Global Internet Law in A Nutshell (PDFDrive)
Global Internet Law in A Nutshell (PDFDrive)
ACADEMIC PUBLISHING’S
LAW SCHOOL ADVISORY BOARD
____________
JESSE H. CHOPER
Professor of Law and Dean Emeritus,
University of California, Berkeley JOSHUA DRESSLER
Distinguished University Professor, Frank R. Strong Chair in Law
Michael E. Moritz College of Law, The Ohio State University YALE
KAMISAR
Professor of Law Emeritus, University of San Diego
Professor of Law Emeritus, University of Michigan MARY KAY KANE
Professor of Law, Chancellor and Dean Emeritus,
University of California,
Hastings College of the Law LARRY D. KRAMER
President, William and Flora Hewlett Foundation JONATHAN R. MACEY
Professor of Law, Yale Law School ARTHUR R. MILLER
University Professor, New York University
Formerly Bruce Bromley Professor of Law, Harvard University GRANT S.
NELSON
Professor of Law, Pepperdine University
Professor of Law Emeritus, University of California, Los Angeles A.
BENJAMIN SPENCER
Earle K. Shawe Professor of Law,
University of Virginia School of Law JAMES J. WHITE
Robert A. Sullivan Professor of Law Emeritus,
University of Michigan
I
IN A NUTSHELL®
THIRD EDITION
MICHAEL L. RUSTAD
Thomas F. Lambert Jr. Professor of Law &
Co-Director Intellectual Property Law Concentration
Suffolk University Law School
II
The publisher is not engaged in rendering legal or other professional advice, and
this publication is not a substitute for the advice of an attorney. If you require
legal or other expert advice, you should seek the services of a competent
attorney or other professional.
Nutshell Series, In a Nutshell and the Nutshell Logo are trademarks registered in
the U.S. Patent and Trademark Office.
© 2009 Thomson Reuters
© 2013 LEG, Inc. d/b/a West Academic Publishing © 2016 LEG, Inc. d/b/a
West Academic
444 Cedar Street, Suite 700
St. Paul, MN 55101
1-877-888-1330
West, West Academic Publishing, and West Academic are trademarks of West
Publishing Corporation, used under license.
Printed in the United States of America ISBN: 978-1-63459-684-8
III
PREFACE
____________
The Internet has transformed every branch of procedural and substantive law
and thus every lawyer needs a basic understanding of Internet Law. For those
lawyers, law students, policymakers, and members of the business community
who are or will be involved in e-commerce, information security, or high
technology law, it is important to have some basic understanding of the relevant
cases and statutes relevant to Internet Law. This Third Edition, like the early
editions, distills the main contours of settled Internet law as well as areas that are
still evolving. The book focused upon the legal rules that govern the
development of U.S. law but nearly every chapter also covers foreign and
international law developments. The goal is to provide the reader with a succinct
exposition of basic concepts and method for each procedural and substantive
branch of law including foreign and international law developments. This Third
Edition of the Global Internet Nutshell covers global developments such as the
European Union’s right to be forgotten in the proposed General Data Protection
Regulation mandatory EU consumer law, as well as international intellectual
property decisions. One of the central themes of the book is that lawyers of the
twenty-first century must master global Internet law developments to represent
online businesses in a cross-border legal environment.
IV
ACKNOWLEDGMENTS
(THIRD EDITION)
____________
Great thanks are due to Suffolk University Law School’s reference librarians
Diane D’Angelo and Rick Buckingham. I greatly appreciate the editorial and
research of Suffolk University Law School research assistants Eunice D Aikins-
Afful, John H. Brainard, Matthew Carey, Samantha Lynne Cannon, Krista Fales,
Jeremy Kennelly, Darcy Kohls, Emily Lacy, Patrick Nichols, Nicole Maruzzi,
Harel Talasazan, Gamze Yalcin, and Elmira Cancan Zenger. I appreciate editing
by Keyur Parikh, a Patent Agent and Principal Software Engineer, a candidate
for the J.D. from Suffolk University Law School, Class of 2018. Rick
Buckingham and Diane D’Angelo provided me with expert assistance and
resources for Global Internet Law. Finally, as always, I appreciate the editorial
work and good company of my wife, Chryss J. Knowles.
IX
OUTLINE
____________
PREFACE
ACKNOWLEDGMENTS (THIRD EDITION)
TABLE OF CASES
TABLE OF STATUTES
TABLE OF AUTHORITIES
Chapter 1. Overview of the Global Internet
§ 1-1. The History & Technologies of the Internet
(A) History of the World Wide Web
(B) NSFNET
§ 1-2. Internet Technologies Demystified
(A) Hubs or IXPs
(B) Bridges
(C) Gateways
(D) Routers
(E) Repeaters
(F) Cable Modems
(G) Bandwidth
(H) DSL
(I) Search Engines
(J) Mobile Devices & Applications
§ 1-3. Web 1.0, 2.0 & 3.0
(A) The Asynchronous Internet
(B) The Synchronous Internet
(C) Web 3.0’s Ontology
§ 1-4. Setting Standards Through Voluntary Organizations
(A) Open Systems Initiative
(B) Internet Engineering Task Force
X
X
(C) ISOC
§ 1-5. The Future of the Internet
Chapter 2. Perspectives on Global Internet Governance
§ 2-1. Overview of Cyberlaw
(A) Against Internet Law
(B) Defense of Internet Law
§ 2-2. Self-Governing or Libertarian Governance
(A) Libertarian Manifesto
(B) Decentralized Governance
§ 2-3. Transnational Governance
(A) Co-Regulation of the Internet
(B) Un-Anchored WGIG Models
(1) Global Internet Council
(2) No Specific Oversight
(3) International Internet Council
(4) Mixed Model
§ 2-4. Law, Code, Markets, & Norms
(A) Internet-Related Law
(B) Code as Internet Law
(C) Norms as Internet Law
(D) Markets as Internet Law
(E) The Generative Internet
§ 2-5. Why National Regulation Still Matters
(A) Local Governance
(B) National Regulation
§ 2-6. The Wealth of Networks
(A) Economics-Based Governance
(B) Copyright Commons
XI
XII
XIII
XIV
XV
XVI
(3) Publishers & Conduits or Distributors
(4) Single Publication Rule
(5) State Action
(6) John Doe Subpoenas
(D) Defamation Defenses
(1) Public Official
(2) General Purpose Public Figure
(3) Limited Purpose Public Figure
(4) Liability Standard for Private Persons
(5) Truth as a Complete Defense
(6) Privileges and Qualified Privileges
(7) Anti-SLAPP Suit Statutes
(8) Retraction Statutes
(E) Privacy Based Cybertorts
(1) Intrusion upon Seclusion
(2) Appropriation & Right of Publicity
(3) Public Disclosure of Private Fact
(4) False Light
§ 6-5. Negligence Based Actions
(A) Internet Related Negligence
(1) Elements of Internet-Related Negligence
(B) Negligent Enablement
(C) Negligence Per Se
XVII
XVIII
XIX
XX
XXI
XXII
XXIII
XXIV
XXV
XXVI
XXVII
XXVIII
TABLE OF CASES
References are to Pages
____________
XXX
XXXI
XXXII
XXXIV
XXXV
XXXVI
TABLE OF STATUTES
References are to Pages
____________
15 U.S.C. § 43(a)---------------------------------------------------351
15 U.S.C. § 45-------------------------------------------------------137
15 U.S.C. § 45(a)---------------------------------------------------131
15 U.S.C. § 101(C)-------------------------------------------------107
15 U.S.C. § 1051----------------------------------------------340, 385
15 U.S.C. §§ 1051 et seq.----------------------------------------341
15 U.S.C. § 1052(e)(5)--------------------------------------------349
15 U.S.C. § 1054----------------------------------------------------345
15 U.S.C. § 1114----------------------------------------------------356
15 U.S.C. § 1114(1)------------------------------------------------352
15 U.S.C. § 1114(1)(a)--------------------------------------339, 355
15 U.S.C. § 1114(2)(D)(iii)---------------------------------------403
15 U.S.C. § 1114(2)(D)(iv)--------------------------365, 399, 404
15 U.S.C. § 1114(2)(D)(v)----------------------------------397, 398
15 U.S.C. § 1115(b)------------------------------------------------357
15 U.S.C. § 1115(b)(4)--------------------------------------------390
15 U.S.C. § 1117(d)------------------------------------------358, 380
15 U.S.C. § 1125(a)------------------------------------------355, 394
15 U.S.C. § 1125(a)(1)(A)----------------------------------353, 374
15 U.S.C. § 1125(a)(1)(B)----------------------------------------354
15 U.S.C. § 1125(c)----------------------------353, 359, 364, 367
15 U.S.C. § 1125(c)(1)-------------------363, 364, 367, 368, 372
15 U.S.C. § 1125(c)(2)---------------------------------------------371
15 U.S.C. § 1125(c)(2)(A)----------------------------------363, 370
15 U.S.C. § 1125(c)(2)(B)----------------------------------365, 369
15 U.S.C. § 1125(c)(2)(B)(i)-------------------------------------370
15 U.S.C. § 1125(c)(2)(C)----------------------------------365, 367
15 U.S.C. § 1125(c)(3)(A)----------------------------------------372
15 U.S.C. § 1125(c)(3)(A)(i)-------------------------------------372
15 U.S.C. § 1125(c)(3)(A)(ii)------------------------------------372
15 U.S.C. § 1125(d)----------------------------354, 374, 375, 376
15 U.S.C. § 1125(d)(1)(B)----------------------------------------377
15 U.S.C. § 1125(d)(1)(B)(ii)------------------------------------377
15 U.S.C. § 1125(d)(1)(C)----------------------------------------376
XXXVIII
15 U.S.C. § 1125(d)(2)(A)----------------------------------------378
15 U.S.C. § 1125(d)(2)(B)----------------------------------------378
15 U.S.C. § 1127--------------------------------339, 342, 348, 368
15 U.S.C. §§ 1681 et seq.----------------------------------------131
15 U.S.C. § 6501----------------------------------------------140, 209
15 U.S.C. §§ 7701–7713------------------------------------------141
15 U.S.C. § 7704(a)(1)--------------------------------------------143
15 U.S.C. § 7707(b)(2)(A)----------------------------------------163
17 U.S.C. § 101-----------------------------------------------295, 299
17 U.S.C. § 102----------------------------------------294, 443, 444
17 U.S.C. § 102(a)--------------------------------------------------293
17 U.S.C. § 106-----------------------------------------------302, 333
17 U.S.C. § 106(1)--------------------------------------------------298
17 U.S.C. § 107-----------------------------------------------298, 299
17 U.S.C. § 116-----------------------------------------------------293
17 U.S.C. § 117-----------------------------------------------------296
17 U.S.C. § 401(d)-------------------------------------------------301
17 U.S.C. § 407-----------------------------------------------------300
17 U.S.C. § 512---------------------------------308, 316, 320, 323
17 U.S.C. § 512(a)------------------------------306, 320, 321, 324
17 U.S.C. § 512(a)–(d)--------------------------------------------320
17 U.S.C. § 512(b)–(d)--------------------------------------321, 322
17 U.S.C. § 512(c)--------------------------------------------309, 324
17 U.S.C. § 512(c)(1)----------------------------------------------322
17 U.S.C. § 512(c)(3)----------------------------------------323, 329
17 U.S.C. § 512(c)(3)(A)------------------------------------------324
17 U.S.C. § 512(d)-------------------------------------------------327
17 U.S.C. § 512(f)--------------------------------------------------328
17 U.S.C. § 512(f)(1)–(f)(2)--------------------------------------325
17 U.S.C. § 512(f)(2)-----------------------------------------------326
17 U.S.C. § 512(g)--------------------------------------------------328
17 U.S.C. § 512(g)(2)(B)------------------------------------------326
17 U.S.C. § 512(g)(2)(C)------------------------------------------326
17 U.S.C. § 512(g)(3)(C)------------------------------------------326
17 U.S.C. § 512(h)-------------------------------------------329, 330
17 U.S.C. § 512(k)(1)(B)------------------------------------------322
17 U.S.C. §§ 1201 et seq.----------------------------------315, 318
17 U.S.C. § 1201(a)(1)(A)----------------------------------------318
17 U.S.C. § 1201(a)(2)--------------------------------------------319
17 U.S.C. § 1201(a)(3)(A)----------------------------------------318
17 U.S.C. § 1201(a)(3)(B)----------------------------------------318
17 U.S.C. § 1201(b)(2)(B)----------------------------------------318
XXXIX
17 U.S.C. § 1203----------------------------------------------------315
17 U.S.C. § 1203(b)(1)--------------------------------------------316
17 U.S.C. § 1204----------------------------------------------------315
18 U.S.C. § 2---------------------------------------------------------265
18 U.S.C. § 875(c)--------------------------------------------266, 267
18 U.S.C. § 1028(a)------------------------------------------------264
18 U.S.C. § 1028A-------------------------------------------------264
18 U.S.C. § 1029----------------------------------------------243, 264
18 U.S.C. § 1029(a)(E)--------------------------------------------265
18 U.S.C. § 1029(c)(1)(A)(I)-------------------------------------265
18 U.S.C. § 1029(e)(2)--------------------------------------------265
18 U.S.C. § 1029(e)(3)--------------------------------------------265
18 U.S.C. § 1030----------------------------------------------------235
18 U.S.C. § 1030(a)------------------------------------------------235
18 U.S.C. § 1030(a)(1)-------------------------------236, 237, 264
18 U.S.C. § 1030(a)(2)--------------------------------------236, 238
18 U.S.C. § 1030(a)(2)(C)----------------------------------235, 236
18 U.S.C. § 1030(a)(2)(C)(2)------------------------------------235
18 U.S.C. § 1030(a)(3)-------------------------------235, 236, 238
18 U.S.C. § 1030(a)(4)-------------------------------235, 237, 238
18 U.S.C. § 1030(a)(5)--------------------------------------236, 238
18 U.S.C. § 1030(a)(5)(A)----------------------------------------241
18 U.S.C. § 1030(a)(5)(A)(I)-------------------------------------236
18 U.S.C. § 1030(a)(5)(B)----------------------------------238, 242
18 U.S.C. § 1030(a)(5)(B)–(a)(5)(C)---------------------------235
18 U.S.C. § 1030(a)(5)(C)----------------------------------239, 242
18 U.S.C. § 1030(a)(6)--------------------------------------237, 239
18 U.S.C. § 1030(a)(7)--------------------------------------237, 239
18 U.S.C. § 1030(c)(4)(A)(i)(I)----------------------------------244
18 U.S.C. § 1030(e)(8)--------------------------------------------244
18 U.S.C. § 1030(e)(11)-------------------------------------------244
18 U.S.C. § 1030(g)-----------------------------------237, 244, 247
18 U.S.C. § 1040(e)(6)--------------------------------------------236
18 U.S.C. § 1831----------------------------------------------------430
18 U.S.C. § 1832----------------------------------------------------431
18 U.S.C. § 1839(3)(A)--------------------------------------------413
18 U.S.C. § 2252(a)------------------------------------------------288
18 U.S.C. § 2252A(a)(2)------------------------------------------287
18 U.S.C. § 2252A(a)(3)(B)--------------------------------------278
18 U.S.C. § 2257----------------------------------------------------287
18 U.S.C. § 2257(b)(1)---------------------------------------------278
18 U.S.C. § 2510(5)------------------------------------------------254
XL
XLI
TABLE OF AUTHORITIES
References are to Pages
____________
XLIV
XLIV
XLV
XLVI
XLVII
XLVIII
XLIX
IN A NUTSHELL®
THIRD EDITION
1
CHAPTER 1
OVERVIEW OF THE GLOBAL INTERNET
In our contemporary lives, we take for granted the unfathomable scale of the
Internet and how it affects everyday life. In early 2015, there were an estimated
876,812,666 websites. The exact size of the Internet is unknown and
unknowable as the virtual universe is continuously expanding. Google Book
alone, with its 130 million digital books, is the equivalent of a virtual treasure
trove of information with it colossal collection of digitalized books from library
collections all over the world.
By early 2015, Wikipedia has 8,524,715 visits per hour and 4,882,558 articles.
Flickr users add five million images each day or sixty photographs a second.
Netflix announced that it had streamed ten billion hours of content in the first
quarter of 2015 alone. “In just a single minute on the web, 216,000 photos are
shared on Instagram; a total of £54,000 ($83,000) sales take place on Amazon;
there are 1.8 million likes on Facebook and three days’ worth of video is
uploaded to YouTube.” Victoria Woollston, Reveal What Happens in One
Minute on the Internet: 216,000 Photos Posted, 278,000 Tweets, and 1.8 Million
Facebook’s Likes, DAILY MAIL (July 30, 2013). As of October 2015, 571
websites go online every minute with a total of 300,316,879 new websites each
year. The virtual universe of the
inevitably transform the law in profound ways. The Internet has made it
necessary to rework every branch of the law, and these ongoing changes will be
examined in this book.
by a TCP layer that reassembles the packets into the original message. The
lower layer, Internet Protocol, handles the address part of each packet so that it
gets to the right destination.” Margaret Rouse, TCP/IP, TECHTARGET.COM (2015).
TCP/IP enables messages to be broken into smaller packets. Routing is
choosing the most efficient path in the network of computers; each packet has
routing information that enables it to reach its ultimate destination. When the
packets leave a personal computer, smartphone or other device connected to the
computer they are transmitted through the network and may start “off in
different directions taking the least busy path at that instant. A machine called a
‘Router’ works out which is the next fastest connection and sends each packet on
its way. During the course of its journey, a packet will travel through many
routers, possibly in many different countries.” Teach, ICT, What is Packet
Switching?
Paul Baran invented packet switching, which, is a communications method
that breaks down all data into packets transmitted via a medium that may be
shared by multiple simultaneous communication sessions. “Baran coined the
term ‘message over shared and distributed networks. Later in the DOD’s
ARPANET which evolved into the Internet.” Bob Brown, Paul Baran, Internet
and Packet Switching Pioneer is Mourned NETWORK WORLD (March 27, 2011).
Packets consist of headers and payloads and are “transmitted individually and
can even follow
different routes to its destination. Once all the packets forming a message
arrive at the destination, they are recompiled into the original message.” Vangie
Bear, Packet Switching, WEBOPEDIA. It is the job of the receiving computer to
reassemble the packets. Every computer connected to the Internet has an Internet
Protocol Address or IP address, which is the unique number assigned to every
computer connected to the Internet. IP addresses are formatted as a 32-bit
numeric address written as four numbers separated by periods, and is evolving
into a newer standard called IPv6, a 128-bit, six-digit standard developed to
accommodate the pace of the Internet’s quick growth.
The Internet Assigned Numbers Authority (IANA) manages the IP address
system. IANA, What is My IP Address? IANA, a U.S. based organization
assigns and allocates IP addresses worldwide. No one used the term, “Internet,”
prior to the early 1980s. The word, “cyberspace,” was coined by William Gibson
in his 1984 science fiction classic, Neuromancer, which was the story of a
computer hacker for hire planning the ultimate computer intrusion:
Cyberspace. A consensual hallucination experienced daily by billions of
legitimate operators, in every nation, by children being taught mathematical
concepts…. A graphic representation of data abstracted from the banks of
every computer in the human system. Unthinkable complexity. Lines of
light ranged in the nonspace of the mind, clusters and constellations of data.
Like city lights, receding.
and share data. The retiring of the ARPANET and its transfer to the NSFNET
was significant in creating the open Internet:
The NSFNET was soon connected to the CSNET, which linked
Universities around North America, and then to the EUnet, which
connected research facilities in Europe. Thanks in part to the NSF’s
enlightened management, and fueled by the popularity of the web, the use
of the Internet exploded after 1990. LivingInternet.com, The History of
the Internet (2015).
The first four computers connected to the Internet were located at the
University of California-Santa Barbara, Stanford University, UCLA, and in
Utah. By 1977, ARPANET’s network of interconnected computers expanded to
111 computers spanning the United States. Satellite links enabled ARPANET to
connect computers in all forty-eight continental states, Hawaii, and Europe. The
First Internet Connection Crashed the Internet, MOTHERBOARD (Mar. 30, 2012).
In 1981, the Internet consisted of 300 computers and by 1985; the Internet
consisted of 2,000 connected computers. As late as 1989, that number stood at
fewer than 90,000 computers. ARPANET and U.S. Department of Defense
contractors developed the Tier One (T1) backbone for the Internet, which were
the principal data routes in the Internet’s formative period.
Few people outside of the military and educational institutions used e-mail or
electronic bulletin boards during the formative years of the
10
11
the Internet. By 2000, nearly every state adopted the Uniform Electronic
Transactions Act, a statute that treats digital signatures with the same legal force
as traditional pen signatures.
Domain name governance was once solely the province of the United States
government, which appointed the National Science Foundation (NSF) to
supervise the domain name registration system until May 1993 when Network
Solutions, Inc. (NSI) was charged with administering of the domain name
registry under a sub-contract with the U.S. Defense Information Systems Agency
(DISA). The Internet Corporation for Assigned Names and Numbers (ICANN)
currently controls the “domain name system” (DNS).
In September 1998, when NSF’s agreement with NSI expired, the number of
registered domain names surpassed 2 million. Today, there are over 2.5 billion
Internet users. The current “Internet Protocol version 4” (IPv4) has the capacity
to support 4.2 billion addresses. Each computer assigned to the Internet has a
unique IPv4 address and thus it is a critically important element of Internet
infrastructure. This address space will be greatly expanded by IPv6 to space for
an estimated trillion addresses. Veni Markovski describes the differences
between IPv4 and IPv6 as comparing a tennis ball to the sun. Veni Markovski,
ICANN, Vice President for Russia, CIS and Eastern Europe, Remarks at The
Geopolitics of Internet Governance, Center for Strategic & International Studies
(May 23, 2013).
12
13
Tim Berners-Lee created the three most important technologies enabling the
Internet to be user-friendly:
HTML: HyperText Markup Language. The publishing format for the Web,
including the ability to format documents and link to other documents and
resources.
URI: Uniform Resource Identifier. A kind of “address” that is unique to each
resource on the Web.
HTTP: Hypertext Transfer Protocol. Allows for the retrieval of linked
resources from across the Web.
World Wide Web Foundation, History of The Web (2015).
14
15
(B) BRIDGES
A bridge is an intelligent connectivity device connecting computers on a Local
Area Network (LAN) and World Area Network (WANS). A bridge examines
each message on a LAN, sorting and forwarding messages between LANS and
WANS.
(C) GATEWAYS
A gateway is the network point that acts as an entrance into another network
and typically includes a firewall designed to block out unrecognized Internet
protocols. Firewalls authenticate data and identify users, preventing intruders
from intercepting data or planting viruses. The proxy server, or application
gateway, runs on the firewall. Application gateways employ authentication and
logging tailored for whether high security is required as for the military,
banking, or the healthcare industry.
(D) ROUTERS
The Internet is essentially a collection of communication networks
interconnected by bridges and/or routers. A router is hardware that essentially
routes, or guides, computer traffic along a network. Cisco Systems is a leading
producer of routers, which are intelligent devices conjoining routed data over
many networks. The packet switching system allows efficient traffic control on
the network.
16
(E) REPEATERS
Wireless repeaters amplify a signal once it loses strength or is attenuated as it
is transmitted along a cable network. This repeater takes a signal from a router or
access point and rebroadcasts it, creating what is, in effect, a second network.
Repeaters remove noise and solve the problem of attenuation caused by cable
loss. Wireless repeaters are frequently used in “hot spots” to improve signal
range and strength. In a home wireless network, repeaters help extend a signal
across a wider area.
(F) CABLE MODEMS
By the early 1990s, telephone access to the Internet was largely displaced by
DSL and broadband. Today Internet users access the Internet using three
methods: (1) by smartphones, (2) Wi-Fi, and (3) a broadband connection.
Smartphones enable consumers to make phone calls, send text messages, send e-
mails, surf the Internet, navigate using GPS, and play media files. In 1999, the
Internet was able to transmit at a speed of 2.5 Gbps. Less than a decade later,
software engineers beta tested transmission speeds of more than 10 billion bits
per second (10 Gbps). By early 2015, Bell Labs measured a prototype’s
frequency range for data transmission of 106 MHz, enabling broadband speeds
up to 500 Mbps over a distance of 100 meters.
17
(G) BANDWIDTH
Bandwidth is the bit-rate of available or consumed information capacity with a
measurement unit as bits per second (bps). High bandwidth is required for fast
transmission on the Internet. To place bandwidth in perspective, the first
modems developed in 1958 had a capacity of only 300 bps. Modern modems,
using standard telephone lines, have the capacity to transmit data at up to 56
thousand bits per second, or 56 Kbps. A date rate of 1000 bps is equal to 1 Kbps.
In 2010, the Federal Communication Commission (FCC) classified broadband
speeds ranging from 200 Kbps, or 200,000 bits per second, to six Mbps, or
6,000,000 bits per second. In 2015, the FCC updated its broadband threshold to
25 megabits per second (Mbps). XFINITY offers a 505 Mbps using a fiber-
based service.
(H) DSL
Digital Subscriber Lines (DSL) enables high-speed data transmission of digital
data over traditional copper telephone wire. DSL incorporates an uninterrupted,
high-speed connection directly to an Internet Service Provider (ISP).
Asymmetrical Digital Subscriber Line (ADSL) is broadband and used
principally for residential users and applications. ADSL enables faster
downstream data transmission over the same line used to provide voice service
without disrupting regular telephone calls using that line.
18
19
20
21
22
23
24
25
ISOC’s focus is on connecting the world, collaborating with others, and
advocating for equal access to the Internet.” ISOC works on issues such as
access, privacy, Internet exchange points or hubs, children and the Internet, net
neutrality, spam, domain names, and open network standards. The organization
provides insurance coverage for those involved in the IETF standards-setting
groups. On February 2015, the Federal Communications Commission endorsed
net neutrality in its decision to reclassify broadband Internet services as
communications services under Title II of the Communications Act of 1934.
Lydia Beyoud, Net Neutrality Bill, BLOOMBERG BNA: ELECTRONIC COMMERCE &
LAW REPORT (Mar. 16, 2015).
26
The Internet Society contends that the revolutionary openness of the Net has
been its secret of success:
The Internet has changed the world. Open access to the Internet has
revolutionized the way individuals communicate and collaborate,
entrepreneurs and corporations conduct business, and governments and
citizens interact. At the same time, the Internet established a revolutionary
open model for its own development and governance, encompassing all
stakeholders. The development of the Internet relied critically on
establishing an open process. Fundamentally, the Internet is a ‘network of
networks’ whose protocols are designed to allow networks to interoperate.
To date, most law school classes concerning the Internet spend a
disproportionate amount of time on U.S. cases and statutory developments to the
exclusion of global and foreign-law developments. This nutshell presents leading
U.S. cases and statutory developments but also includes an analysis of foreign
law developments at the end of each chapter. Chapter 7, for example will
examine the consequences of ubiquitous computing on privacy covering topics
such as the proposed General Data Protection Regulation. Chapter 2 examines
the problems of governance and how multi-stakeholder models have evolved to
create today’s open Internet. The path of Global Internet law will be explored in
the chapters ahead.
27
CHAPTER 2
PERSPECTIVES ON GLOBAL INTERNET GOVERNANCE
28
29
30
norms, and architecture. In Code and Other Laws of Cyberspace, Version 2.0,
Lessig gives the example of how code results in a more regulable cyberspace.
Lawrence Lessig, Code and Other Laws of Cyberspace, Version 2.0 (2006). He
also notes how privacy traditionally had physical limitations and high costs in
monitoring behavior.
Lawrence Lessig explains the significance of architecture in firming up the
rights of the disabled in the physical world; the disabled had no rights until the
law intervened; because norms were ineffective. Lawrence Lessig, Code and
Other Laws of Cyberspace, Version 2.0 (2006) at 2. While the market provided
goods to help the disabled, “they bear the full costs.” Lessig, a founding father of
the Berkman Center at Harvard University, contends that Internet law
illuminates the entire legal landscape, offering new perspectives on topics such
as intellectual property, globalization, private regulation, and Internet
governance. Cyberlaw is not just about statutes or cases but also encompasses
the architecture of the Internet, informal norms, as well as industry standards.
Lessig identified four modalities of Internet regulation: law, norms, markets,
and software architecture. LAWRENCE LESSIG, CODE AND OTHER LAWS OF
CYBERSPACE (1999). The functions of architecture or real-space code are not a
matter of technological necessity but rather a human-created mechanism for
controlling the Internet. Lessig’s contribution to Internet law was his
conceptualization of code as law: “We can build, or architect, or code
cyberspace to protect values that
31
we believe are fundamental.” The Internet, for example, creates new copyright
wars that influence the future of the public domain of ideas because of conscious
decisions to encrypt or protect code. The Internet enables a remarkable variety of
new crimes, torts, and ways to infringe patents, trademarks, and copyrights as
well as its many positive functions. Cyberharassment involves threats of
violence, privacy invasions, reputation harming lies, and calls for strangers to
physically harm victims.” DANIELLE KEATS CITRON, HATE CRIMES IN
CYBERSPACE 3 (2014).
The lack of physical interaction online means that Internet law deals entirely
with intangible property. JACQUELINE LIPTON, RETHINKING CYBERLAW: A NEW
VISION FOR INTERNET LAW 2 (2015). “Along with the importance of information
as a central tenet of cyberlaw, all online interactions involve the participation of
one or more intermediaries—organizations that enable digital information
exchange.” “In many ways, cyberlaw is the law of third-party mediated
information exchanges.” Lipton notes:
Internet intermediaries of consequence to governance include: “search
engines, online social networks, e-retailers, online auctions, data
aggregators, blogs, educational institutions and governments.” Internet law
governs intangible property given there is the lack of a physical presence.
The central role of intermediaries and intangible information is a unique
feature of Internet law.
32
34
Its ‘bright lattices of logic simulate and transcend to the world in a ‘cage of
neon.’ Yet attempts to restrict it are at the center of key legal battles of our
time.
HANNIBAL TRAVIS, CYBERSPACE LAW: CENSORSHIP AND REGULATION OF THE
INTERNET (2013) at 1.
By the mid-1990s, the romantic idealism of Barlow, Johnson and Post and
cyberlibertarians gave way to a pragmatic realism of actual governmental control
of the Internet. Governments around the world have exercised control of the
Internet enacting countless civil and criminal statutes backed by civil and
criminal penalties.
From the libertarian perspective, this new media of communication creates an
entirely new “global village,” that is beyond the reach of law. John Perry
Barlow, in his 1996 essay, “A Declaration of Independence for Cyberspace,”
argued that governments have no business repressing content in the flattened
world of the Internet: “In our world, all the sentiments and expressions of
humanity, from the debasing to the angelic, are parts of a seamless whole, the
global conversation of bits.” Barlow stated, “On behalf of the future, I ask you
of the past to leave us alone.”
Barlow’s utopian vision was an Internet free from government censorship:
“Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind.” He famously thundered, “The
First Amendment is a local ordinance, where is the consent from Netizens for
any country imposing its laws on the Internet?”
35
By what authority does the U.S. impose its First Amendment on the rest of the
world?
This argument brings to mind a Seinfeld episode, “The Pothole,” which
featured Kramer complaining about a poorly maintained highway outside of
New York City after he ran over an abandoned sewing machine. Kramer
proceeded to repaint the four-lane highway creating two extra-wide lanes with
the intent to transform it into a “two lane comfort cruise.” By what authority did
Cosmos Kramer have the right to repaint the lines on the highway converting it
to a two-lane comfort zone? When can a given nation state legitimately impose
its sovereignty on the borderless Internet?
John Perry Barlow’s insight is that legitimacy must ultimately come from the
consent of Internet users in hundreds of countries. Barlow wrote his Manifesto
shortly after the German government prosecuted a Bavarian Internet service
provider for enabling German users to access objectionable content such as Nazi
memorabilia or hateful commentary posted by third parties. By what authority
can a Bavarian court order a U.S. service provider to block content to German
citizens? Under this same argument, what gives the European Union the right to
require U.S. companies like Google to comply with its right to be forgotten
provision of the General Data Protection Regulation?
Barlow’s concern about widespread censorship on the Internet has
materialized. China, Syria, Saudi Arabia and many other countries censor
Internet content because their regimes do not value free
36
37
38
38
cultures encounter each other on a 24/7 basis for the first time in history
creating new legal dilemmas. United States Supreme Court Justice Benjamin
Cardozo’s description of judicial process applies equally well to the Internet:
“Nothing is stable. Nothing absolute. All is fluid and changeable.”
Courts and legislatures are increasingly scrambling to update the law to
account for the global Internet. Internet law can no longer be a U.S. centric
subject of study either. See generally, HONG XUE, CYBER LAW IN CHINA 17–21
(2010) (noting China has the most mobile communications users and passed the
U.S. in the number of Internet users).
