King, Pierce Brosnan, Celine Dion, Pamela
Anderson, Carmen Electra, Michael Crichton, and Julie Brown. UDRP panels
typically refuse to transfer or cancel domain name registrations of surnames
unless the plaintiff proves he or she has common law rights or that their name
has a secondary meaning in the marketplace.
(C) APPENDING DESCRIPTIVE OR GENERIC WORDS
Cybersquatting registrants with no rights to famous trademarks palm off on
their goodwill by simply adding one or more generic or descriptive words to the
celebrity or company’s name. A UDRP panel is likely to find a domain name
confusingly similar when it is used in the same industry as a well-known
trademark, as with “statefarm-claims help.com.” However, in Safeguard
Operations LLC v. Safeguard Storage, NAF Case No. FA0604000672431 (NAF
2006), the NAF panel ruled the respondent had a legitimate interest in the
domain name “safeguard-storage.com” because of the preparations it undertook
to operate a self-storage business under the name “Safeguard Storage” before
receiving notice of the instant domain name dispute.

408

As a result, the UDRP panel refused to direct the respondent to transfer the
disputed domain to Complainant Safeguard Operations LLC, owner of several
federally registered trademarks containing the word “Safeguard,” which marks
its uses in connection with its operation of self-storage facilities.
(D) ANTI-CORPORATE WEBSITES
Companies seeking to shut down gripe sites are far more likely to find success
through the UDRP panels than in the U.S. federal courts, which often refuse to
enjoin gripe sites because of the First Amendment. The fourth category of
UDRP cases deal with complaint sites, a.k.a. “sucks” domain names (i.e., names
with the complainant’s trademark and a negative term such as “sucks”). Most
panels facing the issue have found such domain names are confusingly similar to
the complainants’ marks.
A UDRP panel found that that the domain name Radioshacksucks.com was
pointing to a website with various pay-per-click links that were mainly aimed at
directing visitors to competing third party commercial websites. The Panel ruled
in favor of Radio Shack and transferred the name. In one case, the “sucks” site
was found to be confusingly similar to the complainant’s mark because a search
engine would bring up the “sucks” site when the mark itself was entered as a
search term.
UDRP panels distinguish between complaint websites expressing feelings
about products and services, and those constructed for the sole purpose of
extorting money from the trademark owners. Rather

409

than asking whether the domain name causes confusion as to source, the panel
should compare the domain name and the mark for similarity. Other panels have
noted that many Internet users do not speak English or do not know the word
“sucks.” Ultimately, these panels have held domain names adding the word
“sucks” to a trademark of another company was confusingly similar to the mark
incorporated. A minority of panels have ruled “sucks” sites are not confusingly
similar.
(E) UDRP TYPOSQUATTING
The fifth paradigmatic UDRP case is the “typosquatting” case, i.e., where one
letter in a well-known brand is replaced with another letter in order to direct
traffic to the typosquatter’s website. UDRP panels generally disfavor such
strategies, especially when evidenced by bad faith. In Toronto-Dominion Bank v.
Karpachev, WIPO Case No. D2000–1571 (WIPO 2001), the WIPO panel
concluded the domain name “tdwatergouse.com” was confusingly similar to the
TD WATERHOUSE mark.
John Zuccarini, a recidivist typosquatter, was the respondent in Six Continents
Hotels, Inc. v. John Zuccarini, Case D2003–D5009 (WIPO 2003). The WIPO
panel found that Zuccarini acted in bad faith, and transferred the domain name
“hoildayinn.com” to the owner of the Holiday Inn hotel chain.

410

(F) UDRP PANELS V. DOMAIN NAME LITIGATION

U.S. trademark owners have a choice as to whether to file federal trademark
lawsuits under the ACPA or pursue UDRP remedies. The advantage of the
UDRP is speed and low expense. Trademark litigation may cost hundreds of
thousands of dollars and take years to complete the appellate process. UDRP
panels, in contrast, make decisions in a few weeks and there is no appeals
process. However, UDRP panels have no power to award damages, attorneys’
fees, or costs.
Another advantage of the UDRP is that every domain name registrant is
subject to its jurisdiction, whereas a plaintiff will need to demonstrate minimum
contacts to hale a defendant into federal court. In many instances, a trademark
owner is only seeking transfer or termination of the domain name, which can be
accomplished more efficiently under the UDRP.

§ 11-17. Global Trademark Issues

(A) GLOBAL E-BUSINESS CONCERNS
It is now difficult to imagine the contours of trademark infringement without
considering new methods of infringement enabled by bandwidth, browsers, and
digital data. Beginning in the mid-1990s, entrepreneurs registered thousands of
domain names containing the trademarks of famous companies in the hopes of
selling them back for a ransom price. In the past two decades, global

411

trademark law has been reworked to address challenges posed by domain

names and cybersquatting. The UDRP rules for deciding domain name disputes
are drafted to bridge disparate legal cultures and thus help resolve disputes that
cross national borders. Without Internet websites, no court would need to decide
issues such as whether a pop-up ad infringed a company’s trademark or
constituted an unfair business practice in cyberspace.
Lawyers representing information-based companies must make difficult
decisions to determine where to seek protection. Trademarks, by their very
nature, are symbols and often language-based signifiers. Lawyers seeking
trademark protection in foreign countries must consider translation challenges
“particularly where multiple language may be spoken within a particular nation.”
JOHN CROSS, ET AL., GLOBAL ISSUES IN INTELLECTUAL PROPERTY LAW 162 (2010).
Trademark law has been harmonized but there are still differences in how a
company obtains trademark rights. U.S. trademark protection tends to be broader
than in Europe giving protection to “nontraditional marks such as colors, smells,
sounds, and taste.”
413
CHAPTER 12
TRADE SECRETS IN CYBERSPACE

Once an individual or company has revealed a trade secret on the Internet, it is

reasonably certain that it can no longer be classified as a trade secret. “A trade
secret once lost, is lost forever, its loss cannot be measured in money damages.”
Earthweb v. Schlack, 71 F. Supp. 2d 299 (S.D. N.Y. 1999). In contrast to other
branches of intellectual property, the state law of torts protects trade secrets.
“Trade secrets are also fundamentally different from other forms of property in
that the owner of a trade secret must take reasonable measures under the
circumstances to keep the information confidential.” 18 U.S.C. § 1839(3)(A).
This chapter examines Internet-related trade secret issues. Trade secrets are
perilous in a networked world, where intangible assets may be lost at the click of
a mouse.

§ 12-1. What Trade Secrets Are

Common law courts conceptualized trade secret misappropriation as a
business tort. Increasingly, the states have enacted the Uniform Trade Secrets
Act (UTSA), which is a state statute that displaces the common law. Today,
trade secrets are classified as the fourth branch of intellectual property (IP) law,
whether based upon either a contract or tort theory, and are covered by state
rather than federal law. Trade secrets are neither patentable nor subject to
copyright because these other forms of intellectual property mandate disclosure.
Disclosure

414

is the death knell for a trade secret, destroying its emblematic feature of
secrecy.
In Wayburn Digital Media, Inc. v. Drop Zone Digital Media LLC, No.
112109895, 2013 WL 3835973 (Wash. Super. Feb. 1, 2013), a state court found
that a licensee of a digital ad media network was not excused from the breach of
a non-compete provision. However, client lists, marketing materials, and
licensing information posted on a website were not classifiable as trade secrets
under the state’s Uniform Trade Secrets Act. This type of information was
available on the Internet and therefore was not protectable. See also, Lifetouch
Church Directories & Portraits v. Ingalsbe, No. 14SC626, 2013 WL 5508454
(Colo. Dist. Ct. Mar. 12, 2013) (noting plaintiffs’ failure to prove information
available on the Internet was a trade secret).
In Warehouse Solutions v. Integrated Logistics (ILL), No. 09-CV-5771 (JLL),
2015 WL 2151757 (11th Cir. May 15, 2015), the Eleventh Circuit affirmed a
district court order that the look and feel of password-protected software outputs
did not qualify for trade secrets protection under Georgia’s UTSA. Lebovich
developed Intelligent Audit, “a web-based program that interfaces with UPS and
FedEx tracking systems to allow companies to track their packages and collect
funds for late or missing packages.” Lebovich hired Scott Langley and his
company to help sell the Intelligent Audit program. Langley received a 20%
interest in the software in return for his services. The defendant, ILL, hired
Platinum Circles Technologies (Platinum) to develop

415

its own web-based tracking program that was visually and functionally similar
to Intelligent Audit. ILL gave Platinum a user ID and password to log onto the
Intelligent Audit program. “WSI alleged that Intelligent Audit was a trade secret
that ILL had misappropriated by creating a functionally identical program.” The
court found problems with this contention:
ILL contended that it only had access to the program’s visible output, which
does not constitute a trade secret, and, in any event, WSI failed to protect
the program’s secrecy. WSI argued that it took all reasonable means to
prevent disclosure of its complicated software program, including the use of
technologically-advanced password protection and encryption and end-user
confidentiality provisions.

§ 12-2. Trade Secrets Governed by State Law

Trade secrets were originally a tort of misappropriation governed by the
Restatement (First) of Torts, § 757. A prevailing plaintiff must prove four things
in a misappropriation case: (1) the plaintiff must have invested time, money, or
effort to extract the information, (2) the defendant must have appropriated the
information without a similar investment, and (3) the plaintiff must have
suffered a competitive injury because of the taking.
In all but a few states, the Uniform Trade Secrets Act (UTSA) provides that a
trade secret includes “a formula, pattern, compilation, program, device,

416

method, technique, or process, that: (1) Derives independent economic value,

actual or potential, from not being generally known to the public or to other
persons who can obtain economic value from its disclosure or use, and (2) Is the
subject of efforts that are reasonable under the circumstances to maintain its
secrecy.” “Reasonable efforts” can include advising employees of the existence
of a trade secret, limiting access to the information on a “need to know basis,”
and requiring employees to sign confidentiality agreements, MAI Sys. Corp. v.
Peak Computer, 991 F.2d 511, 521 (9th Cir. 1993).
UTSA is a Model Statute, drafted by the National Conference of
Commissioners on Uniform State Law (NCCUSL), in order to update and
harmonize the law concerning the misappropriation of trade secrets. As of
October 1, 2015, only Massachusetts, New Jersey, and Texas are the holdout
jurisdictions that have not yet enacted UTSA. The few states that have yet to
adopt UTSA often turn to the Restatement (First) or the Restatement of the Law
(Third) of Unfair Competition for guidance. States that have adopted UTSA also
turn to the Restatement (Third) of Unfair Competition for guidance in
interpreting UTSA. See Religious Tech. Ctr. v. Netcom On-Line Communic.
Servs. Inc., 923 F. Supp. 1231, 1250 n. 21 (N.D. Cal. 1995).
(A) UTSA’S DEFINITION OF SECRECY
Secrecy is the principal issue in most trade secret litigation. Courts consider
six factors in determining whether confidential information constitutes a trade

417

secret: (1) the extent to which the information is known outside the business,
(2) the extent to which it is known to those inside the business, i.e., by the
employees, (3) the precautions taken by the holder of the trade secret to guard
the secrecy of the information, (4) the savings effected and the value to the
holder in having the information as against competitors, (5) the amount of effort
or money expended in obtaining and developing the information, and (6) the
amount of time and expense it would take for others to acquire and duplicate the
information. State ex rel. The Plain Dealer v. Ohio Dept. of Ins., 687 N.E.2d 661
(Ohio 1997). A trade owner must employ reasonable methods to protect trade
secrets. See e.g., Pioneer Hi-Bred Int’l v. Holden Found Seeds, 35 F.3d 1226,
1235 (8th Cir. 1994).
(B) UTSA MISAPPROPRIATION ACTION
Misappropriation means using “improper means” or acquiring it from
someone who has acquired it through “improper means.” To state a claim for
misappropriation of trade secrets under the Uniform Trade Secrets Act, a
plaintiff must allege that: (1) the plaintiff owned a trade secret, (2) the defendant
misappropriated the trade secret, and (3) the defendant’s actions damaged the
plaintiff.
(C) REASONABLE MEANS TO PROTECT SECRETS
Trade secret laws require companies to take reasonable steps to prevent public
disclosure.

418

Accidental or other public disclosure of a trade secret destroys its status as a

trade secret. Trade secrets in software derive their economic values from their
secrecy. For example, trade secret protection lasts indefinitely so long as the
software vendor is able to keep its source code secret. At a minimum, an Internet
company must label source code, plans, and other documents with a legend that
proclaims these materials are confidential and proprietary.
(1) Nondisclosure Agreements

Licensors will typically enter into nondisclosure agreements (NDAs) with

their employees, consultants, and joint ventures, as a reasonable means of
protecting software code. An NDA is a contractual arrangement that requires a
recipient of confidential information to keep that information secret. When the
software maker is developing customized software or building a specialized
company website, counsel will typically draft NDAs that bind any employees,
consultants, customers, or other third parties privy to sensitive information.
In April of 2009, a Rhode Island jury ruled that Microsoft should pay Uniloc
USA and Singapore $388 million in damages for patent infringement arising out
of a breached NDA. This case arose out of Microsoft’s study of Uniloc’s product
activation software because of its piracy problem. Uniloc had a § 216 patent for
a registration system that required the user to enter an identification code on the
client’s computer that matched the server side for

419

the software to be activated. The court ruled that Microsoft breached the NDA
and violated Uniloc’s patent in producing software by relying on the patent. This
case illustrates one of the multiple functions of NDAs; for example, properly
drafted NDAs can protect patents.
Typically, the nondisclosure agreement will stipulate that the customers,
without the developer’s prior written consent, cannot disclose trade secrets.
Therefore, software developers and their customers will enter into mutual
nondisclosure agreements because the developer will typically have access to its
customer’s intellectual property when configuring or customizing software.
Courts will typically determine the enforceability of nondisclosure agreements
by asking a series of questions:
(1) Is the restraint, from the standpoint of the employer, reasonable in the
sense that it is no greater than is necessary to protect the employer in some
legitimate business interest? (2) From the standpoint of the employee, is the
restraint reasonable in the sense that it is not unduly harsh and oppressive in
curtailing his legitimate efforts to earn a livelihood? (3) Is the restraint
reasonable from the standpoint of a sound public policy? Decision Insights,
Inc. v. Sentia Group, Inc., No. 07-1596, 2009 WL 367585 (4th Cir. 2009).

420

(2) Idea Submission Policies

Florida joins the growing number of states that recognize a common law
action for idea misappropriation, but it requires a showing of confidentiality and
novelty. Information-based businesses will often adopt idea submission policies
to avoid conflicts concerning ownership or interests in intellectual property
rights. Idea submission policies are terms of service when customers, employees,
or third parties submit ideas to the company. One of the chief purposes of an
idea submission policy is to avoid disputes over whether the company
misappropriated or disclosed a trade secret. Apple’s Idea Submission Policy
notes that it “does not accept or consider unsolicited ideas, including ideas for
new advertising campaigns, new promotions, new or improved products or
technologies, product enhancements, processes, materials, marketing plans or
new product names.” Apple’s prohibition against the submission of unauthorized
ideas seeks to prevent litigation over the source of ideas about Apple’s products
or marketing strategies.
(D) UNIFORM TRADE SECRET ACT REMEDIES
The UTSA provides a broad range of remedies, including: preliminary
injunctive relief, monetary damages, lost profits, consequential damages, lost
royalties, attorney’s fees, and punitive damages. A plaintiff will often seek
injunctive relief if they suspect that former employees are violating or about to
violate NDAs. Courts may enjoin actual or

421

threatened misappropriation of trade secrets. Trade secret owners may claim a

reasonable royalty for the loss of revenue attributable to the misappropriation of
a trade secret. UTSA, § 4 states that attorney’s fees may be recoverable where a
claim of misappropriation is made in bad faith, a motion to terminate an
injunction is made or resisted in bad faith, or willful and malicious
misappropriation exists. Section 3 of UTSA also gives the court the power to
award “exemplary damages in an amount not exceeding twice any award,” upon
a finding of “willful and malicious misappropriation.” Section 6 of the UTSA
statute of limitations states that aggrieved parties may seek relief within three
years after the owner discovers the misappropriation or should have discovered
it.
(E) DEFENSES IN UTSA LITIGATION
(1) Reverse Engineering
In the anti-reverse engineering clause, a customer will be in breach of the
license agreement if it discloses, decompiles, disassembles, or reverse engineers
licensed software. In Mid-Michigan Computer Sys. v. Marc Glassman Inc., 416
F.2d 505 (6th Cir. 2005), the Sixth Circuit upheld a $2 million compensatory
damages award and a $5 million punitive damages award against a licensee that
secretly copied source code from its licensor. The licensor entered into a license
agreement with the defendant to maintain prescription and billing records for
customers. The parties also entered into a Source Code Agreement, which
provided that
422

defendant would access the escrowed source code only in certain specified
emergencies.
The evidence at trial showed that defendant secretly copied software that was
then used to reconstruct the plaintiff’s source code. Such activity helped save
research and manufacturing resources in developing the software that would
ultimately replace the plaintiff’s pharmacy software. Thus, while reverse
engineering is proper, the acquisition of the known product must, of course, also
be by fair and honest means to be lawful. UTSA § 1, cmt. 2.
The Reporters for the ALI’s Principles of the Law of Software Contracts,
discussed in Chapter 4, acknowledge that anti-reverse engineering clauses are
“troublesome terms.” European courts would not likely enforce clauses that
prohibited reverse engineering to achieve interoperability because of the
Software Directive. In Europe, all users of software have a right to reverse
engineer code to achieve interoperability of computer programs under the
Software Directive adopted in 1991.
(2) First Amendment Defenses

In recent years, U.S. courts have ruled that the tort of misappropriation must
give way to the First Amendment. The First Amendment of the U.S.
Constitution protected a website operator’s posting of DeCSS, which enabled
users to evade the “content scramble system” that both encrypts DVDs and
prevents their unauthorized use and duplication. The California appellate court
ruled that because the DeCSS that the website operator posted was

423

already public knowledge, the defendant could not be liable for

misappropriation since there was no trade secret. DVD Copy Control Ass’n, Inc.
v. Bunner, 10 Cal. Rptr. 3d 185 (C. App. 2004). In Ford Motor Co. v. Lane, 67
F. Supp. 2d 745 (E.D. Mich. 1999), the federal court denied a motion for a
preliminary injunction to prevent Lane from disclosing alleged trade secrets on
the Internet because the proposed injunction would “constitute an invalid prior
restraint of free speech in violation of the First Amendment.”

§ 12-3. Restatement (First) of Torts

The First Restatement of Torts defines a trade secret as “any formula, pattern,
device, or compilation of information which is used in one’s business, and which
gives him an opportunity to get an advantage over competitors who do not know
or use it.” RESTATEMENT (FIRST) OF TORTS § 757. Massachusetts, New York,
Texas, and the District of Columbia continue to follow the Restatement of Torts’
approach to trade secrets and have yet to adopt UTSA. Trade secret
misappropriation evolved as a tort and the Restatement (First) of Torts, 757–758
(1939) was followed by most states until the UTSA swept the country.
The definition of a trade secret under Section 757 of the Restatement is based
in part “upon the ease or difficult with which the information could be properly
acquired or duplicated by others.” RESTATEMENT (FIRST) OF TORTS § 757, cmt. b.

424

§ 12-4. Internet-Related Misappropriation

To prevail on a trade secret claim, a plaintiff must show that (1) the
misappropriated information constitutes a trade secret, (2) the defendant “used”
the trade secret, and (3) the plaintiff was actually damaged by the
misappropriation or the defendant was unjustly enriched by such
misappropriation and use. The secrecy need not be absolute; the owner of a trade
secret, without losing protection, may disclose to a licensee, if the express or
implied disclosure is made in confidence.
The UTSA provides that one may demonstrate misappropriation by alleging
the “[a]cquisition of a trade secret of another by a person who knows or has
reason to know that the trade secret was acquired by improper means.”
Dealertrack, Inc. v. Huber, 460 F. Supp. 2d 1177 (C.D. Cal. 2006). The plaintiff
must establish that a trade secret has value. In United States v. Greenwald, 479
F.2d 320 (6th Cir.), cert. denied, 414 U.S. 854 (1973), the Sixth Circuit held that
the value of the misappropriated trade secret could be established from the
“viable, albeit limited” market among chemical companies from the type of
formulae misappropriated, from licensing agreements, or from sales for the
chemical formulae that were misappropriated.
A fact finder will calculate damages in a misappropriation case by several
methods. First, damages may be computed by the plaintiff’s losses including the
cost of developing the trade secret. A

425
425

second approach is to determine damages based upon a plaintiff’s lost profits.

If the first two methods do not adequately compensate the plaintiff, a court
may award reasonable royalties. In re Cross Media Mktg. Corp. v. Nixon, 2006
WL 2337177 (S.D. N.Y. 2006). The first online trade secret cases arose out of
the Church of Scientology’s lawsuit to enjoin further electronic distribution of its
secret church doctrine. A California federal court said, “posting works to the
Internet makes them ‘generally known,’ at least to the relevant people interested
in the news group.” Religious Technology Center v. Netcom, 907 F. Supp. 1361
(N.D. Cal. 1995).
In the Internet economy, employees are highly mobile. Courts often balance
the employees’ right to work against the employer’s right to protect trade
secrets. In Cellular Accessories for Less v. Trinitat LLC, No. CV 12-06736,
2014 WL 4627090 (C. D. Cal. Nov. 15, 2014), Cellular Accessories fired its
employee, who worked in the mobile phone accessories field for them from
2004 to 2010. The ex-employee started his own firm, Trinitat, selling phone
accessories. Cellular Accessories alleged that its ex-employee violated UTSA by
allowing LinkedIn contacts to see the names of other contacts.
Cellular Accessories alleged that its former employee violated UTSA when he
emailed himself a digital file with over 900 business and personal contacts and a
separate file with client billing preferences and past pricing requests. The court

426

refused to enter summary judgment on behalf of the defendant and let the
trade secret case proceed.
In DoubleClick, Inc. v. Henderson, No. 116914/97, 1997 WL 731413 (N.Y.
Sup. Ct. 2007), several employees planned to leave the Internet advertising
mogul in order to start a dot-com startup. DoubleClick confiscated one of the
employee’s laptops and found information on the hard drive, including emails
and future business plans that suggested he was engaged in economic espionage.
DoubleClick summarily fired the employees and sought an injunction to enjoin
them from sharing trade secrets with competitors.
The ex-employees argued that much of the information DoubleClick classified
as trade secrets was already public because they displayed it on the online
company’s website. The DoubleClick court found there was evidence that the
ex-employees intended to use the acquired trade secrets to advise Alta Vista,
DoubleClick’s largest client. The court, however, refused to enjoin the ex-
employees for the one-year period sought by DoubleClick, noting it was too long
in the ever-evolving Internet advertising industry. The court limited the
injunction to six months.

§ 12-5. Trade Secrets in a Global Internet

Congress enacted the Economic Espionage Act (EEA) in 1996 to criminalize
the misappropriation of trade secrets. In 2015, Congress is considering
federalizing trade secret law by recognizing civil liability for the EEA. By
allowing the victims of

427

trade secret misappropriation to seek civil damages, amendments to the EEA

would create a federal civil cause of action for trade secret theft. Jason C.
Schwartz, et al., 2014 Trade Secrets Litigation, Roundup, BLOOMBERG BNA:
COMPUTER TECHNOLOGY LAW REPORT (Jan. 16, 2015).
The impact of the EEA has been underwhelming in the face of growing cross-
border espionage. Cyberspace—where most business activity and development
of new ideas now takes place—amplifies these threats “by making it possible for
malicious actors, whether they are corrupted insiders or foreign intelligence
services (FIS), to quickly steal and transfer massive quantities of data while
remaining anonymous and hard to detect.” The Office of the National
Counterintelligence Executive (ONCIX), Foreign Spies Stealing U.S. Economic
Secrets in Cyberspace, November 2011, at Executive Summary.
“Cyberspace is a unique complement to the espionage environment because it
provides foreign collectors with relative anonymity, facilitates the transfer of a
vast amount of information, and makes it more difficult for victims and
governments to assign blame by masking geographic locations.” The Office of
the National Counterintelligence Executive (ONCIX), Foreign Spies Stealing
U.S. Economic Secrets In Cyberspace, November 2011, at 1. The ONCIX
Report explains how the digital environment makes trade secret theft more
likely:
Today, nearly all business records, research results, and other sensitive
economic data are

428

digitized and accessible on networks worldwide. Cyber collection can take

many forms, including: simple visits to a US company’s website for the
collection of openly available information; a corporate insider’s
downloading of proprietary information onto a thumb drive at the behest of
a foreign rival; or intrusions launched by FIS (foreign intelligence service)
or other actors against the computer networks of a private company, federal
agency, or an individual.
In 2013, President Barack Obama announced his strategy for mitigating the
global problem of trade secret misappropriation:
First, we will increase our diplomatic engagement. Specifically, we will
convey our concerns to countries where there are high incidents of trade
secret theft with coordinated and sustained messages from the most senior
levels of the Administration. We will build coalitions with countries that
share our concerns to support our efforts. We will urge foreign law
enforcement to do more. Moreover, we will use our trade policy tools to
press other governments for better protection and enforcement.
Second, we will support industry-led efforts to develop best practices to
protect trade secrets and encourage companies to share with each other best
practices that can mitigate the risk of trade secret theft.

429

Third, DOJ will continue to make the investigation and prosecution of trade
secret theft by foreign competitors and foreign governments a top priority.
Additionally, the FBI and the intelligence community will provide warnings
and threat assessments to the private sector on information and technology
that are being targeted for theft by foreign competitors and foreign
governments.
Fourth, President Obama recently signed two pieces of legislation that will
improve enforcement against trade secret theft. But we need to continue to
make sure our laws are as effective as possible. So, moving forward, we
will conduct a review of our laws to determine if further changes are needed
to enhance enforcement. If changes are necessary, we will work with
Congress to make those changes lasting and comprehensive. Lastly, we will
increase public awareness of the threats and risks to the U.S. economy
posed by trade secret theft.
White House Briefing, Launch of the Administration’s Strategy to Mitigate the
Theft of U.S. Trade Secrets (Feb. 20, 2013).
In 2012, the Justice Department launched a high profile EEA prosecution
against a Chinese company that was, in fact, an operation of the Chinese
Government. “Mandiant published a report finding that the government of the
People’s Republic of China (PRC) is sponsoring cyber-espionage to attack top
U.S. companies.” Robert B. Milligan & Daniel P.