Nearly every Internet issue requires a global solution. Cyberwarfare, by its
very nature, is a global phenomenon, as is cyberterrorism. Because there is no
international agreement governing data privacy, private actors often have no
recourse but to buckle under to national governments requiring compliance as a
condition of doing business. Google and Facebook, for example, have agreed to
hand over user data to the French government when these social media are the
instrumentality for ‘violent threats.’ Sam Schener, Tech Firms, French Police,
Ally in Terrorism Fight, WALL ST. J. (Apr. 22, 2015). Cyberlaw is a borderless
legal environment, where national regulation continues to predominate as
opposed to transnational authorities. The regulation of domain names, discussed
in Chapter 11, is a notable exception because it is truly a global solution to
resolving disputes between trademark and domain name owners. All registrars
must follow
39
40
41
42
43
Law shapes and is shaped by norms, architecture, and the market in Lessig’s
model of Internet governance. The National Security Agency’s omniscient data
gathering apparatus illustrates Lessig’s architecture of control as does Homeland
Security’s surveillance activities. In December of 2011, the Electronic Privacy
Information Center (EPIC) filed suit against the Department of Homeland
Security to require it to disclose how it monitors and collects data on social
networks such as Facebook. Software also functions as an architecture of
control. Anti-circumvention software constrains fair use and has the potential to
chill speech. Open source architecture, on the other hand,
44
45
47
48
The Internet has created new norms about the meaning of intellectual property
and whether young people think it is wrong to violate the exclusive rights of
copyright owners by copying and distributing infringing content. The Sociology
of Law Department at Sweden’s Lund University concluded that there was a gap
between copyright law and social norms about the free sharing of content.
Seventy-five percent of young Swedes “did not regard the file sharing of
copyright protected material to be illegal,” or as a normative reason to stop
downloading illegal content. The Lund study interviewed more than a thousand
respondents between ages 15 and 25 concluding that social norms of file sharing
were not impacted by Sweden’s amended copyright law. Svensson and Larsson,
Intellectual Property Law Compliance in Europe (2012).
(D) MARKETS AS INTERNET LAW
The Cato Institute, a research organization dedicated to limited government
and individual liberty, contends that it is not for governments to regulate the
Internet. The Cato Institute contends that policymakers should resist intervention
and allow the Internet to develop market-based solutions to problems.
Regulators should not attempt to fix what is not broken and defer to the free
market that has developed the Worldwide Web.
Opponents of this free-market perspective argue for government oversight in
order to guarantee net neutrality. Consumer advocates point to the need for
government to enact mandatory minimum protection
49
49
for Internet users because the marketplace for privacy and consumer rights has
failed. The free market allows telecomm providers such as AT&T, Verizon, and
Comcast to create different tiers of online service with differential pricing.
Google, for example, faces criticism for directing their searches toward
companies that pay for keyword advertising. The U.S. follows a market-based
approach to consumer protection as compared to the mandatory protections
found in Europe and many other countries connected to the Internet.
(E) THE GENERATIVE INTERNET
Jonathan Zittrain’s magisterial work illustrates Solum’s third model by
stressing the ways that software code and Internet architecture interact.
JONATHAN ZITTRAIN, THE FUTURE OF THE INTERNET AND HOW TO STOP IT 2
(2008). The strength of the Internet is in its users’ collective collaboration,
resulting in improvements, a process he calls the “generativity.” The generative
Internet is comprised of tens of millions of Internet users collaborating to
produce code and content. To Zittrain, the Apple II Computer was the
“quintessentially generative technology” because it invited tinkering and
improvements by users. The appliance-like platform of Apple’s iPhone and iPod,
in contrast, is completely manufacturer-controlled, making it difficult for the
community users to modify or improve applications. Apple counters widespread
security threats through digital certificates, passwords, secure socket layer
protocols, and other security devices. Apple’s iPhones and iPods are
50
reliable and easy to use but have chilling effects on user innovation. DRM
systems that control access to copyrighted works discourage innovation in the
user community. Apple’s lockdown of its products in response to security threats
as the unanticipated consequence of stifling innovation by its community of
users. Zittrain’s argument is that greater regulation and the tethering of iPhones
and other appliances to a platform is antithetical to the open Internet.
51
52
52
53
Fifty-eight years ago, the U.S. Supreme Court observed that the courts must
continually update Internet jurisdiction to accommodate new technologies,
Hanson v. Denckla, 357 U.S. 235, 251 (1958). Traditional concepts of
jurisdiction and enforcement of judgment need to be adapted to the Internet. This
chapter examines the unique jurisdictional issues that arise out of cyberspace
transactions and asks the fundamental question whether the minimum contacts
due process framework can be accommodated to cyberspace. No international
treaty specifically governs Internet jurisdiction. Since no exclusive subject
matter jurisdiction exists for cyberspace, courts must apply traditional principles
to virtual space. The borderless Internet challenges uniquely U.S. concepts such
as the long arm statute, due process, and minimum contacts. U.S. courts have
mechanically stretched the parochial minimum contacts approach to personal
jurisdiction into cyberspace, creating jurisdictional dilemmas because no other
country has adopted a minimum contacts paradigm for personal jurisdiction.
In the United States, personal jurisdiction is the issue of whether a court has
the authority to decide a case involving this specific defendant. Plaintiffs must
demonstrate that defendants have sufficient ‘minimum contacts’ with the forum
such that finding personal jurisdiction will not offend ‘traditional notions of fair
play and substantial
56
justice,’ International Shoe v. Washington, 326 U.S. 310 (1945). The nature
and quality of the “minimum contacts” necessary to support jurisdiction depend
upon whether the plaintiff asserts general or specific personal jurisdiction over
the defendant. Courts have had little difficulty stretching the International Shoe
due process model to personal jurisdiction arising out of Internet contacts.
A U.S. plaintiff has the burden of demonstrating that the defendant has
minimum contacts with the forum by either general jurisdiction (pervasive
contacts) or specific jurisdiction (nexus between conduct and minimum
contacts). General jurisdiction refers to the authority of a court to hear any cause
of action involving a defendant, even those unrelated to the defendant’s contacts
with the forum state. Specific jurisdiction depends on “an ‘affiliatio[n] between
the forum and the underlying controversy,’ principally, activity or an occurrence
that takes place in the forum State and is therefore subject to the State’s
regulation.” Goodyear Dunlop Tires Operations, SA v. Brown, 131 S. Ct. 2846,
2851 (2011).
57
state. The defendant must have “continuous and systematic” contacts with the
forum state in order for a court to assert general jurisdiction, Helicopteros
Nacionales de Colombia, S.A. v. Hall, 466 U.S. 408, 414–16 (1984). In
Helicopteros v. Nacionales de Columbia, S.A. v. Hall, 466 U.S. 408 (1984), the
U.S. Supreme Court found that mere purchases were insufficient to assert
jurisdiction over a Columbian corporation in a claim arising out of a Peruvian
helicopter crash was neither “continuous and systematic.”
In Helicopteros, the Court held that general jurisdiction did not exist when the
Colombian defendant negotiated a contract in Texas, accepted checks from
Texas, and sent employees to purchase helicopters and attend training sessions in
Texas. If minimum contacts are sufficient to establish general jurisdiction, the
out of state defendant may be sued in the forum state for any cause of action
arising in any place. The threshold for general jurisdiction is high; the contacts
must be sufficiently extensive and pervasive to be the functional equivalent of
physical presence.
With general jurisdiction, the defendant’s contacts are so extensive in the
foreign forum that the defendant becomes functionally present. “Systematic and
continuous” activities in the forum state are required for a finding of general
jurisdiction. After seven decades of U.S. Supreme Court jurisprudence, the Court
has upheld general jurisdiction in only a single case, Perkins v. Benquet
Consolidated Mining Co., 342 U.S. 437 (1952). In 2011, in Goodyear Dunlop
Tires Operations v.
59
Brown, 131 S. Ct. 2846 (2011), the U.S. Supreme Court sends a signal to
lower federal and state courts that the threshold for a finding of general
jurisdiction is extremely high. In Goodyear, the Court held that a corporation is
subject to general jurisdiction only in a “home” state, defined as the state of
incorporation and principal place of business. The Court’s decision sends a
signal to lower federal and state courts that the threshold for a finding of general
jurisdiction is extremely high. To date, the U.S. Supreme Court has not rendered
an Internet-related general jurisdiction opinion.
The first lower court to find general jurisdiction in an Internet-related dispute
was Gator.Com Corp. v. L.L. Bean, Inc., 398 F.3d 1125 (9th Cir. 2005), where
the court found general jurisdiction based upon L.L. Bean’s millions of dollars
of sales to California consumers. The L.L. Bean court noted that direct e-mail
solicitations and millions of catalog sales spurred this revenue stream. Gator.com
Corp. filed suit against the outdoor outfitter in a California federal court, seeking
a declaratory judgment that its pop-up ads did not infringe L.L. Bean’s
trademarks or constitute an unfair business practice. L.L. Bean is a Maine
corporation with its principal place of business in Maine.
Because L.L. Bean had neither property nor employees in California, the
district court granted L.L. Bean’s motion to dismiss for lack of personal
jurisdiction. The Ninth Circuit reversed this decision, holding there was a basis
for general jurisdiction over the Maine outfitter. The L.L. Bean court premised
its finding of general jurisdiction in part upon L.L.
60
62
Design, Inc. v. SBR Mktg., Ltd., 958 F. Supp. 2d 1082 (D. Nev. 2013).
In United Airlines, Inc. v. Zaman, 2015 WL 2011720 (N.D. Ill. Apr. 30,
2015), a major U.S. airline filed suit against a discount air travel website
“Skiplagged.com” whose business model was to conduct searches for a
destination that is a stopover for a connecting flight elsewhere. Instead of flying
to the ultimate destination, the traveler flies the first leg of their trip and does not
complete the second. Although Skiplagged.com knew of the potential harm that
United Airlines could incur in the forum state, the court did not grant personal
jurisdiction to the plaintiff because “the mere geography of Plaintiff’s injury and
Plaintiff’s location, without more, can no longer serve as the relevant contacts
supporting personal jurisdiction.”
In inno360 v. Zakta, 50 F. Supp. 3d 587 (D. Del. 2014), a software licensee
sought a declaratory judgment that it did not owe the licensor royalties among
other claims. In addition, the licensee sued the licensor for trade dress, unfair
competition and a number of other business torts. The licensee held that the
licensor was subject to personal jurisdiction satisfying that state’s long-arm
statute because it transacted business in Delaware.
The inno360 court found that while it was foreseeable that the website could
be accessed in Delaware, this did not satisfy the purposeful availment test. The
plaintiff further argued that defendant subjected itself to Delaware jurisdiction
by knowingly signing a software license agreement
63
with a Delaware corporation. The court did not find that the act of entering
into a license agreement was within the scope of Delaware’s long-arm statute.
The court found all of the contacts relevant to the license agreement to be
located in Ohio where the software license was negotiated, executed, and
performed. The parties’ choice of law clause indicated Ohio was to be the forum.
The court found that neither the long arm statute nor specific or general
jurisdiction was satisfied denying the plaintiff’s request for jurisdictional
discovery.
Zippo Manufacturing Company v. Zippo Dot Com, Inc., 952 F. Supp. 1119
(W.D. Pa. 1997), is the emblematic Internet-related jurisdiction test because
hundreds of courts have adopted its framework. The chart below highlights the
court’s holding that the interactivity of a website is the emblem of sufficient
contacts to satisfy due process.
(D) ZIPPO.COM INTERACTIVITY TEST
(1) Zippo.com Sliding Scale
64
Under Zippo.com’s sliding scale, websites range from “passive” ones, which
merely post information and generally do not provide the contacts required to
support jurisdiction, to “interactive” ones that enable contract formation. The
Zippo.com court described a “sliding scale” to guide the due process inquiry for
Internet-based minimum contacts: At one end of the spectrum are situations
where a defendant clearly does business over the Internet. If the defendant enters
into contracts with residents of a foreign jurisdiction that involve the knowing
and repeated transmission of computer files over the Internet, personal
jurisdiction is proper. At the opposite end are situations where a defendant has
simply posted information on an Internet Web site, which is accessible to users
in foreign jurisdictions. A passive Web site that does little more than make
information available to those who are interested in it is not grounds for the
exercise personal jurisdiction. The middle ground is occupied by interactive
Web sites where a user can exchange information with the host computer. In
these cases, the exercise of jurisdiction is determined by examining the level of
interactivity and commercial nature of the exchange of information that occurs
on the Web site.
The plaintiff in Zippo.com was the manufacturer of the well-known
manufacturer of “Zippo” tobacco lighters that sued Zippo Dot Com, Inc., the
operator of a California Internet news service corporation and operator of an
Internet news service, alleging
65
66
The Zippo.com court based jurisdiction on the interactivity of the website and
made no effort to connect the plaintiff’s claims with the online activity, which is
a predicate of specific jurisdiction. The Zippo.com court stated, “the other end of
the sliding scale, personal jurisdiction does not exist because a defendant’s
Internet activity is “passive,” such as where the defendant merely posts
information on a website which is accessible to users in foreign jurisdictions.”
For passive websites, where there is no interaction with visitors, courts find no
personal jurisdiction. At the other end of the spectrum, interactive websites often
give rise to a finding of personal jurisdiction. In “gray area,” middle-ground
cases, the court will assess the level of interactivity
67
68
69
then manufactured overseas. In addition, the website listed the owner’s travel
schedule allowing potential customers to make e-mail requests for appointments.
However, the website did not permit customers to place orders, make payments,
or engage in commerce. Moreover, the court found no web-based requests for
appointments in Pennsylvania and therefore the defendant did not transact
business with Pennsylvania residents via the website.
In Carlson v. Fidelity Motor Group, LLC, 2015 WI App. 16 (Wis. Ct. of App.,
Jan. 14, 2015), Carlson, a resident of Wisconsin, and Fidelity was an Illinois
automobile dealership. Carlson observed an advertisement on his wife’s cell
phone from Fidelity from an Illinois dealership. He called Fidelity’s toll free
number listed on the website and spoke with a Fidelity representative for
approximately four minutes, during which time the representative told Carlson
the vehicle had no known mechanical problems and was in excellent condition.
Five months after Carlson purchased a BMW from Fidelity, he found that the car
had mechanical problems in large part because the oil had not been changed for
“tens of thousands of miles.”
While Fidelity’s website advertisements were accessible in Wisconsin, they
were accessible to everyone around the world. The appeals court found that the
less than five-minute conversation combined with Fidelity’s advertisement were
contacts too attenuated to create the minimum contacts insufficient to establish
personal jurisdiction. The Wisconsin court noted that it was following Hy Cite
Corp. v. Badbusinessbureau.com, L.L.C., 297 F. Supp.
70
2d 1154 (W.D. Wis. 2004) rather than Zippo.com. The Hy Cite court rejected
the Zippo.com test as a substitute for a sustained minimum contacts inquiry.
Wisconsin does not view websites as separate and apart from other traditional
contacts test, but views websites as part of an overall due process inquiry. The
court noted, “whether the defendant’s contacts with the state are of such a
quality and nature such that it could reasonably expect to be haled into the courts
of the forum state.” The Hy Cite court reasoned: A finding that a defendant uses
its website to engage in repeated commercial transactions may support the
exercise of personal jurisdiction, so long last, there is a corresponding finding
that the defendant is expressly targeting residents of the forum state and not just
making itself accessible to everyone regardless of location.
(3) Gray Zone or Middle Ground
The Zippo.com court recognized a middle ground between the passive and
interactive ends of the sliding scale “which permit the exchange of information
between the website and the user.” The court reasoned that in gray zone cases,
jurisdiction is “determined by examining the level of interactivity and
commercial nature of the exchange of information that occurs on the Web site.”
Courts closely inspect the gray region or the borderland between passive and
interactive websites to determine whether a website targeted the forum with
71
72
73
an intentional act, (2) that was expressly aimed at the forum, and (3) that
caused harm, the brunt of which is suffered and which the defendant knows is
likely to be suffered in the forum. In Calder, the U.S. Supreme Court upheld a
California state court’s finding that California had personal jurisdiction over The
National Enquirer, which had offices in Florida, “based on the ‘effects’ of their
Florida conduct in California.” The Court held that personal jurisdiction over the
National Enquirer reporter and the editor in California was proper “based on the
‘effects’ of their Florida conduct in California.”
Those effects were felt in California because, the court explained, “[t]he
allegedly libelous story concerned the California activities of a California
resident. The tabloid impugned the professionalism of an entertainer whose
television career was centered in California.”
Without an “expressly aiming” prong, the Calder effects test is ill suited for
the Internet because it is overly inclusive. A federal court, for example, found
that Asian-based websites hosting Korean pop songs copyrighted in the United
States were expressly targeting California residents when they incorporated third
party advertisements in their online messages. DFSB Kollective Co. v. Yang,
2013 WL 1294641 (N.D.Cal. March 2, 2013).
74
U.S. federal courts have adopted an effects test for torts and intellectual
property infringement actions, but are beginning to demand “something more” in
addition to website interactivity to support a finding of minimum contacts. GTE
New Media Services Inc. v. BellSouth Corp., 199 F.3d 1343 (D.C. 2000) was one
of the first courts to articulate a “something more” test in addition to interactivity
to satisfy personal jurisdiction. GTE New Media (GTE) filed a Sherman
Antitrust Act complaint against Bell South (Bell) alleging they were in a
conspiracy to dominate the Internet directories market in the Washington, D.C.
metropolitan area by diverting Internet users from the GTE website to the
defendant’s websites.
The D.C. Circuit Court of Appeals found Bell lacked minimum contacts with
the District of Columbia based solely upon the fact that its residents could access
its Internet Yellow Pages from within the city. The GTE court ruled that GTE
could conduct discovery in order to seek proof of whether Bell had sufficient
contacts with the forum. The district court applied the Zippo “sliding scale” test,
and found that BellSouth’s websites fell into the uncertain gray zone. The court
ruled that jurisdiction existed based on the highly interactive nature and
commercial quality of the sites. The federal appeals court reversed, finding no
personal jurisdiction reasoning that because since accessing an Internet Yellow
Page site was no different than searching a telephone book.
75
The GTE court found that consumers did not pay to use thethis search tool and
any resulting commercial transactions were between the consumer and the
businesses found in the Yellow Pages. The court found that the lack of any
commercial relationship between the consumer and the provider of the Yellow
Pages did not meet the “something more” test. The GTE court brought common
sense to the common law in by updating the personal jurisdictional rules to
accommodate for changes in Internet web technologies and practices.
(2) ALS Scan
The court in ALS Scan v. Digital Services Consultants, Inc., 293 F.3d 707 (4th
Cir. 2002) held that an Internet service provider was not subject to personal
jurisdiction based solely upon a third party’s copyright infringement occurring
on its website. ALS Scan, a Maryland based adult entertainment website, filed
suit against a Georgia ISP for enabling a third parties’ misappropriation of its
copyrighted photographs. The plaintiff argued that Digital Services enabled
Alternative Products’ publication of the infringing photographs on the Internet,
which caused ALS Scan to suffer an injury in Maryland.
The Fourth Circuit recognized in ALS Scan that “a person’s act of placing
information on the Internet’ is not sufficient by itself to ‘subject that person to
personal jurisdiction in each State in which the information is accessed.” The
court reasoned that this would mean that any person
76
77
located within the court’s territorial limits. A quasi in rem judgment affects
the interests of particular persons in designated property. Neither in rem, nor
quasi in rem jurisdiction typically apply to intangible Internet assets.
Nevertheless, the Anticybersquatting Consumer Protection Act (ACPA)
recognizes in rem jurisdiction over domain names where personal jurisdiction
over defendant infringers or cyberpirates is unavailing.
The plaintiff in an in rem action under ACPA is the trademark owner, while
the defendant is the infringing domain name. Courts will not permit a trademark
owner to proceed in rem absent proof that the identity and address of the
registrant of defendant domain name cannot be been found and that in personam
jurisdiction was not possible.
78
79
80
(1) Defendant’s Domicile
81
82
The Brussels Regulation forges special rules for determining jurisdiction for
contracts where the offeror and offeree are located in different EU signatory
countries. Article 5 of the Brussels Regulation provides that in most contracts
where the parties are from different signatory states, the jurisdictional country is
where performance took place. The EC devised a specialized rule for
determining jurisdiction in sales of goods transactions. European courts base
jurisdiction in sale of goods cases by the place of delivery as specified in the
contract. Article 5(1) dictates that the place of delivery will frequently turn on
shipping terms or other contractual provisions. For services, courts determine
jurisdiction at the place where services are rendered. To date, no European court
has adapted the “place of performance” test to Internet-related contract law.
Perhaps the most significant development that the Brussels Regulation, with
implications for all websites selling goods or rendering services to European
consumers is that this EU Regulation imposes mandatory consumer rules. Under
Articles 15–17, consumers in the Eurozone are entitled to have their disputes
settled in their home court or the country where they reside. Article 15 defines
consumer as someone who is acting outside her trade or profession.
83
Additionally, Article 17 of the Regulation prevents the parties to a consumer
contract from agreeing to waive their right to jurisdiction in their home court
except the parties may agree to allow a consumer to have the option of bringing
their jurisdiction in another jurisdiction. Companies cannot compel European
consumers to waive the benefit of the Brussels Regulation’s mandatory home
court rule. Thus, an online business has no ability to enforce a contractual term
in which a consumer waives her right to sue in her own country or home court.
While the Brussels Regulation does not explicitly address electronic commerce
related contracts, European courts will have little difficulty extending mandatory
consumer rules for jurisdiction and the enforcement of judgments to cyberspace.
(4) Extraterritorial Impact
84
85
The greatest story never told about Internet-related contract law is how license
agreements protect intangible assets such as software, data, and other
intangibles. The software industry invented the shrinkwrap license agreement,
the earliest form of mass-market license, in the 1970s, and vendors began using
this contracting form by the early 1980s. Licensing is beginning to displace sales
and leases as the chief means of transferring value in the information-based
society already the third ranked segment of the American economy.
This chapter examines many of these developments including the rise of
shrinkwrap, clickwrap and browsewrap. The chapter focuses on the concepts and
methods of licensing, which is the chief means of transferring value in an
information-based economy. Licensing software permits software publishers to
commodify their intellectual property assets, while retaining control of its uses.
88
89
90
Kirtsaeng, a citizen of Thailand, asked his friends and family to buy copies of
foreign edition English-language textbooks at Thai bookshops, where they sold
at low prices, and mail them to him in the United States.
Kirtsaeng would then sell the books, reimburse his family and friends, and
retain the profits from these grey market sales. The U.S. Supreme Court held the
“first sale” doctrine—which permits lawfully acquired copies of copyrighted
works to be resold by their owners—also applies to works lawfully made abroad
including the books manufactured in Thailand. Because the first sale doctrine
applied, Kirtsaeng was free to engage in grey market sales.
With licensing, there is a “first license,” but not a “first sale.” Software
licenses, unlike sales of goods, enable the licensor to retain control of intellectual
property rights underlying the code or digital data. In Vernor v. Autodesk, Inc.,
621 F.3d 1102 (9th Cir. 2010), a first sale dispute arose out of Timothy Vernor’s
purchase of Autodesk software at a garage sales and other secondhand sales.
Architects, engineers, and manufacturers used this high-priced software to
design blueprints and model data in their practice.
Vernor, who sold tens of thousands of items on eBay, had his account
suspended by the online auction site after it received Digital Millennium
Copyright Act takedown notices from Autodesk, protesting Vernor’s eBay sales
of used Autodesk software. Vernor then filed suit against Autodesk,
91
92
93
94
Software makers used shrinkwrap licenses in the early 1980s, prior to the
development of the World Wide Web. Shrinkwrap contracts are license
agreements or other terms and conditions of a putatively contractual nature,
which can only be read and accepted by the consumer after they break open the
plastic wrapping surrounding the boxed software. Shrinkwrap is cynically
referred as “sneakwrap” as captured in a well-known Dilbert cartoon. Dilbert
states: “I didn’t read all of the shrinkwrap license agreement on my new
software until after I opened it,”—and concludes with Dilbert lamenting:
“Apparently, I agreed to spend the rest of my life as a towel boy in Bill Gates’
new mansion.”
The first paragraph of a shrinkwrap license typically provides that the opening
of the package indicates acceptance of the license terms because a licensor needs
to reference the fact that the software is licensed. Internet related shrinkwrap
rarely provides meaningful warranties and limits remedies by choice of forum
clauses that often require the user to litigate in their licensor’s home court.
95
A click wrap agreement typically requires users to click “I agree” box after
being presented with terms of agreement. Fteja v. Facebook, Inc., 841 F. Supp.
2d 829, 837–38 (S.D.N.Y. 2012). The standard for enforceability is whether the
user has a reasonable opportunity to review terms and manifest assent.
Clickwrap agreements were distinguished from shrinkwrap agreements in Stomp
Inc. v. Neato, 61 F. Supp. 2d 1074, 1080 n. 11 (C.D. Cal. 1999). The Stompo
court explained:
A ‘clickwrap agreement’ allows the consumer to manifest its assent to the
terms of a contract by “clicking” on an acceptance button on the website. If
the consumer does not agree to the contract terms, the website will not
accept the consumer’s order. Such agreements are common on websites that
sell or distribute software programs that the consumer downloads from the
website.
In Nicosia v. Amazon.com, Inc., 2015 WL 500180 (E.D. N.Y., Feb. 2, 2015),
the court held that the user assented to conditions of use posted on Amazon.com
each time he completed a purchase, “[g]iven (1) the conspicuous placement of
the hyperlink to the current conditions of use on the checkout page, (2) the
express warning at checkout that his purchases were subject to the terms of the
current [c]onditions of use, and (3) the fact that he expressly agreed, when
signing-up for an Amazon.com account, to be bound by the terms of
96
the conditions of use (including a provision notifying him that the conditions
are subject to change).”
Like all mass-market licenses, the clickwrap spells out permitted and restricted
uses by licensees. U.S. courts will enforce clickwrap agreements so long as the
user has an opportunity to review the terms and manifest assent, even though
most users fail to read the terms before clicking the “I agree” button. “Mutual
manifestation of assent’ is the ‘touchstone’ of a binding contract. A
“transaction,” even if created online, in order to be a contract, requires a
manifestation of agreement between the parties as to its terms.” Berkson v. Gogo
LLC, 2015 WL 1600755 (E.D.N.Y. Apr. 8, 2015).
In State ex rel. U-Haul Co. of West Virginia v. Zakaib, 232 W.Va. 432, 752
S.E.2d 586 (W.Va. 2013), the West Virginia Supreme Court held that an oblique
reference to an addendum in truck and trailer rental company’s pre-printed rental
contracts and electronic clickwrap contracts was insufficient to incorporate the
addendum and its terms, including its inclusion of an arbitration agreement, into
the contracts by reference. The references to the addendum were quite general,
with no detail provided to ensure that customers were aware of the addendum
and its terms, which was compounded by the fact that the addendum itself was
designed to look more like a document folder advertising products, services, and
drop-off procedures, rather than a legally binding contractual agreement.
97
(3) Browsewrap
“Browsewraps can take various forms but basically the website will contain a
notice that—by merely using the services of, obtaining information from, or
initiating applications within the website—the user is agreeing to and is bound
by the site’s terms of service.” United States v. Drew, 259 F.R.D. 449, 462 n.22
(C.D. Cal. 2009).
The defining feature of browsewrap agreements is that the user can continue
to use the website or its services without visiting the page hosting the
browsewrap agreement or even knowing that such a webpage exists.” Be In, Inc.
v. Google Inc., No. 12-CV-03373-LHK, 2013 WL 5568706, at *6 (N.D.Cal. Oct.
9, 2013). The Ninth Circuit in Nguyen v. Barnes & Noble, Inc., 763 F.3d 1171
(9th Cir. 2014) stated that the:
defining feature of browsewrap agreements is that the user can continue to
use the website or its services without visiting the page hosting the
browsewrap agreement or even knowing that such a webpage exists. No
affirmative action is required by the website user to agree to the terms of a
contract other than his or her use of the website. The determination of the
validity of the contract turns on whether the user has actual or constructive
knowledge of a website’s terms and conditions. By “refusing to enforce
browsewrap finding no evidence that the plaintiff had actual notice of the
arbitration clause that was part of the browsewrap; close
98
99
893 F. Supp. 2d 1058 (D. Nev. 2012) the court held that a browsewrap
agreement was unenforceable where the hyperlink to the “ ‘terms of use’ was
‘inconspicuous, buried in the middle to bottom of every [defendant] webpage
among many other links, and the website never directs a user to the Terms of
Use’). Courts will not enforce agreements where there is not at least inquiry
notice as in Knutson v. Sirius XM, 12–56120 (9th Cir. Nov. 10, 2014). The
Knutson court refused to compel arbitration finding no evidence that a Toyota
purchaser would also perceive that they were simultaneously bound to a
customer agreement for a Sirius XM satellite radio, for which he had a 90 day
trial subscription. About a month after his trial subscription was activated,
Knutson received a Sirius XM ‘welcome containing a Customer Agreement with
an arbitration clause. The court held that a reasonable person could not be
expected to understand that when he purchased a vehicle, he was also
simultaneously bound to a contract with Sirius XM mandating arbitration.
Because the Knutson court refused to compel arbitration finding no
manifestation of assent that there was an agreement to arbitrate.
(4) Scrollwrap & Sign-in-Wrap
100
Browsewrap exists where the online host dictates that assent is given merely
by using the site. Clickwrap refers to the assent process by which a user
must click “I agree,” but not necessarily view the contract to which she is
assenting. Scrollwrap requires users to physically scroll through an internet
agreement and click on a separate “I agree” button in order to assent to the
terms and conditions of the host website. Sign-in-wrap couples assent to the
terms of a website with signing up for use of the site’s services; it is the
form used by Gogo in the instant case.
The court distinguished “online agreements that a user must view because of
the nature of the website’s construction and design—i.e., scrollwraps—and those
that merely require a user to click an “I agree” box that appears next to a
hyperlink containing “terms of use”—i.e., clickwraps.” Next, the court described
sign-in-wraps that “do not require the user to click on a box showing acceptance
of the ‘terms of use’ in order to continue. Rather, the website is designed so that
a user is notified of the existence and applicability of the site’s ‘terms of use’
when proceeding through the website’s initial sign-in or login process. The
Berkson court noted that U.S. federal appeals courts have yet to weigh in on the
enforceability and validity of sign-in-wraps.
(F) ENFORCEABILITY ISSUES
In the 1980s, there was a swirl of uncertainty over the enforceability of mass-
market licenses as
101
102
103
In ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996), the Seventh
Circuit upheld a shrinkwrap agreement in which the licensee paid for boxed
software that included a software license inside the box. ProCD’s software
consisted of a CD-ROM containing a computer database consisting of more than
3,000 telephone directories called Select Phone compiled at the cost of $10
million. Matthew Zeidenberg purchased a single copy of ProCD’s software at a
cost of $150 and formed a company to resell access to the ProCD software over
the Internet.
104
105
law. The licensor is able to impose conditions on the use of software after sale
of a CD-ROM because the transaction is structured as a license not a sale.
(2) Hill v. Gateway 2000, Inc.
In Hill v. Gateway 2000, Inc., 105 F.3d 1147 (7th Cir. 1997), a consumer
ordered and paid for a Gateway personal computer during a telephone
conversation with a company representative. Gateway’s standard business
practice was to send its computer system—with a software license agreement
included inside the box—through the mail to the customer. The license
agreement stated that the consumer must submit any dispute to mandatory
arbitration unless they returned the personal computer within 30 days. Under
classical contract law, silence or inaction by a party generally does not constitute
assent.
Nevertheless, the Seventh Circuit upheld Gateway’s delayed contract
formation policy, including the arbitration clause, finding that the failure of a
consumer to return the computer to Gateway within 30 days constituted a
manifestation of assent. Hill was found to be the offeree and Gateway the offeror
who had the power to specify the manner of acceptance. The Seventh Circuit
ruled that the “terms inside Gateway’s box stand or fall together.” U.C.C. § 2–
207, the battle of the forms, was inapplicable, since there was not an exchange of
forms at all but a single form drafted by Gateway.
Judge Easterbrook’s interpretation of the battle of the forms conflicts with
Official Comment #1 to
106
U.C.C. § 2–207 that makes it clear that the battle of the forms also applies to a
written confirmation of an earlier oral agreement as in this case. U.C.C. § 2–207
would apply because Gateway’s form could be construed as a written
confirmation of the earlier oral agreement made between Hill and the company’s
authorized representative on the telephone.
U.C.C. § 2–207(2) would construe the additional or different terms as
“proposals for addition to the contract” since the transaction was not between
merchants. The consumer would need to agree specifically to the arbitration term
in order for it to be part of the contract. The contract had already been completed
by the time Gateway placed the license agreement inside the box. Despite the
court’s incorrect reading of U.C.C. Article 2, U.S. courts continue to cite the Hill
decision, another example of the pro-industry trend.
§ 4-2. Uniform Electronic Transactions Act
The Uniform Electronic Transactions Act (UETA) is a model state law
proposed by the National Conference of Commissioners on Uniform State Laws
(NCCUSL) to create more uniformity for electronic transactions. UETA is not a
substantive contract law statute, but rather has the purpose of validating records
and e-signatures as the functional equivalents of writings and pen signatures.
UETA substitutes the “record” for a paper-based writing and treats signatures in
electronic form as the equivalent of signatures made by pen.
107
Forty-seven of the fifty states and the District of Columbia, as well as the
territories of Puerto Rico and the Virgin Islands have enacted UETA. The
purpose of UETA is to remove barriers to E-Commerce, implement reasonable
practices, and harmonize contracting procedural rules by enabling the electronic
retention and transmission of digital information.
108
unusual step of incorporating a saving clause, which defers to UETA where
there is a conflict with E-SIGN. The vast majority of states had already enacted
UETA by the time Congress passed E-Sign in June of 2000. The legal
significance of E-Sign and UETA is that it legitimated digital signatures and
records as the functional equivalent for paper-based signatures and writings.
109
110
(C) FORMATION
(1) Liberal Formation Rules
The Principles adopt the liberal contract formation rules from U.C.C. Article
2. Section 2.01 covers standard form as well as customized software licenses.
Software license agreements or other transfers may be made in any method as
long as it shows the parties have reached an agreement. The Principles also
validate “rolling contracts” even if presented to the consumer in a take-it-or-
leave-it standard form. With a rolling contract, manifestation of assent does not
occur at a single point in time.
Under webwrap contracts, a party will manifest assent to different terms at
different points in time. Terms of service agreements, for example, reserve the
right to modify the terms of use or service. The licensor or buyer requires
payment first and provides terms later. The recent trend in judicial decisions is
that courts enforce “cash now, terms later” licenses so long as the licensor gives
reasonable notice to the user and an opportunity to decline the terms. The
Principles validate electronic records as the functional equivalent of a physical
writing to satisfy the Statute of Frauds.
(2) Battle of the Forms Provision
The Principles also adopt a simple battle of the forms provision in which the
contract consists in terms found in both terms and gap-fillers. The ALI Reporters
substitute electronic records for physical
112
forms, thus updating U.C.C. § 2–207 to the Internet. Section 2.02 applies
special rules for standard or mass-market transfers of generally available
software. The transferee will be deemed to have adopted a standard form if the
standard form is reasonable accessible before the transfer and they must have
access to the standard form before notice of payment.
Section 2.02 addresses standard form transfers of generally available software.
The contract rules for electronic and prepackaged software adopt an objective
theory of contract formation in Section 2.01(B) where a transferee is deemed to
have adopted a standard form where a reasonable transferor would believe that
the other party intends to be bound.
(3) Formation Safe Harbors
113
standard form. The ALI Reporters noted that clickwrap is the functional
equivalent of the signature in the bricks and mortar world.
(4) Parol Evidence Rule
Section 3.08 adopts a parol evidence rule within the rules of admissibility to
reduce fraudulent assertions of the existence of license agreements and other
transfers. A license agreement does not fail for indefiniteness merely because the
licensor does not specify all of the key terms; the Principles adopt a simple battle
of the forms provision where the contract exists in terms found in both
definitions and gap fillers. Section 3.08’s parol evidence rule distinguishes
between fully integrated and partially integrated records.
(5) Contract Modification
Under the Principles, as with UCITA, modifications of software contracts
require no consideration to be binding. Section 2.03 validates no-oral-
modifications clauses unless waived by both parties. Section 2.03 also provides
that contractual modifications require no particular form; they “may be formed
in any manner sufficient to show an agreement.” For electronic transfers of
software, e-notices of modification are enforceable provided the transferee
receives a reasonable electronic notice of the modification and the transferee
electronically signifies agreement.
114
114
The Principles recognize a hierarchy of contract terms, which begins with the
language of the entire agreement but also considers the parties course of
performance, course of dealing and usage of trade in that order. If there is a
disagreement over meaning of a term in a record, courts are to apply the standard
of reasonable integration. Section 3.10 articulates two exceptions to 3.09(A)’s
objective interpretation rule. The first exception arises if the parties to a software
contract disagree over the meaning of words or conduct.
The court will determine that the meaning intended by one of them should be
enforced if, at the time the parties made the agreement, the other party did not
know or have reason to know of any different meaning intended by the other
party. The second exception occurs when parties disagree over the meaning of
an ambiguous fundamental term or terms.
(D) SOFTWARE CONTRACTING WARRANTIES
Section 3.01 gives licensees and other transferees a lesser infringement
warranty than what buyers receive under U.C.C. § 2–312. Sections 3.02 through
3.07 in the Principles import warranties concepts from U.C.C. Article 2 and
UCITA with some significant differences.
(1) Express Warranties
The quality warranties outlined in Chapter 3 of the Principles closely track
U.C.C. Article 2, while
115
116
117
Like the fitness warranty, the systems integration warranty requires a showing
of reliance of the customer on the licensor’s representation that software will
work or is integrated with a given computer system. For example, if a software
developer warrants that their software will function with Microsoft’s Word 10,
the software maker will be liable for the systems integration warranty if this is
not true.
(4) Non-Infringement Warranties
The Principles generally follow the contours of warranties set forth in Article
2 of the U.C.C.—except for the non-infringement warranty. Under the
Principles, a licensor is not liable for unknowingly transferring software that
infringes the patent claims of others. Similarly, Section 3.02 creates a
nondisclaimable warranty that its software or product does not have hidden
defects of which it is aware at the time of transfer.
The U.C.C.’s non-infringement warranty does not turn upon the seller’s
knowledge because it is a strict liability-like obligation. Article 2 of the U.C.C.
imposes a strict liability regime for transferring goods infringing the patents or
other intellectual property rights of third parties, while the Principles adopt a
negligence standard. Section 3.01 gives licensees and other transferees a lesser
infringement warranty than U.C.C. Article 2 does. Like U.C.C. Article 2,
Section 3.01 permits software vendors to disclaim their implied indemnification
obligations. Licensors routinely disclaim non-infringement warranties because of
the uncertainty
118
Section 3.05(A) creates a nondisclaimable warranty that its software does not
have hidden defects of which it is aware at the time of transfer; “The ALI
Principles include three kinds of disclosure: disclosure of facts (concerning the
quality of software), disclosure of terms (of standard forms), and disclosure of
post-contract intentions (to pursue remote disablement of software).” Robert A.
Hillman & Maureen O’Rourke, Defending Disclosure in Software Licensing, 78
U. CHI. L. REV. 95, 95 (2011).
Section 3.05(B) provides that a party that transfers software by sale, license, or
otherwise, and receives money or a monetary obligation warrants that they are
unaware of any material hidden defects at the time of transfer. This provision
created a firestorm of protest because it prohibits software vendors from
disclaiming liability for known software defects. Developmental software
projects frequently contain known bugs that are slowly remedied by patches in
their environment of use.
(E) SOFTWARE PERFORMANCE STANDARDS
(1) Breach and Material Breach
“A breach occurs if a party without legal excuse fails to perform an obligation
as required by the
119
The Principles import the concept of material breach from the Restatement
(Second) of Contracts § 241 and UCITA § 701 in determining what constitutes a
material breach. Section 3.11 defines a material breach as an electronic agent
that allows the nonbreaching party to declare the end of the contract. A material
breach occurs where transferors breach the warranty of § 3.05(B) (duty to
disclose material hidden defects), a limited remedy fails of its essential purpose
(§ 4.01), or the transferor breaches the contract by failing to comply with § 4.03,
which is the provision for automatic disablement. In determining whether a
breach is material, significant factors include:
(1) the terms of the agreement;
(2) usage of trade, course of dealing, and course of performance;
(3) the extent to which the aggrieved party will be deprived of the benefit
reasonably expected;
(4) the extent to which the aggrieved party can be adequately compensated
for the part of the benefit deprived;
120
(5) the degree of harm or likely harm to the aggrieved party; and
(6) the extent to which the behavior of the party failing to perform or to
offer to perform departs from standards of good faith and fair dealing.
ALI, The Principles of the Law of Software Contracts § 3.11(c) (2010).
In addition to these six factors, it is a material breach, if a licensor breaches
the warranty of not disclosing a hidden material defect, when a contract fails of
its essential purpose, and “the transferor breaches the agreement to comply with
§ 4.03.” Principles of the Law of Software Contracts § 3.11(d) (2010). Section
4.03 is the provision dealing with the automated disablement of software. A
licensor that programs a “time bomb” into the software that disables its operation
at the end of that limited period is an example of an automated disablement.
“Section 4.03 places meaningful limitations on the right to disable software by
automated means as a remedial matter, and these protections may not be waived
by agreement. Transferors may not disable software in the non-negotiated
context of the standard-form transfer of generally available software or against
consumers in any context. Automated disablement is a viable option only in
other agreements in which the transferee is on notice of the provision and on
notice of the particular breach for which the transferor plans to use automated
disablement.” § 3.11, cmt. b. Either
121
The Principles of the Law of Software Contracts imported the concept of cure
from UCITA, which essentially gives software licensors a second chance to get
things right. “It provides a breaching party with a right to cure under certain
circumstances. Certainly, the agreement itself can prohibit cure or otherwise
limit it. Indeed, many, if not most, software agreements address a breaching
party’s right to cure in the agreement.” Principles of the Law of Software
Contracts § 3.12, cmt. a (2010).
Breaching parties have the right to cure at their own expense where the time
for performance has not yet expired or there are reasonable grounds to believe
the nonconforming software would be acceptable to the licensee. Software
licensors also often give licensees a period of acceptance testing in addition to
the cure.
(4) Cancellation
“An aggrieved party may cancel a contract on a material breach of the whole
contract if the breach has not been cured under § 3.12 or waived.” Principles of
the Law of Software Contracts § 4.04(a) (2010). This section “gives the
aggrieved party the option to cancel the contract in the event of a material breach
of the whole contract if the breach has not been cured or waived. The concept of
material breach of the whole contract may be
122
relevant when the agreement calls for repeated performance.” § 4.04, cmt. a.
(F) REMEDIES FOR BREACH
(1) Expectation Interest
123
124
125
Section 4.01 adopts the concepts of a minimum adequate remedy. Section 4.01
“balances contractual freedom to limit remedies with safeguards should the
exclusive or limited remedy fail of its essential purpose. Contractual freedom,
however, is inappropriate in the cases of: (i) the implied warranty of no hidden
material defects (§ 3.05(b)); and (ii) unauthorized automated disablement (§
4.03(e)). Sections 4.01(a)(1) and 4.01(c) therefore do not permit limitation or
alteration of damages in those cases.” Section 4.01 imports the concept of a
minimally adequate remedy.
(7) Failure of Essential Purpose
“The focus of § 4.01(b) is not on the bargaining process that produced the
remedial term, but on application of the exclusive or limited remedy if the
126
127
and (4) Hybrid cloud.” National Institute of Standards, NIST Cloud Computing
Program (2013).
Cloud providers have developed the next generation of IT services, storing
data and running applications and permitting users access data and collaborate
on any device, from any location 24/7. Ideally, data or software can be accessed,
edited, and shared securely from any location on any device. To date, cloud-
computing providers have adopted a services paradigm.
(B) TERMS IN SERVICE-LEVEL AGREEMENTS
Cloud providers commonly use Subscription, Lease, Usage, Feature Based,
End-date and Perpetual Access contracts. A typical provision, for example,
makes a term of service automatically renewable in perpetuity, subject only to
written cancellation by the customer. The fees are generally in form of monthly
service fees with upgrades. Service credits are issued to customer accounts to
offset future billable services. Service credits are not typically transferable to
other account holders.
§ 4-7. Cross-Border Contracts
(A) SOURCES OF E-CONTRACT LAW
The Internet, by its very nature, is international, yet there is no uniform legal
infrastructure for commercial transactions harmonized for the global
marketplace. In the absence of international conventions, domestic law applies to
license agreements and terms of service. There is great
128
129
132
133
32060289 (W.D. Wash. July 10, 2002), the defendants used solicitation
checks as a means of marketing Internet services, using wholly-owned
companies. Cyberspace “mailed approximately 4.4 million solicitations, 3.3
million of which were sent to small businesses and the remaining 1.1 million
were sent to individuals. The solicitations varied in style, but all of them
included a check, usually for $3.50, with an attached form that looked like an
invoice.
“The check was made out to the individual or small business to whom it was
sent, with the consumer’s phone number in the ‘re’ line…. The fronts of the
checks and the invoices were generally devoid of any indication that the mailing
was an offer for services or that by cashing the check, the consumer was
contracting for internet access.” The FTC contended that the placement of the
disclosures was inconspicuous. “Along with the check/invoice document, most
of the solicitations also included an advertising insert touting the importance of
good internet access and the offeror’s ability to provide it “for the low, low price
of only $29.95 per month, which, when the enclosed check is endorsed and
cashed or deposited, will be billed conveniently to the customer’s local phone
bill.” The court noted that:
[T]he misleading and deceptive nature of the check/invoice solicitations is
not only plain on its face, but is also proved by its results. Letters and
testimony in the record show that some of the recipients were deceived by
the form of the solicitation or, at the very least, ended up
134
paying for a service that they did not want and/or could not use.
The court found misrepresentation as a matter of law. The court held that the
defaulting defendants, Cyberspace and EPV were subjected to the terms of the
stipulated permanent injunction.
In FTC v. Sale Slash, LLC, No. CV15–03107, Apr. 27, 2015), a California
court issued a temporary restraining order against spammers who deceptively
sold fraudulent weight-loss products online. The FTC charged Jonathan Eborn
with perpetrating a deceptive work-at-home scheme. To settle these charges,
Eborn agreed to pay a $29 million judgment, but concealed at least $369,547.80
from the FTC and his victims. After reviewing the evidence, the district court
held that Eborn failed to disclose $61,519 in cash, his control over two
companies, and at least $274,828.80 in income or assets he received or had
earned from third parties. He also misrepresented the value of his real and
personal property. In the 2014 Consumer Sentinel Report, the FTC found:
Identity Theft was the number one complaint category in the CSN for
calendar year 2014 with 13% of the overall complaints, followed by Debt
Collection (11%); Impostor Scams (11%); Telephone and Mobile Services
(7%); Banks and Lenders (5%); Prizes, Sweepstakes and Lotteries (4%);
Auto-Related Complaints (3%); Shop-at-Home and Catalog Sales (3%);
Television and Electronic Media (2%); and Internet Services (2%).
135
FTC’s enforcers have identified the top ten dot cons: (1) Internet Auctions, (2)
Internet Access Services, (3) Credit Card Fraud, (4) International Modem
Dialing, (5) Web Cramming, (6) Multilevel Marketing Plans/Pyramids, (7)
Travel and Vacation Schemes, (8) Business Opportunities, (9) Investments, and
(10) Health Care Products/Services. In addition, social media sites must comply
with Section 5 and other consumer laws governing Internet advertisements, sales
of securities, taxation, unfair and deceptive trade practices, pricing laws, and
general state and federal consumer statutes.
In FTC v. Johnson, 2015 WL 1471329 (D. Nev. Mar. 31, 2015), the FTC filed
an action against the operators of Internet websites that offered “free or risk-
free” information about government grants to pay personal expenses and about
money-making opportunities through “Google ‘Adwords.’ ” The FTC complaint
noted that:
The government grant sites contained testimonials that gave the false
impression that consumers would likely get the same results from the
products or programs as the people in the testimonials. The websites asked
consumers to fill out a form and provide their credit card or bank account
information to pay for the shipping and handling of a CD with information
on Defendants’ products or programs. The websites’ disclosures often stated
that consumers were actually being enrolled in negative option membership
plans and upsells bundled with the core product. The
136
negative option plans would charge an initiation fee and recurring monthly
fees for a membership. The upsells would also contain separate and
recurring monthly fees.
The FTC contends that the website’s practices violate the Federal Trade
Commission Act (FTCA) and the Electronic Fund Transfer Act (EFTA). The
FTC filed motion for summary judgment, which the district court granted in part.
The court held that the defendant’s websites falsely implied that consumers were
likely to receive government grants for personal expenses. The court also found
disclosures regarding mandatory enrollment in negative option membership
plans to be inadequate.
The court agreed with the Commission that consumers were likely to be
misled by representations that websites were offering “free or risk-free”
information. The court found fact issues existed as to the accuracy of the
representations and testimonials regarding amount of income that consumers
were likely to earn from search engine advertisements. The court also found fact
issues existed as to substantial injury, which is an element for unfair act or
practice.
These policies apply in the “clicks” world just as in the brick-and-mortar
worlds. In FTC v. Fortuna Alliance, L.L.C., et al., Civ. No. C96–799M (W.D.
Wash. 1996), the FTC shut down an Internet marketed pyramid scheme that
defrauded 25,000 consumers. The fraudulent scheme was not a legitimate
investment opportunity; it was “nothing but a high-tech chain letter, with certain
losses for
137
the great majority of investors and tremendous profits for the defendants.”
(2) Deceptive Advertising Claims
The FTC takes the position that Section 5 of the Federal Trade Commission
Act (15 U.S.C. § 45) prohibiting “unfair or deceptive acts or practices” stretches
to cyberspace applying three basic principles: (1) online advertisements must be
truthful and not misleading, (2) online advertisers must have evidence to back up
their claims (substantiation), and (3) they cannot be unfair. The FTC has filed
hundreds of Section 5 actions to enjoin fraud and deception on the Internet. The
FTC investigates deception and unfairness in banner ads, pop ups, social media
reviews, blogger endorsements, Geotagging offers, online targeted ads, and even
in-game advertising.
In FTC v. Corzine, CIV-S-94-1446 (E.D. Cal. 1994), Corzine ran online
advertisements, offering a $99 credit repair kit, on America Online. He
represented that purchasers of his credit repair kit could legally establish a clean
credit record. The FTC filed a complaint, charging Corzine with
misrepresentations in violation of Section 5. The court entered an ex parte
Temporary Restraining Order, freezing all of Corzine’s assets. The court then
entered a Consent Decree, enjoining Corzine from making future
misrepresentations and requiring him to reimburse defrauded customers. The
FTC will treat an advertisement as deceptive if there is a material
misrepresentation, omission, or
138
139
140
disclose, sell, or offer customers’ personal information for sale. Before the
federal bankruptcy court’s distribution of assets, Toysmart.com entered into a
settlement agreement with the FTC to protect the privacy of its customer list.
(C) CHILDREN’S PRIVACY
“The Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. § 6501)
makes it illegal for companies to harvest personally identifiable information
from children aged 13 and under without their parents’ consent.” The COPPA
Rule applies “to operators of commercial websites and online services (including
mobile apps) directed at children under 13 that collect, use, or disclose personal
information from children, and operators of general audience websites or online
services with actual knowledge that they are collecting, using, or disclosing
personal information from children under 13.” FTC, Complying with COPPA
(Apr. 13, 2013). Chapter 7 has a more complete discussion of the FTC and
COPPA.
(D) REGULATION OF ONLINE SPAM
Spam is defined as unsolicited bulk e-mail (UBE), or, unsolicited commercial
e-mail (UCE). A 1970 Monty Python Flying Circus sketch inspired the term
spam where a waiter recited a menu where every breakfast dish included spam.
In a typical day, the average consumer has an e-mail inbox full of virtual offers
to make fast money. A self-proclaimed spam king bragged: “When you’re
sending out 250 million e-mails, even a blind squirrel will find a nut.” The
141
142
E-mailers must honor consumers’ requests for removal made using e-mail or
websites mechanisms within 10 business days. CAN-SPAM is less effective than
it might have been because Congress limited enforcement to federal agencies,
states, and Internet Service providers. Victims of spam e-mail have no standing
to file suit against e-mailers, and the federal statute preempts state anti-spam
measures.
To state a claim under the CAN-SPAM Act, the government or a service
provider must allege that the spammer sent an e-mail containing “materially
false or materially misleading” header information. CAN-SPAM defines false or
materially misleading headers to includes a false and fraudulent electronic mail
address, domain name, or Internet Protocol address: CAN-SPAM prohibits false
or misleading transmission information, deceptive headers, and requires e-
mailers to give an easy to use opt out method.
The CAN-SPAM Act creates a cause of action normally pursued by FTC
enforcers. Service providers do not have standing to file CAN-SPAM lawsuits
unless they prove they were “adversely affected” by spam. Adverse effects
include spam-related network crashes, a higher bandwidth utilization because of
the flood of messages, increased costs for hardware and software upgrades,
network expansion, as well as the costs of additional employees responding to
complaints.
Section 7 of the CAN-SPAM Act provides for exclusive enforcement by the
FTC and the
143
Department of Justice. The FTC does not permit state attorneys general to file
anti-spam lawsuits if there is a pending federal civil or administrative
enforcement action. Furthermore, the new federal anti-spam statute preempts all
state anti-spam legislation, even those providing consumers with a cause of
action against commercial e-mailers. For text messages, CAN-SPAM needs
consumers to give “prior express authorization” prior to transmittal. Commercial
messages must identify the company and include an opt-out mechanism
functioning for at least 30 days. If the consumer elects to unsubscribe from
receiving more messages, the company must stop sending any other promotional
messages within 10 days. CAN-SPAM does not authorize private lawsuits by
aggrieved consumers.
(2) Emblematic CAN-SPAM Awards
A federal court in Yahoo! Inc. v. XYZ Companies, No. 08–4581 (S.D. N.Y.
2011), imposed a $600 million damage award against a spam emailer that used
Yahoo!’s marks in over eleven million fraudulent e-mails. The court awarded
half of the maximum statutory damages, “$50 per wrongful communication,”
declining to award treble damages under the Lanham Act given the size of the
CAN-SPAM award. 15 U.S.C. § 7704(a)(1). Facebook was awarded $711
million in damages against Sanford Wallace, “the King of Spam” for false and
misleading marketing emails. In 2008, the court ordered the King of Spam to
pay MySpace $234 million for the consequences of its spamming activities. In
December 2011, a court ordered a
144
Nigerian spammer to pay Yahoo! $610 million arising out of a massive spam
attack that infringed the service provider’s trademarks. The CAN-SPAM verdict
arising out of the Nigerian Advance Free Fraud is likely not collectible. Courts
may fine, but not imprison CAN-SPAM violators.
145
definitions of the TCA. In that case, the Court upheld the FCC’s classification
of broadband cable Internet service as an “information service,” and the FCC’s
conclusion that broadband cable Internet service was not a telecommunications
service.
(B) NET NEUTRALITY
The policy debate over “net neutrality” concerns what role the government
should have in regulating broadband Internet providers transmitting and
delivering Internet traffic over their networks. A telecommunications carrier
violated network neutrality when they blocked Web traffic over their networks.
The major policy issue centers on what types and degrees of control the
government should impose on broadband providers. The consumer interest in net
neutrality is to prevent broadband providers from blocking or slowing traffic
based upon content or the type of customer.
146
147
regulators. The lessons from European consumer rule may also apply to other
countries around the globe.
149
CHAPTER 6
GLOBAL INTERNET TORTS
150
151
152
154
155
(E) EXCEPTIONS TO CDA SECTION 230
(1) Website Is Deemed a Content Creator
A few courts have ruled that Section 230 immunity is not available if a
website is too closely connected to the creation of content posted by third
parties. In Fair Housing Council of San Fernando Valley v. Roommates.com,
521 F.3d 1157 (9th Cir. 2008), the Ninth Circuit, sitting en banc, ruled that
Section 230 did not immunize roommates matching service website designed to
match people seeking housing. The Roommates.com website required its users
to answer potentially discriminatory questions about such things as age, race,
and sexual orientation in order to complete a profile prior to getting suggested
matches. The Roommates site also encouraged subscribers to provide additional
comments, which encouraged them to make discriminatory selections.
The Fair Housing Council (FHC) filed suit against Roommates for violating
the federal Fair Housing Act (FHA) and California’s housing discrimination
laws. The FHC contended that the website was the functional equivalent of a
housing broker “doing online what it may not lawfully do offline.”
The Ninth Circuit stated: “The message to website operators is clear: if you
don’t encourage illegal content, or design your website to require users to input
illegal content, you will be immune.” The federal district court held that
Roommates.com was immunized under CDA Section 230 dismissing the FHC
claims without determining whether
156
Roommates violated the FHA. The court declined jurisdiction over the
California housing discrimination claims. The Ninth Circuit reversed ruling that
Roommates.com was not entitled to Section 230 immunity.
The Roomates.com court observed that a website is a content provider for
content that it creates itself—whether in whole or in part. The court concluded a
website might be immune from liability for some of the content it displays to the
public but be subject to liability for content it had a significant role in creating.
The Ninth Circuit held that the roommate matching service was responsible for
the alleged discrimination by requiring users to submit protected characteristics
and hiding listings based on those submissions. The appeals court reasoned:
Roommates was not entitled to CDA immunity for the operation of its search
system, which filters listings or its email notification system, which directs
emails to subscribers according to its discriminatory criteria.
While the court ruled that Roommate was divested of its Section 230 shield
for asking discriminatory questions, it made no determination whether
Roommates actually violated state and federal law. Its holding only addressed
only whether Section 230 immunity applied to the website. The Ninth Circuit
ultimately ruled that the website did not violate the Fair Housing Act since
federal law does not apply to shared dwellings. Fair Housing Council of San
Fernando Valley v. Roommates.com, LLC, 663 F.3d 1216 (9th Cir. 2012).
157
In Dirty World Entertainment v. Jones, 755 F.3d 398 (6th Cir. 2014), a former
Cincinnati Bengals cheerleader and schoolteacher filed a defamation action
against The Dirty, an online tabloid. The Dirty website enables users to
anonymously upload comments, “photographs, and video, which Richie then
selects and publishes along with his own distinct, editorial comments. In short,
the website is a user-generated tabloid primarily targeting nonpublic figures.”
An anonymous visitor to www.TheDirty.com submitted two photographs of
Jones and a male companion and the following post: THE DIRTY ARMY: Nik,
this is Sara J, Cincinnati Bengal Cheerleader. She’s been spotted around town
lately with the infamous Shayne Graham. She has also slept with every other
Bengal Football player. This girl is a teacher too!! You would think with
Graham’s paycheck he could attract something a little easier on the eyes Nik!
Richie, the Dirty website operator, added a caustic and allegedly defamatory
commentary appearing directly beneath this post: Everyone in Cincinnati knows
this kicker is a Sex Addict. It is no secret … he can’t even keep relationships
because his Red Rocket has freckles that need to be touched constantly.—nik.
Richie refused to remove the allegedly defamatory postings or his
commentary about Jones and she filed a lawsuit for defamation, libel per se,
false light, and intentional inflection of emotional distress. The U.S. district
court ruled that Section 230 did not shield these claims and the case was
158
submitted to the second jury, which returned a verdict in favor of Jones for
$38,000 in compensatory damages and $300,000 in punitive damages.
The court entered a judgment in favor of Jones ruling that Dirty World and its
founder were liable because they “encouraged” users to post tortious and
defamatory content. The sole issue on appeal was whether Dirty World’s and
Richie’s motion for judgment as a matter of law by holding that the CDA bars
Jones’s state tort claims.
The Sixth Circuit adopted a “material contribution” to determine whether a
website is liable for the content. The court expressly declined to adopt the
definition of “development” set forth by the lower court. The appeals court ruled
that: Dirty World and Richie did not author the statements at issue; however,
they did select the statements for publication. Nevertheless, the court held that
neither Richie nor Dirty World could be found to have materially contributed to
the defamatory content of the statements posted on the Dirty Website. The Sixth
Circuit also rejected an “encouragement” test. The appeals court observed that
unlike in the Roommates.com case, The Dirty did not require users to post illegal
or actionable content as a condition of use.
The Sixth Circuit vacated the judgment in favor of Jones and reversed the
district court’s denial of Dirty World’s and Richie’s motion for judgment as a
matter of law with instructions to enter judgment as a matter of law in their
favor. The Sixth Circuit
159
reversed holding that Section 230 barred Jones’ defamation claim. The court
declined to adopt the district court’s encouragement test of immunity under the
CDA.
In Opperman v. Path, Inc., 2014 WL 1973378 (N.D. Cal., May 4, 2014),
Apple was the defendant in a class action because their devices such as iPhone
and iPads “make it possible for third parties to access and copy Plaintiffs’
address books without their knowledge.” The plaintiffs asserted multiple tort
actions including intrusion upon seclusion, public disclosure of private facts,
trespass to property, conversion, misappropriation, strict products liability
(design defect and failure to warn), and secondary tort liability (vicarious
liability). Apple moved to dismiss these claims based upon Apple’s
misrepresentation because of CDA Section 230. The court did not grant Apple’s
motion finding that it was a “developer of information” and thus not immunized
by Section 230. Plaintiffs asserting tort actions against service providers for third
party postings seldom prevail.
(2) FTC Action & Section 230
In FTC v. Accusearch Inc., 570 F.3d 1187 (10th Cir. 2009), the Tenth Circuit
ruled that CDA Section 230 does not immunize an Internet information broker
from a FTC Section 5 action for unfair and deceptive trade practices. The FTC
filed suit against Accusearch, the operator of website that sold various personal
data, including telephone records, in an attempt to curtail the sale of confidential
information and to require it to disgorge its profits
160
161
imminence requirement would have been a barrier in this lawsuit if there had
been no Section 230 shield. Battery, too, is virtually impossible because there
can be neither a harmful or offensive contact nor an imminent apprehension of
such a contact in cyberspace. See RESTATEMENT THIRD OF TORTS: LIABILITY FOR
PHYSICAL AND EMOTIONAL HARM § 18, § 21 (2009).
(A) TORT OF OUTRAGE
To support the tort of outrage or what the intentional infliction of emotional
distress, conduct must be so outrageous in character, and so extreme in degree,
as to go beyond all possible bounds of decency. RESTATEMENT (3RD) TORTS § 46.
The tort of the intentional infliction of emotional distress (IIED) or outrage is
often pleaded in online stalking or anonymous bullying cases. A plaintiff must
satisfy three requirements to state a claim for intentional infliction of emotional
distress (IIED): (1) the conduct involved must be truly extreme and outrageous,
i.e., it must go beyond all bounds of decency and be considered intolerable in a
civilized community; (2) the actor must either intend that his conduct will inflict
severe emotional distress or know that there is at least a high probability that his
conduct will cause severe emotional distress; and (3) the conduct must in fact
cause severe emotional distress. Huon v. Breaking Media LLC, 2014 WL 684866
(N.D. Ill. 2014).
States adopting Section 46 of the RESTATEMENT (SECOND) OF TORTS require
mere recklessness to prove IIED. Other states require the plaintiff to
162
prove intent and recklessness will not suffice. The test for outrageous online
conduct is conduct “so extreme as to exceed all bounds of that usually tolerated
in a civilized community.” The Restatement (Third) illustrates the tort of outrage
by a stalking scenario adaptable to Internet stalking. See RESTATEMENT (THIRD)
OF TORTS, § 46, illus. 1.
163
164
164
CompuServe court ruled that the provider did not violate the spammer’s First
Amendment rights in seeking to enjoin the spam.
The court also found Cyberpromotion’s falsification of point of origin
information was proof that it had misused the plaintiff’s computer network. The
“injury element” of trespass to chattels was the spammer’s drain on the
processing speed and disk space of the spammed computers. The CompuServe
court explained that a service provider could sustain an action for trespass to
chattels but not conversion without a showing of substantial interference with its
right to possession of its computer system. Under the logic of this modern case,
physical contact is satisfied by the mere reception of electrons. Plaintiffs in
Internet-related trespass cases often have a difficult burden of proving concrete
injuries amounting to damages. This issue arose in Intel Corp. v. Hamidi, 30 Cal.
4th 1342, 71 P.3d 296, 1 Cal. Rptr. 3d 32 (Cal. Sup. Ct. 2003), a trespass to
chattels case in which the Intel Corporation filed suit against Kourosh Kenneth
Hamidi, an ex-employee.
Ken Hamidi created and operated “FACE-Intel,” a website that castigated
Intel’s employment, and personnel policies and practices targeting all current
Intel employees. Intel demanded Hamidi stop sending the messages, but he
refused and bypassed Intel’s firewall. When Intel was unsuccessful in blocking
or otherwise filtering out Hamidi’s messages, it filed suit, and the case
eventually was appealed to the California Supreme Court. The court found no
evidence that Hamidi
165
breached Intel’s computer security in transmitting email messages. Nor did the
court find evidence that Hamidi’s e-mails damaged Intel’s computer system or
even slowed it down and therefore there were no damages, a necessary element
for a cognizable trespass to chattels case. California’s trespass to chattels tort
does not encompass unwanted emails where there is neither damages to the
recipient’s computer system nor impairment to the computer system. The
Hamidi court rejected Intel’s argument that the company lost productivity
because employees were reading and reacting to Hamidi’s emails messages.
Hamidi stands for the proposition that nominal damages alone are insufficient
for a trespass to chattels action.
(2) Bots as Trespassers
A web robot, or “bot,” gathers and mines data from third party web sites. Most
bot related litigation arises out of the misuse of bots that enable Internet users to
submit auction bids. In eBay Inc. v. Bidder’s Edge Inc., 100 F. Supp. 2d 1058
(N.D. Cal. 2000), eBay, filed suit against Bidder’s Edge (BE), an aggregate
auction website, that enables consumers to do comparison-shopping. ‘BE’s
bots,’ or ‘spiders’ searched and copied files on bidding activity from eBay and
other online auction websites for use on its comparative, or aggregate, shopping
auction site.