430

Hart, Top 10 Developments/Headlines in Trade Secret, Computer Fraud, and

Non-Compete Law in 2014 (Jan. 6, 2014). “Chinese actors are the world’s most
active and persistent perpetrators of economic espionage. US private sector firms
and cybersecurity specialists have reported an onslaught of computer network
intrusions that have originated in China.”
The Office of the National Counterintelligence Executive (ONCIX) Report
also noted: “Russia’s intelligence services are conducting a range of activities to
collect economic information and technology from U.S. targets. The ONCIX
Report notes that the EEA distinguishes between economic espionage (foreign
actor defendant) and industrial espionage (domestic defendant:
The Economic Espionage Act defines economic espionage when an actor,
knowing or intending that his or her actions will benefit any foreign
government, instrumentality or agent, knowingly: (1) steals, or without
authorization appropriates, carries away, conceals, or obtains by deception
or fraud a trade secret; (2) copies, duplicates, reproduces, destroys, uploads,
downloads, or transmits that trade secret without authorization; or (3)
receives a trade secret knowing that the trade secret had been stolen,
appropriated, obtained or converted without authorization. 18 U.S.C. §
1831.
Industrial espionage, or theft of trade secrets, occurs when an actor,
intending or knowing that his or her offense will injure the owner of a

431
431

trade secret of a product produced for or placed in interstate or foreign

commerce, acts with the intent to convert that trade secret to the economic
benefit of anyone other than the owner by: (1) stealing, or without
authorization appropriating, carrying away, concealing, or obtaining by
deception or fraud information related to that secret; (2) copying,
duplicating, reproducing, destroying, uploading, downloading, or otherwise
transmiting that information without authorization; or (3) receiving that
information knowing that that information had been stolen, appropriated,
obtained or converted withoutthorization (Section 101 of the EEA, 18 USC
§ 1832).
An empirical study of all EEA prosecutions from the federal criminal statute’s
enactment in 1996 to August 1, 2005 uncovered fewer than fifty economic or
espionage prosecutions filed in federal courts. Few cases involved foreign
defendants. Michael L. Rustad, The Negligent Enablement of Trade Secrets, 22
SANTA CLARA COMPUTER & HIGH TECH J. 455 (2006). In the first decade of EEA
prosecutions, the Department of Justice did not file a single case against a hacker
stealing trade secrets by “exploiting known software defects” during an Internet
transmission.
433
CHAPTER 13
PATENT LAW AND THE INTERNET

§ 13-1. Overview of Internet-Related Patents

(A) WHY INTERNET PATENTS
America’s information-based economy is increasingly built on a foundation of
patents defined as limited duration property rights. An estimated 11,000 patents
cover Internet-related business methods. JAMES BESSEN & MICHAEL J. MEURER,
PATENT FAILURE 8–9 (2005). Internet patents deploy software and other
computer-related technologies to perform various tasks. Critics of Internet-
related business method patents contend that these innovations would develop
more efficiently without patent protection. Internet related business methods
give the holder the right to control the use of the technology. The level and
extent of the control depends upon the business method. All patents balance
antitrust concerns against market dominance. Patent holders who obtain a patent
to discourage competitors has a chilling impact on e-commerce.
The goal of this chapter is to present the basic concepts and methods of
Internet-related patent law. This chapter will explore the Internet-related
foundations of patent protection, patentability, and the patenting process. A
patent grants the patent holder the right to exclude others from making, using, or
commercially exploiting an invention. Though patent law is somewhat
coordinated

434

amongst those countries connected to the Internet, there are still variations in
practices from country to country. Since the last edition, the U.S. Supreme Court
and the USPTO have limited the scope of business method patents.
(B) CONSTITUTIONAL AND STATUTORY BASIS
Article I, Section 8 of the U.S. Constitution gave Congress the power to
“promote the Progress of Science and [the] useful Arts, by securing for limited
Times to Authors and inventors the exclusive Right to their respective Writings
and Discoveries.” Patent law, like copyright law, arises out of federal statutes.
Congress enacted the first Patent Act in 1790, with the Patent Act of 1793
following soon after. The Leahy-Smith America Invents Act (AIA) of 2011
displaced the Patent Act of 1952.
(C) AMERICAN INVENTS ACT
(1) First Inventor to File (FITF)
On September 16, 2011, President Obama signed into law the Leahy-Smith
America Invents Act (AIA), which represents a sea change in U.S. patent law.
The United States now aligns its law with the rest of the world in adopting the
first-to-file (FITF) system, which jettisons the older U.S. rule of awarding
patents to the first-to-invent (FI) system. Under the FI system, applicants got a
patent “after disclosing the invention as long as a patent is filed within one year
of the disclosure.” MARK V. CAMPAGNA, UNDERSTANDING PATENT REFORMS IN

435

THE CONTEXT OF LITIGATION 9 (2009). The newly aligned FITF system is

equivalent to U.C.C. Article 9’s chief rule that the first-to-file or perfect obtains
protection under the law. Claimants that win the race to registry will prevail over
the first to invent rule that the U.S. previously followed.
(2) Expedited Procedures

The U.S. adopted a registration system for patents, where examiners determine
whether a given claim is patentable and whether an applicant has the rights to a
patented invention. Patent prosecution is the process of obtaining a patent. Patent
examiners in the USPTO determine whether the boundaries of the claim sought
by the applicant qualify for patent protection. Under the AIA reforms, the
USPTO now offers applicants an opportunity to have patent applications
reviewed on an expedited basis. Small entity and independent inventors receive a
50 percent discount on the $4800 fee to use this new fast track option. This
reform responded to criticism of the long and drawn-out patent evaluation
process.
(3) Other Patent Reforms

The AIA initiated new methods for challenging patents and developed several
new third-party challenges, including post grant review, inter partes review and
devised a transitional program for covered business method patents. Inter partes
review is a new trial proceeding conducted at the Board to review the
patentability of one or more claims in a patent. An inter partes review may be
436

instituted upon a showing that there is a reasonable likelihood that the

petitioner would prevail with respect to at least one claim challenged.
The grounds for review are limited to issues relating to either Sections 102 or
103, and only because of prior art consisting of patents or printed publications.
Prior art consists of all pre-existing patents and published patent applications,
printed publications, and other non-patentable literature anywhere in the world.
After the AIA, prior art is assessed after the effective filing date, instead of the
date of invention. The inter partes review process can only be initiated by a third
party or someone who does not own the patent. The petition can be filed after the
later of either: (1) 9 months after the grant of the patent or issuance of a reissue
patent, or (2) if a post grant review is instituted, the termination of the post grant
review. The patent owner may file a preliminary response to the petition. The
AIA also eliminated the possibility of false patent marking complaints by qui
tam plaintiffs.
The AIA replaces the former interference procedures with post-grant
procedures in the form of new trial proceedings at the Patent Trial and Appeal
Board. Under this procedure, a patent may be challenged on any grounds
available under 35 U.S.C. § 282(b)(2) or (3). Patents can no longer be
invalidated because the applicant did not satisfy the “best mode” requirement.

437

(D) TYPES OF PATENTS

A patent lasts for a specific period, usually twenty years, and represents a
bargain made between the government and the inventor. Patent protection is
available for the invention of “any new and useful process, machine,
manufacture, or composition of matter, or any new and useful improvement
thereof.” 35 U.S.C. § 101. Federal patent law recognizes three ideal types of
patent protection: (1) utility patents, (2) design patents, and (3) plant patents.
Utility patents, as their name connotes, are any new or useful process. Design
patents protect the ornamental design of products. Plant patents cover the
invention and discovery of new plants. 35 U.S.C. § 161.
(1) Utility Patents
Greater than ninety percent of all patents are utility patents, issued for four
general types of inventions/discoveries: machines, human made products,
compositions of matter, and processes. 35 U.S.C. § 101. Utility patents protect
the way an article is used and works (35 U.S.C. § 101), while a “design patent”
protects the way an article looks or its appearance. (35 U.S.C. § 171). Internet-
related patents are typically utility patents, subcategorized as process patents if
they qualify as new and useful.
(2) Design Patents
“Whoever invents any new, original, and ornamental design for an article of
manufacture may obtain a patent.” 35 U.S.C. § 171. An Apple

438

computer, an iPad, or smart phone are all protectable by design patents or the
visual and ornamental characteristics of an article of manufacture. Design
patents, with a term of 14 years, protect the ornamental, exterior appearance of
an object and that appearance must be non-functional. Articles of manufacture
may possess both functional and ornamental characteristics. “Both design and
utility patents may be obtained on an article if invention resides both in its utility
and ornamental appearance.” 35 U.S.C. § 171.
Design patents are relevant to Internet inventions because the USPTO
considers computer-generated icons, including full screen images and type fonts,
to constitute surface ornamentation. Design patents must be original and must
not offend any race, religion, sex, ethnic group, or nationality. 35 U.S.C. § 171
and 37 CFR § 1.3.
On May 18, 2015, the United States Court of Appeals for the Federal Circuit
affirmed the district court findings that Samsung had infringed Apple’s design
and utility patents, while also reversing on the infringement of trade dress. Apple
Inc. v. Samsung Electronics, 786 F.3d 983 (Fed. Cir. 2015). Samsung argued on
appeal that the district court erred in not excluding the functional elements of
Apple’s design patents in considering the alleged infringement. The federal
circuit rejected the argument and found the district court reasoning was proper.
Regarding the issue of infringement of Apple’s utility patents, Samsung
attempted to argue that the term “substantially centered” is vague and uncertain.
The court credited Apple’s expert with

439
providing evidence to demonstrate that one skilled in the art would understand
its meaning. The court affirmed the district court’s denial of Samsung’s motion
for judgment as a matter of law on the invalidity of claim 50 of the ’163 patent
and claim 8 of the ’915 patent, as well as the damages awarded for utility patent
infringement. The court denied Samsung’s motion for a new trial and remanded
for immediate entry of final judgment on all damages awards not predicated on
Apple’s trade dress claims.
(E) PATENT LAW TERMS
Generally, the term of a new utility patent, which accounts for most Internet-
related patents, is 20 years from the date on which the patent application was
filed. Plant patents also have a 20-year term, while design patents only have a
term of 14 years from the issue date. Utility or plant patents issued on
applications filed before June 8, 1995 have a term of 17 years from the issuance
of the patent or 20 years from the filing, whichever is greater.
(F) SECTION 101 PATENTABLE SUBJECT MATTER
Section 101 of the Patent Act states that “any new and useful process,
machine, manufacture, or composition of matter, or any new and useful
improvement thereof” is patent-eligible, “subject to the conditions and
requirements of this title.” Congress used “expansive terms” in defining the four
categories of inventions eligible for patent protection under § 101: processes,
machines, manufactures, and compositions of matter. Courts

440

set forth three judicial limits on patentability: (1) laws of nature (2) natural
phenomena and (3) abstract ideas. Algorithms and formulas are not patentable
because they do not fit within any of the aforementioned four categories. “Laws
of nature, natural phenomena, and abstract ideas (e.g., in the guise of
mathematical algorithms) are not eligible under Section 101.” 35 U.S.C. § 101.
The USPTO cites the following examples of patentable concepts: (1) Basic
economic practices or theories (e.g., hedging, insurance, financial
transactions, marketing); (2) Basic legal theories (e.g., contracts, dispute
resolution, rules of law); (3) Mathematical concepts (e.g., algorithms,
spatial relationships, geometry); (4) Mental activity (e.g., forming a
judgment, observation, evaluation, or opinion); (5) Interpersonal
interactions or relationships (e.g., conversing, dating); (6)Teaching concepts
(e.g., memorization, repetition); (7) Human behavior (e.g., exercising,
wearing clothing, following rules or instructions); and (8) Instructing “how
business should be conducted.” USPTO, PATENT SUBJECT MATTER
ELIGIBILITY (2012). Not all new and useful inventions and discoveries will
receive patent protection.
In Mayo Collaborative Servs. v. Prometheus Labs, Inc., 132 U.S. 1289, 1294
(2012), the U.S. Supreme Court set forth an analytical framework under § 101 to
distinguish patents that claim patent-ineligible laws of nature, natural
phenomena, and abstract ideas or are ineligible subject matter. First, given

441

the nature of the invention in this case, the court determines whether the
claims at issue are directed to a patent-ineligible abstract idea. In Prometheus,
the applicant’s claim was for optimizing the therapeutic efficiency of a drug.
Justice Beyer acknowledged that the ‘administering,’ ‘determining,’ and
‘wherein’ steps were not natural laws, the claim added too little to the law of
nature and thus was not patentable.
CLS Bank International and CLS Services Ltd. (CLS Bank) sought a
declaratory judgment that the claims in question were “Invalid, unenforceable,
and not infringed” because the claims were not patentable under 35 U.S.C. §
101. The CLS Services Court stated “We have long held that this provision
contains an important implicit exception: Laws of nature, natural phenomenon,
and abstract ideas are not patentable.” The Court expressed its concerns with
pre-empting the research in its field, if a patent on an abstract idea were upheld:
“ ‘[M]onopolization of those tools through the grant of a patent might tend
to impede innovation more than it would tend to promote it,’ thereby
thwarting the primary object of the patent laws.” The Court made an
assessment to determine whether an abstract idea needs to be incorporated
“into something more” in order for it to become patent-eligible.
The Court held that, ultimately, the claims in question were that of an abstract
idea, implemented on a generic computer, like in Bilski v. Kappos, 561 U.S. 593
(2010), which held that a method for

442
hedging against the financial risk of price fluctuations was a patent ineligible
abstract idea.
If the court does find that the claims are patent eligible subject matter, they
then consider the elements of each claim—both individually and as an ordered
combination—to determine whether the additional elements transform the nature
of the claim into a patent-eligible application of that abstract idea. This second
step is the search for an “inventive concept,” or some element or combination of
elements sufficient to ensure that the claim in practice amounts to “significantly
more” than a patent on an ineligible concept.
In IP Technologies v. Amazon.com, No. 2012–1696, 2015 WL 3622181 (Fed.
Cir. 2015), the plaintiff (OIP) alleged that the defendant (Amazon) had infringed
a patent for computer-based pricing of goods. The CAFC affirmed the holding of
the lower court, granting summary judgment for the defendant. The CAFC
applied the two-part test for subject matter eligibility established by the Supreme
Court in Alice. It held that the subject matter was directed to an abstract idea that
it was implemented on a computer, similar to the situation in Alice. The Post-
Alice Task Force studied the 85 district court cases that substantively applied
“Alice.” Across all the cases, the defendants successfully used Alice to
invalidate all the claims at issue in 68 percent of these cases, and in a significant
number of cases, did so on the pleadings. Scott Alter, One Year After Alice: Was
It the Right Medicine? LAW 360 (June 18, 2015).