EBay’s software enabled it to monitor the extraordinary number of incoming
requests from BE’s IP address. EBay blocked 169 IP addresses it believed BE
was using to query eBay’s system. However, BE’s bots continued crawling on
eBay’s
166
167
advertising ecosystem, and caused injury to Microsoft, its customers, and the
general public in a variety of ways.
(3) Spyware as Trespass to Chattels
In Sotelo v. DirectRevenue, 384 F. Supp. 2d 1219 (N.D Ill. 2000), the plaintiff
sued the defendant for surreptitiously installing spyware on its computers. Direct
Revenue’s spyware delivered advertisements to consumers’ computer screens
through the Internet. To induce consumers to view the ads, the company offered
them free software applications, such as screensavers, or games. When the
consumer downloaded the free application, another piece of software known as
an “advertising client” that generated the pop-up ads was also installed. The ads
could be discarded by clicking on an “X” in the upper right hand corner of the
display-box in which they appeared.
In Sotelo, the plaintiff claimed the spyware took up bandwidth, causing its
computers to slow down and resulting in increased Internet charges. The Sotelo
court found that the spam e-mailers caused an actionable injury to the provider’s
computer system. The court also refused to dismiss the plaintiff’s Illinois
Consumer Fraud Act and negligence claim that Direct Revenue breached its duty
not to harm Sotelo’s computers, as well as a computer-tampering claim.
Trespass to chattels, born in the fifteenth century, has been successfully
stretched to wide-ranging Internet interferences with computer systems and
devices.
168
169
The Illinois appeals court found it unclear whether the plaintiff based his
claim on the USB drive or the digital data on it. The court held that there is no
recognized cause of action in Illinois for a trespass to chattel claim based on
trespass to an intangible such as digital information contained on a USB drive.
Since digital information on a USB drive is not tangible property, the plaintiff
had no trespass to chattels action.
(C) CONVERSION IN CYBERSPACE
Cyberconversion is the wrongful exercise of dominion over personal property
on the Internet. This tort is committed by: (1) intentionally dispossessing another
of a chattel, (2) intentionally destroying or altering a chattel in the actor’s
possession, (3) using a chattel in the actor’s possession without authority, (4)
receiving a chattel pursuant to sale, lease, pledge, gift or other transaction
intending to acquire for himself or for another a proprietary interest in it, (5)
disposing of a chattel by a sale, lease, pledge, gift or other transaction intending
to transfer a proprietary interest in it, (6) misdelivering a chattel, or (7) refusing
to surrender a chattel on demand.
(1) Domain Name Conversion
170
as the new contact person for Online Classifieds, Inc., the owner of the
domain name, sex.com, requesting Network Solutions to deregister sex.com
from Kremen and reregister it to him. Network Solutions, then the exclusive
domain name registrar, transferred sex.com without making any effort to
determine the authenticity of Cohen’s letter.
This Ninth Circuit case was the first time in Anglo-American legal history that
a court stretched the tort of conversion to the misappropriation of a domain
name. The court reasoned that corporations could be liable when they take away
someone’s shares of stock, which are pieces of paper symbolizing intangible
assets. Since Kremen, other California courts have held that a domain name
could be converted under California tort law despite it being an intangible. Few
other U.S. jurisdictions have followed suit.
(2) Conversion of Websites
In Budsgunshop.com (BGS) v. Security Safe Outlet, Inc., 2012 WL 1899851
(E.D. Ky. 2012), a federal court ruled that the U.S. Copyright Act did not
preempt a plaintiff’s conversion claim arising out of the dispute over the
ownership of a website. SSO and its officer expanded its online business selling
firearms and its accessories through the www.budsgunshop.com website. SSO
hired a consultant to oversee and improve its websites. The consultant and a co-
defendant began to spin out the online business operations of SSO as a separate
entity, which the plaintiff alleged was conversion,
171
172
cause; and (3) the lawsuit was initiated with malice. “A litigant will lack
probable cause for his action either if (1) he relies upon facts which he has no
reasonable cause to believe to be true, or (2) he seeks recovery upon a legal
theory which is untenable under the facts known to him.” Sangster v. Paetkau,
80 Cal.Rptr.2d 66, 75 (Cal. Ct. of App. 1998).
In Xcentric Ventures L.L.C. v. Borodkin, No. 2:12-cv-01426-GMS (D. Az.,
June 13, 2013), the defendants in a malicious prosecution action sued
RipOffReport.com for a RICO racketeering claim and lost. Ripoff Report then
filed suit against the unsuccessful plaintiffs for malicious prosecution and aiding
and abetting tortious conduct. The court found that Xcentric alleged sufficient
facts to claim that the plaintiffs lacked probable cause to initiate an extortion
claims. The court was persuaded that the plaintiffs’ extortion claim relied
primarily upon conversations that were substantially revised in their own
affidavits thus casting doubt on whether there was sufficient cause for them to
bring an extortion claim.
(E) ABUSE OF PROCESS
Abuse of process is misusing legal process for an unlawful purpose. To
establish an abuse of process claim, a plaintiff must show that the defendant “(1)
used a legal process against the plaintiff, (2) primarily to accomplish a purpose
for which the process was not designed, and (3) harm has been caused to the
plaintiff.” McNeil v. Jordan, 586 Pa. 413, 894 A.2d 1260, 1275 (2006).
173
174
175
176
found an Internet aggregator of financial data not to be liable for “hot news”
misappropriation because the U.S. Copyright Act preempted the claim because it
used its own resources to aggregate factual news information and was not
diverting profits from Barclays and other companies. The court found no
misappropriation claim since Fly is reporting financial news—factual
information based on firm recommendations requiring a substantial
organizational effort. Because Fly’s service collects, summarizes and
disseminates the news of the Firms’ Recommendations, there is no “non-
preempted cause of action for misappropriation.”
(3) Interference with Business Contracts
The elements of a tortious interference with contractual relations claim are: (1)
an advantageous (2) business relationship (3) under which plaintiff has legal
rights, plus (4) an intentional and (5) unjustified (6) interference with that
relationship (7) by the defendant which (8) causes (9) a breach of that business
relationship and (10) consequential damages. In contrast, the interference with
prospective contractual relations requires the plaintiff to prove: (1) the defendant
intentionally interfered with the plaintiff’s existing or potential economic
relations (2) for an improper purpose or by improper means and (3) causes injury
to the plaintiff. Plaintiffs deploy this tort in pop-up cases on the theory that these
advertisements interfere with prospective economic relations. These business
cybertorts are often pleaded but seldom successful.
177
178
another with intent to induce a person to alter their position to their detriment.
Despite the ubiquity of fraud on the Internet, relatively few plaintiffs have been
successful in pursuing cyberfrauds. A common form of cyberfraud occurs when
website owners pay people to click ads repeatedly in order to artificially increase
advertising revenue.
(B) TRADE LIBEL IN CYBERSPACE
To prevail in a claim for trade libel, a plaintiff must demonstrate that the
defendant: (1) made a statement that disparages the quality of the plaintiff’s
product; (2) that the offending statement was couched as fact, not opinion; (3)
that the statement was false; (4) that the statement was made with malice; and
(5) that the statement resulted in monetary loss. “Statements that do not contain
verifiable facts, such as opinions or rhetorical hyperbole, are not actionable as
defamation.” Huon v. Breaking Media LLC, 2014 WL 6845866 (N.D. Ill. Dec. 4,
2014).
It is an essential element that a company must present evidence of special
damages arising out of the online defamatory falsehood such as a Facebook
posting. A court may presume as a matter of law that the defendant intended to
make false statements (susceptible of only one meaning) that created public
hatred, contempt or ridicule.
Online “publication” requires proof that the libelous statement reached even a
single third person who understood both the defamatory meaning and its
connection to the plaintiff. Trade
179
libel requires proof of special damages, while libel per se does not have this
requirement. “Special damages” are limited to actual pecuniary losses that must
be specially pleaded and proved.
(C) INDIVIDUAL & MEDIA PRIMA FACIE CASE
To establish a prima facie defamation action against a media defendant, a
private figure plaintiff must prove: (1) publication; (2) of a defamatory
statement; (3) concerning the plaintiff; (4) in a negligent breach of the
professional standard of care; and (5) that resulted in demonstrable injury. When
deciding whether a statement is defamatory, a court must consider not only what
the defendant explicitly stated but also the meaning that is insinuated or implied.
In a virtual world, where user names are used as opposed to legal names, it may
be difficult to establish that he or she was the target of a defamatory posting.
(1) Libel Per Quod
180
Libel per se is available only when a private figure plaintiff sues a non-media
defendant regarding kinds of defamatory statements that do not concern a matter
of public importance. In these cases, if the alleged defamatory statements have a
natural tendency to provoke the plaintiff to wrath or expose him to public hatred,
contempt, or ridicule, the plaintiff need not prove that the statement actually
damaged her or him; damages are presumed.
Under the common law, libel per se (for trade libel or ordinary defamation)
requires proof that the plaintiff maliciously: (1) accused a person of commission
of crime, (2) imputed unchastity to a woman, (3) stated that a person had a
loathsome disease—e.g. AIDS, mental illness etc., or (4) made any statement
that damages a person in his business or standing in the community—e.g.
crooked lawyer. A plaintiff need not prove actual damages with defamation per
se; damages are presumed.
181
182
Generally, the First Amendment does not apply to speech on private property,
such as a company’s website because of the doctrine of state action. In Noah v.
AOL Time-Warner, Inc., 261 F. Supp. 2d 532 (E.D. Va. 2003), the Virginia
district court ruled that AOL’s termination of an Internet service account
because of pro-Islamic statements raised no First Amendment claim because the
Constitution does not protect against actions taken by private entities. Public
entities, in contrast, are subject to
183
John Doe subpoenas, also called subpoena duces tecum, are requested by
prosecutors or private litigants to unveil anonymous bloggers, posters, and others
potentially liable for trade libel or the infringement of intellectual property
rights. The leading test was for granting these subpoenas was articulated in
Dendrite Int’l, Inc. v. Doe, 775 A.2d 756 (N.J. Super. Ct., App. Div. 2001). The
Dendrite court held that a plaintiff seeking to unveil an anonymous speaker
must: (1) give notice, (2) identify the exact statements that constitute allegedly
actionable speech, (3) establish a prima facie cause of action against the
defendant based on the complaint and all information provided to the court, and
(4) produce sufficient evidence supporting each element of its cause of action,
on a prima facie basis, prior to a court ordering the disclosure of the identity of
the unnamed defendant.
Assuming the plaintiff establishes a prima facie cause of action; the court
must balance the defendant’s First Amendment rights against the strength of the
case presented, considering the importance disclosing the anonymous
defendant’s identity to allow the plaintiff to prove her case. Courts are
disinclined to issue a John Doe subpoena unless the ISP gives notice to the
anonymous speaker and an opportunity to be heard. A New Hampshire Jane Doe
plaintiff filed suit against Friendfinder.com, an adult networking site, for
184
185
186
“Limited purpose” public figures are only public figures on issues where they
inject themselves into a public controversy. The U.S. Supreme Court created the
“limited purpose” public figure classification to accommodate tort law to the
First Amendment. It is unclear what level of Internet articulation turns a blogger
or other Internet speaker into a limited purpose public figure. The Georgia
Supreme Court in Mathis v. Cannon, 573 S.E.2d 376 (Ga. 2002) held that a
poster to a Yahoo! message board qualified as a limited-purpose public figure in
a controversy involving the county’s recycling facility.
Mathis posted several incendiary messages about Cannon on an Internet
bulletin board as part of a local controversy about the unprofitable operation of a
solid waste recovery facility. The Georgia Supreme Court reversed the lower
court that conceptualized Matthias as a private person, concluding that he was a
limited public figure. The court, however, dismissed the action because of the
plaintiff’s failure to demand a retraction, a requirement under Georgia’s tort law.
(4) Liability Standard for Private Persons
In online defamation cases against ordinary private individuals (not public
figures or public officials), the plaintiff must prove: (1) a false and defamatory
statement concerning another, (2) unprivileged publication to third party, (3)
fault amounting to at least negligence on the publisher’s part, and (4) either
actionability of statement
187
188
Thirty-one U.S. states have enacted retraction statutes that require the plaintiff
to demand a retraction before filing a libel lawsuit. In the physical world,
retraction statutes are effective for many defamed individuals who are merely
seeking to have their reputation repaired while avoiding costly and invasive
litigation. In cyberspace, with its mirrored websites and Wayback machines, it is
almost impossible to repair a reputation once lost.
189
190
The common law elements of the tort of the right of publicity are: (1) the
defendant’s use of the plaintiff’s identity, (2) the appropriation of plaintiff’s
name or likeness to defendant’s advantage, commercially or otherwise, and (3)
the plaintiff has not given the defendant consent. The right of publicity applies to
“[o]ne who appropriates the commercial value of a person’s identity by using
without consent the person’s name, likeness, or other indicia of identity for
purposes of trade is subject to liability.” RESTATEMENT (THIRD) OF UNFAIR
COMPETITION § 46 (2005).
The federal district court enjoined an adult entertainment website from
distributing the video sex tape of Pamela Anderson Lee and musician Brett
Michaels on its subscription website. The court found the site liable for
copyright infringement, for infringing the celebrities’ rights of privacy and
publicity, and other intellectual property rights. Michaels v. Internet Ent. Group
Inc., 5 F. Supp. 2d 823 (C.D. Cal. 1998).
191
In order to state a claim for public disclosure of private facts, the facts must
not only be private but the matter revealed must be highly offensive to a
reasonable person. To pursue a public disclosure of private facts action, the
plaintiff must plead that: (1) publicity was given to the disclosure of private
facts, (2) the facts were private, not public, (3) the matter made public was such
as to be highly offensive to a reasonable person, and (4) the matter publicized
was not one of legitimate public concern. “The tort of public disclosure of
private facts is meant to protect against the disclosure of ‘intimate … details the
publicizing of which would be not merely embarrassing and painful but deeply
shocking to the average person subjected to such exposure.” Chisholm v.
Foothill Capital Corp., 3 F. Supp. 2d 925 (N.D. Ill. 1998).
A Maine federal court considered a case in which a plaintiff filed a public
disclosure of private facts case against a former classmate who published a book
about their prolonged high school feud called, “Help Us Get Mia.” The court
rejected the plaintiff’s claim for public disclosure for private facts since she had
had posted many of the statements on her MySpace page. Sandler v. Calcagni,
565 F. Supp. 2d 184 (D. Me. 2008).
(4) False Light
One who gives publicity to a matter concerning another in a way that places
the other before the public in a false light is subject to liability to the
192
other for invasion of his privacy, if (1) the false light in which the other was
placed would be highly offensive to a reasonable person; and (2) the actor had
knowledge of or acted in reckless disregard as to the falsity of the publicized
matter and the false light in which the other would be placed. False light is not a
strict liability tort but rather requires proof that the defendant must have
knowledge of or have acted in reckless disregard as to the falsity of the
published facts to be liable.
In 2007, a chiropractor’s former patient posted negative reviews of his San
Francisco chiropractic services on the website, Yelp.com. The defendant’s
postings suggested that the chiropractor was dishonest and engaged in insurance
fraud through dishonest “time of service” billing practices. The plaintiff
contended that the postings placed him in a false light in the public eye and that
the publicity created by the Yelp.com posting was offensive and objectionable.
False light, like the other privacy-based torts, is constrained by the First
Amendment.
193
194
195
Courts have been slow to recognize a company’s duty to secure their website
or computers system to prevent hackers from compromising their computer
system. Plaintiffs in inadequate computer security cases are customers harmed
when data is compromised. In Lone Star Nat. Bank, N.A. v. Heartland Payments
Sys., 2013 WL 4728445 (5th Cir., Sept. 3, 2013), the Fifth Circuit applying New
Jersey law held that the economic loss doctrine did not bar credit card issuer
banks’ negligence claim against the processer of credit card transactions.
(C) NEGLIGENCE PER SE
The plaintiff must prove three things to establish negligence per se: (1) the
injury must have been caused by the violation, (2) the injury must be the type
intended to be prevented by the statute, and (3) the injured party must be one of
the class intended to be protected by the statute. The negligence per se doctrine
is based on the rule that a presumption of negligence arises from the violation of
a statute that was enacted to protect a class of persons—of which the plaintiff is
a member—against the type of harm the plaintiff suffered as a result of the
violation.
Therefore, a party who seeks to prevail on a cause of action premised on the
negligence per se doctrine must establish, among other elements, which the
party is one of the class of persons who is protected by the statute, ordinance, or
regulation. Defendants may use negligence per se to demonstrate a plaintiff’s
contributory negligence, if a user violates their statutory duty to secure their
computer system or Internet passwords. President Barack Obama
196
197
198
The next day, Youens placed an order with Docusearch for Boyer’s
employment information, paying the $109 fee by credit card, and giving
Docusearch the same phone number he had provided originally. Shortly after
obtaining information from Docusearch, Youens drove to Boyer’s workplace
and fatally shot her as she left work. Youens then shot and killed himself. The
New Hampshire Supreme Court ruled that the data broker owed a duty to third
persons whose information was disclosed if the company was subjecting them an
unreasonable risk of harm. The plaintiff convinced the N.H. Supreme Court that
the harm of selling information was foreseeable based upon Docusearch’s own
knowledge as well as the danger inherent in selling personal information. To
date, this is the only negligent data broker case where the broker was held liable
for contributing to the harm by supplying personal information or data to a
criminal or stalker.
199
theories, and whether the relief sought is recovery of damages or any other
legal or equitable relief, including a suit for: (1) injury, damage to or loss of real
or personal property, (2) personal injury, (3) wrongful death, (4) economic loss,
or (5) declaratory, injunctive, or other equitable relief.
Section 402A of the Restatement (Second) of Torts holds a manufacturer
strictly liable for harm to person or property caused by “any product in a
defective condition unreasonably dangerous to the user.” RESTATEMENT
(SECOND) TORTS § 402(A)(1). U.S. courts have recognized three paradigmatic
types of defects in products litigation: (1) manufacturing defects, (2) design
defects, and (3) the failure to warn or inadequate warnings. Courts have largely
displaced the consumer expectation test with the risk utility test but California
and a few other jurisdictions permit jury instructions on both tests.
The Restatement (Third) of Torts: Products Liability requires the plaintiff to
prove that there is a reasonable alternative design that will avert the risk of
impugned design. Another products liability cause of action is based upon the
adequacy of warning or instructions. Products liability potentially applies to
distributors of defective computer hardware and may even stretch to software.
Software malfunctions of key infrastructure may have latent defects that prove
deadly or economically disastrous.
The Sixth Circuit rejected a products liability claim arising out of a Kentucky
school shooting. The
200
201
201
202
an English and Welsh court ruled that Google Inc. could be held liable as the
publisher of an allegedly defamatory blog posting because of its failure to
remove the post after receiving a complaint. Plaintiffs have filed few lawsuits for
tortious third party postings in European courts. The strong administrative state
in many civil code countries is an alternative to a strong cybertort regime. In
Sweden, for example, claimants look to insurance first and to torts second. In
Sweden, the tort system serves as a backup for those few individuals, such as
foreigners, not covered by the nation’s social security compensation agency, the
Forsakringskassan.
In Europe, cybertorts are patrolled by consumer regulatory agencies, not
private litigants. The United States is the only country connected to the Internet
that depends so greatly upon the tort system to fulfill public law functions. The
countries of the European Union, for example, arm consumer regulatory
agencies with roving powers to protect privacy and other rights of persons.
203
CHAPTER 7
INTERNET-RELATED PRIVACY
204
services. Prior to 2012, each Google privacy policy represented that the search
engine used a user’s personally identifiable information (PII) for a particular
product. These policies also stated that Google would not use the PII for any
other purpose without the user’s explicit consent. As Google’s privacy policy
stated:
[w]hen you sign up for a particular service that requires registration, we ask
you to provide personal information. If we use this information in a manner
different than the purpose for which it was collected, then we will ask for
your consent prior to such use.
On March 1, 2012, Google revised its privacy policy, which allowed the
search engine to collect device and mobile network information including the
hardware model, operating system version, unique device identifiers, and the
consumer’s phone number. Google’s single, universal privacy policy represented
that the search engine mogul may combine a user’s PII across multiple Google
products. Google explained the basis for the change in its privacy policy in the
following paragraph:
Our new Privacy Policy makes clear that, if you’re signed in, we may
combine information that you’ve provided from one service with
information from other services. In short, we’ll treat you as a single user
across all our products, which will mean simpler, more intuitive Google
experience.
The Google Privacy Policy Litigation arose out of a class action filed by
Google account holders that
205
206
business practice, which is a defense to both the state and federal wiretap
claims. The plaintiffs contended that the Google’s scanning to find words and
information of relevance to Google’s advertisers was done without their prior
consent, thus violated their right of privacy.
The federal district court denied Google’s motion to dismiss the action,
concluding that “the statutory scheme suggests that Congress did not intend to
allow electronic communication service providers unlimited leeway to engage in
any interception that would benefit their business models, as Google contends.”
Google’s defended against the plaintiffs’ state and federal wiretap claims by
contending that the plaintiffs consented to any email interception.
The court also rejected Google’s “ordinary course of business” defense to the
state and federal ECPA causes of action. The court found “Google’s alleged
interceptions are neither instrumental to the provision of email services, nor are
they an incidental effect of providing these services,” The court concluded that
the objected to interceptions were outside Google’s ordinary course of business.”
The court ruled that Google may be violating wiretap law when it scans the e-
mails of non-Gmail users and allowed a lawsuit against the company to move
forward.
(C) GOOGLE WALLET
In Svenson v. Google, 2014 WL 3962820 (N.D. Cal., Aug. 12, 2014), the
plaintiff purchased an App in the Google Play store using Google Wallet.
207
Svenson contended that she “paid $1.77 for the ‘SMS MMS to Email’ App
published by third-party vendor YCDroid; upon purchase, the App was instantly
downloaded for use on Plaintiff’s mobile device.” The essence of Svenson’s
complaint was that Google transmitted her contact information to YCDroid.
Svenson’s complaint was for: “(1) breach of contract; (2) breach of the
implied covenant of good faith and fair dealing; (3) violation of the Stored
Communications Act, 18 U.S.C. § 2701; (4) violation of the Stored
Communications Act, 18 U.S.C. § 2702; and (5) violation of California’s Unfair
Competition Law, Cal. Bus. & Prof. Code § 17200.” The Svenson court found
Svenson’s contract claims to be defective in that she did not prove that she paid
anything to Google for the “asserted privacy protections.”
The court gave the plaintiff leave to amend her complaint and on April 1, 2015
permitted some of her claims to go forward. In Svenson v. Google, Inc., 2015
WL 1503429 (N.D. Cal., Apr. 1, 2015), the court denied Google’s motion to
dismiss for lack of Article III standing and allowed Svenson’s benefit of the
bargain claim to go forward. In Sevenson’s amended complaint she “clarified
her contract theory” in contending that Google had access to personal
information which had value to Google and also was to “retain a percentage of
the App’s purchase price.”
The Svenson court also noted that the Ninth Circuit recognizes that “Google’s
conduct in making
208
209
210
give conspicuous notice of their information practices. A website may not
condition a child’s use of the website in its terms of service on disclosing
personal information. The FTC requires a website give a child’s parents the
opportunity to restrain further use or collection of information. A website must
have reasonable security to protect the confidentiality, security, and integrity of
personal information collected from children.
The FTC’s COPPA Rule provides websites with safe harbor if they comply
with approved self-regulatory guidelines formulated by marketing or online
industries. Self-regulatory guidelines must subject operators to the same or
greater protections for children as contained in Sections 312.2 through 312.9 of
the FTC’s COPPA Rule. All websites are required to conduct periodic reviews
of subject operators’ information practices. The FTC states the website must
comply with COPPA if the operator has a “general audience web site and actual
knowledge that they are collecting personal information” from children aged 13
or under. 16 C.F.R. § 312.
The Commission issued an amended Rule on December 19, 2012. The
amended Rule became effective on July 1, 2013. In 2013, the FTC issued
guidance on the updated definitions of personal information to include
geolocation, screen names, audio files, thus accommodating COPPA to social
media. FTC, Complying with COPPA (Apr. 13, 2013). “The amended Rule,
which goes into effect on July 1, 2013, added four new categories of information
to the definition of personal information. The amended
211
Rule of course applies to any personal information that is collected after the
effective date of the Rule.” Websites that have collected geolocation information
and have not obtained parental consent must do so immediately.
212
cell-phone call. This case “has significant implications for Internet law
because of the vast opportunities for republication of information enabled by the
Internet.” MARK LEMLEY, ET AL., SOFTWARE AND INTERNET LAW 955 (3rd ed.
2006). Notably, Chief Justice William Rehnquist commented, “We are placed in
the uncomfortable position of not knowing who might have access to our
personal and business e-mails, our medical and financial records, or our cordless
and cellular telephone conversations.”
213
Transparency: Consumers have a right to easily understandable and
accessible information about privacy and security practices.
Respect for Context: Consumers have a right to expect that companies will
collect, use, and disclose personal data in ways that are consistent with the
context in which consumers provide the data.
Security: Consumers have a right to secure and responsible handling of
personal data.
Access and Accuracy: Consumers have a right to access and correct
personal data in usable formats, in a manner that is appropriate to the
sensitivity of the data and the risk of adverse consequences to consumers if
the data is inaccurate.
Focused Collection: Consumers have a right to reasonable limits on the
personal data that companies collect and retain.
Accountability: Consumers have a right to have personal data handled by
companies with appropriate measures in place to assure they adhere to the
Consumer Privacy Bill of Rights.
THE WHITE HOUSE, CONSUMER DATA PRIVACY IN A NETWORKED WORLD
(2012).
The Obama Administration seeks to improve global interoperability between the
U.S. consumer data privacy framework and other countries’ frameworks,
through mutual recognition, the development of codes of conduct through multi-
stakeholder
214
215
Many states limit the data breach notification requirement to unencrypted data.
Massachusetts, like other states, imposes civil penalties for failing to give
consumers notice of security breaches. Data breaches for e-commerce
companies, for example, will rarely affect citizens in a single state. Counsel must
ensure that their client complies with the data breach statutes for all states.
216
with specific rules for processing and transferring European consumer data.
Each EU Member State has enacted legislation fulfilling the legal grounds
defined in the Directive: consent, contract, legal obligation, vital interest of the
data subject, and the balance between the legitimate interests of the people
controlling the data versus the people on whom data is held (i.e., data subjects).
217
that the articles, “although truthful, injured his reputation and invaded his
privacy.”
González demanded that the Spanish newspaper erase them because they were
no longer relevant, since the proceedings had concluded more than a decade ago.
The newspaper publisher refused to erase the articles because the Ministry of
Labour and Social Affairs had ordered their publication. Next, the plaintiff
demanded that Google remove the link to those stories and thereby eliminate any
association to his name.
(1) Procedural History of Google Spain v. AEPD
The AEPD ruled that Google was responsible as a data controller for
removing results about the plaintiff from its search engine. After the AEPD’s
decision, Google brought action before the Audiencia Nacional, Spain’s highest
court, which referred the case to the Court of Justice of the European Union. On
June 25, 2013, Advocate General Niilo Jääskinen issued his advisory opinion,
finding that Google had no responsibility to remove any links on its search
engine based on a privacy claim. He reasoned that suppressing legitimate and
legal information already in the public domain would interfere with freedom of
expression and undermine the objectivity of information on the Internet.
The CJEU rejected the Advocate General’s argument and recognized a broad
right to be forgotten under Spain’s implementation of Directive 95/46/EC. The
court found that Google, as an
218
219
219
not about deleting or forgetting content, but making it more difficult to locate.
Further, Google may not be technically eliminating the connection between
the data subject and the published information because the deleted link could
still be available in Google’s backup files. Indeed, links that Google removes
from EU search results will remain in searches made from non-EU domains.
Erasing social media posts that have gone viral is akin to attempting to hold back
the ocean with a single whiskbroom.
In the debate over the right to be forgotten, the sole focus on Google is also
misplaced as there are numerous other search engines including Microsoft’s
Bing, which have a sizable share of the search engine market. Critics from the
House of Lords in the United Kingdom emphasize that the CJEU did not
consider the ruling’s effect on smaller search engines, which are “unlikely to
have the resources to process thousands of removal requests.” Furthermore, they
argue that it is “ ‘wrong in principle’ to leave it to search engines to decide
whether or not to delete information, based on ‘vague, ambiguous and unhelpful’
criteria.”
(C) SCHREMS’ SAFE HARBOR CASE
The Court of Justice of the European Union (CJEU) considered the case of
Maximillian Schrems v. Data Protection Commissioner, C-362/14, (July 25,
2014). The Shrems case was referred to the CJEU on July 25, 2014 from a
preliminary ruling from Ireland’s High Court of Justice for a ruling
220
221
222
222
223
224
225
which has made the personal data public to inform third parties on the data
subject’s request to erase any links to, or copy or replication of that personal
data. It also integrates the right to have the processing restricted in certain cases,
avoiding the ambiguous terminology “blocking.” The EU Commission’s
Explanatory Memorandum makes a policy-based decision that the data
controller, not the data subject, must notify third-party websites that a data
subject has requested that it “erase any links to, or copy or replication of …
personal data.” Article 17(1) sets forth the ground rules for when data subjects
have a right to be forgotten:
The data subject shall have the right to obtain from the controller the erasure
of personal data relating to them and the abstention from further
dissemination of such data, especially in relation to personal data, which are
made available by the data subject while he or she was a child, where one of
the following grounds applies:
(a) the data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based
according to point (a) of Article 6(1), or when the storage period
consented to has expired, and where there is no other legal ground for
the processing of the data;
(c) the data subject objects to the processing of personal data pursuant to
Article 19;
226
(d) the processing of the data does not comply with this Regulation for
other reasons.
Article 17(2) states, “Where the controller referred to in paragraph 1 has made
the personal data public, it shall take all reasonable steps, including technical
measures, in relation to data for the publication of which the controller is
responsible, to inform third parties which are processing such data, that a data
subject requests them to erase any links to, or copy or replication of that personal
data.” Academic commentators caution that the proposed Regulation’s vague
admonitions create boundless liability for data controllers.
(5) Exceptions to the Right to Be Forgotten
The data controller is not required to initiate erasure if the subject of the data
request falls into one of four exceptions in Article 17(3). Article 17(3) makes it
clear that the right to be forgotten is subject to other fundamental rights such as
expression as noted below:
(a) for exercising the right of freedom of expression in accordance with
Article 80;
(b) for reasons of public interest in the area of public health in accordance
with Article 81;
(c) for historical, statistical and scientific research purposes in accordance
with Article 83;
(d) for compliance with a legal obligation to retain the personal data by
Union or Member State law to which the controller
227
228
229
230
232
IOT also creates the possibility of hackers taking over “home life, gathering
valuable personal data, or even use stolen information to extort money from
victims.” A security firm “took over those switches, turning them into
poltergeists that could turn on heaters and irons—a fire hazard and electricity-
waster.” Hackers taking over household devices are likely to occur with billions
of everyday devices now connected to the Internet.
Cybercriminals, for example, maintain websites where one can buy names,
addresses, and Social Security or credit card numbers to be used in financial
crimes. Cybercrimes often occur across borders creating difficult problems of
detection. For causes of action based upon privacy violations or espionage, there
may be little by way of provable damages. This chapter covers substantive
cybercrime law as opposed to procedural cybercrime law.
(A) OVERVIEW OF COMPUTER CRIMES
(1) What Computer Crime Includes
The first computer crime statutes were enacted in the 1980s at both the U.S.
state and federal level. Orin Kerr divides computer crime into two categories:
computer misuse crimes and traditional crimes. ORIN S. KERR, COMPUTER CRIME
LAW 1 (2d ed. 2009). Computer misuse is a relatively new category of computer
crime, involving deliberate interference with the functioning of the computer.
Traditional computer crimes, which use the computer to facilitate long-
established crimes such
233
Computer crimes are often more difficult to detect and resolve than crime in
the streets. Most cybercriminals are not physically present at the crime scene.
The Internet enables anonymous communications that are difficult to trace
because of false e-mail headers and anonymous re-mailers. Relational crimes are
easier to prosecute in the physical world because police can focus on multiple
physical clues and eliminate suspects who were not in the area when the crime
was committed. Internet crimes may involve creating small economic losses for
many consumers, making it unlikely that any one victim will report it or file a
claim. Victims may be unaware that their information or identity has been
234
234
stolen until long after the crime has been completed. See generally, ORIN S.
KERR, COMPUTER CRIME LAW (2006).
(3) Defining Cybercrimes
Cybercrime is the use of the Internet and related technologies to commit
crimes. The U.S. Department of Justice’s Office of U.S. attorneys note, “The
range of threats and the challenges they present for law enforcement expand just
as rapidly as technology evolves.” U.S. DEPT. OF JUSTICE, CYBERCRIMES (2015).
Cybercrimes can be broadly divided into three categories: “[1] organized crime
groups that are primarily threatening the financial services sector, and they are
expanding the scope of their attacks; [2] state sponsors—foreign governments
that are interested in pilfering data, including intellectual property and research
and development data from major manufacturers, government agencies, and
defense contractors; and [3] increasingly there are terrorist groups who want to
impact this country the same way they did on 9/11 by flying planes into
buildings.” Federal Bureau of Investigation, The Cyber Threat: Part I: On the
Front Lines with Shawn Henry (Mar. 27, 2012).
They are seeking to use the network to challenge the United States by looking
at critical infrastructure to disrupt or harm the viability of our way of life.
Examples of computer crime include computer intrusions, denial of service
attacks, viruses, and worms but not child pornography, which is a traditional
crime only enabled by the
235
Internet. Cybercrimes differ from traditional crime in that the criminal is not
physically at the crime scene and often leaves few clues.
236
237
integral part of which involves unauthorized access to a government
computer, a bank computer, or a computer used in, or affecting, interstate or
foreign commerce, 18 U.S.C. § 1030(a)(4); (5) threatening to damage a
government computer, a bank computer, or a computer used in, or affecting,
interstate or foreign commerce, 18 U.S.C. § 1030(a)(7); (6)trafficking in
passwords for a government computer, or when the trafficking affects
interstate or foreign commerce, 18 U.S.C. § 1030(a)(6); and (7) accessing a
computer to commit espionage, 18 U.S.C. § 1030(a)(1).
Charles Doyle, Cybercrime: An Overview of the Federal Computer Fraud &
Abuse Statute & Related Federal Criminal Law, CONGRESSIONAL RESEARCH
SERVICE (Oct. 15, 2014).
Originally, only a criminal statute, the CFAA now enables the victims of
computer crimes to file civil actions against cybercriminals, provided the access
is either “without authorization” or “exceeds authorized access.” 18 U.S.C. §
1030(g). The civil action provision is covered later in this chapter.
Summary of Computer Fraud & Abuse Act
238
239
240
presentation to his new employer did not access his employer’s computer
without authorization. While still employed by WEC the energy company
provided “him with a laptop computer and cell phone, and authorized his access
to the company’s intranet and computer servers.” Miller had access to numerous
confidential and trade secret documents stored on the company’s computer
servers. WEC instituted a policy to protect its trade secrets that prohibited using
the information without authorization or downloading it to a personal computer.
These policies did not restrict Miller’s authorization to access the information.
The court ruled that the CFAA does not impose liability for a mere violation
of a terms of use policy. Under the WEC court’s narrow reading of the CFAA,
the terms “without authorization” and “exceeds authorized access” only apply
when an individual accesses a computer without permission, or obtains or alters
information on a computer beyond that which he is authorized to access. The
path of CFAA law suggests that employers will find it difficult to pursue civil
actions against ex-employees.
(3) Trespassing in a Government Computer
241
242
243
the same term in 18 U.S.C. § 1029, and means “transfer, or otherwise dispose
of, to another, or obtain control of with intent to transfer or dispose.”
(7) Threatening to Harm a Computer
244
245
issues are whether unauthorized access has occurred and how to prove loss or
damages. Mark T. Krotoski and Brock Dahl summarize the controversy of
whether and when exceeded authorization violates the CFAA:
When a trusted employee steals company trade secrets and confidential
business information using the company’s computer, does this conduct
violate federal computer crime laws? Surprisingly, the answer currently
depends on where the theft occurred. Whether the employee has “exceeded”
his “authorized access,” a critical determination in whether the employee
violated the Computer Fraud and Abuse Act (CFAA) (the primary federal
computer crime statute) turns on how the courts construe key terms in the
statute. For more than five years, the courts have been divided on whether
this stealing of information violates the CFAA.
Mark T. Krotoski & Brock Dahl, Stealing Trade Secrets and Confidential
Information With Computers: Time to Resolve the Lingering Circuit Split,
BLOOMBERG BNA: COMPUTER TECHNOLOGY LAW REPORT (Mar. 6, 2015).
(1) Cases Recognizing That Violating TOS Constitutes Without Authorization
Many CFAA cases center on the meaning of using a protected computer
“without authorization” or in a manner that “exceeds authorized access.” In Int’l
Airport Centers v. Citrin, 440 F.3d 418 (7th Cir.
246
In LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2011), the Ninth
Circuit determined that an employee does not exceed authorized access to a
computer by accessing information unless the employee has no authority to
access the information under any circumstances. Brekka was an employee at an
addiction treatment center who was negotiating with his employer, LVRC
Holdings, for an ownership stake in the business. During negotiations, Brekka
emailed several business
247
248
computer, but is limited in the uses to which he can make of the information.
A court applying Nosal will not find a CFAA violation if an employee or ex-
employee simply exceeds authorization. In contrast, a court applying Brekka will
stretch the CFAA to treat violations of use restrictions as a federal criminal
offense. Recently, more courts are following Nosal’s conservative reading of
CFAA that merely exceeding authorized access is not a CFAA offense. See
Serbite Agency Inc. v. Platt, No. 11–3526 (D. Minn. 2012).
(c) Weingand v. Harland Financial Solutions
249
250
251
Within the ECPA, Congress also created a private action that authorizes
plaintiffs to seek monetary damages against a person who “intentionally
intercepts, endeavors to intercept, or procures any other person to intercept or
endeavor to intercept, any wire, oral, or electronic communication.” 18 U.S.C. §
2511(1)(a). To establish a prima facie case for a civil violation of § 2511(1)(a), a
plaintiff must prove five elements: that a defendant (1) intentionally (2)
intercepted, endeavored to intercept or procured another person to intercept or
endeavor to intercept (3) the contents of (4) an electronic communication (5)
using a device.
(B) ECPA DEFENSES
The ECPA exempts intercepting “an electronic communication made through
an electronic communication system” if the system is configured so that it is
“readily accessible to the general public.” 18 U.S.C. § 2511(2)(g)(i). As noted
above, the ECPA also includes two statutory exceptions: the “ordinary course of
business” exception and for activities incidental to rendering services. The
business exception to ECPA provides that a provider may intercept electronic
communications within its network for incidental activities. The ECPA allows
service providers or anyone else to intercept and disclose an electronic
communication where either the sender or recipient of the message has
effectively consented to disclosure, explicitly or implicitly. Section 2511(2)(d)
of the ECPA prohibits employers from intercepting e-mail messages, but the
ECPA does not apply if an employee consents to
253
254
255
reliance on a warrant. Many states have enacted “little SCA” that are state law
equivalents.
The First Circuit in United States v. Councilman, 418 F.3d 67 (1st Cir. 2005),
held e-mail messages no longer in electronic storage could not be intercepted
under the ECPA. In Councilman, the defendant, both a book dealer and an e-
mail service provider, created software that redirected incoming e-mails from
Amazon.com to customers of the defendant’s company. Federal prosecutors
charged the defendant with conspiring to intercept electronic communications.
The First Circuit dismissed the indictment against Councilman, reasoning that he
copied incoming e-mails from Amazon already in storage. By definition, a
message in storage cannot be intercepted. E-mails already in storage (opened or
unopened) could not be intercepted but were subject to the SCA.
(2) U.S. v. Riggs
In United States v. Riggs, 739 F. Supp. 414 (N.D. Ill. 1990), the court held that
defendants were in violation of the ECPA when they gained unauthorized access
to Bell South computers. The violation arose when hackers, known as “Prophet”
and “Knight Lightning,” gained unauthorized access to Bell South’s 911
computer files and published
257
258
259
identifiable information was not by design and only captured data from a very
small number of users. The affected plaintiffs filed a class action against
Pharmatrak and the pharmaceutical companies, asserting an ECPA complaint.
The First Circuit held that the lower court incorrectly interpreted the “consent”
exception to the ECPA and remanded the case for further proceedings. The court
ruled Pharmatrak had the burden to prove it had the consent of the few users on
whom it collected data. The court concluded that it did not need to address the
“real-time requirement” of the ECPA since Pharmatrak acquired the information
contemporaneously with transmission by the Internet users. The court held that
Pharmatrak intercepted electronic communications without their consent. The
court observed, “traveling the Internet, electronic communications are often—
perhaps constantly—both “in transit” and “in storage” simultaneously, a
linguistic but not a technological paradox.”
(5) Joffee v. Google
In Joffee v. Google, 746 F.3d 920 (9th Cir. 2013), plaintiffs filed a class action
contending that Google violated the ECPA and state law by collecting data from
unencrypted wireless local area (Wi-Fi) networks in capturing its Street View
photographs. Google acknowledged in that its Street View vehicles had been
collecting fragments of payload data from unencrypted Wi-Fi networks. In total,
Google’s Street View cars collected about 600 gigabytes of data transmitted over
Wi-Fi networks
260
261
name and password. At the request of a Hawaiian Airlines vice president, one
of the authorized users allowed management to access Konop’s website. The
pilot who revealed the password had permission to access Konop’s site, but had
never accessed it prior to turning it over to management.
The SCA exempts conduct authorized by a user of an electronic
communication service from liability. Later that day, the pilot received word that
the Hawaiian Airlines VP was upset by the contents of Konop’s website, leading
the authorized users to suspect that management was secretly monitoring their
website. The Ninth Circuit affirmed the lower court’s ruling that the airline did
not violate Title I of the ECPA because the pilot’s website was not intercepted
during transmission, but rather while in electronic storage.
The Konop court’s en banc opinion reasoned that they were following
precedent in construing the definition of intercept narrowly when it comes to
electronic communications. The seizure of unread e-mail residing on a host
computer does not match up well with the narrow meaning of “intercept”
required by Title I of the Wiretap Act. The Wiretap Act contemplates “intercept”
as occurring during or contemporaneously with transmission. Since the Konop
case, Congress has amended the ECPA to eliminate storage from the definition
of wire communication.
262
263
264
suspect. Private security video at the crime scene recorded a criminal suspect
holding a wireless device, entering the business to commit a crime, and then
fleeing the scene.
265
266
267
was not guilty of violating the federal threat law because a reasonable person
would not have regarded the posts as threatening. The Court stated:
Elonis’s conviction, however, was premised solely on how his posts would
be understood by a reasonable person. Such a “reasonable person” standard
is a familiar feature of civil liability in tort law, but is inconsistent with “the
conventional requirement for criminal conduct—awareness of some
wrongdoing.”
The Court reversed Elonis’ conviction stating:
Elonis’s conviction cannot stand. The court instructed the jury that the
Government need prove only that a reasonable person would regard
Elonis’s communications as threats, and that was error. Federal criminal
liability generally does not turn solely on the results of an act without
considering the defendant’s mental state. That understanding “took deep
and early root in American soil” and Congress left it intact here: Under
Section 875(c), “wrongdoing must be conscious to be criminal.
(E) SEX TRAFFICKING
President Obama signed The Justice for Victims of Trafficking Act of 2015
(JVTA) into law. Section 1 of the JVTA established a fund to cover the costs of
the programs it authorizes, which is paid for by a $5,000 special penalty
assessment for convicted sex offenders, human smugglers, and human
traffickers. Section 105 increases restitution to the victims of sex trafficking. The
JVTA uses forfeited
268
assets to satisfy restitution orders for victims, and thus gives giving law
enforcement more and better tools to fight sex trafficking.
269
272
ultimately the solution for deterring cybercrimes where the perpetrator and
victim are often in different countries. The harmonization in national differences
about content regulation is a subject discussed in this chapter.
This chapter examines problems of regulating content that originates on the
World Wide Web. Internet businesses targeting China’s 1.4 billion consumers
will need to comply with that country’s Internet regulations. Carnegie-Mellon
researchers found widespread evidence that the Chinese government was
deleting messages containing politically sensitive terms from popular micro
blogs.
§ 9-2. Indecent Speech & Censorship
(A) COMMUNICATIONS DECENCY ACT
In 1996, Congress enacted the Communications Decency Act (CDA) through
Title V of the Telecommunications Act. The CDA criminalized the transmission
of materials deemed to be either “obscene or indecent” for Internet users under
the age of eighteen. In Reno v. ACLU, 521 U.S. 844 (1997) a lower court
declared the CDA to be unconstitutional. A three-judge panel of the federal
appeals court enjoined enforcement of the CDA’s framework for controlling
obscenity on the Internet. In Reno v. ACLU, 521 U.S. 844 (1997), the U.S.
Supreme Court upheld the lower court’s determination that the CDA violated the
First Amendment because it was overly vague. Section 223(a) of the CDA
criminalizes the transmission via a telecommunications device of a “suggestion,
273
274
penalties of six months in prison and a $50,000 fine. COPA’s scope was
restricted to obscene materials on the World Wide Web, whereas the earlier
statute applied to all electronically disseminated information.
Under COPA, whether material published on the World Wide Web is
“harmful to minors” is governed by a three-part test: (1) Would the average
person, applying contemporary community standards, find after taking the
material as a whole and with respect to minors, to pander to the prurient
interest?, (2) Does the material depict, describe, or represent, in a manner
patently offensive with respect to minors, an actual or simulated sexual act or
sexual contact, an actual or simulated normal or perverted sexual act, or a lewd
exhibition of the genitals or post-pubescent female breast?, and (3) Taken as a
whole, does the material lack serious literary, artistic, political, or scientific
value for minors? The dictionary definition of prurient interest is that it is
evidenced by or arousing an immoderate or unwholesome interest or sexual
desire. COPA sought to use digital certificates to verify users were old enough to
view online pornography. Websites could assert, as a complete defense, that they
restrict access to minors by requiring a credit card, debit card, or access cards.
After a decade of litigation and a remand from the U.S. Supreme Court,
COPA was struck down after a complicated series of opinions. In ACLU v. Reno,
31 F. Supp. 2d 473 (E.D. Pa. 2009), the federal court granted a preliminary
injunction enjoining enforcement of COPA. The United States Supreme
275
276
Internet, (2) the safety and security of minors when using electronic mail, chat
rooms and other forms of direct electronic communications, (3) unauthorized
access, including so-called “hacking,” and other unlawful activities by minors
online, (4) unauthorized disclosure, use, and dissemination of personal
information regarding minors, and (5) measures restricting minors’ access to
materials harmful to them.
In United States v. American Library Ass’n, 539 U.S. 194 (2003), the Court
upheld CIPA, reasoning that the statute did not violate the First Amendment
because the purpose of the software was to block obscene or pornographic
images and to prevent minors from obtaining access to harmful material. The
plurality opinion stated that the federal assistance programs for helping libraries
secure Internet access was a valid statutory purpose. “Under the Spending
Clause of the Constitution, Congress has “wide latitude” to appropriate public
funds, and to place conditions on the appropriation of public funds, in
furtherance of the general welfare.” Const. Art. I, § 8, cl. 1.
Justice Rehnquist’s plurality opinion found that Internet access in public
libraries is neither a “traditional” nor a “designated” public forum. The plurality
stated that any concerns over filtering software’s alleged tendency to erroneously
“overblock” access to constitutionally protected speech was dispelled by the ease
with which library patrons could have the filtering software disabled. The Court
also observed that because public libraries had traditionally excluded
pornographic
277
material from their collections, they could impose a parallel limitation on its
Internet assistance programs. In PFLAG v. Camdenton R-III School Dist., 2012
WL 510877 (3d Cir. 2011), a court entered an injunction against a school
district’s use of filters to block websites directed at lesbian, gay, bisexual, and
transgendered (LGBT) youth.
(D) THE CHILD PORNOGRAPHY PREVENTION ACT
The Child Pornography Prevention Act of 1996 (CPPA) made it a crime to
create sexually explicit images that appear to depict minors but were produced
without using any real children. The statute prohibits, in specific circumstances,
possessing or distributing these computer images, which may be created by
using adults who appear under the age of consent.
In Ashcroft v. Free Speech Coalition, 535 U.S. 234 (2002), the U.S. Supreme
Court held that the ban on virtual child pornography was unconstitutionally
overbroad since it proscribed speech that was neither child pornography nor
obscene and thus abridged the freedom to engage in a substantial amount of
lawful speech. The Court also held that the government was not permitted to bar
protected virtual child pornography as a means of enforcing its proper ban of
actual child pornography.
(E) THE PROTECT ACT OF 2003
After the Court’s decision in Free Speech Coalition, Congress enacted the
Prosecutorial
278
Remedies and Other Tools to end the Exploitation of Children Today (Protect
Act of 2003). The Protect Act criminally sanctions the advertising, promotion,
presentation, distribution, and solicitation of child pornography. This federal
criminal statute also penalizes speech accompanying, or seeking the transfer of,
child pornography via reproduction or physical delivery, from one person to
another. 18 U.S.C. § 2252A(a)(3)(B).
The Protect Act classifies primary producers as including anyone who creates
a visual representation of actual sexually explicit conduct, through videotaping,
photographing, or computer manipulation. Secondary producers upload such
images to a website or otherwise manage the content of the website. The
producer must inspect the depicted individual’s government issued picture
identification and determine her or his name and date of birth. 18 U.S.C. §
2257(b)(1).
In United States v. Williams, 128 S. Ct. 1830 (2008), the U.S. Supreme Court
upheld the pandering provision of the Protect Act of 2003 that makes it illegal to
send material, or purported material, in a way that “reflects the belief, or is
intended to cause another to believe,” that the material contains illegal child
pornography. 18 U.S.C. § 2252A(a)(3)(B). In Williams, the defendant used a
sexually explicit screen name, signed in to a public Internet chat room and
conversed with a Secret Service agent masquerading as a mother of a young
child.
The defendant offered to trade the agent sexually explicit pictures of his four-
year-old daughter in
279
exchange for similar photos. His chat room message said “Dad of toddler has
“good” pics of her an [sic] me for swap of your toddler pics, or live cam.” The
defendant was charged with one count of promoting, or “pandering,” material
intended to cause another to believe the material contained illegal child
pornography and carried a sixty-month mandatory minimum sentence.
The defendant challenged the constitutionality of the Protect Act’s pandering
provision and the Eleventh Circuit found this part of the statute both
substantially overbroad and vague, and therefore facially unconstitutional. In a
7–2 opinion, the U.S. Supreme Court reversed the Eleventh Circuit. Justice
Scalia’s majority opinion concluded that the federal anti-child pornography
statute did not, on its face, violate the First Amendment’s right to free speech.
The Williams Court found offers to provide or obtain child pornography to be
categorically excluded from the First Amendment.
(F) SCHOOL CENSORSHIP OF INTERNET CONTENT
School districts around the United States face difficult policy decisions about
social media postings that “threaten academic environments when they are used
to bully, defame or engage in hate speech against students, administrators, and
faculty.” Karen M. Bradshaw & Souvik Saha, Academic Administrators and the
Challenge of Social Networking Sites in SAUL LEVMORE & MARTHA NUSSBAUM,
THE OFFENSIVE INTERNET: PRIVACY, SPEECH, AND REPUTATION (2010).
280
281
282
283
284
The CDA’s vagueness undermined the likelihood it had been carefully tailored
to the congressional goal of protecting minors from potentially harmful
materials.
(2) Overbreadth
285
286
§ 9-4. Cyberbullying
(A) FEDERAL LEGISLATIVE PROPOSALS
In 2008, the U.S. House of Representatives introduced the Cyberbullying
Prevention Act in response to a middle-aged woman whose cyberbullying
caused a thirteen-year-old girl to commit suicide. This federal statute states:
“Whoever transmits in interstate or foreign commerce any communication, with
intent to coerce, intimidate, harass, or cause substantial emotional distress to a
person, using electronic means to support severe, repeated, and hostile behavior,
shall be fined under this title or imprisoned.” Cyberbully Prevention Act, H.R.
6123, 110th Congress (2d sess. 2008). The proposed statute would make
cyberbullying a federal crime, but it will not survive constitutional scrutiny, as it
is likely to be overly broad or too vague.
(B) STATE ANTI-BULLYING LEGISLATION
New Jersey enacted the Anti-Bullying Bill of Rights after Tyler Clemente, a
Rutgers undergraduate, committed suicide because a roommate used a webcam
to record him kissing a male. The roommate streamed the secret video on the
Internet and tweeted about it. The Berkman Center found that forty-eight states
have enacted statutes addressing school bullying.
287
288
289
290
requests to remove content in the second half of 2011. Google’s 2012
Transparency Report acknowledges that foreign governments make routine
demands for them to censor or remove content they find objectionable.
A large number of countries connected to the Internet do not have a strong
tradition of the right of expression. A traditional Islamic jurist would likely find
an unveiled female face on a social media site to be shameful. Not just Islamic
republics have blasphemy laws. The Republic of Ireland outlaws cyberspace
incitement including “blasphemous Internet statements in defiance of the law.”
DAVID NASH, BLASPHEMY IN THE CHRISTIAN WORLD (2012) at Preface.
On August 7, 2014, China’s state Internet Information Office issued regulation
on instant messaging apps, which also requires real name registration similar to
the “Microblogging Rules.” To date, it is unclear when the real name registration
will be fully implemented by social media providers. The Beijing Municipal
Law on microblogging enacted in 2011 specifically addresses what conduct on
social media violates national security. This language was prefigured in a 1997
PRC computer law statute and likely evolved from a 1994 computer law statute.
291
CHAPTER 10
COPYRIGHTS IN CYBERSPACE
What would have been different about copyright law if the Internet had never
been invented? The list would begin with the 1976 Copyright Act’s amendments
protecting digital technologies. Internet-related copyright litigation over the
ownership of user-generated content, deep linking, liability for remote links,
framing, peer-to-peer file sharing, and the Digital Millennium Copyright Act’s
immunities and anti-circumvention rules were enacted to accommodate
copyright law to the digital world. The Internet has spawned a copyright
infringement ecosystem with “one-click hosters or “cyberlockers” such as
Rapidshare, Megaupload, Mediafire, and Hotfile.
“Whether in the virtual or real world, the legal standards are the same
regarding: (1) the definition of a copyright and the purpose underlying copyright
protection; (2) the requirements for a work to be protected by copyright; and (3)
what constitutes infringement of a copyright.” Courts have extended copyright
law through cases and statutes that preserve the idea of property interests in
cyberspace. While the World Wide Web did not become part of mainstream
American culture until the mid-1990s, the widespread use of the Internet
dramatically changed the course of copyright law. The requirements for
copyright protection are the same in cyberspace as they are in the brick-and-
mortar world. Copyright comprises the brick-and-mortar of the knowledge
economy. Courts have had
292
293
294
295
296
297
(1) Idea/Expression
Copyright protects expression, not ideas. The U.S. Supreme Court in Baker v.
Selden, 101 U.S. 199 (1880) first conceptualized the “idea/expression”
dichotomy. Selden copyrighted a book in which he described a method of
bookkeeping and sued Baker when the latter published a book on bookkeeping
with functionally equivalent methods, but with different columns and headings.
The Court ruled that Selden could not copyright his method of accounting
because it was an idea, but could copyright the forms used to implement his
system of bookkeeping, which was expression. In practice, it is difficult to
separate functionality from expression. Courts, for example, hold that
mannequins and Halloween costumes are entitled to copyright protection, even
though the aesthetic aspects of those works are inseparable from their
functionality.
(2) Governmental Works
Works of the U.S. government, or its employees acting within the scope of
their professional duties, are not protectable by copyright.
(3) Functionality or Utility
The functionality or utility of any work of authorship is not protectable. Thus,
a website, protocol, or programming language’s utility does not qualify for
copyright protection but still may be covered by patent law.
298
Copyright law does not encompass information in the public domain. For
example, a code writing organization could not enjoin a website operator from
posting the text of a city’s model building code because the code was in the
public domain and not protected by copyright, notwithstanding software
licensing agreement and a copyright notice prohibiting copying and distribution.
(5) Fair Use
The fair use doctrine evolved from a common law doctrine and is now
codified as Section 107 of the Copyright Act. “Fair use” is a statutory exception
to the copyright owner’s exclusive right “to reproduce the copyrighted work in
copies.” 17 U.S.C. § 106(1). See 17 U.S.C. § 107 (“[T]he fair use of a
copyrighted work … is not an infringement of copyright.”). A defendant has the
burden of proof and production “Fair use doctrine” is an affirmative defense to a
copyright infringement claim, and it presumes that unauthorized copying has
occurred and is instead aimed at whether the defendant’s use was fair. 17 U.S.C.
§ 107. The Copyright Act’s four statutory factors that determine whether a given
copyrighted work constitutes fair use are:
(1) The purpose and character of the use including whether such use is of a
commercial nature or is for nonprofit educational purposes, (2) the nature of
the copyrighted work, (3) the amount and substantiality of the portion used
in relation to the copyrighted work as a whole,
299
and (4) the effect of the use upon the potential market for or value of the
copyrighted work. 17 U.S.C. § 107.
To date, no court has addressed how fair use applies to Twitter and hundreds
of other social networking sites. Social media sites raise a host of new copyright
issues:
If Pinterest users post or pin another’s work without permission, have
they violated copyright law? Does it matter if the work posted or pinned by
a user was originally posted to Pinterest by the author or creator of the
work? If users impermissibly post or pin a copyrighted work, are they then
contributing to infringement when another user in turn re-posts it or pins it
on their own page? There is a surplus of questions but is a shortage of
answers. Mary Ann L. Wymore, Social Media and Fair Use: Pinterest as a
Case Study, Bloomberglaw.com (2013).
It is difficult to predict how courts will rule on these questions creating a
borderline between infringement and fair use.
(D) DERIVATIVE WORKS
A “derivative work” is a work based upon one or more preexisting works such
as “a translation, musical arrangement, dramatization, fictionalization, motion
picture version, sound recording, art reproduction, abridgment, condensation, or
any other form in which a work may be recast, transformed, or adapted.” 17
U.S.C. § 101. Films based upon books
300
301
To register a copyright, an owner must: (1) file a simple application; (2) pay a
nominal fee ($35 for a single application by a single author and the work is not
made for hire) and (3) deposit copies of the work with U.S. Copyright Office.
Unlike patent or trademark examination, the Copyright Office does not complete
a complex examination before approving an application.
A defendant in a copyright infringement suit cannot use an “innocent
infringer” defense to mitigate actual or statutory damages if there is a proper
copyright notice affixed to a work, 17 U.S.C. § 401(d). Registration serves as
notice to the public that material is protected by copyright and shows the year of
first publication.
(F) WORK MADE FOR HIRE
In general, the creator of a copyrightable work is the rights holder. The “work
for hire” doctrine is an exception to this general rule; it applies where a person
creates, but is not the owner of a copyrightable work. The “Work for Hire”
doctrine makes an employer the copyright owner for works prepared by their
employee within the scope of employment—even if the employer does nothing
more than hire the employee who creates the work.
302
shapes and will continue to shape copyright law for the foreseeable future.
In the past ten years, the cutting edge of online copyright law is peer-to-peer
(P2P) software litigation. The ten-year war against P2P file sharing networks has
resulted in a number of high profile victories for copyright owners, but has done
little to stem the tide of P2P sharing, particularly among younger web users.
REBECCA GIBLIN, CODE WARS: 10 YEARS OF P2P SOFTWARE LITIGATION vi (2011)
(foreword by Jane Ginsburg). Social-media related-copyright cases have
dominated the legal landscape in recent years.
(A) DIRECT INFRINGEMENT
“To allege a prima facie case of direct copyright infringement, Plaintiff must
satisfy two requirements: (1) it must show ownership of the allegedly infringed
material, and (2) it must demonstrate that Defendants committed an act of
“copying” this material.” Perfect 10, Inc. v. Giganews, Inc., 2013 WL 2109963
(C.D. Cal. 2013). “The word ‘copying’ is shorthand for the infringing of any of
the copyright owner’s five exclusive rights” under 17 U.S.C. § 106.
303
(B) SECONDARY COPYRIGHT INFRINGEMENT
Secondary Copyright Liability
304
305
device with the object of promoting its use to infringe copyright.” It is unclear
whether inducement is just another subtype of contributory or vicarious
infringement or a separate theory of secondary liability.
306
(A) NAPSTER
Napster.com (Napster) was the pioneering P2P sharing service, permitting the
exchange of MP3 music files stored on individual computer hard drives with
other Napster users. Record companies and music publishers filed copyright
infringement lawsuits against Napster for facilitating the P2P transmission and
retention of copyrighted content. A & M Records v. Napster, Inc., 239 F.3d 1004
(9th Cir. 2001). The Ninth Circuit found that Napster had diminished the
copyright owners’ commercial sales because users were downloading content
without paying royalties or fees. The court rejected Napster’s fair use argument,
finding that commercial use of the copyrighted material occurred because
Napster’s users repeatedly downloaded and retained “unauthorized copies of
copyrighted works … made to save the expense [of] purchasing authorized
copies.”
The federal appeals court rejected Napster’s argument that it was not liable for
direct or contributory copyright infringement, ruling that DMCA § 512(a) did
not protect Napster’s referencing and indexing activities. In addition, the court
held Napster liable for contributory infringement because Napster not only had
knowledge of the infringing activity, it also contributed to the infringing
conduct. Napster was also found to be vicariously liable because it had a direct
financial interest in the visitors’ infringing activities.
307
(B) GROKSTER
In Metro-Goldwin-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 (2005),
the plaintiffs filed a contributory infringement lawsuit against the developers of
P2P file sharing program. Grokster and the other P2P file sharing defendants
contended that their file-sharing programs were capable of supporting substantial
noninfringing works under the Sony rule. The defendants offered evidence that
Grokster users employed the program to exchange some authorized files,
including authorized digital recordings, digital files of public domain books, and
authorized software files. The defendants also argued that, in the future, users
would exchange even more authorized content through Grokster, including
academic research, public domain files, and user-created audio and video files.
The Supreme Court unanimously held that “one who distributes a device with
the object of promoting its use to infringe copyright, as shown by clear
expression or other affirmative steps taken to foster infringement is liable for the
resulting acts of infringement by third parties.” The Grokster Court enunciated
an inducement rule imported from patent law providing that “one who
distributes a device with the object of promoting its use to infringe copyright, as
shown by clear expression or other affirmative steps taken to foster
infringement, is liable for the resulting acts of infringement by third parties.”
The Court’s inducement rule would find contributory infringement if the
defendant induced or encouraged direct infringement.
308
309
court’s holding that the § 512(c) safe harbor requires knowledge or awareness
of specific infringing activity. The appeals court stated that the “first and most
important question on appeal is whether the DMCA safe harbor at issue requires
“actual knowledge” or “aware[ness]” of facts or circumstances indicating
“specific and identifiable infringements.” The Second Circuit instructed the
lower court to consider first the scope of the statutory provision and then its
application to the record in this case.
Nevertheless, the court vacated the lower court’s entry of summary judgment
ruling, “[a] reasonable jury could find that YouTube had actual knowledge or
awareness of specific infringing activity on its website.” The lower court erred
by interpreting the “right and ability to control” infringing activity to require
“item-specific” knowledge. Finally, the court affirmed the district court’s
holding that three of the challenged YouTube software functions fell within the
safe harbor for infringement that occurs “by reason of” storage at the direction of
the user, and remanded for further fact-finding with respect to a fourth software
function.
Liability for inducement of copyright infringement has four elements: (1) the
distribution of a device or product, (2) acts of infringement, (3) an object of
promoting its use to infringe copyright, and (4) causation. Columbia Industries v.
Fung, 710 F.3d 1020, 1032 (9th Cir. 2013), In Fung, the Ninth Circuit affirmed a
lower court’s decision finding liability for inducement of copyright infringement
310
311
312
‘new’ public” as required by EU copyright law. Paul Joseph, CJEU Rules That
Linking & Framing Is Not Copyright Infringement, LEXOLOGY (Feb. 13, 2014).
(C) BOOKMARKS
The Seventh Circuit in Flava Works v. Gunter, 689 F.3d 754 (7th Cir. 2012),
determined that myVidster was not a contributory infringer merely because a
website visitor bookmarks a video and later clicks on the bookmark and views
the video. The federal district court issued a preliminary injunction against the
social media site, which was vacated by the U.S. Court of Appeals. Flava Works
produced and distributed videos “of black men engaged in homosexual acts.”
The court acknowledged that myVidster “may have done a bad thing by
bypassing “Flava’s pay wall” by enabling viewing the uploaded copy, but it does
not constitute copyright infringement.” The direct infringers are Flava’s
customers who copied his copyrighted videos and posted them to the Internet.
The court stated that myVidster could be liable for contributory infringement
under an inducement theory but there was no evidence in the record supporting
that claim.
(D) THUMBNAILS OF IMAGES
In Kelly v. Arriba Soft Corp., 77 F. Supp. 2d 1116 (C.D. Cal. 1999), ditto.com,
a search engine, retrieved images by matching the keyword searched with the
description of image files sorted in Ditto’s
313
database. Leslie Kelly, a Western art photographer filed suit against ditto.com
for reproducing and displaying his copyrighted art on its search engine in
miniature. Ditto would index the images and “display them in ‘thumbnail’ form
on the search results page.” The Ninth Circuit found Arriba Soft’s use of
thumbnails was transformative because the greatly reduced copies of
copyrighted images used in the thumbnails were for a different purpose.