443

The Post-Alice task force also found that:

looking across all the cases in which no claim survived the § 101 challenge,
the district courts cited evidence to support its conclusion that the claims
were directed towards an abstract idea (part 1 of the test) in only 20 cases,
or only 34 percent of the time. “Overall, the task force has found a lack of
consistency across the district courts, which may lead to additional forum
shopping. For example, and perhaps not surprisingly, plaintiffs may
consider filing patent actions in venues more willing to uphold their patents
over Alice-based challenges.”
(G) THE ESSENTIALS OF PATENTABILITY
The four statutory categories in Section 101 are (1) processes, (2) machines,
(3) manufactures, and compositions of matter. These categories fill out the
meaning of “useful arts” in constitutional reference to patents. ROGER E.
SCHECHTER & JOHN B. THOMAS, INTELLECTUAL PROPERTY: THE LAW OF
COPYRIGHTS, PATENTS, AND TRADEMARKS 291 (2003). The federal patent statute
requires a claim to have some utility (§ 101), be novel (not anticipated prior to
the invention) (§ 102), and be nonobvious (§ 103).
Patentability Demystified

444

(H) PATENTABILITY: NOVELTY

A “claimed invention” is the invention as defined in the application for legal
protection. Claims must demonstrate novelty as well as utility. What destroys
novelty? Section 102(a)(1) states that there is no novelty “if before filing date
the patented or claimed invention as patented, was described in a printed
publication, or in public use, on sale, or otherwise available to the public.”
Section 102(a)(2) also vitiates novelty when there is an issued patent or
published application filed before the application. Novelty means that a patent
claim was not anticipated by technology disclosed in the prior art. 35 U.S.C. §
102.
(1) Anticipation

An examiner rejects a claim as anticipated under 35 U.S.C. 102 when a single

prior art reference discloses every element of the claim. If an invention was
anticipated by prior art, it is not patentable. A person shall be entitled to a patent:
“unless—(1) the claimed invention was patented, described in a printed
publication, or in public use, on sale, or otherwise available to the public
before the effective filing date of the claimed invention; or (2) the claimed
invention was described in a patent issued under section

445

151, or in application for patent published or deemed published under

section 122(b), in which the patent or application, as the case may be,
names another inventor and was effectively filed before the effective filing
date of the claimed invention.” 35 U.S.C. § 102(a).
Anticipation includes evidence that the patent application was filed after any
of the following events: (1) invention known by others, (2) invention used by
others, (3) invention patented in the U.S. or abroad, and (4) invention described
in a printed publication in the U.S. or abroad. 35 U.S.C. § 102(a). Section 102(b)
allows for a one-year grace period for disclosures that originated, directly or
indirectly, from the inventor or a joint inventor. 35 U.S.C. § 102(b).
Anticipation of a patent claim occurs if a single prior art reference discloses
every limitation of the claim, either expressly or inherently. See, e.g., Orion IP,
LLC v. Hyundai Motor Am., 605 F.3d 967, 975 (Fed. Cir. 2010). Anticipation
challenges under § 102 must focus only on the limitations actually recited in the
claims. See Constant v. Adv. Micro-Devices, Inc., 848 F.2d 1560, 1570–71 (Fed.
Cir. 1988) (finding “limitations [ ] not found anywhere in the claims” to be
irrelevant to an anticipation challenge). One must prove invalidity by
anticipation by using clear and convincing evidence. See Microsoft Corp. v. i4i
L.P., 131 U.S. 2238, 2242 (2011).

446

(2) Statutory Bar

Section 102(a) is a statutory bar if “the claimed invention was patented,

described in a printed publication, or in public use, on sale, or otherwise
available to the public before the effective filing date of the claimed invention.”
35 U.S.C. § 102(a).
(I) PATENTABILITY: NONOBVIOUSNESS
The obviousness requirement is the most difficult obstacle to overcome.
Section 103 requires the claim to be nonobvious when measured against prior
art. The test is whether the subject matter as a whole would have been obvious at
the time of invention to a person having ordinary skill in the art. An invention
must also not be the functional equivalent of an invention covered by a
previously issued patent. An invention is not patentable if someone disclosed the
claimed subject matter before the date of filing or before the date of priority. An
invention is not patentable if it would have been obvious to one of ordinary skill
in the art.
(J) PATENTABILITY: UTILITY
Utility is the requirement that a patentable invention be useful. To satisfy the
utility requirement, the invention must be operable or have the capacity to serve
as either a product or process. Section 101 of Title 35 requires inventions to have
novelty and utility. The utility requirement is seldom a significant barrier against
patent seekers. The examiner must reject a patent if it does not achieve a useful
result. “Cold fusion is not

447

patentable because of the lack of enablement under 112 and as inoperative and
lacking utility under § 101.” J. THOMAS MCCARTHY, MCCARTHY’S DESK
ENCYCLOPEDIA OF INTELLECTUAL PROPERTY (3rd ed. 2004) at 651.
(K) PATENT INVALIDITY
The U.S. Patent Act provides that “[a] patent shall be presumed valid” and that
“[t]he burden of establishing invalidity of a patent or any claim thereof shall rest
on the party asserting such invalidity.” 35 U.S.C. § 282. During prosecution,
patent examiners give claims the broadest reasonable interpretation that is still
consistent with the specification. Section 132 requires examiners to cite reasons
for rejection and rights for reexamination.
(L) PATENT TERMS
The term of a utility patent filed prior to June 8, 1995 is the later of (1) 17
years from the date of issuance of the patent, or (2) 20 years from the first U.S.
filing date for the patent. The term for utility patent applications filed after June
8, 1995 is 20 years from the first U.S. filing date. As recently as the 1980s, it
was unclear whether software was patentable which had implications for
relatively contemporary internet-related patents. Today, software patents are
primarily utility patents, which include compilers, application programs, and
protection for “process or method performed by a computer game.”

448
448

§ 13-2. Internet Related Patents

(A) SOFTWARE PATENTS
In the early software industry, lawyers used trade secrets or copyright law,
assuming that software was not patentable. The U.S. Court of Appeals, Federal
Circuit, however, in In re Alappat, 33 F.3d 1526 (Fed. Cir. 1994), ruled that
virtually all computer programs are patentable. The USPTO has granted
software patents for such diverse Internet related activities as hyperlinking,
audio software, file formats, and search engines. A software patent application
must clearly describe what the computer does when it performs the steps dictated
by software code. Software patents have been slow to evolve outside of the U.S.
(B) E-BUSINESS METHODS
Business methods qualify as “patentable eligible subject matter” if they are a
new and useful process. At a bare minimum, the process must produce a useful,
concrete, and tangible result to qualify as a business method. Software was
unpatentable subject matter until the 1980s because it incorporated algorithms.
In Akamai Technologies, Inc. v. Limelight Networks, Inc., 2008 WL 364401
(D. Mass. 2008), a jury found Limelight infringed an Internet content delivery
patent asserted by Akamai Technologies, and handed down a verdict of $45.5
million. In Akamai, the patent claim covered software for delivering the
embedded objects of a web page.

449

Limelight argued that a reasonable jury could conclude the company believed
it did not infringe or cause others to infringe Akamai’s patents because of
Akamai’s prior history of suing infringers. Limelight appealed and the Supreme
Court reversed and remanded back to the Federal Circuit. Limelight Networks,
Inc. v. Akamai Technologies, Inc., 134 S. Ct. 2111 (2014). The Supreme Court
reasoned that because Limelight did not infringe on every step claimed in the
method patent, they were not liable for infringement.
Courts accepted this business method exception for nearly a century until 1998
when the Federal Circuit reversed course in State Street Bank & Trust Co. v.
Signature Fin. Group, Inc., 149 F.3d 1368 (Fed. Cir. 1998). In State Street,
Judge Giles Rich, writing for the panel, accepted a patent held by Signature
Financial Group for a “hub and spoke” method of computing interest payments.
This method made it possible for mutual fund managers to pool their assets into
a partnership, allowing tax advantages and administrative savings. The mere
presence of a mathematical algorithm does not preordain that USPTO will reject
a patent claim. The Federal Circuit held a programmed computer using this
mathematical algorithm was patentable so long as it produced a useful, concrete,
and tangible result.
In State Street, the court found an algorithm or formula that produced a
“concrete and tangible result.” Namely, it calculated a final share price for each
mutual fund within the partnership as determined by their contributions to the
pool, and

450

because of its practical application, it was thus patentable. The validation of

business methods patents was extended in AT&T Corp. v. Excel
Communications, Inc., 172 F.3d 1352 (Fed. Cir. 1999), where the Federal Circuit
approved a patent that incorporated Boolean algebra to determine the long-
distance carriers involved in a telephone call, which in turn created a switching
signal for billing purposes.
The AT & T Court reasoned that this was not an attempt to patent the Boolean
principle, but rather a patent for the process to create the discrete switching
signal. The method created a concrete and tangible result, and was therefore
patentable. After State Street and AT&T, USPTO required business method
patents to advance the technological arts.
In February 2015, IBM filed suit against Priceline, Kayak, and OpenTable for
refusing to purchase patent licenses for IBM patents incorporated in their
products. The patents in dispute were for a “system of showing applications and
ads and that relied more on user computers,” rather than servers. Joe Mullin,
IBM Sues Priceline Over Patents, Because Prodigy Was Cool, ARSTECHNICA
(Feb. 11, 2015).
Most E-Commerce, Internet, or data processing business methods are a Class
705. The number of issued Class 705 patents skyrocketed from 120 to 1,191
from 1996 to 2006. Most E-Commerce methods, but not all, relate to financial
and business data processing. The methods and apparatuses claimed in these
applications connect to financial

451

and business data processing. Priceline, for example, holds a patent on an

auction method for selling tickets. Netcraft filed suit against eBay and PayPal for
infringing upon two related business method patents with variations on Internet
Billing Methods. The USPTO has approved scores of business method patents
for Internet purchasing, online advertising, and marketing. In fact, the USPTO
received criticism for granting too many E-Business patents whose only novelty
was that they were Internet-related.
(C) POST-STATE STREET CASES
Businesses filed tens of thousands of business method patent applications
since State Street opened the floodgates. In 2000, “Amazon.com was granted a
patent on its affiliates’ program, which allows ‘owners of other Websites to refer
customers to Amazon in exchange for a fee.’ ” Geneva Sapp, E-Businesses vie
for Technology Ownership, NETWORK WORLD (Mar. 6, 2000). The USPTO
granted a patent for Amazon.com’s “1-click” technology for online shopping.
Amazon.com’s 1-Click, a “method, and system for placing a purchase order via
a communications network” sparked one of the most famous Internet patent
debates. The patent permitted customers to make online purchases with a single
click, using a pre-defined address and credit card number.
A federal court granted Amazon an injunction, enjoining Barnes & Noble
from using a single-click Express Checkout on their online store. The parties
settled before trial to determine the validity of the

452

one-click method. Amazon and Barnes & Noble settled their patent
infringement dispute in 2000, with Barnes & Noble licensing the 1-Click patent.
See Amazon.com, Inc. v. Barnesandnoble.com, Inc., 239 F.3d 1343 (Fed. Cir.
2001) (vacating preliminary injunction awarded in favor of Amazon.com in
patent dispute over one-stop Internet shopping business method).

§ 13-3. Internet-Related Patent Litigation

(A) INFRINGEMENT LAWSUITS
Patent infringement occurs when the defendant has made, used, or sold
products within the scope of the inventor’s claims. In a patent infringement
lawsuit, claim construction is an issue for the court. In Rembrandt Wireless
Technologies LP v. Samsung Electronics Ltd., 2015 WL 1298639 (E.D. Tex.,
Jan. 13, 2015), the plaintiff was Rembrandt Wireless Technologies, a
Pennsylvania-based business technology company and holder of U.S. Patent
Nos. 8,023,580 and 8,457,228, which relate to Bluetooth “enhanced data rate”
inventions. The defendant, Samsung Electronics Co. Ltd., is a multinational
electronics company headquartered in Suwon, South Korea. The plaintiff alleged
that the defendant infringed their patents through their Galaxy S phones and
other products that implement Bluetooth EDR. A Texas jury awarded
$15,700,000 to Rembrandt. In addition to the damages, the plaintiff will likely
receive royalty payments on all Samsung products sold in the United States that

453

implement the Bluetooth EDR technology for the remaining life of their
patents.
Internet technologies have predominated in the U.S. patent system. For
example, one in six active patents pertains to smartphones. One study found that
smartphones accounted for 250,000 patents. Disruptive Competition Project,
One in Six Patents Pertain to the Smartphone (Oct. 17, 2012). It is not surprising
that Smartphones involve many patents, as they are miniature, general-purpose
computers and therefore come with a CPU, operating system. Additionally, they
include an “Active matrix display, Touch screen display, Cellular voice
technology,1x data networking, 3G data networking, 4G data networking, Wi-Fi
data networking, Bluetooth data networking, GPS technology (and associated
navigation), Accelerometer technology, Digital camera (including lens and
image processing), Audio recording and playback Battery technology, Force
feedback technology (phone vibration and haptic feedback) and Design patents.”
Michael Fisch, Software Patents and the Smartphone, PRAWSBLAWG (Nov. 15,
2012).
In March of 2012, Yahoo! filed a patent infringement lawsuit against
Facebook just as the social media market leader was making its Initial Public
Offering (IPO). Yahoo!’s patent lawsuit alleges that Facebook had infringed ten
different Yahoo! patents that are fundamental to social media, such as
“personalized advertising, customized portal pages and news feeds,
recommendations to connect with other suggested users (and screen out
spammers), social music and

454

messaging applications, and authorizing some users (but not others) to see
different sections of your content.” Tim Carmody, Yahoo! Sues Facebook in a
Web Patent Showdown, EPICENTER (Mar. 13, 2012).
Facebook filed a counterclaim, charging that Yahoo! had infringed ten of its
patents. Facebook agreed to pay Microsoft Corporation $550 million for
hundreds of patents that it originally purchased from America Online.
Companies like Facebook need a robust portfolio of software patents to stave off
lawsuits by patent trolls and to protect their intellectual property. For example,
Google purchased Motorola Mobility for $12.5 billion. Most of the company’s
value was in its patent portfolio. The Apple-Microsoft-Oracle-Nokia consortium
bought Nortel’s patent portfolio for $4.5 billion. Microsoft bought Novell’s
patent portfolio for $450 million and some of AOL’s patents for $1 billion.
Critics of Internet-related patents contend that these innovations would
develop more rapidly without the type of patent protection that dampens
competition. All patents balance antitrust concerns against market dominance.
Too much patent protection for Internet-related business method patents may not
be desirable because it undermines competitiveness. The trend towards
propertization of Internet infrastructure has led to a more complex online
business environment.
(B) MARKMAN HEARINGS
Markman hearings are held the by the court to determine claim construction at
the onset of patent

455

infringement litigation. See Markman v. Westview Instruments Inc., 517 U.S.

370 (U.S. 1996). The court construes claims by using intrinsic evidence (the
language of the claim) and extrinsic evidence (treatises, dictionaries or expert
testimony) in making its assessment.
(C) E-BUSINESS PATENT TROLLS
A patent troll is the owner of a patent that does not use its intellectual property
to produce products, but rather to file suit against alleged infringers. Trolls do
not produce goods or services but rather use their patents to threaten patent
litigation. Critics fear that outsized, Internet-related business methods will result
in companies paying high licensing fees in its online activities where they are
not due. Patent law reformers call for Congress to thwart a litigation crisis
created by abusive patent trolls. One of the problems with the concept of the
patent troll is it is over inclusive, including many universities and research
institutes that have patent portfolios but do not themselves use them in
inventions.
Patent reform has stalled in Congress in recent years because the major
stakeholders cannot agree on a legislative solution. Congress is considering the
proposed Innovation Act, H.R. 9, which aims to limit abusive practices by
requiring the plaintiff to disclose who is the owner of the asserted patent and to
give reasons for litigation in the court pleadings prior to litigation. WHO ARE
PATENT TROLLS AND WHAT WILL H.R. 9 DO ABOUT THEM? ECONOSTATS, FORBES
(2015).

456

(D) THE SUPREME COURT’S PATENT CASES

(1) MercExchange

The injunctive remedy is often more critically important than monetary

damages in Internet-related patent cases. An injunction is an equitable remedy
routinely used to order defendants to refrain from infringing patents. In eBay Inc.
v. MercExchange L.L.C., 547 U.S. 388 (2006), the Supreme Court unanimously
determined that a federal court should not automatically issue an injunction
simply because it has found patent infringement. The case arose out of dispute
between eBay, the Internet’s largest auction site, and MercExchange, which
owned U.S. Patent 5,845,265 that covers eBay’s “Buy It Now” function. In
2000, eBay initiated negotiations with MercExchange to purchase its online
auction patent portfolio.
When eBay abandoned the negotiations to purchase the patent, MercExchange
filed suit against eBay for patent infringement. MercExchange prevailed in a
2003 Virginia jury trial that found eBay had willfully infringed the patent
incorporated in its “Buy It Now” function. MercExchange sought an injunction
to prevent eBay’s continual use of the patent, but the federal trial court denied its
request. The Federal Circuit Court of Appeals reversed the trial court, reasoning
that its decision was consistent with its long-standing practice of issuing
permanent injunctions against patent infringement absent exceptional
circumstances.

457

The long-standing rule in the Federal Circuit was to issue injunctions liberally
in patent infringement cases so long as the plaintiff could prove an ongoing
infringement. To put it bluntly, the Federal Court of Appeals did not require
patent owners to demonstrate irreparable harm. In eBay, the lower court refused
to enjoin the online auction house, finding that damages were adequate. The
Federal Circuit Court of Appeals reversed, ruling that in patent infringement
cases an injunction is issued absent exceptional circumstances.
The MercExchange Court ruled that the Federal Circuit improperly applied a
presumed irreparable injury test as opposed to the traditional four-factor test for
the issuance of a permanent injunction. Eventually, the Supreme Court
intervened, which reversed the Federal Circuit’s traditional practice of liberally
issuing injunctions in patent infringement cases. The MercExchange Court ruled
that federal courts must now weigh four factors before issuing an injunction: (1)
that the plaintiff has suffered an irreparable injury, (2) that remedies available at
law are inadequate to compensate for that injury, (3) that considering the balance
of hardships between the plaintiff and defendant, a remedy in equity is
warranted, and (4) that the public interest would not be disserved by a permanent
injunction. The finding that permanent injunctions are subject to the ordinary
rules governing equitable relief means that relief is discretionary, as opposed to
relief issued routinely.
Injunctive relief is critically imperative in Internet-related patent litigation
because of the

458

rapidity with which online businesses can attain or lose market share. In the
Internet-based economy, the earliest mover has enormous advantages. Some
businesses use patent law strategically as a method for excluding potential rivals.
(2) Bilski v. Kapos
In Bilski v. Kappos, 130 S. Ct. 3218 (2010), the U.S. Supreme Court
unanimously upheld the Federal Circuit’s decision that the application for a
method of hedging risk was “an unpatentable abstract idea” that was outside the
scope of the U.S. Patent Act, § 101. The patent application in In re Bilski was for
a procedure that helped buyers and sellers protect against price fluctuations in
the volatile energy market by hedging against price changes.
The patent examiner rejected the application, explaining that it was a mere
manipulation of an abstract idea and solves a mathematical problem without
sufficient practical application. The Board of Patent Appeals and Interferences
affirmed, concluding that the application only involved mental steps that
transformed physical matter directed to an abstract idea.
The Federal Circuit heard the case en banc and affirmed, reasoning that the
machine-or-transformation test was the sole test for determining the patentability
of a process under Section 101. The Federal Circuit’s view was that an invention
is a “process” only if (1) tied to a particular machine or apparatus, or (2) it

459

transforms a particular article into a different state or thing. The U.S. Supreme
Court granted certiorari to determine whether patentable subject matter should
exclude the process patent.
The Court held that the Federal Circuit incorrectly endorsed the machine-or-
transformation test for a process as the only valid criteria. The Court reasoned
that the Federal Circuit test was a useful tool but not the sole method of deciding
whether an invention is a patent-eligible process. The Court decided that the
process patent for hedging was unpatentable as an abstract idea. In Bilski, the
Court was concerned that to allow “petitioners to patent risk hedging would pre-
empt use of this approach in all fields.”
The Court upheld the Federal Circuit’s denial of patent but disagreed with the
Appeals Court in its assessment of process patents. The Court explained that
“[i]f a high enough bar is not set” for process patents—which “raise special
problems in terms of vagueness and suspect validity”—“patent examiners and
courts could be flooded with claims that would put a chill on creative endeavor
and dynamic change.” The Bilski decision expected to narrow business-related
claims.
The Bilski decision limits the availability of process patents. Bilski also calls
for a rigorous review of software, business method, and many Internet-related
process claims.
In MySpace, Inc. v. Graphon Corp., 672 F.3d 1250 (Fed. Cir. 2012), the
Federal Circuit ruled that a patent relating to the ability to create, modify, and

460

store database records over a computer network was invalid as anticipated and
obvious based on prior art. A dissenting judge would have applied Bilski,
reasoning that Graphon’s patents fell outside the ambit of section 101 “because
they are too useful and too widely applied to possibly form the basis of any
patentable invention.”
CONCLUSION:
Patent law, like the other branches of the law, is constantly evolving in
response to the development of the Internet. Justice Holmes’s classic essay on
the path of the law drew upon six centuries of case reports and statutes. In less
than twenty-five years, the Internet has created a huge number of new legal
dilemmas and challenges in accommodating this new information technology.
As this book has shown, the Internet transforms basic assumptions about the
nature of communication, knowledge, invention, information, sovereignty,
identity, commerce, human rights and community. The Internet is fundamentally
reshaping intellectual property law as it shatters existing precedent by redefining
distance, time, privacy and the meaning of territoriality. The phenomenal growth
in traffic on the World Wide Web requires established legal principles for all
branches of the law be adapted to cyberspace.
Internet law must become a moving stream rather than a stagnant pool,
evolving to meet the new risks and dangers in the twenty-first century’s age of
information. Further global coordination is essential to surmount the growing
substantive and

461

procedural barriers to cross-border Internet-related development. Travelers on

the World Wide Web require uniform procedural and substantive remedies for
cross-border civil rights and wrongs, which is a very difficult achievement in
light of national rivalries and cultural differences.
“Harmonization has proven difficult enough even in relatively
uncontroversial areas like trademark law, however. It may well be
impossible to harmonize laws where there is less agreement on principles
among nations—laws relating to free speech…. The prospect of being
subject to litigation in a number of different countries is likely to be
extremely daunting to individuals and even small and medium-sized
businesses.” MARK LEMLEY ET AL., SOFTWARE & INTERNET LAW 617 (2003).
Travelers on the World Wide Web require uniform procedural and substantive
remedies for cross-border civil rights and wrongs, a very difficult achievement
because of national rivalries and cultural differences.
“Harmonization has proven difficult enough even in relatively uncontroversial
areas like trademark law, however. It may well be impossible to harmonize laws
where there is less agreement on principles among nations—laws relating to free
speech…. The prospect of being subject to litigation in a number of different
countries is likely to be extremely daunting to individuals and even small and
medium-sized businesses.” MARK LEMLEY ET AL., SOFTWARE & INTERNET LAW
617 (2003). My

462

goal in writing this book is not only to show where Internet law is today, but
also to explain the global conflicts over legal principles as a guide toward
illuminating the path that this global harmonization needs to take.
463

INDEX
References are to Pages
ACPA
See Anticybersquatting Protection Act
ADULT ENTERTAINMENT & PORNOGRAPHY
Generally, 287–88
Child Pornography, 287–88
Internet Pornography, 287
Miller Test, 287
ANTICYBERSQUATTING CONSUMER PROTECTION ACT OF 1999
Generally, 374–80
ACPA Remedies, 376–77
ACPA Safe Harbor, 377–78
Bad Faith Intent to Profit, 376
Bona Fide Offering of Goods or Services, 376
Cancellation as ACPA Remedy, 376
Civil Liability, 374
Cybersquatting, 374–75
Domain names, 374
Distinctive or Famous Element, 376
Elements of ACPA Claim, 376–77
Famousness as ACPA Element, 376
Identical or confusingly similar element, 376
In Rem Jurisdiction, 378–79
Misuse of Domain Names, 377
Narrower Confusion Test under ACPA, 376
Registers, Traffics, or Uses Domain Name, 375
Safe Harbor, 377
Statutory Purpose, 377
Trafficking in Domain Names, 376
Transfer of Mark as ACPA Remedy, 376
Unfair Competition, 375
See also Cybersquatting, Domain Names, Keyword Trademark Litigation,
Trademarks, Trademark Dilution Revision Act of 2006, Trademark
Dilution Revision Act of

464

2006, and Uniform Domain Name Resolution Policy ARPANET

Generally, 7–8, 12
ARPA, 7–9
DARPA, 8
NSFNET, 8–9
See also NSFNET, TCP
BANDWIDTH
Generally, 17
See also Digital Subscriber Lines
BARLOW’S MANIFESTO
Generally, 34–36
Bavarian ISP, 35
Censorship, 35
Declaration of Independence of Cyberspace, 34
First Amendment as Local Ordinance, 34
Legitimacy, 35
Utopian View, 34–37
See also Benkler’s Wealth of Nations, Code as Law, Libertarian View of
Interest, Perspectives on Internet Law, Solum’s Internet Governance
Theories BENKLER’S WEALTH OF NETWORKS
Generally, 52–53
Bourgeoisie, 52
Capital Formation, 52
Copyright Commons, 52
Copyright Industries, 52
Economic Based Governance, 52–53
Wealth of Networks, 52–53
See also Code as Law, Lessig’s Law as Code, Internet Governance, Marxist
Theory, Perspectives on Internet Law BITS PER SECOND
Generally, 17
Cable Modems, 16
See also Bandwidth
BROADBAND
Generally, 17–18