In 2002, the Ninth Circuit affirmed the district court’s holding that thumbnails
infringed Kelly’s copyrighted photographs, but fair use permitted the use of the
thumbnails in Ditto.com’s image index. In a 2003, decision, the Ninth Circuit
upheld the panel’s ruling that search engines could use thumbnails of images,
but withdrew the portion of the opinion dealing with inline linking or framing.
In Perfect 10, Inc. v. Google, Inc., 508 F.3d 1146 (9th Cir. 2007), the plaintiff
created photographs of nude models for commercial distribution. After
publishing its magazine, Perfect 10, began offering access to these pictures on its
password protected paid subscription website. Google’s search engine used a
web crawler to copy thumbnail images of Perfect 10’s copyrighted photographs
for use in its search engine. In Perfect 10, the Ninth Circuit held Google’s
thumbnail sized reproduction of entire copyrighted images in its search engine
results page to be “highly transformative.”
Google’s use of the copyrighted images was to find content, which was a
radically different purpose than the original copyright owner’s use. The Ninth
314
Circuit held that Perfect 10 was not likely to prevail it its copyright
infringement arising out of Google’s “in-line links” that allowed Internet users to
view infringing copyrighted images on third party’s websites. In addition, the
court found no vicarious or contributory infringement in its use of thumbnails or
in-line links.
315
315
316
317
The DMCA’a anti-circumvention rules are set forth in Section 201 et seq. of
Title 17. This section defines a technological measure that “effectively protects a
right of a copyright owner under this title” if the measure, in the ordinary course
of its
318
operation, prevents, restricts, or otherwise limits the exercise of a right of a
copyright owner under this title.” 17 U.S.C. § 1201(b)(2)(B).
Section 1201 prohibits the circumvention of anti-access technology as well as
the making and selling of anti-circumvention devices. To “circumvent a
technological measure” means that the defendant has descrambled a scrambled
work, decrypted an encrypted work, or bypassed a technological measure
protecting a copyrighted work. 17 U.S.C. § 1201(a)(3)(A). The DMCA makes it
a crime to “circumvent a technological protection measure that effectively
controls access” to copyrighted works. 17 U.S.C. § 1201(a)(1)(A).
“A technological measure “effectively controls access to a work” if the
measure, in the ordinary course of its operation, requires the application of
information, or a process, or a treatment, with the authority of the copyright
owner, to gain access to the work.” 17 U.S.C. § 1201(a)(3)(B). The DMCA
proscribes circumventing anti-access measures, but does not prohibit
circumventing anti-copying measures. Apple’s FairPlay and Microsoft Windows
Digital Rights Managers, for example, provide controls on the viewing or
playing of copyright materials, which is accessing a service.
Software “that circumvents “digital walls” in violation of the DMCA … is like
a skeleton key that can open a locked door, a combination that can open a safe,
or a device that can neutralize the security device attached to a store’s products”
or “a digital crowbar.” Universal City Studios v. Corley, 273 F.3d
319
320
321
the four OSP safe harbors, which vary significantly in their preconditions. The
DMCA safe harbor provisions make clear that the responsibility for finding and
reporting third-party infringement lies with “the copyright holder, not the service
provider.” UMG Recordings, Inc. v. Veoh Networks Inc., 665 F. Supp. 2d 1099,
1111 (C.D. Cal. 2009), aff’d sub nom. UMG Recordings, Inc. v. Shelter Capital
Partners LLC, 718 F.3d 1006 (9th Cir. 2013).
(1) Transitory Network Communications
The DMCA immunizes OSPs for all copyright infringement “by reason of the
provider’s transmitting, routing, or providing connections for, material through a
system or network controlled or operated by or for the service provider, or by
reason of the intermediate and transient storage of that material.” 17 U.S.C. §
512(a). The definition of an OSP is narrower for transitory digital network
communications than the other safe harbors in § 512(b)–(d).
This safe harbor applies only to OSPs qualifying under OCILLA’s narrow
definition, which means those “entities that transmit, route, or provide
connections for digital online communications, between or among points
specified by user.” To qualify for the transitory digital network communications
safe harbor, OSPs may not modify content transmitted, routed, or connected.
Someone other than the OSP must initiate the transmission of the material.
322
The storage exemption safe harbor provision of DMCA limits the liability of
online service providers for copyright infringement that occurs, “by reason of the
storage at the direction of a user of material” residing on a system or network,
controlled, or operated by or for the service provider. 17 U.S.C. § 512(c)(1). To
qualify for this safe harbor, OSPs cannot have actual knowledge the material or
activity is infringing or be aware infringing activities are apparent.
In addition, they must: (1) perform a qualified storage or search function for
Internet users, (2) lack actual or imputed knowledge of the infringing activity,
(3) receive no financial benefit directly from such activity in a case where the
provider has the right and ability to control it, (4) act promptly to remove or
disable access to the material when the designated agent is notified that it is
infringing, (5) adopt, reasonably implement, and publicize a policy of
terminating repeat infringers, and (6)
323
To qualify for the storage exemption safe harbor for information residing on
systems or networks, the OSP must designate an agent to receive notice from
copyright owners when there is a complaint of infringement. The OSP must also
post the agent’s name on its website and register the agent with the Library of
Congress’ Copyright Office and provide required information such as contact
telephone numbers and working e-mail addresses.
OSPs are required to maintain a DMCA agent to receive takedown notices and
respond expeditiously to takedown notices. Suffolk University Law School, for
example, must appoint an agent designated to receive notification of a claimed
copyright infringement under the DMCA. If a website did not maintain an agent,
or fulfill the other requirements of § 512, they would be subject to secondary
copyright liability arising out of third party postings, even when they are not the
content creator. A service provider must act “expeditiously to remove, or disable
access to, the material” when it (1) has actual knowledge, (2) is aware of facts or
circumstances from which infringing activity is apparent, or (3) has received
notification of claimed infringement meeting the requirements of § 512(c)(3).
324
(b) Takedown & Put-Back Rules
In order to meet the requirements of § 512(a)’s safe harbor, the ISP must meet
stringent criteria. Section 512(c) of the DMCA immunizes service providers
from copyright infringement claims so long as they do not have actual
knowledge of the infringing activity and promptly block allegedly infringing
activity once notified.
To qualify for such protection, an ISP must meet three requirements: (i) the
service provider must either lack both actual knowledge of the infringing activity
and awareness of facts or circumstances from which infringing activity should
be apparent, or it must promptly, upon gaining such knowledge move to prevent
the use of its service to further such infringing activity; (ii) the service provider
must not receive a financial benefit directly attributable to infringing activity it
has the ability to control; and (iii) the service provider must expeditiously
remove material from its service on receipt of an appropriate written notice in
order to qualify for safe harbor protection under the DMCA.
The DMCA’s complex notice, takedown, and put-back procedures are
triggered when a copyright owner, or an assignee, gives written notice to the
designated agent of the service provider under § 512(c)(3)(A). The copyright
owner is able to find the contact information for the service provider’s agent
because, as mentioned above, that information is posted on the website of the
U.S. Copyright Office. The copyright owner must give the provider’s designated
agent a written takedown
325
326
327
328
329
330
331
332
(C) ACTA
The Anti-Counterfeiting Trade Agreement (ACTA) was a proposed
multinational treaty to establish uniform standards for enforcing intellectual
property rights. ACTA fortified the enforcement provisions of the TRIPS
agreement by targeting counterfeit goods, infringing generic goods, and
widespread copyright infringement. In March of 2012, the European Parliament
voted to refer ACTA to the European Court of Justice, which stalled ratification
for Eurozone countries.
(D) MORAL RIGHTS
The United States enacted the Visual Artists Rights Act of 1990 (VARA) to
implement the Berne Convention. Regardless of assignment or ownership of
rights, VARA protects the expectation that a visual work will not be revised,
altered, or distorted. VARA has little application to the Internet since it only
protects works of visual art that have attained the status of “recognized stature.”
“The Internet raises the potential for infringement of an author’s moral rights.
Issues raised specifically by the Internet include the circumstances”—where
their creations are presented when a website links to another site. MAREE
SANSBURY, MORAL RIGHTS AND THEIR APPLICATION IN AUSTRALIA 147 (2003).
While moral rights have been applied primarily to works of art created in a
tangible medium, they can apply to online modifications as well. “Two moral
rights are of primary importance in respect of works placed on the Internet: the
right of attribution and
333
the right of integrity.” PETER GRABOSKY & RUSSELL G. SMITH, CRIME IN THE
DIGITAL AGE: CONTROLLING TELECOMMUNICATIONS AND CYBERSPACE 116 (1998).
The right to false attribution could be extended to computer programs or website
creations. Similarly, manipulating an electronic or digitalized photograph could
violate the right not to have an artist’s work distorted, mutilated, or modified.
Any “assignment of economic rights is not accompanied by assignment of
moral rights … French rights, may provide a remedy where infringement
relating to a digital work is disseminated over the Internet.” CATHERINE COLSTON
& JONATHAN GALLOWAY, MODERN INTELLECTUAL PROPERTY 450 (2010).
(E) EXTRATERRITORIAL REACH
The Copyright Act has only limited extraterritorial reach. Litecubes LLC v.
Northern Light Products, Inc., 523 F.3d 1353 (Fed. Cir. 2008). The Copyright
Act provides that “[i]mportation into the United States, without the authority of
the owner of copyright under this title, of copies … of a work that have been
acquired outside the United States is an infringement of the exclusive right to
distribute copies … under section 106, 17 U.S.C. § 106. It is well established
that the Copyright Act does not “reach acts of infringement that take place
entirely abroad.” Subafilms Ltd. v. MGM-Pathe Commn’ns Co., 24 F.3d 1088
(9th Cir. 1994).
334
335
336
New goods and services are promoted online at “Internet speed,” creating
strains in trademark law. The Internet’s disregard of geographic borders creates
conflicts between concurrent users, which would never have arisen between
distant companies in the purely brick-and-mortar world. Courts have come to
recognize an “Internet trio” of confusion factors: (1) similarity of the marks, (2)
relatedness of the goods and services, and (3) simultaneous use of the Internet
for marketing.
While trademark law traditionally works well in product counterfeiting cases,
it is increasingly ill fitted to the Internet. The Internet marketplace is built upon
bedrock of trademarks and owners must develop new strategies for the
enforcement of trademark rights against online infringers and counterfeiters.
U.S. courts have largely resolved the issues arising out of Google’s AdWords by
rejecting claims for trademark infringement.
It is now difficult to imagine the contours of trademark law without
considering new methods of infringement enabled by bandwidth, browsers, and
digital data. “New legal theories will be developed and old laws will in turn be
modified, manipulated and in some cases mothballed. It is an exciting time to
gird oneself for battle on this new galactic front.” Darryl C. Wilson, Battle
Galactical: Recent Advances and Retreats in the Struggle for the
338
339
is found in the common law, state statutes and the federal Lanham Act of 1946
(Lanham Act), which provides a civil action against any person who shall,
without consent of the registrant, use in commerce any reproduction, counterfeit
copy, or colorable imitation of a registered mark in connection with the sale,
offering for sale, distribution, or advertising of any goods with which such use is
likely to cause confusion, or to cause mistake, or to deceive.” 15 U.S.C. §
1114(1)(a). The Lanham Act describes a trademark as being a limited property
right in a particular word, phrase, or symbol, and federal trademark protection is
only available for marks “used in commerce.” 15 U.S.C. § 1127.
The standard test of ownership under trademark law is priority of use. In the
twenty first century, trademark law has evolved to address the priority of use in
websites and domain names. Mobile application names and icons, for example,
constitute a new frontier for trademark protection.
(A) THE DISTENSION OF TRADEMARKS
Traditional or conventional trademarks are unique identifiers that employ
words, logos, pictures, symbols, or combinations of these elements. The
nonconventional use of trademark has expanded to include single color
trademarks, sound trademarks, three dimensional trademarks, shape trademarks
and even scent trademarks. In the last decades of the twentieth century, courts
expanded what could be trademarked. Coca-Cola®’s bottle was registered as a
three dimensional mark in 1977. In 1987, Owens-Corning was granted a
340
trademark for the color pink in insulation. Clarke’s Osewez® was granted a
trademark on a fragrance for use on their sewing thread and embroidery yarn in
1991.
(B) FEDERAL TRADEMARK REGISTRATION
The Trademark Act of 1946, as amended, 15 U.S.C. § 1051, governs the
federal registration of trademarks. Trademark applicants need to consider (1) the
mark they want to register, (2) the goods and/or services in connection with
which you wish to register the mark, and (3) whether they will be filing the
application based on actual existing use of the mark or a bona fide intention to
use the mark in the future. A trademark application “must specify the proper
“basis” for filing, whether current use of the mark in commerce or on an intent to
use the mark in commerce in the future.” The U.S. Trademark Office publishes
approved trademarks on the Principal Register of the United States Patent and
Trademark Office (USPTO). A trademark must be distinctive and thus functions
as a source identifier. American Express, for example, trademarked the phrase,
“Don’t Leave Home Without it.” Microsoft’s Window’s icon is an example of a
picture or symbol trademark. IBM is an example of trademark using letters.
Beginning in the late twentieth century, the Trademark Office recognizes more
nonconventional trademarks. A company will claim rights in its trademarks or
service marks by labeling its product with the “™,” “SM,” and “®” symbols. The
federal registration symbol may only be used once the mark is actually
341
registered in the U.S. Patent and Trademark Office. Both registered and
unregistered trade names and trademarks are protected under the Lanham Act.
Lanham Act, § 1 et seq., 15 U.S.C. § 1051 et seq. When proving ownership,
federal registration of a trademark constitutes prima facie evidence of the
validity of the registered mark and of the registrant’s exclusive right to use the
mark in commerce.
Service marks and trademarks are governed by identical standards and thus
like with trademarks, common law rights are acquired in a service mark by
adopting and using the mark in connection with services rendered. The USPTO
refers to the term, “trademark” to include both trademarks and service marks.
The USPTO has registered Internet Domain Names as trademarks since 1997.
The term of a federal trademark registration is 10 years and can be renewed
indefinitely for 10-year periods. Trademark owners must file an affidavit, or a
declaration of continued use, with the USPTO to keep the registration alive
between the fifth and sixth year after the date of initial registration. Failure of the
registrant to provide the affidavit results in cancellation of the trademark
registration. Trademarks may be established by using a mark in commerce,
without a federal registration. However, the USPTO explains the advantages of
owning a federal trademark registration on the Principal Register:
• Public notice of your claim of ownership of the mark;
342
343
343
Under U.S. trademark law, it is the first person to use a mark in interstate
commerce rather than the first person to register it who has the priority. Factors
determining first use include which party first affixed the mark to a product, or
whose party’s name appeared with the trademark. Other factors considered are
which party maintained the quality and uniformity of the product, or created the
good will associated with a product. Registration with the Trademark Office
gives the owner exclusive rights only in the United States. However, marks may
be registered in different countries; a practice that is recommended for
companies selling goods and rendering services on the Internet to foreign
countries.
The registration of trademarks signals constructive notice of mark ownership,
and creates a legal presumption in favor of ownership. Trademark registrants
have the right to bring infringement or dilution actions in federal court. Finally,
registration is a predicate to the U.S. Customs Department preventing the
importation of infringing goods.
(C) STATE TRADEMARK LAW
Trademark registration procedures vary widely from state to state. Under the
California state trademark law, online companies need to register their
trademarks to receive protection. However, under the Massachusetts
commonwealth trademark law, online companies need not register with the
Commonwealth to receive protection, but they may if they want to. In 2006,
Massachusetts adopted the International Trademark Association’s Revised
344
345
The Lanham Act allows two types of use applications: (1) actual use, and (2)
intent to use (ITU). ITU applications require intent to use the trademark in
commerce in the future. The Lanham Act requires proof of “use in commerce”
meaning there is a bona fide use of a mark in the ordinary course of trade—the
mark cannot only be used to reserve a right to a particular mark. In the brick-
and-mortar world, the term “use in commerce” originated when trademarks
where affixed on goods or containers.
In website sales, in general, the first party who either uses a mark in
commerce or files an application in the U.S. Trademark Office holds the first
right to register that mark. The Trademark Office may accept evidence an
applicant has used a mark “in commerce” for five years as prima facie evidence
of distinctiveness. 15 U.S.C. § 1054. An owner will typically use trademarks on
its product and packaging, while service marks advertise services.
(E) THE SPECTRUM OF DISTINCTIVENESS
Courts considering whether a mark is sufficiently distinctive to warrant
trademark protection evaluate the mark based on a hierarchy of classifications.
Marks are classified on a continuum of increasing distinctiveness: (1) generic,
(2)
346
347
The ’502 Mark covers “computer hardware; computer software for creating
indexes of information, indexes of web sites and indexes of other information
resources.” The domain name registrants contended that “the GOOGLE mark
has become generic because a majority of the public understands the word
google, when used as a verb, to mean the indiscriminate act of searching on the
internet without regard to the search engine used.” The domain name registrant
‘asserted, inter alia, that the GOOGLE mark has become generic and that he
should be permitted to use the Domain Names incorporating the GOOGLE mark
in furtherance of his business plans.”
The court reasoned that the word google has four possible meanings in this
case: (1) a trademark designating the Google search engine; (2) a verb referring
to the act of searching on the internet using the Google search engine; (3) a verb
referring to the act of searching on the internet using any search engine; and (4)
a common descriptive term for search engines in general. The court was
skeptical about the plaintiff’s expert and found that the domain name registrant
presented no evidence to support its “primary significance” contention that
Google’s trademark was generic. The court held that “the undisputed evidence is
that the consuming public overwhelmingly understands the word google to
identify a particular search engine, not to describe search engines in general.” A
mark is not generic when the primary significance of the term in the minds of the
consuming public is not the product but the producer.
348
349
349
350
351
acquires this secondary meaning, assuming other requisites are met, is a “trade
dress” which may not be used in a manner likely to cause confusion as to the
origin, sponsorship, or approval of the goods. In these respects, protection for
trade dress exists to promote competition. Trade dress generally refers to
characteristics of the visual appearance of a product or its packaging that signify
the source of the product to consumers. 1 MCCARTHY ON TRADEMARKS AND
UNFAIR COMPETITION § 8:1 (4th ed. 2012).
In Two Pesos, Inc. v. Taco Cabana, Inc., 505 U.S. 763 (1992), the U.S.
Supreme Court decided that the term “trademark” extends to “trade dress,”
which means a product’s “total image and overall appearance” if it is a source
identifier. The Court also found trade dress to be protectable under Section 43(a)
of the Lanham Act prohibiting the use of false designations of origin, false
descriptions, and false representations in the advertising and sale of goods and
services.
Section 43(a) of the Lanham Act recognizes two distinct protectable interests:
(1) protection against unfair competition in the form of an action for false
advertising, and (2) protection against false association in the form of a lawsuit
for false endorsement. The Court explained that trade dress, which is inherently
distinctive, is protectable under Section 43(a) even if the plaintiff cannot
demonstrate secondary meaning since the trade dress itself identified products or
services as coming from a specific source.
352
352
The Court noted the shape and general appearance of the restaurant as well as
“the identifying sign, the interior kitchen floor plan, the decor, the menu, the
equipment used to serve food, the servers’ uniforms, and other features [all
reflected] on the total image of the restaurant.” Trade dress is entitled to
protection under the Lanham Act if: (1) it is inherently distinctive or has
acquired distinctiveness through secondary meaning, (2) it is primarily
nonfunctional, and (3) its imitation would result in a likelihood of confusion in
consumers’ minds as to the source of the product. Faegre & Benson v. Purdy,
367 F. Supp. 2d 1238 (D. Minn. 2005).
353
354
355
356
357
mark must show likelihood of consumer confusion as part of the prima facie
case. 15 U.S.C. § 1115(b).
Courts consider the following factors in determining whether there is a
likelihood of confusion or unfair competition: (1) strength or weakness of
plaintiff’s mark, (2) the degree of similarity with defendant’s mark, (3) class of
goods, (4) marketing channels used, (5) evidence of actual confusion, and (6)
intent of the defendant. No one factor is determinative as the likelihood of
confusion test considers the totality of facts under the circumstances. Under
Section 35 of the Lanham Act, a plaintiff seeking damages for counterfeiting and
infringement has the option of seeking either actual or statutory damages—but
not both. Feingold & Hogan, Issues Unique Online Trademark Issues, Id. at
308–309.
In AMF Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th Cir. 1979), this Court set
forth the following eight (8) factors to be considered in evaluating the likelihood
of confusion in trademark infringement cases: (1) similarity between the
plaintiff’s mark and the allegedly infringing mark; (2) relatedness or similarity
of the parties’ products or services; (3) the strength of the plaintiff’s mark; (4)
the marketing channels used by the parties; (5) the degree of care exercised by
the public in selecting the goods or services at issue; (6) the defendant’s intent;
(7) evidence of actual confusion; and (8) the likelihood of expansion of the
parties’ product lines.
Under a Sleekcraft test, no single factor is determinative, as the likelihood of
the confusion test
358
considers the totality of facts under the circumstances. The three most
important factors in conflicts between domain names and trademarks are: (1) the
similarity of the marks, (2) relatedness of the goods and services offered, and (3)
simultaneous use of the Internet as a marketing channel. In trademark
infringement cases based upon initial interest confusion, the owner of the mark
must demonstrate the likelihood of confusion, not just diversion of Internet
traffic.
In cybersquatting cases, a trademark owner may claim actual damages that
include the profits the domain name registrant made from his use of the mark, as
well as losses sustained by the mark holder as a result of the domain name
registrant’s actions, such as lost sales or harm to the mark’s reputation. Under
the Anticybersquatting Consumer Protection Act of 1999, the trademark owner
has the option of pursuing either actual damages or statutory damages, which
range between $1,000 and $100,000 per domain. 15 U.S.C. § 1117(d). The court
exercises its discretion to fix the actual amount awarded. In “exceptional cases,”
a trademark owner can recover attorney’s fees against the domain name
registrant found to have registered the infringing domain name in bad faith.
(B) CONTRIBUTORY TRADEMARK INFRINGEMENT
To be liable for contributory trademark infringement, a defendant must have:
(1) intentionally induced the primary infringer to infringe, or (2) continued to
supply an infringing
359
360
attach there must be direct control and monitoring of the instrumentality used
by a third party to infringe the plaintiff’s mark. In Sony Corps. v. Universal City
Studios (1984), the U.S. Supreme Court determined the manufacturers of
Betamax video tape recorders were not secondarily liable because these
machines had a substantial legitimate use.
The first Internet-related case to address contributory trademark infringement
was Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d 980 (9th Cir.
1999), where the Ninth Circuit held that Network Solutions was not
contributorily liable for the trademark infringement of a domain name. In Gucci
America, Inc. v. Hall & Assocs., 135 F. Supp. 2d 409 (S.D.N.Y. 2001), the court
refused to dismiss Gucci’s claim against an ISP for contributory trademark
infringement predicated upon the claim it hosted a direct trademark infringer.
Mere knowledge of third party infringement is an insufficient basis for
contributory trademark infringement.
The ACPA does not create a cause of action for contributory cybersquatting in
Petroliam Nasional Berhad v. GoDaddy.com, Inc., 737 F.3d 546, 550 (9th Cir.
2013). Petroliam was a Malaysian corporation that developed petroleum
resources. Petroliam objected to the domain names petronastower.net and
petronastowers.net that were transferred to GoDaddy.com. Petroliam filed a
cybersquatting and contributory cybersquatting action against the registrar after
it did not take action against the disputed domain names.
361
The district court dismissed the claims for direct and contributory
cybersquatting and the Ninth Circuit affirmed reasoning that the ACPA does not
include a cause of action for contributory cybersquatting because: (1) the text of
the Act does not apply to the conduct that would be actionable under such a
theory; (2) Congress did not intend to implicitly include common law doctrines
applicable to trademark infringement because the ACPA created a new cause of
action that is distinct from traditional trademark remedies; and (3) allowing suits
against registrars for contributory cybersquatting would not advance the goals of
the statute.
The court found no language in the ACPA creating contributory
cybersquatting actions. The Petroliam court reasoned that imposing secondary
liability on domain name registrars would impermissibly expand the scope of the
ACPA. Petroliam filed a petition for a writ of certiorari asking the U.S. Supreme
Court to answer the question whether the rules of contributory infringement
apply to cybersquatting cases.
(C) SECONDARY TRADEMARK INFRINGEMENT
(1) Vicarious Liability
Vicarious liability for trademark infringement requires a finding that the
defendant and the infringer have an apparent or actual partnership, have
authority to bind one another in transactions with third parties or exercise joint
ownership or
362
control over the infringing product.” Perfect 10, Inc. v. Visa Int’l Serv. Ass’n,
494 F.3d 788, 807 (9th Cir. 2007). One of the greatest hurdles is to find an
apparent or actual partnership. Hard Rock Café Licensing Corp. v. Concession
Servs. Inc., 955 F.2d 1143 (7th Cir. 1992). Courts apply a four-part test to
determine partnership: (1) parties’ sharing of profits and losses, (2) parties’ joint
control and management of business, (3) contribution by each party of property,
financial resources, effort, skill, or knowledge to business, and (4) parties’
intention to be partners.
In Perfect 10 v. Visa International, 494 F.3d 788 (9th Cir. 2007), the Ninth
Circuit refused to find Visa vicariously liable for its role in enabling payment for
website access to content violating the copyrights and trademarks of a third party
magazine publisher. The appeals court uncovered no affirmative acts by the
defendants suggesting to third parties that they should infringe the publisher’s
trademarks. The Ninth Circuit said even if defendants allowed the infringing
merchants to use their logos, trade name, or trademarks, they would not be liable
for false advertising because they had no duty to investigate the truth of the
statements made by others. Moreover, the court found that Visa did not
encourage the improper conduct at issue; they merely processed credit card
payments.
(2) Contributory Infringement
To be liable for contributory trademark infringement, a defendant must have
(1)
363
363
364
The TDRA amended the Lanham Act to render one liable to the owner of a
trademark who, with “a bad faith intent to profit from that mark,” “registers,
traffics in or uses a domain name” that is either identical or confusingly similar
to a “distinctive” mark or is identical, confusingly similar or dilutive of a
“famous mark.” 15 U.S.C. § 1125(c). The Federal Trademark Dilution Act
(FTDA) recognized new remedies for the dilution of famous trademarks. The
FTDA factors include the duration and extent of use of the mark, the nature of
the advertising, and the acquired distinctiveness of the mark. 15 U.S.C. §
1125(c)(1).
To state a prima facie dilution claim under the TDRA, the plaintiff must show
the following:
(1) that the plaintiff owns a famous mark that is distinctive;
(2) that the defendant has commenced using a mark in commerce that
allegedly is diluting the famous mark;
(3) that a similarity between the defendant’s mark and the famous mark
gives rise to an association between the marks; and
(4) that the association is likely to impair the distinctiveness of the famous
mark or likely to harm the reputation of the famous mark. 15 U.S.C. §
1125(c).
365
366
The Court does not hold that a party must use the words “dilution,”
“blurring,” or “tarnishment” to trigger Subsection (iv). Allegations that
would support the elements of dilution by blurring or tarnishment may
suffice.
Domain Vault LLC v. Bush, 2015 WL 1598099 at *8 (D. Colo. Apr. 8, 2015).
A plaintiff seeking relief under the blurring prong of the TDRA must show
that its mark is famous and distinctive, that defendant began using its mark in
commerce after plaintiff’s mark became famous and distinctive, and that
defendant’s mark is likely to dilute plaintiff’s mark. In determining whether a
mark or trade name is likely to cause dilution violative of the Lanham Act by
blurring, the court may consider all relevant factors, including (i) the degree of
similarity between the mark or trade name and the famous mark, (ii) the degree
of inherent or acquired distinctiveness of the famous mark, (iii) the extent to
which the owner of the famous mark is engaging in substantially exclusive use
of the mark, (iv) the degree of recognition of the famous mark, (v) whether the
user of the mark or trade name intended to create an association with the famous
mark, and (vi) any actual association between the mark or trade name and the
famous mark. Lanham Act, § 43(c), 15 U.S.C. § 1125(c).
To prove dilution by blurring, the plaintiff must show that the association
between the plaintiff’s mark and the defendant’s mark weakens the mark’s
ability to evoke the first product in the minds of
367
consumers. (Jada Toys Inc. v. Mattel, Inc., 518 F.3d 628 (9th Cir. 2008). The
TDRA, 15 U.S.C. § 1125(c), grants: “[t]he owner of a famous mark” the right to
seek “an injunction against another person’s commercial use in commerce of a
mark or trade name, if such use begins after the mark has become famous and
causes dilution of the distinctive quality of the mark.”
(2) Dilution by Tarnishment
368
369
famous and distinct. The TDRA extends to those marks that are inherently
distinctive, and to those deriving distinctiveness from secondary meaning.
Second, the owner must show one of two forms of dilution: blurring and
tarnishment as first developed under the common law. Under the TDRA, there
are two types of dilution, but one, dilution by blurring, occurs when a mark
previously associated with one product also becomes associated with a second.
15 U.S.C. § 1125(c)(2)(B).
Blurring weakens the mark’s ability to evoke the first product in the minds of
consumers. Many courts describe blurring as a whittling away of a mark’s
distinctiveness. The TDRA states: (1), “dilution by blurring” is association
arising from the similarity between a mark or trade name and a famous mark that
impairs the distinctiveness of the famous mark. In determining whether a mark
or trade name is likely to cause dilution by blurring, the court may consider all
relevant factors, including the following:
(i) The degree of similarity between the mark or trade name and the famous
mark.
(ii) The degree of inherent or acquired distinctiveness of the famous mark.
(iii) The extent to which the owner of the famous mark is engaging in
substantially exclusive use of the mark.
(iv) The degree of recognition of the famous mark.
370
(v) Whether the user of the mark or trade name intended to create an
association with the famous mark.
(vi) Any actual association between the mark or trade name and the famous
mark.
15 U.S.C. § 1125(c)(2)(B).
Congress has enumerated factors courts may use to analyze the likelihood of
dilution, including the similarity between the two marks and the distinctiveness
and recognition of the plaintiff’s mark. 15 U.S.C. § 1125(c)(2)(B)(i). “Dilution
by tarnishing occurs when a junior mark’s similarity to a famous mark causes
consumers mistakenly to associate the famous mark with the defendant’s inferior
or offensive product.” Hasbro, Inc. v. Internet Entm’t Group, Ltd., 1996 WL
84853 (W.D. Wash. 1996).
The Ninth Circuit explains the essence of blurring as the weakening of the
ability of a trademark “to evoke the first product in the minds of consumers.
“For example, Tylenol snowboards, Netscape sex shops, and Harry Potter dry
cleaners would all weaken the ‘commercial magnetism’ of these marks and
diminish their ability to evoke their original associations.” Levi Strauss & Co. v.
Abercrombie & Fitch Trading Co., 633 F.3d 1158 (9th Cir. 2011).
Under the FTDA, “a mark is famous if it is widely recognized by the general
consuming public of the United States as a designation of source of the goods or
services.” 15 U.S.C. § 1125(c)(2)(A). The statute establishes that the junior user,
to be liable for
371
dilution, must use “a mark or trade name … after the mark has become
famous.” 15 U.S.C. § 1125(c)(1).
In Avery Dennison Corp. v. Sumpton, 189 F.3d 868 (9th Cir. 1999), the
trademark owner of the “AVERY” and “DENNISON” brands of office products
filed suit against Jerry Sumpton, an entrepreneur who sold vanity domain names
and registered domain names with these trademarks. The Ninth Circuit held that
Avery Dennison did not establish the “famousness” element and therefore had
no TDRA cause of action. The court also found that the plaintiff failed to
demonstrate commercial use by the defendant as Mr. Sumpton was selling the
domain names for use for surname domain names—not for commercial use.
The court did not find the words “AVERY” and “DENNISON” to constitute
famous marks although they had been used for over seventy years and had
generated sales of $3 billion. The lesson from this case is that the FTDA’s
delimiters of famousness and commercial use prevent many trademark owners
from pursuing a federal dilution claim.
(B) TDRA REMEDIES
The remedy under the TDRA is limited to an injunction, “… unless the person
against whom the injunction is sought willfully intended to trade on the owner’s
reputation or to cause dilution of the famous mark.” 15 U.S.C. § 1125(c)(2).
Under the FTDA, the owner of a famous mark may obtain injunctive relief
against any “person who, at any
372
time after the owner’s mark has become famous, commences use of a mark …
in commerce that is likely to cause dilution.” 15 U.S.C. § 1125(c)(1).
(C) TDRA DEFENSES
In response to First Amendment, or associational policy concerns, the TDRA
exempts certain uses of a famous mark. TDRA defenses include the following:
(1) the mark is not famous, (2) the use is classified as a parody, (3)
noncommercial use of the mark, (4) fair use of a famous mark is permitted in
comparative advertisements and (5) dilution is not likely. The TDRA expressly
excludes from its reach “[a]ny fair use, including a nominative or descriptive fair
use, or facilitation of such fair use, of a famous mark by another person other
than as a designation of source for the person’s own goods or services.” 15
U.S.C. § 1125(c)(3)(A).