465

ADSL, 17
Bandwidth, 17
Downstream, 18
DSL, 17–18
FCC Classifications, 17
ISPs, 17
SDS, 18
BROWSEWRAP LICENSE
Generally, 97–98
Terms of Service, 127
UCITA, 108
See also Clickwrap License, Contract Law in Cyberspace, Internet Related
Contract Law, Shrinkwrap, Uniform Commercial Code, Uniform Computer
Information Transaction Act, Principles of the Law of Software Contracts
BRUSSELS REGULATION
Generally, 80–84
Business-to-Business Transactions, 81–82
Consumer’s Home Court Rule, 82–83
Defendant’s Domicile, 80–81
Extraterritorial Impact, 83–84
Mandatory Consumer Rules, 83
Non-Waivable Rules, 83
Place of Delivery, 83
Rome I Regulation for Choice of Law, 83–84
Sale of Goods, 82–83
Special Jurisdictional Rules, 82–83
Waivers, 83
Where Defendants May Be Sued, 81–82
See also Cyberjurisdiction, Effects Test, European Consumer Law, Global
Consumer Law, and Minimum Contacts See generally Global Consumer
Law, International Jurisdiction BUSINESS TORTS
Generally, 173–188
Conversion of Websites, 169
Cyberfraud, 177–78
False Advertising, 173

466

Interference with Business Contracts, 173, 176

Misappropriation of Intangible Data, 174–87
Misappropriation of Trade Secrets, 177
Trade Libel, 173
Unfair Competition, 173–74
See also CDA Section 230, Cybertorts, and Defamation CABLE MODEM
Generally, 16
CANSPAM
Generally, 141–43
Claim (Elements of), 142
Emblematic Awards, 143–44
Enforcement by Government & Providers, 142–43
Exclusive Federal Enforcement, 143
False or Misleading Information, 142–43
Misleading Headers, 142
Preemption, 143
See also Global Consumer Law, Federal Trade Commission, and SPAM
CDA SECTION 230
Generally, 149–50, 272–73
Conduits, 150–52
Content Creator, 155–60
Defamatory Postings, 157–58
Distributor Liability, 150–52
Exceptions to CDA Section 230 Liability, 155–59, Failure to Remove Content,
152–54
FTC Action, 159–60
Information Content Provider, 153
Immunity for Defamation, 150
No Duty to Remove Tortious Material, 152–54
Online Gossip, 157–58
Publishers Liability, 150–52
See also Defamation, and Internet Service Providers CENSORSHIP ON
THE INTERNET
Child Online Protection Act, 273
Child Pornography Prevention Act, 277
Children’s Internet Protection Act, 275–76

467

Communications Decency Act, 272–73

Innocence of Muslims Video, 289
Protect Act of 2003, 277–78
School Censorship, 279–80
See also Perspectives on Internet Law
CFAA, See Computer Fraud & Abuse Act CHILD ONLINE PROTECTION
ACT
Generally, 273–75
Commercial Purposes, 273
Community Standards, 274
Criminal Sanctions, 274
History, 273
Prurient Interest, 274
Unconstitutional, 274–75
CHILD PORNOGRAPHY PREVENTION ACT
Generally, 277
Ashcroft v. Free Speech Coalition, 277
Sexually Explicit Images, 277
CHILDREN’S INTERNET PROTECTION ACT
Generally, 275–77
Public Libraries, 276
Software Filters in Schools, 275–76
CHILDREN’S ONLINE PRIVACY PROTECTION ACT
Generally, 273–75
ACLU v. Reno, 274
ACLU Challenges, 274–75
Ashcroft v. ACLU, 275
Average Person Test, 274
Contemporary Community Standards, 275
Criminal Sanctions, 274
Obscene Materials, 274
Scientific Value, 274
CIPA, See Children’s Internet Protection Act CIVIL SOCIETY
Generally, 39
Co-Regulation, 39
WGIG, 39

468

Types of CFAA Offenses, 236–37

Without Authorization (Cases), 245–48
CONFLICTS OF LAW
Generally, 84
Business-to-Business, 84
Mandatory Consumer Rules, 84
Non-Waivable Consumer Rights, 85
Parties’ Choice of Law Clauses, 84
Rome I Regulation, 84
CONSTITUTIONIZATION OF DEFAMATION
Generally, 184–86
General Purpose Public Figure, 185–86
Limited Purpose Public Figure, 186
Public Official, 184
Standard for Private Persons, 186–87
Defenses, 187–89
CONSUMER REGULATION
Generally, 131–39
Children’s Privacy, 140
Consumer Privacy, 139–40
Deceptive Advertising, 137–38
Fraud, 132–37
FTC as Cyberspace Constable, 131
Online Endorsements, 138–39
Safe Web Act, 131
Spam, 140–41
Website Disclosures, 139
See also Antitrust, Brussels Regulation, CANSPAM, European Consumer
Law, Federal Communications Commission, Federal Trade Commission,
Rome I Regulation CONTENT REGULATION
Generally, 271–72
Adult Entertainment, 287–88
Categories of Unprotected Speech, 284–86
Children’s Internet Protection Act, 275–77
Child Online Protection Act, 273–75
Child Pornography Prevention Act, 277

471

Communications Decency Act, 272–73

Content Neutral Regulations, 282–83
Content Specific Regulations, 282
Cross-Border Content Regulations, 288–90
Cyberbullying, 286
Dormant or Negative Commerce Clause, 281–82
Facial Attacks on Internet Speech, 283–84
Innocence of Muslims Film, 289–90
Indecent Speech & Censorship, 272–73
Protect Act, 277–79
School Censorship of Internet Content, 279–80
State Anti-Bullying Legislation, 286
CONTRACT LAW IN CYBERSPACE
Generally, 87–105
Rolling Contracts, 102–05
Uniform Computer Information Transactions Act, 108
Uniform Electronic Transactions Act, 106
See also Browsewrap, Clickwrap, Shrinkwrap, Internet Related Contract Law,
Principles of the Law of Software Contracts, Uniform Commercial Code,
and Uniform Computer Information Transaction Act COPA, See
Children’s Online Protection Act COPPA, See also Children’s Online
Privacy Protection Act COPYRIGHT LAW
Generally, 291–92
ACTA, 322
Anti-Trafficking, 319–20
Automatic Creation, 300–01
Bookmarks, 312
Circumvention, 318
Cloud Computing, 330–31
Contributory Copyright Infringement, 303
Copyright Creation, 300–01
Copyright Infringement, 301–05
Copyright Registration, 300–01
Database Protection, 314
Derivative Works, 299–300
Digital Millennium Copyright Act (DMCA), 315–31

472

DMCA Subpoenas & Anonymous Infringers, 329–30

DMCA Takedown Procedures, 327–28
Elements of Copyright, 293–94
Exclusive Rights of Copyright Owners, 293
Extraterritoriality of Copyright Law, 331–33
Fair Use, 298–99
Fair Use Factors, 298–99
First Amendment, 327
Fixation, 295–96
Framing, 311–12, 334
Functionality or Utility, 297–98
Governmental Works, 297
Grokster Peer-to-Peer Sharing, 307–08
Grokster’s Inducement Theory, 307–10
Hyperlinks, 310
Idea/Expression, 297
In Rem Injunctions, 336
Inducement of Infringement, 304–05
Information Location Tools (DMCA), 327
Limitations on Exclusive Rights, 315
Metatags, 335–36
Moral Rights 332–333
Napster PP File Sharing, 306
Originality, 292–93
Peer-to-Peer Networks, 305–06, 335
Protectable, 296–97
Public Domain, 298
SOPA, 331–32
Thumbnails of Copyrighted Images, 312–14
Work Made for Hire, 301
See also, Digital Millennium Copyright Act, License Agreements CROSS-
BORDER CONTENT REGULATION
Generally, 288–90
Beijing Microblogging Rules, 290
Chinese Censorship, 290
Google Transparency Report, 290
Hamas, 288
Honey Traps, 288
Innocence of Muslims, 289

473

Wikileaks, 288
CROSS-BORDER CYBERFRAUD
Generally, 144
Nigerian Swindles, 144
CYBERCONVERSION
Generally, 167–69
Domain Names, 169–70
Website Conversion, 170–71
CYBERCRIMES
Generally, 231–35
Access Device Fraud, 241
Accessing a Computer & Obtaining Information, 238
Accessing a Computer to Defraud & Obtain Value, 238
Accessing to Defraud, 238
Accessing Without Authorization, 239–40
Anti-Stalking, 265–66
CFAA, 235–49
CFAA Civil Liability, 243–49
CFAA Criminal Law, 235–43
CFAA Criminal Law Cases, 239–43
Computer Crime, 232–34
Computer Crime Case Law, 256–69
Cross-Border Enforcement, 127
Cybercrime Convention, 68–69
Damaging Computers or Data, 241–42
Definition of Cybercrime, 234–35
Electronic Communication Privacy Act, 249–53
ECPA, 251–52
Federal Threats, 266–67
International Cybercrime Enforcement, 268–69
National Security Information, 237
Nature of Cybercrime, 233–34
Stored Communications Act, 253
SCA Cases, 260–65
SCA Defenses, 255
SCA Prima Facie Case, 253–54
Sex Trafficking, 267–68
Terms of Service, 127,
Threatening to Harm of Computer, 243

474
474

Trafficking in Passwords, 242–43

Trespassing in a Government Computer, 240–41
See also Computer Fraud & Abuse Act, Economic Espionage Act, Electronic
Communications Privacy Act CYBERFRAUD
Generally, 177–78
See also Global Consumer Law
CYBER-JURISDICTION
Generally, 55–56
Brussels Regulation, 78–84
Effects Test, 72–73
General Personal Jurisdiction, 57–60
Goodyear Dunlop Tires Operations v. Brown, 56
Gray Zone, 63–64, 70–82
In Rem Jurisdiction, 76–77
International Shoe in Cyberspace, 56
Generally, 55–57
Long Arm Statutes, 56
Passive Jurisdiction, 66–70
“Something More” Test, 74–76
Specific Jurisdiction, 60–76
Zippo.com Test, 63–66
See also Brussels Regulation
CYBERSQUATTING
Generally, 374–77
Anticybersquatting Act of 1999, 374–80
Bad Faith Intent to Profit, 375
Confusingly Similar or Identical, 375
Registers, Traffics or Uses Domain Names, 375
Definition, 375
Elements, 376–77
Famous or Distinctive Trademarks, 375
Remedies for ACPA Violation, 380
Safe Harbor, 377–78
TDRA, 363–72
Trademark Dilution Elements, 363
See also Domain Names, Trademark Dilution Trademark Revision Act of
2006

475

CYBERTORTS
Generally, 151–56
Abuse of Process, 172–73
Cyberfraud, 177–78
Computer Professional Negligence, 196–97
Conversion, 169–71
Cyberconversion of Domain Names, 169–71
Defamation, 178–89
Defective Information, 198–200
Economic Loss Rule, 200–01
Intentional Business Cybertorts, 173
Intentional Infliction of Emotional Distress, 160–63
Interference with Business Contracts, 176–77
Malicious Prosecution, 171–72
Misappropriation of Intangible Data, 174–75
Misappropriation of Trade Secrets, 177
Negligence-Based Actions, 192–98
Negligent Data Brokering, 197–98
Negligent Enablement of Cybercrime, 193–95
Negligence Per Se, 195
Product Liability, 198–200
Publishers, Conduit, & Distributors, 181–82
Single Publication Rule, 182
Strict Liability, 198–99
Trespass to Digital Information, 168–69
Tort of Outrage, 161–63
Trade Libel, 178–79
Trespass to Virtual Chattels, 163–69
Unfair Competition, 174
See also CDA Section 230, Constitutionalization of Defamation, Cross-Border
Cyberfraud, Cyberconversion, Cyberspace Privacy, Damages, Data
Security, Defamation, E-Mail Monitoring of Employees, Effects Test, First
Amendment in Cyberspace, International Cybertorts, Negligence-Based
Actions Products Liability, Privacy-Based Cybertorts, Products Liability,
Professional Standards, Spam, Trespass to Chattels DATA
PROTECTION DIRECTIVE
Generally, 215–221
Consent, 215