The federal anti-dilution statute specifically provides comparative advertising
and parody as examples of non-dilutive fair uses. See 15 U.S.C. § 1125(c)(3)(A)
(i) & (ii). Just as with any trademark action, a defendant may assert a right to use
a trademark in a news commentary, a comparative advertisement. Fair use is a
statutory defense under the FTDA.
373
374
about whether the commercial use requirement for false designation was met.
375
which amended the Lanham Act, addresses the: (1) registration, use, or
trafficking in, a domain name, (2) that is identical or confusingly similar to a
distinctive or famous trademark, (3) with a bad-faith intent to profit from the
mark.
Cybersquatting is defined as the: “Offer to transfer, sell, or otherwise assign
the domain name to the mark owner or any third party for financial gain without
having used, or having an intent to use, the domain name in the bona fide
offering of any goods or services, or the person’s prior conduct indicating a
pattern of such conduct.” See Corsair Memory, Inc. v. Corsair7.com, 2008 WL
4820789 at *20 (N.D.Cal. Nov. 3, 2008) (noting that the “ACPA protects the
owner of a distinctive or famous trademark from another’s bad faith intent to
profit from the trademark owner’s mark by registering or using a domain name
which is identical or confusingly similar to, or dilutive of, the trademark owner’s
mark without regard to the goods or services of the parties.” 15 U.S.C. §
1125(d).
Under the ACPA, 15 U.S.C. § 1125(d), a person commits cybersquatting, if,
without regard to the goods or services of the parties, that person (i) has a bad
faith intent to profit from that mark, including a personal name which is
protected as a mark under this section; and (ii) registers, traffics in, or uses a
domain name that—(I) in the case of a mark that is distinctive at the time of
registration of the domain name, is identical or confusingly similar to that mark;
(II) in the case of a famous mark that is famous at the time of registration of the
domain name, is identical or confusingly similar to or
376
377
378
379
identical to its mark and the abusive registrant is not locatable. A trademark
owner may proceed in personam against an infringer or, in certain
circumstances, in rem against the domain name only if they have exhausted
reasonable efforts to locate the bad faith registrant.
Trademark owners may seek an in rem remedy if the abusive domain name
registrant is not locatable despite a diligent effort to find him or her. An
illustrative case occurred in July of 2012 when a Virginia federal court ordered
VeriSign, an accredited domain name registrar, to transfer 265 “infringing
domain names” from VeriSign to Go Daddy.
The disputed domain names were registered in the name of Richemont
International, Ltd, but in fact, the registrants were based in China. The domain
names were being used to sell fake Mont Blanc pens, violating the pen
company’s famous trademarks. The court ordered that the domain names used in
selling knockoffs all be transferred to Mont Blanc.
The ACPA gives trademark owners the right to file an in rem action against
the domain name in the judicial district where the domain name registrar,
domain name registry, or other domain name authority registered or assigned the
domain name is located. See e.g., Cable News Network L.P., L.L.L.P. v.
cnnews.com, 162 F. Supp. 2d 484 (E.D. Va. 2001) (holding that plaintiff
properly perfected service under ACPA’s in rem service procedure in domain
name litigation).
380
381
display the protected mark. The court reasoned that the (1) initial interest
confusion could support a claim under the Lanham Act where the wholesaler
plausibly alleged that consumers were confused, and not simply diverted, and (2)
the wholesaler offered sufficient allegations to support its claim that consumers
were likely confused, and potentially misled, by the retailer’s use of the
trademark as a trigger for its sponsored links.
(A) THE MEANING OF USE IN COMMERCE
Many Internet-related cases turn on the element of “use in commerce,” which
is essential in a trademark infringement claim. In Intermatic Inc. v. Toeppen, 947
F. Supp. 1227 (N.D. Ill. 2006), the federal court held that the defendant’s use of
the Internet satisfied the “in commerce” requirement when the defendant
registered a domain name identical to the plaintiff’s trademark name and used it
on the Internet.
Commercial use, the third requirement of any trademark infringement lawsuit,
is a major obstacle especially where the use of the plaintiff’s trademark is
invisible. In more recent cases, the issue of commercial use often turns on
whether “use” of a trademark under the Lanham Act requires that the trademark
is displayed or visible to consumers. Many of the Internet-related commercial
use issues involve the question of whether covert use of trademarks by
advertisers constitutes “use in commerce under the Lanham Act.” In many of the
“covert use” cases, plaintiffs are unable to clear the use in commerce hurdle.
382
383
to the [advertiser] that has placed the highest bid on the keyword, i.e. the
[advertiser] that has agreed to the search engine operator the highest amount
each time an independent internet user takes a particular action (such as
searching a term or clicking on a link in the advertisement).
However, in recent years plaintiffs never prevail in competitive keyword cases
against Google and only have rare victories against competitors. Trademark
owners have filed multiple trademark infringement lawsuits against Google has
created the AdWords program, which, in effect, is a full-employment act for
trademark litigators. AdWords allows an advertiser to bid on keywords or terms
that an Internet user might enter into a Google search thereby triggering the
display of a sponsor’s advertisement. When a user enters a keyword, Google
displays the links generated by its own algorithm in the main part of the page,
along with the advertisements in a separate “sponsored links” section next to or
above the objective results. Trademark owners have filed multiple trademark
infringement lawsuits against Google and its customers arising out of the use of
the AdWords context-advertising program. None of these cases have been
successful in recent years.
A leading trademark scholar, views the issue as whether keyword placement is
unfairly “drawing [the] power and goodwill of these famous marks. The question
is whether this activity is fair competition or whether it is a form of unfair free
riding on the fame of well-known marks.” 4
384
In 1-800 Contacts, Inc. v. WhenU.com, Inc., 414 F.3d 400 (2d Cir. 2005), the
Second Circuit reversed the district court’s issuance of a preliminary injunction
that enjoined WhenU.com from causing “pop up” advertisements to appear on
Internet user’s computer screens when they went to the 1–800 Contacts website
or each time a trademark is entered into a search engine.
The federal appeals court reasoned that WhenU.com’s use of 1–800 Contacts’
trademarks did not constitute “use in commerce,” a predicate for a finding of
trademark infringement under the Lanham Act. However, the plaintiff’s
trademark claim failed because WhenU.com’s pop-up ads did not actually
display the 1–800 Contacts’ trademark. The court found the defendant’s use of
the plaintiffs’
385
386
387
Ninth Circuit court determined that the federal trial court was correct in
finding Network’s use of keywords to constitute the prerequisite “use in
commerce.”
Commercial use was found in Network’s use of System’s mark to purchase
keywords to advertise its products for sale on the Internet. Nevertheless, the
Ninth Circuit reversed the district court ruling that System was not entitled to an
injunction. The appellate court held that the district court did not apply the
Sleekcraft factors correctly and further that the lower court did not determine
whether there was a likelihood of confusion.
388
§ 11-11. Metatags
(A) INVISIBLE TRADEMARK VIOLATIONS
Some search engines index each discernible word on every web page, while
others index by metatags. A “metatag” is an invisible code in Hypertext Markup
Language (HTML) that describes the contents of a Web page. Trademark
owners file suit against individuals or companies that incorporated the metatags
of popular companies in their website to jump-start their page rank. The recent
trend is for courts to find that merely incorporating the plaintiff’s trademark in
invisible code does not demonstrate use in commerce.
Nevertheless, if a website uses metatags deceptively to misrepresent its sites,
courts will find liability for trademark infringement. A few courts continue to
find that use of a plaintiff’s trademark in metatags constitutes infringement.
(B) INITIAL INTEREST CONFUSION
Initial Interest Confusion (IIC) occurs on the Internet when a company creates
confusion “from the unauthorized use of trademarks to divert Internet traffic,
thereby capitalizing on a trademark holder’s goodwill.” Aust. Gold Inc. v.
Hatfield, 436 F.3d 1228 (10th Cir. 2006). IIC “… occurs when a customer is
lured to a product by the similarity of the mark, even if the customer realizes the
true source of the goods before the sale is consummated.” Initial interest
confusion is, in effect, a misappropriation of good will. What is important is
389
390
is any other use of a mark, such as to refer to a particular product for purposes
of comparison, criticism, or point of reference.
The court found Welles’s use of the abbreviation “PMOY” on the wallpaper
of her site was not nominative, and, therefore was “not excepted from the anti-
dilution provisions.” In finding nominative use, the court ruled that Welles was
not trying to divert traffic from Playboy. A party raising the statutory affirmative
defense of nominative use to a claim of trademark infringement must prove she
is using the term fairly and in good faith and for description.
391
The nominative fair use analysis allows a defendant to use the plaintiff’s mark
to describe the plaintiff’s product, so long as the goal is for the defendant to
describe her own product. A computer repair shop, for example, can advertise
that it fixes Dell laptops even though “Dell” is a registered trademark. In New
Kids On The Block v. News America Publishing, Inc., 971 F.2d 302 (9th Cir.
1992), the Ninth Circuit adopted a nominative fair use test in which the
defendant must prove that:
first, the product or service in question must be one not readily identifiable
without use of the trademark, second, only so much of the mark or marks
may be used as is reasonably necessary to identify the product or service,
and third, the user must do nothing that would, in conjunction with the
mark, suggest sponsorship or endorsement by the trademark holder.
Fair use also enables comparative advertising and the use of another’s
trademark in a manner such as the Pepsi Challenge that featured taste tests
between Coca-Cola and Pepsi in malls around the country in the 1980s.
(B) FIRST AMENDMENT IN CYBERSPACE
(1) Gripe Sites
Fan Sites, rogue sites, or grip sites that mention trademarks in the course of
criticizing companies are generally protected by the First Amendment unless a
court finds that those sites are deceptive, and create consumer confusion. Gripe
sites must
392
make it clear that they are not affiliated with trademarks. In Bihari v. Gross,
119 F. Supp. 2d 309 (S.D.N.Y. 2000), the court found that a “Gripe Site” that
was critical of the plaintiff’s interior design work did not violate Marianne
Bihari’s trademark because no reasonable consumer would believe that the
plaintiff or her company, Bihari Interiors, sponsored the site. The court also
found that the “Gripe Site” was not diverting users from the Bihari Interior site.
Companies will find it difficult to enjoin websites critical of their goods and
services, which have become ubiquitous on the Internet. In the early years of the
Internet, trademark owners often won lawsuits against domain name registrants
who incorporated their trade names or marks.
An early example of such a complaint occurs in, Bally Total Fitness Holding
Corp. v. Faber, 29 F. Supp. 2d 1161 (C.D. Cal. 1998), where a critic of the chain
of health clubs set up an anti-Bally website entitled, “Bally’s sucks” filed suit for
trademark dilution because the defendant was using its trademarks in an
unauthorized manner. The federal court in California granted summary judgment
in favor of Faber, reasoning, “no reasonable person would think Bally’s is
affiliated with or endorses [the anti-Bally site].” The court also found “fair use”
in the website’s use of Bally’s intellectual property.
In a UDRP proceeding, the domain name, AirFranceSucks.com, was
transferred to Air France but “the airline’s victory at arbitration was not without
controversy: panelists disagreed about what the word ‘sucks’ really means to
Internet users.”
393
Societé Air France v. Virtual Dates, Inc., Case No. D2005–0168 UDRP
2005).
(2) Lamparello v. Falwell
The Fourth Circuit found the FTDA applies only to a commercial use in
commerce of a mark, leaving no doubt, “that it did not intend for trademark laws
to impinge the First Amendment rights of critics and commentators.”
Lamparello v. Falwell, 420 F.3d 309 (4th Cir. 2005). In Lamparello, the Fourth
Circuit determined that Christopher Lamparello’s domain name,
www.fallwell.com, a website critical of Reverend Jerry Falwell and his views on
homosexuality, did not constitute cybersquatting. The appellate court reasoned
that Reverend Falwell was unable to show that Lamparello had a bad faith intent
to profit from his use of the fallwell.com domain name. Lamparello had not
engaged in the type of conduct described in the statutory factors as typifying the
bad faith intent to profit essential to a successful cybersquatting claim.
(C) TRADEMARK PARODIES
A parody is a “simple form of entertainment conveyed by juxtaposing the
irreverent representation of the trademark with the idealized image created by
the mark’s owners.” L.L. Bean, Inc. v. Drake Publishers, Inc., 811 F.2d 26 (1st
Cir. 1987). In Lyons Partnership v. Giannoulas, 179 F.3d 384 (5th Cir. 1999),
the Fifth Circuit ruled that the Ted Giannoulas creation of the sports mascot The
Famous Chicken stepping on a Barney lookalike constituted a parody protectable
by the First
394
395
396
“Catron used the Yelp Marks, without alteration, in connection with his
review-selling business without Yelp’s consent in a manner that is likely to
cause confusion, mistake, or to deceive. Catron sold Yelp reviews and
“displayed the Yelp Marks prominently on adblaze.com and BuyYelpReview.
com in connection with his business;” Yelp alleged trademark infringement,
unfair competition, dilution of a famous mark, and cybersquatting, in violation
of Lanham Act, and state law claims for unfair competition, false advertising,
breach of contract, and intentional interference with contractual relations. The
court found evidence supporting Yelp’s federal claims and state false advertising
claims also made him liable under California’s Unfair Competition Law.
“Typosquatting” is the practice of registering a domain name to benefit from
users who mistype a domain name. A classic example is the “typosquatter” who
registered domain names that employed misspellings of popular child oriented
websites. The typosquatter took advantage of children’s foreseeable misspellings
to receive a fee for each child’s clickstream. Typosquatters rely upon adult
Internet users mistyping domain names as well. Dotster, a domain name
registrar, registered the domain name “www.VulcanGolf.com,” which is a
period away from the domain name www.VulcanGolf.com. Vulcan Golf LLC v.
Google, Inc., 552 F. Supp. 2d 752, 760 (N.D. Ill. 2008).
Vulcan filed suit against Dotster claiming the defendant “intentionally
registered this domain name without the period after the ‘www,’ expecting
397
that a certain number of Internet users will mistype the name and will land on
the webpage.” Dotster was liable because it benefited from their blatantly
deceptive domain. Each time a user clicks on links or other online ads, Google,
the parking companies and domain name owners receive advertising revenue.
This is the business model for many commercial websites
398
399
400
proceedings, the owner of trademark rights files a complaint with an approved
dispute-resolution service provider.
UDRP panels are limited in what remedies they may impose. Panels may
order that a registrar cancel, transfer, or change a domain name registration but
have no authority to award monetary damages or attorney’s fees. The UDRP
rules have been adopted by ICANN and are incorporated by reference in every
new domain name registration. Jurisdiction is not an issue because the domain
name registrant has agreed in advance to submit to UDRP should a trademark
dispute arise.
(C) HOW THE UDRP WORKS
(1) Domain Name Registration
The year 1999 marked the release of the WIPO’s Uniform Dispute Resolution
Policy (UDRP). All ICANN-accredited registrars have adopted the UDRP.
Certain managers of country-code top-level domains (e.g., .nu, .tv, .ws) have
also adopted it. The UDRP policy provides trademark owners with an expedited
administrative procedure to resolve disputes over abusive practices such as
“cybersquatting,” “reverse cybersquatting”, and other abusive domain name
registration abuses.
A federal court described the three principal UDRP institutions key to
understanding the management of domain names:
401
First, companies called “registries” operate a database (or “registry”) for all
domain names within the scope of their authority. Second, companies called
“registrars” register domain names with registries on behalf of those who
own the names. Registrars maintain an ownership record for each domain
name they have registered with a registry. Action by a registrar is needed to
transfer ownership of a domain name from one registrant to another. Third,
individuals and companies called “registrants” own the domain names.
Registrants interact with the registrars, who in turn interact with the
registries. Office Depot Inc. v. Zuccarini, 2010 WL 5376380 (9th Cir.
2010).
Under the DNS, the registrant is the company or individual to whom the
domain name actually belongs. A website operator must signify an
administrative contact at the point of registration, who is a person authorized by
the registrant to make changes in the domain name. For example, the
administrative contact may transfer, cancel, or assign rights to the domain name.
Registrars are companies that register domain names and accredited by
ICANN. During the accreditation process, registrars agree to adhere to the
Uniform Domain Name Dispute Resolution Policy. ICANN posts a list of
Approved Dispute-Resolution Service Providers. In addition, to this Policy, there
are Rules for Uniform Domain Name Dispute Resolution Policy. Dispute-
Resolution service providers do the administrative work of
402
403
bad faith is whether the registrant registers the domain name to prevent the
true owners from using it.
(2) Liability of the Domain Name Registrars
404
with its registrants. The court distinguished the “parked pages program” from
GoDaddy’s registrar function finding that the registrar was not entitled to
immunity because it used and trafficked in domain names.
(3) Appealing UDRP Decisions
405
rights. The WIPO panel transferred the disputed domain name to WWF, ruling
that the respondent had no legitimate rights in the domain name. Since this first
case, UDRP panels have decided tens of thousands of disputes between domain
name registrants and trademark owners.
Five paradigmatic categories of cases are typically decided by WIPO arbitral
panels in deciding whether a given domain name is “confusingly similar” to a
trademark: (1) cases where the domain name and trademark are wholly identical,
or, in cases where the trademark owner has a registered domain name, the
generic Top-Level Domain (gTLD) might be different, (2) cases where a
registrant’s domain name incorporates the surname of a celebrity, (3) cases
where a generic or descriptive word has been added to the trademark (such as
“my,” “direct,” or “e-”, (4) cases where anti-corporate websites append the word
“sucks” at the end of trade names, and (5) typosquatting cases where the domain
name registrant relies on Internet users mistyping famous trademark names.
(A) INCORPORATING ANOTHER’S TRADEMARK
The classic illustration of incorporating another’s trademark in a domain name
was Playboy Enterprises International, Inc. v. Good Samaritan Program,
D2001–0241 (WIPO, 2001). In this WIPO case, Playboy magazine founder and
complainant in the case, Hugh M. Hefner, objected to Good Samaritan’s
registration of the domain name “hughhefner.com” with BulkRegister, a domain
name
406
registry. Playboy Enterprises, which holds the trademark “Hugh M. Hefner,”
met the three elements of UDRP Policy 4(A) because: (1) Good Samaritan’s
domain name was identical to Playboy’s trademarks, (2) Good Samaritan had no
rights or legitimate interests in the domain name, and (3) Good Samaritan’s
domain name was registered and was used in bad faith.
The UDRP panel decided the case on the complaint given compelling
evidence Good Samaritan was a cybersquatter. The panel found it appears from
Good Samaritan’s own statements that it sought substantial consideration in the
form of celebrity endorsement or linkage to successful commercial websites in
return for its services. The UDRP panel concluded, “Good Samaritan registered
‘hughhefner.com’ for the purpose of transferring it to Playboy in return for
valuable consideration in excess of its costs directly related to the domain
name.”
(B) COMMON LAW TM RIGHTS OF CELEBRITIES
The USPTO maintains a database of trademarks. The complainant must prove
common law rights if the trademark or service mark is not registered. A
celebrity’s name alone is not protected under the UDRP or the common law. The
sine qua non of common law rights is that the personal name is a source of
goods or services. The purpose of trademark law is to protect consumers by
providing accurate product identification. Kevin Spacey, for example, has
common law rights in his name because he uses his name as a trademark as a
way of identifying his
407
408
As a result, the UDRP panel refused to direct the respondent to transfer the
disputed domain to Complainant Safeguard Operations LLC, owner of several
federally registered trademarks containing the word “Safeguard,” which marks
its uses in connection with its operation of self-storage facilities.
(D) ANTI-CORPORATE WEBSITES
Companies seeking to shut down gripe sites are far more likely to find success
through the UDRP panels than in the U.S. federal courts, which often refuse to
enjoin gripe sites because of the First Amendment. The fourth category of
UDRP cases deal with complaint sites, a.k.a. “sucks” domain names (i.e., names
with the complainant’s trademark and a negative term such as “sucks”). Most
panels facing the issue have found such domain names are confusingly similar to
the complainants’ marks.
A UDRP panel found that that the domain name Radioshacksucks.com was
pointing to a website with various pay-per-click links that were mainly aimed at
directing visitors to competing third party commercial websites. The Panel ruled
in favor of Radio Shack and transferred the name. In one case, the “sucks” site
was found to be confusingly similar to the complainant’s mark because a search
engine would bring up the “sucks” site when the mark itself was entered as a
search term.
UDRP panels distinguish between complaint websites expressing feelings
about products and services, and those constructed for the sole purpose of
extorting money from the trademark owners. Rather
409
than asking whether the domain name causes confusion as to source, the panel
should compare the domain name and the mark for similarity. Other panels have
noted that many Internet users do not speak English or do not know the word
“sucks.” Ultimately, these panels have held domain names adding the word
“sucks” to a trademark of another company was confusingly similar to the mark
incorporated. A minority of panels have ruled “sucks” sites are not confusingly
similar.
(E) UDRP TYPOSQUATTING
The fifth paradigmatic UDRP case is the “typosquatting” case, i.e., where one
letter in a well-known brand is replaced with another letter in order to direct
traffic to the typosquatter’s website. UDRP panels generally disfavor such
strategies, especially when evidenced by bad faith. In Toronto-Dominion Bank v.
Karpachev, WIPO Case No. D2000–1571 (WIPO 2001), the WIPO panel
concluded the domain name “tdwatergouse.com” was confusingly similar to the
TD WATERHOUSE mark.
John Zuccarini, a recidivist typosquatter, was the respondent in Six Continents
Hotels, Inc. v. John Zuccarini, Case D2003–D5009 (WIPO 2003). The WIPO
panel found that Zuccarini acted in bad faith, and transferred the domain name
“hoildayinn.com” to the owner of the Holiday Inn hotel chain.
410
411
414
is the death knell for a trade secret, destroying its emblematic feature of
secrecy.
In Wayburn Digital Media, Inc. v. Drop Zone Digital Media LLC, No.
112109895, 2013 WL 3835973 (Wash. Super. Feb. 1, 2013), a state court found
that a licensee of a digital ad media network was not excused from the breach of
a non-compete provision. However, client lists, marketing materials, and
licensing information posted on a website were not classifiable as trade secrets
under the state’s Uniform Trade Secrets Act. This type of information was
available on the Internet and therefore was not protectable. See also, Lifetouch
Church Directories & Portraits v. Ingalsbe, No. 14SC626, 2013 WL 5508454
(Colo. Dist. Ct. Mar. 12, 2013) (noting plaintiffs’ failure to prove information
available on the Internet was a trade secret).
In Warehouse Solutions v. Integrated Logistics (ILL), No. 09-CV-5771 (JLL),
2015 WL 2151757 (11th Cir. May 15, 2015), the Eleventh Circuit affirmed a
district court order that the look and feel of password-protected software outputs
did not qualify for trade secrets protection under Georgia’s UTSA. Lebovich
developed Intelligent Audit, “a web-based program that interfaces with UPS and
FedEx tracking systems to allow companies to track their packages and collect
funds for late or missing packages.” Lebovich hired Scott Langley and his
company to help sell the Intelligent Audit program. Langley received a 20%
interest in the software in return for his services. The defendant, ILL, hired
Platinum Circles Technologies (Platinum) to develop
415
its own web-based tracking program that was visually and functionally similar
to Intelligent Audit. ILL gave Platinum a user ID and password to log onto the
Intelligent Audit program. “WSI alleged that Intelligent Audit was a trade secret
that ILL had misappropriated by creating a functionally identical program.” The
court found problems with this contention:
ILL contended that it only had access to the program’s visible output, which
does not constitute a trade secret, and, in any event, WSI failed to protect
the program’s secrecy. WSI argued that it took all reasonable means to
prevent disclosure of its complicated software program, including the use of
technologically-advanced password protection and encryption and end-user
confidentiality provisions.
416
417
secret: (1) the extent to which the information is known outside the business,
(2) the extent to which it is known to those inside the business, i.e., by the
employees, (3) the precautions taken by the holder of the trade secret to guard
the secrecy of the information, (4) the savings effected and the value to the
holder in having the information as against competitors, (5) the amount of effort
or money expended in obtaining and developing the information, and (6) the
amount of time and expense it would take for others to acquire and duplicate the
information. State ex rel. The Plain Dealer v. Ohio Dept. of Ins., 687 N.E.2d 661
(Ohio 1997). A trade owner must employ reasonable methods to protect trade
secrets. See e.g., Pioneer Hi-Bred Int’l v. Holden Found Seeds, 35 F.3d 1226,
1235 (8th Cir. 1994).
(B) UTSA MISAPPROPRIATION ACTION
Misappropriation means using “improper means” or acquiring it from
someone who has acquired it through “improper means.” To state a claim for
misappropriation of trade secrets under the Uniform Trade Secrets Act, a
plaintiff must allege that: (1) the plaintiff owned a trade secret, (2) the defendant
misappropriated the trade secret, and (3) the defendant’s actions damaged the
plaintiff.
(C) REASONABLE MEANS TO PROTECT SECRETS
Trade secret laws require companies to take reasonable steps to prevent public
disclosure.
418
419
the software to be activated. The court ruled that Microsoft breached the NDA
and violated Uniloc’s patent in producing software by relying on the patent. This
case illustrates one of the multiple functions of NDAs; for example, properly
drafted NDAs can protect patents.
Typically, the nondisclosure agreement will stipulate that the customers,
without the developer’s prior written consent, cannot disclose trade secrets.
Therefore, software developers and their customers will enter into mutual
nondisclosure agreements because the developer will typically have access to its
customer’s intellectual property when configuring or customizing software.
Courts will typically determine the enforceability of nondisclosure agreements
by asking a series of questions:
(1) Is the restraint, from the standpoint of the employer, reasonable in the
sense that it is no greater than is necessary to protect the employer in some
legitimate business interest? (2) From the standpoint of the employee, is the
restraint reasonable in the sense that it is not unduly harsh and oppressive in
curtailing his legitimate efforts to earn a livelihood? (3) Is the restraint
reasonable from the standpoint of a sound public policy? Decision Insights,
Inc. v. Sentia Group, Inc., No. 07-1596, 2009 WL 367585 (4th Cir. 2009).
420
Florida joins the growing number of states that recognize a common law
action for idea misappropriation, but it requires a showing of confidentiality and
novelty. Information-based businesses will often adopt idea submission policies
to avoid conflicts concerning ownership or interests in intellectual property
rights. Idea submission policies are terms of service when customers, employees,
or third parties submit ideas to the company. One of the chief purposes of an
idea submission policy is to avoid disputes over whether the company
misappropriated or disclosed a trade secret. Apple’s Idea Submission Policy
notes that it “does not accept or consider unsolicited ideas, including ideas for
new advertising campaigns, new promotions, new or improved products or
technologies, product enhancements, processes, materials, marketing plans or
new product names.” Apple’s prohibition against the submission of unauthorized
ideas seeks to prevent litigation over the source of ideas about Apple’s products
or marketing strategies.
(D) UNIFORM TRADE SECRET ACT REMEDIES
The UTSA provides a broad range of remedies, including: preliminary
injunctive relief, monetary damages, lost profits, consequential damages, lost
royalties, attorney’s fees, and punitive damages. A plaintiff will often seek
injunctive relief if they suspect that former employees are violating or about to
violate NDAs. Courts may enjoin actual or
421
defendant would access the escrowed source code only in certain specified
emergencies.
The evidence at trial showed that defendant secretly copied software that was
then used to reconstruct the plaintiff’s source code. Such activity helped save
research and manufacturing resources in developing the software that would
ultimately replace the plaintiff’s pharmacy software. Thus, while reverse
engineering is proper, the acquisition of the known product must, of course, also
be by fair and honest means to be lawful. UTSA § 1, cmt. 2.
The Reporters for the ALI’s Principles of the Law of Software Contracts,
discussed in Chapter 4, acknowledge that anti-reverse engineering clauses are
“troublesome terms.” European courts would not likely enforce clauses that
prohibited reverse engineering to achieve interoperability because of the
Software Directive. In Europe, all users of software have a right to reverse
engineer code to achieve interoperability of computer programs under the
Software Directive adopted in 1991.
(2) First Amendment Defenses
In recent years, U.S. courts have ruled that the tort of misappropriation must
give way to the First Amendment. The First Amendment of the U.S.
Constitution protected a website operator’s posting of DeCSS, which enabled
users to evade the “content scramble system” that both encrypts DVDs and
prevents their unauthorized use and duplication. The California appellate court
ruled that because the DeCSS that the website operator posted was
423
424
425
425
426
refused to enter summary judgment on behalf of the defendant and let the
trade secret case proceed.
In DoubleClick, Inc. v. Henderson, No. 116914/97, 1997 WL 731413 (N.Y.
Sup. Ct. 2007), several employees planned to leave the Internet advertising
mogul in order to start a dot-com startup. DoubleClick confiscated one of the
employee’s laptops and found information on the hard drive, including emails
and future business plans that suggested he was engaged in economic espionage.
DoubleClick summarily fired the employees and sought an injunction to enjoin
them from sharing trade secrets with competitors.
The ex-employees argued that much of the information DoubleClick classified
as trade secrets was already public because they displayed it on the online
company’s website. The DoubleClick court found there was evidence that the
ex-employees intended to use the acquired trade secrets to advise Alta Vista,
DoubleClick’s largest client. The court, however, refused to enjoin the ex-
employees for the one-year period sought by DoubleClick, noting it was too long
in the ever-evolving Internet advertising industry. The court limited the
injunction to six months.
427
428
429
Third, DOJ will continue to make the investigation and prosecution of trade
secret theft by foreign competitors and foreign governments a top priority.
Additionally, the FBI and the intelligence community will provide warnings
and threat assessments to the private sector on information and technology
that are being targeted for theft by foreign competitors and foreign
governments.
Fourth, President Obama recently signed two pieces of legislation that will
improve enforcement against trade secret theft. But we need to continue to
make sure our laws are as effective as possible. So, moving forward, we
will conduct a review of our laws to determine if further changes are needed
to enhance enforcement. If changes are necessary, we will work with
Congress to make those changes lasting and comprehensive. Lastly, we will
increase public awareness of the threats and risks to the U.S. economy
posed by trade secret theft.
White House Briefing, Launch of the Administration’s Strategy to Mitigate the
Theft of U.S. Trade Secrets (Feb. 20, 2013).
In 2012, the Justice Department launched a high profile EEA prosecution
against a Chinese company that was, in fact, an operation of the Chinese
Government. “Mandiant published a report finding that the government of the
People’s Republic of China (PRC) is sponsoring cyber-espionage to attack top
U.S. companies.” Robert B. Milligan & Daniel P.
430
431
431
434
amongst those countries connected to the Internet, there are still variations in
practices from country to country. Since the last edition, the U.S. Supreme Court
and the USPTO have limited the scope of business method patents.
(B) CONSTITUTIONAL AND STATUTORY BASIS
Article I, Section 8 of the U.S. Constitution gave Congress the power to
“promote the Progress of Science and [the] useful Arts, by securing for limited
Times to Authors and inventors the exclusive Right to their respective Writings
and Discoveries.” Patent law, like copyright law, arises out of federal statutes.
Congress enacted the first Patent Act in 1790, with the Patent Act of 1793
following soon after. The Leahy-Smith America Invents Act (AIA) of 2011
displaced the Patent Act of 1952.
(C) AMERICAN INVENTS ACT
(1) First Inventor to File (FITF)
On September 16, 2011, President Obama signed into law the Leahy-Smith
America Invents Act (AIA), which represents a sea change in U.S. patent law.
The United States now aligns its law with the rest of the world in adopting the
first-to-file (FITF) system, which jettisons the older U.S. rule of awarding
patents to the first-to-invent (FI) system. Under the FI system, applicants got a
patent “after disclosing the invention as long as a patent is filed within one year
of the disclosure.” MARK V. CAMPAGNA, UNDERSTANDING PATENT REFORMS IN
435
The U.S. adopted a registration system for patents, where examiners determine
whether a given claim is patentable and whether an applicant has the rights to a
patented invention. Patent prosecution is the process of obtaining a patent. Patent
examiners in the USPTO determine whether the boundaries of the claim sought
by the applicant qualify for patent protection. Under the AIA reforms, the
USPTO now offers applicants an opportunity to have patent applications
reviewed on an expedited basis. Small entity and independent inventors receive a
50 percent discount on the $4800 fee to use this new fast track option. This
reform responded to criticism of the long and drawn-out patent evaluation
process.
(3) Other Patent Reforms
The AIA initiated new methods for challenging patents and developed several
new third-party challenges, including post grant review, inter partes review and
devised a transitional program for covered business method patents. Inter partes
review is a new trial proceeding conducted at the Board to review the
patentability of one or more claims in a patent. An inter partes review may be
436
437
438
computer, an iPad, or smart phone are all protectable by design patents or the
visual and ornamental characteristics of an article of manufacture. Design
patents, with a term of 14 years, protect the ornamental, exterior appearance of
an object and that appearance must be non-functional. Articles of manufacture
may possess both functional and ornamental characteristics. “Both design and
utility patents may be obtained on an article if invention resides both in its utility
and ornamental appearance.” 35 U.S.C. § 171.