476

Data Controllers, 215

Data Handler, 215–16
Data Subject Control, 216
Google Spain v. AEPD, 216–20
OECD Privacy Principles, 215–16
See also Consumer Regulation, General Data Protection DEFAMATION
Generally, 178–89
Anti-SLAPP Suit Statutes, 187–88
Defenses to Defamation, 184–89
General Purpose Public Figure, 186
Individual & Media Prima Facie Case, 181
John Doe Subpoenas, 183–84
Libel Per Quod, 179–80
Libel Per Se, 180
Limited Purpose Public Figure, 186
Private Figure, 186
Privileges & Qualified Privileges, 187
Public Official, 184
Publishers & Conduits or Distributors, 181
Retraction Statutes, 188–89
Single Publication Rule, 182
Standard for Private Persons, 186
State Action, 182–83
Trade Libel, 178–79
Truth as a Complete Defense, 187
See also Constitutionalization of Defamation, Cyberjurisdiction, Cyberspace
Privacy, Cybertorts, Damages, Negligence-Based Actions, Online Fraud
DEFENSE OF INTERNET LAW
Generally, 29–31
Architecture of Internet Law, 44–46
Four Modalities, 44–49
Lessig’s Code as Law, 44–46
Norms, 46–48
Response to Easterbrook, 29–31
See also CDA Section 230, Internet Service Providers, and Perspectives on
Internet Law, Solum’s Internet Governance Theories 477
DIGITAL MILLENNIUM COPYRIGHT ACT
Generally, 315–30
Anti-Circumvention, 315, 317–19
Anti-Trafficking, 319–20
Circumvention, 318–19
Civil Remedies, 315
Cloud Computing, 330
Copyright Owner’s DMCA Notice, 324–25
Copyright Protection & Management Systems, 317
Counter-Notifications, 326
Criminal Penalties, 315
DMCA Agent, 323–24
Exemptions & First Amendment, 327
Information Location Tools, 327
Injunctive Relief, 316
Liability for Frivolous Takedown Notices, 327–28
Online Copyright Infringement Liability Limitation Act, 316
OSP Registered Agents, 323
Prohibited Devices, 319–20
Red Flags, 325
Registered Agent, 323
Safe Harbors, 320–28
Service Provider Rules, 323–28
Storage Exemption, 322
System Caching, 322
Subpoena, 329–30
Takedown & Put-Back Cases, 327–28
Title I Provisions, 317
Title II Safe Harbor, 320–21
Transitory Digital Network Communications, 321
WIPO Copyright Treaties, 315–16
See also Copyright Law
DIGITAL SIGNATURE
Generally, 129
See generally E-Signature Act, Uniform Electronic Transactions Act DIGITAL
SUBSCRIBER LINE (DSL) Generally, 17–18
ADSL, 17

478

Downstream, 17
DSL, 17–18
SDSL, 18
Upstream, 18
DOMAIN NAMES
Generally, 402–14
Anticybersquatting, 397–98
Domain Name Hijacking, 397–98
Reverse Hijacking, 398
Trademark Hijacking, 397
UDRP Providers, 399–400
Uniform Domain Name Resolution Policy, 398–404
WIPO, 398–405
See also Anticybersquatting Consumer Protection Act, Cybersquatting,
Internet Corporation for Assigned Names and Numbers, Uniform Domain
Resolution Policy DSL, See Digital Subscriber Lines EASTERBROOK’S
ARGUMENT AGAINST INTERNET LAW
Generally, 28
Internet Jurisdiction, 29
Law of the Horse, 28
Law School Course on Internet Law, 28–29
No Specialized Internet Law, 28
Role of Property Law, 28
See also Defense of Internet Law, Solum’s Internet Governance Theories E-
COMMERCE DIRECTIVE
Generally, 106–08
Electronic Signatures, 107
Electronic Contracts, 106–08
See also Internet Service Providers
ECPA, See Electronic Communications Privacy Act EFFECTS TEST
Generally, 72–73
Cybertort Jurisdiction, 72–73
See also International Shoe in Cyberspace, Minimum Contacts 479
ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA) Generally,
249–52
Device to Intercept, 251
Electronic Communications, 249–50
Electronic Communication System, 252
Featured ECPA Cases, 256–60
Featured SCA Cases, 260–64
Good Faith Reliance on a Warranty, 256
Intentional Interception, 252
Intercepting Electronic Communications, 249–50
Intercepting Radio Communications, 249
Little ECPA Acts, 256
Little SCA Acts, 256
Ordinary Course of Business Exception, 251
Prima Facie Case, 252
Private Cause of Action, 252
PHRACK, 257
Prohibitions, 251
Storage, 256
Stored Communications Act, 253–56
Stored Communications Act Prima Facie Case, 253–54
Stored Communications Act Defenses, 255–56
Title I of the ECPA, 250
USA Patriot Act, 253
Using an Intercepted Communications, 251
Wiretap, 249
See also Cybercrimes, Electronic Communications Privacy Act
ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL
COMMERCE ACT
Generally, 107–08
Digital Signatures, 106–08
See also Uniform Electronic Transactions Act ESIGN, See Electronic
Signatures in Global and National Commerce Act E-SIGN, THE
ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL
COMMERCE ACT
Generally, 107–08
See also Uniform Electronic Transactions Act 480
E-SIGNATURE ACTS
Generally, 107–08
Authentication, 107
Consumer’s Mandatory Rules, 107–08
Digital Signatures, 107
Electronic Records, 107
Electronic Signatures, 107–10
Validity of E-Contracts, 107
Withdrawing Consent, 108
See also UETA
EUROPEAN CONSUMER LAW
Generally, 145–47
Mandatory Consumer Rules, 145
Unfair Contract Terms Directive, 146
See also Brussels Regulation, European Union, and Rome I Regulation
FALSE DESIGNATION OF ORIGIN
Generally, 372
FALSE ENDORSEMENT
Generally, 374
FEDERAL ANTIDILUTION
Generally, 363–72
Adopted Mark After Famous Mark, 368
Amended Federal Anti-Dilution Act, 368
Commercial Use, 368
Definition of Dilution, 376–68
Dilution by Blurring, 365–67
Dilution by Tarnishment, 367–68
Elements of Dilution under TDRA, 368
Famousness as Predicate, 368
Famous and Distinctive, 366
Likelihood of Dilution, 368
Moseley v. Victoria Secret Catalogue, Inc., 368
Test for Famousness, 366
Trademark Dilution Revision Act of 2006, 363–64
FEDERAL COMMUNICATIONS COMMISSION
Generally, 144–45
Broadband, 144–45

481
Communications Act of 1934, 144
Net Neutrality, 145
TCP/IP Architecture, 144
See also Net Neutrality
FEDERAL TRADE COMMISSION
Generally, 131–32
Advertising, 137
CANSPAM, 141–44
Chief Privacy Regulator, 208–09
Children’s Online Privacy Protection Act, 140
Consumer Privacy, 139–40
COPPA, 209–10
Deceptive Advertising Claims, 137–38
Fraudulent Internet Businesses, 132–37
Mandatory Website Disclosures, 139
Online Endorsements, 138–39
Website Disclosures, 139
See also CANSPAM, Children’s Online Privacy Protection Act (COPPA)
FIRST AMENDMENT IN CYBERSPACE
Generally, 281–86
Compelling Government Interest, 281
Content Neutral Speech, 282–83
Content Specific Regulations, 282
Declaratory Judgment, 281
Dial-a-Porn, 281
Dormant Commerce Clause, 281–82
Facial Attacks, 283–84
Falsification of Header Information, 285–86
Injunctive Relief, 281
Spam, 285
Unprotected Speech Categories, 284–86
GENERAL DATA PROTECTION DIRECTIVE
Generally, 220–24
Access to Personal Data, 223
Automatically Applicable, 221
Data Breaches & Notification, 222
Data Controllers, 225
Duty to Erase, 224–25

482

European Commission, 221

Erasure, 225
Expanded Jurisdictional Reach, 221–22
Independent National Data Protection Authorities, 223
Member States, 221
Notification to Data Protection Supervisors, 222
Reduction of Fragmentation, 221
Right to Be Forgotten, 223–28
Single Set of Privacy Rules, 222
Updating Data Protection Directive, 221
Withdraw Consent, 225
GENERAL JURISDICTION
Generally, 57–60
Continuous and Systematic Contacts Test, 58
Goodyear Dunlop Tires test, 58–59
Helicopteros Nacionales de Columbia Test, 58
Unrelated Actions, 57–58
See also Specific Jurisdiction, Minimum Contacts GIPC, See Global Internet
Policy Council GLOBAL CONSUMER LAW
Generally, 145–47
Brussels Regulation, 80–84
Mandatory EU Consumer Law, 146
Unfair Contract Terms Directive, 145
GLOBAL INTERNET POLICY COUNCIL
Generally, 39, 40
Displacing ICANN, 40
New ccTLDS, 40
New gTLDS, 40
Public Policies, 40
GLOBAL INTERNET SOLUTIONS
Generally, 38–39
Global Internet Council, 39–40
GLOBAL TRANSNATIONAL GOVERNANCE
Generally, 37–41
Co-Regulation, 39
Four Modalities, 42–43

483

Global Internet Council, 39–40

ICANN, 40
International Internet Council, 41
Lessig’s Code as Law, 30, 42
Mixed Model, 41–42
No Specific Oversight, 40–41
WICANN, 41–42
WGIG, 39–41
WSIS, 39
See also Decentralize Governance, Solum’s Internet Governance Theories,
Uniform Domain Name Resolution Policy, Voluntary Organizations,
Transnational Internet Governance, Working Group on Internet Governance
GOOGLE
Generally, 205–06
Google G-Mail Litigation, 205–06
Google Wallet, 206–08
GLBA, See Gramm/Leach/Bliley Act HISTORY OF THE INTERNET
Generally, 1–8
NSFNET, 8–13
IDEA SUBMISSION
Generally, 420
Nondisclosure Agreements, 418–20
INTENTIONAL INFLICTION OF EMOTIONAL DISTRESS
Generally, 161–63
Elements, 161
Extreme Distress, 161
Outrageousness, 161
Recklessness as a Predicate, 162
Section 46 of the Restatement (Second), 162
Standard of Extreme Distress, 162
Tort of Outrage, 162–63
INTERNATIONAL CYBERTORTS
Generally, 201

484

INTERNATIONAL INTERNET COUNCIL

Generally, 41
INTERNET ASSIGNED NUMBERS AUTHORITY
Generally, 6
See also, IANA
INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS
(ICANN) IANA, 6
See also Domain Names, Uniform Domain Name Resolution Policy
INTERNET ENGINEERING TASK FORCE
Generally, 24–25
INTERNET GOVERNANCE
Generally, 27–29
Internet Engineering Task Force, 24–25
Johnson and Post, 36–37
Libertarianism, 32, 33–37
Market-Based, 33
Transnational, 37–42
See also Benkler’s Wealth of Networks, Civil Society, Internet Law Theories,
Solum’s Internet Governance Theories, and Zittrain’s Generative Internet
INTERNET INTERMEDIARIES
Generally, 31
Danielle Keats Citron, 31
Data Aggregators, 31
Jacqueline Lipton, 31–32
Online Auctions, 31
Search Engines, 31
INTERNET LAW THEORIES
Generally, 27–49
Against Internet Law, 28–29
Decentralized Governance, 36
Generative Internet, 49
Self-Governing or Libertarianism, 33
Law, Code, Markets and Norms, 41–48
Transnational Governance, 37–42

485

Expectation Interest of Damages, 124–25

Express Warranties, 114–15
Factors for Material Breach, 118–19
Failure of Essential Purpose, 125–26
Fitness Warranties, 116–17
Formation Safe Harbor, 111
Implied Warranty of Merchantability, 115–16
Integration, 114
Liberation Formation, 111–12
Limitation of Remedies, 125
Liquidated Damages, 123–24
Manifestation of Assent, 111
Material Breach, 119–20
Merchantability, 115–16
Nondisclaimable Warranty for Hidden Defects, 118–19
Non-Infringement Warranties, 117–18
Opportunity to Review, 111
Parol Evidence Rule, 113
Preliminary Concerns, 110–11
Rolling Contracts, 111
Specific Performance, 125
Sphere of Application, 109–10
Systems Integration Warranty, 116–117
Warranty for Hidden Defects, 115–16
See also Browsewrap, Clickwrap, Shrinkwrap, European Consumer Law,
Uniform Computer Information Transaction Act, and Uniform Commercial
Code PRIVACY BASED CYBERTORTS
Generally, 189–91
Appropriation & Right of Publicity, 190–91
False Light, 191–92
Intrusion upon Seclusion, 189–90
Public Disclosure of Private Facts, 191
See also Cyberspace Privacy, CDA Section Cybertorts, Email Monitoring of
Employees, Federal Trade Commission, State Regulation of Online Privacy
PRODUCT LIABILITY
Generally, 198–201
Defective Information, 198–200
Definition of Products,

491

Economic Loss Rule, 200–01

Negligence, 192–93
Strict Liability, 198–99
See also CDA Section 230, Cybertorts
PROFESSIONAL STANDARDS
Generally, 196–97
PROTECT ACT OF 2003
Generally, 277–78
Exploitation of Children, 278
Overbreadth, 279
Pandering Provision, 278
Primary Producer, 278
Vagueness, 279
SEARCH ENGINES
Generally, 18
America Online, 18
Ask, 18
Bing, 18
WebCrawler, 18
WOW, 18
Yahoo!, 18
SPAM
Generally, 140–43
Federal Trade Commission, 131–32
See also CANSPAM, Children’s Online Privacy Protection Act SPECIFIC
JURISDICTION
Generally, 60–75
Emerging Case Law, 63–75
Gray Zone, 70–72
Passive Websites, 66–70
See also Brussels Regulation, Long-Arm Statute, Minimum Contacts, Effects
Test, and Zippo.com Test TCP/IP
Generally, 4–5
Internet Protocol, 4
Internet Routers, 5
Transmission Control Protocol, 4

492

TEXT MESSAGES,
See also CANSPAM
TORT OF OUTRAGE, See Intentional Infliction of Emotional Distress
TRADEMARK LAW
Generally, 337–40
Actual or Intent to Use Applications, 345
ACPA Elements & Claims, 376–77
Anticybersquatting Consumer Protection Act, 376, 374–80
Commercial use (and Keywords), 381–82
Contributory Trademark Infringement, 358–64
Descriptive, 346
Dilution by Blurring, 365–67
Dilution by Tarnishment, 367–71
Dilution Claims, 367–71
Direct Infringement, 355–58
Distention of Trademarks, 339–40
Distinctiveness Spectrum, 345–47
Domain Name, 349–50
Elements of Trademark Applications, 344–45
Fair Use (Trademarks), 372
False Advertising, 354
False Designation of Origin, 353–54, 372–74
False Endorsement, 354, 374
Famous or Distinctive Elements for Dilution, 362
Fanciful or Coined, 346
Federal Dilution Claims, 372
Federal Trademark Registration, 340–42
Functional Limits of Trademarks, 349
In Rem Jurisdiction, 378–80
Internet-Related Trademark Claims, 352–80
Keywords and Commercial Use, 382–84
Keyword Trademark Litigation, 380–81
Nominative Fair Use, 372
Non-Commercial Use, 372
Parodies, 372
Registration Advantages, 341–42
Secondary Trademark Infringement, 361–63
Service Mark, 348

493
493

Spectrum of Distinctiveness, 349–51

State Trademark Law, 343–44
TDRA, 353, 363–64
TDRA Defenses, 372
TDRA Remedies, 371–72
Ten Year Terms, 341
Use (Meaning of), 381–82
Vicarious Liability, 361–62
Website Trade Dress, 350–51
See also Anticybersquatting Consumer Protection Act, Trademarks in
Cyberspace, Trademark Dilution Revision Act TRADEMARK
DILUTION REVISION ACT OF 2006
Generally, 363–72
Blurring, 365–67
Tarnishment, 367–71
See also Cybersquatting, Domain Names
TRADE SECRETS
Generally, 413–15
Idea Submission Policies, 420
Internet-Related Misappropriation, 424–26
Nondisclosure Agreements, 418–19
Reasonable Means to Protect Security, 417–18
Restatement (First) of Torts § 757, 415, 423
State Law, 415
Trade Secrets in a Global Internet, 426–31
UTSA Defenses, 421–23
UTSA Misappropriation, 415–17
UTSA Remedies, 420–21
UTSA Secrecy, 416–17
See also Idea Submission
TRANSBORDER TORTS
Generally, 201
TRESPASS TO CHATTELS
Generally, 163
Bots as Trespassers, 165
Spam Email, 163–65
Spyware, 167

494

Trespass to Digital Information, 168–69

See also Cyberconversion, Business Torts, and Cybertorts UCITA, See
Uniform Computer Information Transaction Act UDRP, See Uniform
Dispute Resolution Policy UDRP PROVIDERS
Generally, 399–400
UETA, See Uniform Electronic Transactions Act UNIFORM DOMAIN
NAME RESOLUTION POLICY
Generally, 398–99
Liability of Registrars, 403–04
Registration, 400–03
Registrars, 400–03
Types of UDRP Cases, 404–10
UDRP Decisions, 404
UNIFORM ELECTRONIC TRANSACTIONS ACT
Affirmative Consent, 107
Authentication, 107
Consent, 107
Consumer Consent, 107–08
Disclosures, 107–08
Electronic Records, 106–07
Electronic Signatures, 108–09
NCCUSL, 106–07
Validating Signatures, 106–07
Writings, 106–07
See also E-Signature Act
UNIFORM TRADE SECRETS ACT
Generally, 415–22
Defenses, 421
First Amendment Defenses, 422
Reverse Engineering, 421
See also Trade Secrets
UTSA, See Uniform Trade Secret Act (UTSA) VOLUNTARY
ORGANIZATIONS
Generally, 23–25

495

Internet Engineering Task Force, 24–25

ISOC, 24–25
Open Systems Initiative, 23
WEALTH OF NETWORKS
Generally, 52–53
Economics-Based Governance, 52
Copyright Commons, 53
See also Benkler’s Wealth of Nations, Code as Law, Solum’s Internet
Governance Theories WEB
Generally, 20
Asynchronous Internet, 20
Collaborative, 20
Interactivity, 20
Passive Internet, 20
Semantic Web, 21
Synchronous Internet, 20
Web Ontology, 21
WEB 1.0, 2.0, & 3.0
Generally, 20
Asynchronous Internet, 20
Synchronous Internet, 20
Web 1.0, 20
Web 2.0, 20
Web 3.0, 21
WGIG MODELS
Generally, 37–41
International Internet Council, 41
Mixed Model, 41
No Specific Oversight, 41
Transnational Institutions, 37–42
See also Global Internet Council, Solum’s Internet Governance Theories,
WSIS
WGIG REPORT
Generally, 39–41
Global Internet Council, 39

496

WIKIPEDIA (WIKI)
Generally, 1
WORLD WIDE WEB APPLICATIONS
Generally, 18–9
Aldidko, 19
Apple, 19
Flixster, 19
Goodreads, 19
iHeart Radio, 19
iPad, 19
iPhone, 19
iTunes, 19
Instagram, 19
Kindle, 19
Netflix, 19
Pandora, 19
Powerramp, 19
Soundcloud, 19
Spotify, 19
Zeebox, 19
WORLD WIDE WEB CONSORTIUM
Generally, 21
OWL, 21
RDF, 21
XML, 21
See also WGIG Report, Solum’s Internet Governance Theories XML
Generally, 21
ZITTRAIN’S GENERATIVE INTERNET
Generally, 49–50
DRM Systems, 49
Generative Technologies, 49
iPod as Appliance, 49–50
See also, Law as Code, Solum’s Internet Governance Theories

Deed of Absolute Sale of A Motor Vehicle
67% (30)
Deed of Absolute Sale of A Motor Vehicle
1 page
Special Power of Attorney: Attorneys-in-Fact
100% (3)
Special Power of Attorney: Attorneys-in-Fact
1 page
Cyber Victimology New Chapter
No ratings yet
Cyber Victimology New Chapter
18 pages
People Vs Domasian
100% (3)
People Vs Domasian
2 pages
Macy's Class Action Complaint
No ratings yet
Macy's Class Action Complaint
78 pages
Bharathi Bus Ticket - 30.07.2022
No ratings yet
Bharathi Bus Ticket - 30.07.2022
1 page
Inam
100% (1)
Inam
4 pages
E Governance
No ratings yet
E Governance
23 pages
Act 1955 - Class
No ratings yet
Act 1955 - Class
40 pages
I. Certificate Course On Contract Drafting: Government Contracts
No ratings yet
I. Certificate Course On Contract Drafting: Government Contracts
1 page
Land Law
No ratings yet
Land Law
17 pages
Sachin Jain Petition
No ratings yet
Sachin Jain Petition
65 pages
Lago Vs Abul, Digest, Law, Case
No ratings yet
Lago Vs Abul, Digest, Law, Case
2 pages
Legal Audit
No ratings yet
Legal Audit
4 pages
Opposition Def Ex Parte Altamirano
No ratings yet
Opposition Def Ex Parte Altamirano
4 pages
Cathy Woods Files Lawsuit Against City of Reno, Washoe County
No ratings yet
Cathy Woods Files Lawsuit Against City of Reno, Washoe County
34 pages
Bank Fraud and Its Solutions
No ratings yet
Bank Fraud and Its Solutions
19 pages
Alvarez V IAC
No ratings yet
Alvarez V IAC
2 pages
Order Striking Pleadings
No ratings yet
Order Striking Pleadings
29 pages
Characteristics of A Simple Contract
100% (3)
Characteristics of A Simple Contract
3 pages
Legal Ethics Digest
No ratings yet
Legal Ethics Digest
3 pages
13-Bail Application Sample
No ratings yet
13-Bail Application Sample
3 pages
EVCC Application Form - Further Information
No ratings yet
EVCC Application Form - Further Information
3 pages
2 Cases Digesting
No ratings yet
2 Cases Digesting
35 pages
History of Equity
100% (1)
History of Equity
3 pages
3rd Moot Final
No ratings yet
3rd Moot Final
3 pages
Civil Law: Questions and Suggested Answers
100% (1)
Civil Law: Questions and Suggested Answers
274 pages
(G.R. No. 211837. March 16, 2022) The Real Bank Vs Dalmacio
No ratings yet
(G.R. No. 211837. March 16, 2022) The Real Bank Vs Dalmacio
23 pages
Human Rights Study Material
No ratings yet
Human Rights Study Material
14 pages
4 5922573422293944567
No ratings yet
4 5922573422293944567
147 pages
CM For Additional Documents
100% (1)
CM For Additional Documents
6 pages
Case of Sabalic v. Croatia
No ratings yet
Case of Sabalic v. Croatia
38 pages
One Pass v. Weisser Distributing - Complaint
100% (1)
One Pass v. Weisser Distributing - Complaint
18 pages
Glycerin
No ratings yet
Glycerin
4 pages
Wyoming LLC Statutes
100% (2)
Wyoming LLC Statutes
34 pages
Civil Law Bar Q 2003
No ratings yet
Civil Law Bar Q 2003
4 pages
Katz v. United States
No ratings yet
Katz v. United States
1 page
(Regulatory Framework For Business Transactions) : Partnership
No ratings yet
(Regulatory Framework For Business Transactions) : Partnership
10 pages

Global Internet Law in A Nutshell (PDFDrive)

Uploaded by

Global Internet Law in A Nutshell (PDFDrive)

Uploaded by

WEST

GLOBAL INTERNET LAW

As e-businesses use the border-defying Internet, they will increasingly become

systematic examination of UCITA, the Principles of the Law of Software

Chapter 3. Global Internet Jurisdiction

(4) Scrollwrap & Sign-in-Wrap

(4) Non-Infringement Warranties

Chapter 5. Consumer Law in Cyberspace

§ 6-2. Intentional Cybertorts Against the Person

(D) Computer Professional Negligence

(2) Automatically Applicable Regulation

(B) CFAA’s Civil Liability

§ 8-6. Other Internet-Related Criminal Statutes

(E) Categories of Unprotected Speech

(2) Vicarious Infringement

(E) Takedown and Putback Cases

(E) The Spectrum of Distinctiveness

§ 11-9. Keyword Trademark Litigation

§ 11-16. Types of UDRP Cases

Chapter 13. Patent Law and the Internet

(D) The Supreme Court’s Patent Cases

1-800 Contacts, Inc. v. WhenU.com, Inc.----------------------------------384

Berkson v. Gogo LLC----------------------------------99, 102

Domain Vault LLC v. Bush----------------------------------366

Gucci America, Inc. v. Hall & Assocs.----------------------------------360

Lenz v. Universal Music Corp.----------------------------------327

Network Automation, Inc. v. Advanced Systems Concepts, Inc.---------------------

Renton, City of v. Playtime Theatre----------------------------------283

Warehouse Solutions v. Integrated Logistics (ILL)---------------------------------

18 U.S.C. § 2510(12)----------------------------------------249, 250

Restatement (Second) of Torts § 402(A)(1)-----------------199

Aikins, Matthieu, Jamming Tripoli, Wired (June 2012)-------------------------------

Campagna, Mark V., Understanding Patent Reforms in the Context of Litigation

Albert, Jr. an AIPLA, Intellectual Property in Cyberspace (2d ed. 2011)-----------

Forgotten” in Big Data Practice, 8 Scripted 229 (2011)-------------------------------

Principles of the Law of Software Contracts (2010)---------------------------------

Solum, Lawrence, Models of Internet Governance, Chapter 2 in Models of

Wu, Tim, Application-Centered Internet Analysis, 85 Va. L. Rev. 1163 (1999)---

GLOBAL INTERNET LAW

Worldwide Web is a moving stream, not a stagnant pond.

§ 1-1. The History & Technologies of the Internet

applications, and critical infrastructure for businesses, nonprofits, and

WILLIAM GIBSON, NEUROMANCER 67 (1984).

could survive a nuclear war. ARPANET, which was proposed by President

Internet. A turning point occurred when computer scientists at the University

Within a decade, the computer scientists of the U.S. Department of Defense’s

§ 1-2. Internet Technologies Demystified

(A) HUBS OR IXPS

Symmetrical Digital Subscriber Line (SDSL) is a broadband application with

billion, up from 6.9 billion in 2013. Smartphones accounted for 88 percent of

§ 1-3. Web 1.0, 2.0 & 3.0

(C) WEB 3.0’s ONTOLOGY

enabling “mobile, virtual, and instantaneous connection” controlling

§ 1-4. Setting Standards Through Voluntary Organizations

(B) INTERNET ENGINEERING TASK FORCE

§ 1-5. The Future of the Internet

§ 2-1. Overview of Cyberlaw

JACQUELINE LIPTON, RETHINKING CYBERLAW: A NEW VISION FOR INTERNET

there was no need to develop a specialized Internet law.

Internet theories of governance classically have not focused on intermediate or

§ 2-2. Self-Governing or Libertarian Governance

speech or expression. China’s “great firewall” screens out information

Foucault in Cyberspace: Surveillance, Sovereignty and Hardwired Censors,

§ 2-3. Transnational Governance

the Uniform Domain-Name Dispute-Resolution Policy (UDRP), which gives

WGIG posited four alternatives for international Internet governance that

arbitration, policy setting, regulation, and day-to-day operational management

The “no specific oversight” alternative is a second UN-anchored governance

more democratic oversight of ICANN to resolve current domain name

WGIG’s third alternative is a multilateral International Internet Council (IIC)

mechanism to displace today’s piecemeal and decentralized Internet

enables a culture of collaboration and sharing. Lawrence Lessig also notes

informal norms, as well as industry standards. Under Lessig’s model of “code

The functions of architecture or real-space code are not a matter of

pornography could have unanticipated consequences for sexters.

§ 2-5. Why National Regulation Still Matters