Design patents are relevant to Internet inventions because the USPTO
considers computer-generated icons, including full screen images and type fonts,
to constitute surface ornamentation. Design patents must be original and must
not offend any race, religion, sex, ethnic group, or nationality. 35 U.S.C. § 171
and 37 CFR § 1.3.
On May 18, 2015, the United States Court of Appeals for the Federal Circuit
affirmed the district court findings that Samsung had infringed Apple’s design
and utility patents, while also reversing on the infringement of trade dress. Apple
Inc. v. Samsung Electronics, 786 F.3d 983 (Fed. Cir. 2015). Samsung argued on
appeal that the district court erred in not excluding the functional elements of
Apple’s design patents in considering the alleged infringement. The federal
circuit rejected the argument and found the district court reasoning was proper.
Regarding the issue of infringement of Apple’s utility patents, Samsung
attempted to argue that the term “substantially centered” is vague and uncertain.
The court credited Apple’s expert with
439
providing evidence to demonstrate that one skilled in the art would understand
its meaning. The court affirmed the district court’s denial of Samsung’s motion
for judgment as a matter of law on the invalidity of claim 50 of the ’163 patent
and claim 8 of the ’915 patent, as well as the damages awarded for utility patent
infringement. The court denied Samsung’s motion for a new trial and remanded
for immediate entry of final judgment on all damages awards not predicated on
Apple’s trade dress claims.
(E) PATENT LAW TERMS
Generally, the term of a new utility patent, which accounts for most Internet-
related patents, is 20 years from the date on which the patent application was
filed. Plant patents also have a 20-year term, while design patents only have a
term of 14 years from the issue date. Utility or plant patents issued on
applications filed before June 8, 1995 have a term of 17 years from the issuance
of the patent or 20 years from the filing, whichever is greater.
(F) SECTION 101 PATENTABLE SUBJECT MATTER
Section 101 of the Patent Act states that “any new and useful process,
machine, manufacture, or composition of matter, or any new and useful
improvement thereof” is patent-eligible, “subject to the conditions and
requirements of this title.” Congress used “expansive terms” in defining the four
categories of inventions eligible for patent protection under § 101: processes,
machines, manufactures, and compositions of matter. Courts
440
set forth three judicial limits on patentability: (1) laws of nature (2) natural
phenomena and (3) abstract ideas. Algorithms and formulas are not patentable
because they do not fit within any of the aforementioned four categories. “Laws
of nature, natural phenomena, and abstract ideas (e.g., in the guise of
mathematical algorithms) are not eligible under Section 101.” 35 U.S.C. § 101.
The USPTO cites the following examples of patentable concepts: (1) Basic
economic practices or theories (e.g., hedging, insurance, financial
transactions, marketing); (2) Basic legal theories (e.g., contracts, dispute
resolution, rules of law); (3) Mathematical concepts (e.g., algorithms,
spatial relationships, geometry); (4) Mental activity (e.g., forming a
judgment, observation, evaluation, or opinion); (5) Interpersonal
interactions or relationships (e.g., conversing, dating); (6)Teaching concepts
(e.g., memorization, repetition); (7) Human behavior (e.g., exercising,
wearing clothing, following rules or instructions); and (8) Instructing “how
business should be conducted.” USPTO, PATENT SUBJECT MATTER
ELIGIBILITY (2012). Not all new and useful inventions and discoveries will
receive patent protection.
In Mayo Collaborative Servs. v. Prometheus Labs, Inc., 132 U.S. 1289, 1294
(2012), the U.S. Supreme Court set forth an analytical framework under § 101 to
distinguish patents that claim patent-ineligible laws of nature, natural
phenomena, and abstract ideas or are ineligible subject matter. First, given
441
the nature of the invention in this case, the court determines whether the
claims at issue are directed to a patent-ineligible abstract idea. In Prometheus,
the applicant’s claim was for optimizing the therapeutic efficiency of a drug.
Justice Beyer acknowledged that the ‘administering,’ ‘determining,’ and
‘wherein’ steps were not natural laws, the claim added too little to the law of
nature and thus was not patentable.
CLS Bank International and CLS Services Ltd. (CLS Bank) sought a
declaratory judgment that the claims in question were “Invalid, unenforceable,
and not infringed” because the claims were not patentable under 35 U.S.C. §
101. The CLS Services Court stated “We have long held that this provision
contains an important implicit exception: Laws of nature, natural phenomenon,
and abstract ideas are not patentable.” The Court expressed its concerns with
pre-empting the research in its field, if a patent on an abstract idea were upheld:
“ ‘[M]onopolization of those tools through the grant of a patent might tend
to impede innovation more than it would tend to promote it,’ thereby
thwarting the primary object of the patent laws.” The Court made an
assessment to determine whether an abstract idea needs to be incorporated
“into something more” in order for it to become patent-eligible.
The Court held that, ultimately, the claims in question were that of an abstract
idea, implemented on a generic computer, like in Bilski v. Kappos, 561 U.S. 593
(2010), which held that a method for
442
hedging against the financial risk of price fluctuations was a patent ineligible
abstract idea.
If the court does find that the claims are patent eligible subject matter, they
then consider the elements of each claim—both individually and as an ordered
combination—to determine whether the additional elements transform the nature
of the claim into a patent-eligible application of that abstract idea. This second
step is the search for an “inventive concept,” or some element or combination of
elements sufficient to ensure that the claim in practice amounts to “significantly
more” than a patent on an ineligible concept.
In IP Technologies v. Amazon.com, No. 2012–1696, 2015 WL 3622181 (Fed.
Cir. 2015), the plaintiff (OIP) alleged that the defendant (Amazon) had infringed
a patent for computer-based pricing of goods. The CAFC affirmed the holding of
the lower court, granting summary judgment for the defendant. The CAFC
applied the two-part test for subject matter eligibility established by the Supreme
Court in Alice. It held that the subject matter was directed to an abstract idea that
it was implemented on a computer, similar to the situation in Alice. The Post-
Alice Task Force studied the 85 district court cases that substantively applied
“Alice.” Across all the cases, the defendants successfully used Alice to
invalidate all the claims at issue in 68 percent of these cases, and in a significant
number of cases, did so on the pleadings. Scott Alter, One Year After Alice: Was
It the Right Medicine? LAW 360 (June 18, 2015).
443
444
445
446
447
patentable because of the lack of enablement under 112 and as inoperative and
lacking utility under § 101.” J. THOMAS MCCARTHY, MCCARTHY’S DESK
ENCYCLOPEDIA OF INTELLECTUAL PROPERTY (3rd ed. 2004) at 651.
(K) PATENT INVALIDITY
The U.S. Patent Act provides that “[a] patent shall be presumed valid” and that
“[t]he burden of establishing invalidity of a patent or any claim thereof shall rest
on the party asserting such invalidity.” 35 U.S.C. § 282. During prosecution,
patent examiners give claims the broadest reasonable interpretation that is still
consistent with the specification. Section 132 requires examiners to cite reasons
for rejection and rights for reexamination.
(L) PATENT TERMS
The term of a utility patent filed prior to June 8, 1995 is the later of (1) 17
years from the date of issuance of the patent, or (2) 20 years from the first U.S.
filing date for the patent. The term for utility patent applications filed after June
8, 1995 is 20 years from the first U.S. filing date. As recently as the 1980s, it
was unclear whether software was patentable which had implications for
relatively contemporary internet-related patents. Today, software patents are
primarily utility patents, which include compilers, application programs, and
protection for “process or method performed by a computer game.”
448
448
449
Limelight argued that a reasonable jury could conclude the company believed
it did not infringe or cause others to infringe Akamai’s patents because of
Akamai’s prior history of suing infringers. Limelight appealed and the Supreme
Court reversed and remanded back to the Federal Circuit. Limelight Networks,
Inc. v. Akamai Technologies, Inc., 134 S. Ct. 2111 (2014). The Supreme Court
reasoned that because Limelight did not infringe on every step claimed in the
method patent, they were not liable for infringement.
Courts accepted this business method exception for nearly a century until 1998
when the Federal Circuit reversed course in State Street Bank & Trust Co. v.
Signature Fin. Group, Inc., 149 F.3d 1368 (Fed. Cir. 1998). In State Street,
Judge Giles Rich, writing for the panel, accepted a patent held by Signature
Financial Group for a “hub and spoke” method of computing interest payments.
This method made it possible for mutual fund managers to pool their assets into
a partnership, allowing tax advantages and administrative savings. The mere
presence of a mathematical algorithm does not preordain that USPTO will reject
a patent claim. The Federal Circuit held a programmed computer using this
mathematical algorithm was patentable so long as it produced a useful, concrete,
and tangible result.
In State Street, the court found an algorithm or formula that produced a
“concrete and tangible result.” Namely, it calculated a final share price for each
mutual fund within the partnership as determined by their contributions to the
pool, and
450
451
452
one-click method. Amazon and Barnes & Noble settled their patent
infringement dispute in 2000, with Barnes & Noble licensing the 1-Click patent.
See Amazon.com, Inc. v. Barnesandnoble.com, Inc., 239 F.3d 1343 (Fed. Cir.
2001) (vacating preliminary injunction awarded in favor of Amazon.com in
patent dispute over one-stop Internet shopping business method).
453
implement the Bluetooth EDR technology for the remaining life of their
patents.
Internet technologies have predominated in the U.S. patent system. For
example, one in six active patents pertains to smartphones. One study found that
smartphones accounted for 250,000 patents. Disruptive Competition Project,
One in Six Patents Pertain to the Smartphone (Oct. 17, 2012). It is not surprising
that Smartphones involve many patents, as they are miniature, general-purpose
computers and therefore come with a CPU, operating system. Additionally, they
include an “Active matrix display, Touch screen display, Cellular voice
technology,1x data networking, 3G data networking, 4G data networking, Wi-Fi
data networking, Bluetooth data networking, GPS technology (and associated
navigation), Accelerometer technology, Digital camera (including lens and
image processing), Audio recording and playback Battery technology, Force
feedback technology (phone vibration and haptic feedback) and Design patents.”
Michael Fisch, Software Patents and the Smartphone, PRAWSBLAWG (Nov. 15,
2012).
In March of 2012, Yahoo! filed a patent infringement lawsuit against
Facebook just as the social media market leader was making its Initial Public
Offering (IPO). Yahoo!’s patent lawsuit alleges that Facebook had infringed ten
different Yahoo! patents that are fundamental to social media, such as
“personalized advertising, customized portal pages and news feeds,
recommendations to connect with other suggested users (and screen out
spammers), social music and
454
messaging applications, and authorizing some users (but not others) to see
different sections of your content.” Tim Carmody, Yahoo! Sues Facebook in a
Web Patent Showdown, EPICENTER (Mar. 13, 2012).
Facebook filed a counterclaim, charging that Yahoo! had infringed ten of its
patents. Facebook agreed to pay Microsoft Corporation $550 million for
hundreds of patents that it originally purchased from America Online.
Companies like Facebook need a robust portfolio of software patents to stave off
lawsuits by patent trolls and to protect their intellectual property. For example,
Google purchased Motorola Mobility for $12.5 billion. Most of the company’s
value was in its patent portfolio. The Apple-Microsoft-Oracle-Nokia consortium
bought Nortel’s patent portfolio for $4.5 billion. Microsoft bought Novell’s
patent portfolio for $450 million and some of AOL’s patents for $1 billion.
Critics of Internet-related patents contend that these innovations would
develop more rapidly without the type of patent protection that dampens
competition. All patents balance antitrust concerns against market dominance.
Too much patent protection for Internet-related business method patents may not
be desirable because it undermines competitiveness. The trend towards
propertization of Internet infrastructure has led to a more complex online
business environment.
(B) MARKMAN HEARINGS
Markman hearings are held the by the court to determine claim construction at
the onset of patent
455
456
457
The long-standing rule in the Federal Circuit was to issue injunctions liberally
in patent infringement cases so long as the plaintiff could prove an ongoing
infringement. To put it bluntly, the Federal Court of Appeals did not require
patent owners to demonstrate irreparable harm. In eBay, the lower court refused
to enjoin the online auction house, finding that damages were adequate. The
Federal Circuit Court of Appeals reversed, ruling that in patent infringement
cases an injunction is issued absent exceptional circumstances.
The MercExchange Court ruled that the Federal Circuit improperly applied a
presumed irreparable injury test as opposed to the traditional four-factor test for
the issuance of a permanent injunction. Eventually, the Supreme Court
intervened, which reversed the Federal Circuit’s traditional practice of liberally
issuing injunctions in patent infringement cases. The MercExchange Court ruled
that federal courts must now weigh four factors before issuing an injunction: (1)
that the plaintiff has suffered an irreparable injury, (2) that remedies available at
law are inadequate to compensate for that injury, (3) that considering the balance
of hardships between the plaintiff and defendant, a remedy in equity is
warranted, and (4) that the public interest would not be disserved by a permanent
injunction. The finding that permanent injunctions are subject to the ordinary
rules governing equitable relief means that relief is discretionary, as opposed to
relief issued routinely.
Injunctive relief is critically imperative in Internet-related patent litigation
because of the
458
rapidity with which online businesses can attain or lose market share. In the
Internet-based economy, the earliest mover has enormous advantages. Some
businesses use patent law strategically as a method for excluding potential rivals.
(2) Bilski v. Kapos
In Bilski v. Kappos, 130 S. Ct. 3218 (2010), the U.S. Supreme Court
unanimously upheld the Federal Circuit’s decision that the application for a
method of hedging risk was “an unpatentable abstract idea” that was outside the
scope of the U.S. Patent Act, § 101. The patent application in In re Bilski was for
a procedure that helped buyers and sellers protect against price fluctuations in
the volatile energy market by hedging against price changes.
The patent examiner rejected the application, explaining that it was a mere
manipulation of an abstract idea and solves a mathematical problem without
sufficient practical application. The Board of Patent Appeals and Interferences
affirmed, concluding that the application only involved mental steps that
transformed physical matter directed to an abstract idea.
The Federal Circuit heard the case en banc and affirmed, reasoning that the
machine-or-transformation test was the sole test for determining the patentability
of a process under Section 101. The Federal Circuit’s view was that an invention
is a “process” only if (1) tied to a particular machine or apparatus, or (2) it
459
transforms a particular article into a different state or thing. The U.S. Supreme
Court granted certiorari to determine whether patentable subject matter should
exclude the process patent.
The Court held that the Federal Circuit incorrectly endorsed the machine-or-
transformation test for a process as the only valid criteria. The Court reasoned
that the Federal Circuit test was a useful tool but not the sole method of deciding
whether an invention is a patent-eligible process. The Court decided that the
process patent for hedging was unpatentable as an abstract idea. In Bilski, the
Court was concerned that to allow “petitioners to patent risk hedging would pre-
empt use of this approach in all fields.”
The Court upheld the Federal Circuit’s denial of patent but disagreed with the
Appeals Court in its assessment of process patents. The Court explained that
“[i]f a high enough bar is not set” for process patents—which “raise special
problems in terms of vagueness and suspect validity”—“patent examiners and
courts could be flooded with claims that would put a chill on creative endeavor
and dynamic change.” The Bilski decision expected to narrow business-related
claims.
The Bilski decision limits the availability of process patents. Bilski also calls
for a rigorous review of software, business method, and many Internet-related
process claims.
In MySpace, Inc. v. Graphon Corp., 672 F.3d 1250 (Fed. Cir. 2012), the
Federal Circuit ruled that a patent relating to the ability to create, modify, and
460
store database records over a computer network was invalid as anticipated and
obvious based on prior art. A dissenting judge would have applied Bilski,
reasoning that Graphon’s patents fell outside the ambit of section 101 “because
they are too useful and too widely applied to possibly form the basis of any
patentable invention.”
CONCLUSION:
Patent law, like the other branches of the law, is constantly evolving in
response to the development of the Internet. Justice Holmes’s classic essay on
the path of the law drew upon six centuries of case reports and statutes. In less
than twenty-five years, the Internet has created a huge number of new legal
dilemmas and challenges in accommodating this new information technology.
As this book has shown, the Internet transforms basic assumptions about the
nature of communication, knowledge, invention, information, sovereignty,
identity, commerce, human rights and community. The Internet is fundamentally
reshaping intellectual property law as it shatters existing precedent by redefining
distance, time, privacy and the meaning of territoriality. The phenomenal growth
in traffic on the World Wide Web requires established legal principles for all
branches of the law be adapted to cyberspace.
Internet law must become a moving stream rather than a stagnant pool,
evolving to meet the new risks and dangers in the twenty-first century’s age of
information. Further global coordination is essential to surmount the growing
substantive and
461
462
goal in writing this book is not only to show where Internet law is today, but
also to explain the global conflicts over legal principles as a guide toward
illuminating the path that this global harmonization needs to take.
463
INDEX
References are to Pages
ACPA
See Anticybersquatting Protection Act
ADULT ENTERTAINMENT & PORNOGRAPHY
Generally, 287–88
Child Pornography, 287–88
Internet Pornography, 287
Miller Test, 287
ANTICYBERSQUATTING CONSUMER PROTECTION ACT OF 1999
Generally, 374–80
ACPA Remedies, 376–77
ACPA Safe Harbor, 377–78
Bad Faith Intent to Profit, 376
Bona Fide Offering of Goods or Services, 376
Cancellation as ACPA Remedy, 376
Civil Liability, 374
Cybersquatting, 374–75
Domain names, 374
Distinctive or Famous Element, 376
Elements of ACPA Claim, 376–77
Famousness as ACPA Element, 376
Identical or confusingly similar element, 376
In Rem Jurisdiction, 378–79
Misuse of Domain Names, 377
Narrower Confusion Test under ACPA, 376
Registers, Traffics, or Uses Domain Name, 375
Safe Harbor, 377
Statutory Purpose, 377
Trafficking in Domain Names, 376
Transfer of Mark as ACPA Remedy, 376
Unfair Competition, 375
See also Cybersquatting, Domain Names, Keyword Trademark Litigation,
Trademarks, Trademark Dilution Revision Act of 2006, Trademark
Dilution Revision Act of
464
465
ADSL, 17
Bandwidth, 17
Downstream, 18
DSL, 17–18
FCC Classifications, 17
ISPs, 17
SDS, 18
BROWSEWRAP LICENSE
Generally, 97–98
Terms of Service, 127
UCITA, 108
See also Clickwrap License, Contract Law in Cyberspace, Internet Related
Contract Law, Shrinkwrap, Uniform Commercial Code, Uniform Computer
Information Transaction Act, Principles of the Law of Software Contracts
BRUSSELS REGULATION
Generally, 80–84
Business-to-Business Transactions, 81–82
Consumer’s Home Court Rule, 82–83
Defendant’s Domicile, 80–81
Extraterritorial Impact, 83–84
Mandatory Consumer Rules, 83
Non-Waivable Rules, 83
Place of Delivery, 83
Rome I Regulation for Choice of Law, 83–84
Sale of Goods, 82–83
Special Jurisdictional Rules, 82–83
Waivers, 83
Where Defendants May Be Sued, 81–82
See also Cyberjurisdiction, Effects Test, European Consumer Law, Global
Consumer Law, and Minimum Contacts See generally Global Consumer
Law, International Jurisdiction BUSINESS TORTS
Generally, 173–188
Conversion of Websites, 169
Cyberfraud, 177–78
False Advertising, 173
466
467
468
469
Commercial Internet, 10
Domain Name System, 11
NSF Supervisory Role, 11
See also Cybersquatting, Domain Names
COMMUNICATIONS DECENCY ACT
Generally, 272–73
Contemporaneous Community Standard, 373
Criminalization, 272
Immunity under Section 230
Good Samaritan, 273
Radically Different Legal Cultures, 273
Unconstitutional, 272
See also, CDA Section 230
COMPUTER CRIMES
Generally, 231–32
Definition, 232–35
Nature of, 233–34
COMPUTER FRAUD AND ABUSE ACT (CFAA) Generally, 235–38
Accessing Computer Without Authorization, 239–40
Accessing to Defraud, 241
CFAA’s Civil Liability, 243–45
Computer Fraud & Abuse Act Chart, 237–38
Damaging Computers or Data, 241–42
Exceeding Authorized Access, 236–37
Featured Civil Law Cases, 237
Felony Offenses, 237–39
Legal Lag, 27
Loss, 238
National Security Information, 239
Offense Types, 237–39
Prison Sentence, 237–39
Sections in CFAA, 237–38
Seven Types of CFAA Crimes, 235
Stored Communications Act, 253–56
Terms of Service Agreements, 127
Threatening to Harm a Computer, 243
Trafficking in Passwords, 242–43
Trespassing in a Government Computer, 243
470
471
472
473
Wikileaks, 288
CROSS-BORDER CYBERFRAUD
Generally, 144
Nigerian Swindles, 144
CYBERCONVERSION
Generally, 167–69
Domain Names, 169–70
Website Conversion, 170–71
CYBERCRIMES
Generally, 231–35
Access Device Fraud, 241
Accessing a Computer & Obtaining Information, 238
Accessing a Computer to Defraud & Obtain Value, 238
Accessing to Defraud, 238
Accessing Without Authorization, 239–40
Anti-Stalking, 265–66
CFAA, 235–49
CFAA Civil Liability, 243–49
CFAA Criminal Law, 235–43
CFAA Criminal Law Cases, 239–43
Computer Crime, 232–34
Computer Crime Case Law, 256–69
Cross-Border Enforcement, 127
Cybercrime Convention, 68–69
Damaging Computers or Data, 241–42
Definition of Cybercrime, 234–35
Electronic Communication Privacy Act, 249–53
ECPA, 251–52
Federal Threats, 266–67
International Cybercrime Enforcement, 268–69
National Security Information, 237
Nature of Cybercrime, 233–34
Stored Communications Act, 253
SCA Cases, 260–65
SCA Defenses, 255
SCA Prima Facie Case, 253–54
Sex Trafficking, 267–68
Terms of Service, 127,
Threatening to Harm of Computer, 243
474
474
475
CYBERTORTS
Generally, 151–56
Abuse of Process, 172–73
Cyberfraud, 177–78
Computer Professional Negligence, 196–97
Conversion, 169–71
Cyberconversion of Domain Names, 169–71
Defamation, 178–89
Defective Information, 198–200
Economic Loss Rule, 200–01
Intentional Business Cybertorts, 173
Intentional Infliction of Emotional Distress, 160–63
Interference with Business Contracts, 176–77
Malicious Prosecution, 171–72
Misappropriation of Intangible Data, 174–75
Misappropriation of Trade Secrets, 177
Negligence-Based Actions, 192–98
Negligent Data Brokering, 197–98
Negligent Enablement of Cybercrime, 193–95
Negligence Per Se, 195
Product Liability, 198–200
Publishers, Conduit, & Distributors, 181–82
Single Publication Rule, 182
Strict Liability, 198–99
Trespass to Digital Information, 168–69
Tort of Outrage, 161–63
Trade Libel, 178–79
Trespass to Virtual Chattels, 163–69
Unfair Competition, 174
See also CDA Section 230, Constitutionalization of Defamation, Cross-Border
Cyberfraud, Cyberconversion, Cyberspace Privacy, Damages, Data
Security, Defamation, E-Mail Monitoring of Employees, Effects Test, First
Amendment in Cyberspace, International Cybertorts, Negligence-Based
Actions Products Liability, Privacy-Based Cybertorts, Products Liability,
Professional Standards, Spam, Trespass to Chattels DATA
PROTECTION DIRECTIVE
Generally, 215–221
Consent, 215
476
478
Downstream, 17
DSL, 17–18
SDSL, 18
Upstream, 18
DOMAIN NAMES
Generally, 402–14
Anticybersquatting, 397–98
Domain Name Hijacking, 397–98
Reverse Hijacking, 398
Trademark Hijacking, 397
UDRP Providers, 399–400
Uniform Domain Name Resolution Policy, 398–404
WIPO, 398–405
See also Anticybersquatting Consumer Protection Act, Cybersquatting,
Internet Corporation for Assigned Names and Numbers, Uniform Domain
Resolution Policy DSL, See Digital Subscriber Lines EASTERBROOK’S
ARGUMENT AGAINST INTERNET LAW
Generally, 28
Internet Jurisdiction, 29
Law of the Horse, 28
Law School Course on Internet Law, 28–29
No Specialized Internet Law, 28
Role of Property Law, 28
See also Defense of Internet Law, Solum’s Internet Governance Theories E-
COMMERCE DIRECTIVE
Generally, 106–08
Electronic Signatures, 107
Electronic Contracts, 106–08
See also Internet Service Providers
ECPA, See Electronic Communications Privacy Act EFFECTS TEST
Generally, 72–73
Cybertort Jurisdiction, 72–73
See also International Shoe in Cyberspace, Minimum Contacts 479
ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA) Generally,
249–52
Device to Intercept, 251
Electronic Communications, 249–50
Electronic Communication System, 252
Featured ECPA Cases, 256–60
Featured SCA Cases, 260–64
Good Faith Reliance on a Warranty, 256
Intentional Interception, 252
Intercepting Electronic Communications, 249–50
Intercepting Radio Communications, 249
Little ECPA Acts, 256
Little SCA Acts, 256
Ordinary Course of Business Exception, 251
Prima Facie Case, 252
Private Cause of Action, 252
PHRACK, 257
Prohibitions, 251
Storage, 256
Stored Communications Act, 253–56
Stored Communications Act Prima Facie Case, 253–54
Stored Communications Act Defenses, 255–56
Title I of the ECPA, 250
USA Patriot Act, 253
Using an Intercepted Communications, 251
Wiretap, 249
See also Cybercrimes, Electronic Communications Privacy Act
ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL
COMMERCE ACT
Generally, 107–08
Digital Signatures, 106–08
See also Uniform Electronic Transactions Act ESIGN, See Electronic
Signatures in Global and National Commerce Act E-SIGN, THE
ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL
COMMERCE ACT
Generally, 107–08
See also Uniform Electronic Transactions Act 480
E-SIGNATURE ACTS
Generally, 107–08
Authentication, 107
Consumer’s Mandatory Rules, 107–08
Digital Signatures, 107
Electronic Records, 107
Electronic Signatures, 107–10
Validity of E-Contracts, 107
Withdrawing Consent, 108
See also UETA
EUROPEAN CONSUMER LAW
Generally, 145–47
Mandatory Consumer Rules, 145
Unfair Contract Terms Directive, 146
See also Brussels Regulation, European Union, and Rome I Regulation
FALSE DESIGNATION OF ORIGIN
Generally, 372
FALSE ENDORSEMENT
Generally, 374
FEDERAL ANTIDILUTION
Generally, 363–72
Adopted Mark After Famous Mark, 368
Amended Federal Anti-Dilution Act, 368
Commercial Use, 368
Definition of Dilution, 376–68
Dilution by Blurring, 365–67
Dilution by Tarnishment, 367–68
Elements of Dilution under TDRA, 368
Famousness as Predicate, 368
Famous and Distinctive, 366
Likelihood of Dilution, 368
Moseley v. Victoria Secret Catalogue, Inc., 368
Test for Famousness, 366
Trademark Dilution Revision Act of 2006, 363–64
FEDERAL COMMUNICATIONS COMMISSION
Generally, 144–45
Broadband, 144–45
481
Communications Act of 1934, 144
Net Neutrality, 145
TCP/IP Architecture, 144
See also Net Neutrality
FEDERAL TRADE COMMISSION
Generally, 131–32
Advertising, 137
CANSPAM, 141–44
Chief Privacy Regulator, 208–09
Children’s Online Privacy Protection Act, 140
Consumer Privacy, 139–40
COPPA, 209–10
Deceptive Advertising Claims, 137–38
Fraudulent Internet Businesses, 132–37
Mandatory Website Disclosures, 139
Online Endorsements, 138–39
Website Disclosures, 139
See also CANSPAM, Children’s Online Privacy Protection Act (COPPA)
FIRST AMENDMENT IN CYBERSPACE
Generally, 281–86
Compelling Government Interest, 281
Content Neutral Speech, 282–83
Content Specific Regulations, 282
Declaratory Judgment, 281
Dial-a-Porn, 281
Dormant Commerce Clause, 281–82
Facial Attacks, 283–84
Falsification of Header Information, 285–86
Injunctive Relief, 281
Spam, 285
Unprotected Speech Categories, 284–86
GENERAL DATA PROTECTION DIRECTIVE
Generally, 220–24
Access to Personal Data, 223
Automatically Applicable, 221
Data Breaches & Notification, 222
Data Controllers, 225
Duty to Erase, 224–25
482
483
484
485
486
INTERNET TECHNOLOGIES
Generally, 13
Bandwidth, 17
Bridges, 15
Cable Modems, 16
Digital Subscriber Lines, 17
Gateways, 15
Hubs or IXPs, 13–14
Mobile Devices & Applications, 18
Repeaters, 16
Routers, 5–6, 15
Search Engines, 18
JOHN DOE SUBPOENAS
Generally, 183–84
Dendrite Factors, 183
Prima Facie Case, 183
First Amendment Balancing, 183
Subpoena Requirements, 183–84
KEYWORD ADVERTISING
Generally, 380–91
Cases, 384–86
Sponsored Links, 387
Use in Commerce, 381–84
LAW, CODE, MARKET, & NORMS
Markets as Internet Law, 48–40
Norms as Internet Law, 46–48
See also Law of the Horse, Lessig’s Law as Code, Easterbrook’s Law of the
Horse LAW OF THE HORSE
Generally, 28–29
LESSIG’S LAW AS CODE
Generally, 42, 44–45
Code or Architecture, 44–45
Four Modalities, 42–43
Market Forces, 46–48
Norms, 46–49
See also Easterbrook’s Law of the Horse, Law as Code, Solum’s Internet
Governance Theories 487
LIBERTARIAN VIEW OF INTERNET
Generally, 33–37
See also Solum’s Internet Governance Theories LICENSE AGREEMENTS
Generally, 87–82
Browsewrap, 97–98
Chart of Mass Market Licenses, 93–94
Enforceability, 100–05
First Sale Doctrine, 89–91
Granting Clause, 89
License versus Sales, 89–91
Licensee, 88
Licensor, 88
Mass-Market Licenses, 91–94,
Rolling Contracts, 102–05
Scrollwrap, 99–100
Shrinkwrap Agreements, 94–95
Standard Form Licenses, 91–100
Terms of Service, 127
See also Click-through License, Contract Formation in Cyberspace, Internet-
Related Licenses, Mass Market License, Principles of the Law of Software
Contracts, Uniform Commercial Code, and Uniform Electronic
Transactions Act LINKS
Generally, 310
MARXIST THEORY
Generally, 52–53
Means of Production, 52–53
See generally, Benkler’s Wealth of Networks See also Solum’s Internet
Governance Theories METATAGS
Generally, 388
HTML Tags, 399
Initial Interest Confusion, 388
Search Engines, 388
NATIONAL REGULATION
Generally, 50–51
488
Local Governance, 50
National Regulation, 51
NEGLIGENCE-BASED ACTIONS
Generally, 192–93
Computer Professional Negligence, 196–97
Elements, 193–94
Negligence Per Se, 195–96
Negligent Data Brokering, 197–98
Negligent Enablement of Cybercrime, 193–95
Transborder Torts, 201–02
See also Cybertorts, CDA Section
NET NEUTRALITY
Generally, 144–45
NSFNET
Generally, 8–13
OPEN SYSTEMS INITIATIVE
Generally, 23–24
Disassembly, 23
Folksonomies, 21
Interoperability, 23,
Interoperability Worldwide, 23
Packets, 23
Resource Description Framework, 21
Reassembly of Packets, 23
Semantic Web, 21
Seven Layer Model, 23
Web 3.0, 21
Web Ontology Language, 21
PARTIES’ CHOICE OF FORUM
Generally, 84
Brussels Regulation, 78–84
Consumer Transactions, 84
Forum Selection, 84
Principles of the Law of Software Contracts, 109–10
Terms of Service, 127
See also Brussels Regulation
489
PATENTS
Generally, 433–34
America Invents Act, 438–40
Anticipation, 444–45
Bilski v. Kappos, 458–460
Constitutional & Statutory Basis, 433
Design Patents, 437
E-Business Methods, 448–51
E-Business Method Trolls, 455
Infringement, 452–54
Internet Patents, 433
Markman Hearings, 454–54
Mathematical Algorithms, 440
MercExchange, 456–58
Non-Obviousness, 446
Novelty, 443–44
Other Patent Reforms, 435–36
Overview, 433
Patentability, 443–48
Patent Eligibility, 439
Patent Invalidity, 447
Patent Terms, 439, 447
Patent Trolls, 455
Post-State Street Cases, 451–52
Section 101 Patent Subject Matter, 443
Software Patents, 448
Statutory Bar, 446
Supreme Court’s Patent Cases, 439–40
Types of Patents, 437–39
Utility Patents, 437, 443–44
PRINCIPLES OF THE LAW OF SOFTWARE CONTRACTS
Generally, 109
American Law Institute, 109
Battle of the Forms, 111–12
Breach, 122–26
Cancellation, 121–24
Cancellation & Expectation Damages, 121–22
Contract Modifications, 113
Cure, 121
Disabling Software, 123
490
491
492
TEXT MESSAGES,
See also CANSPAM
TORT OF OUTRAGE, See Intentional Infliction of Emotional Distress
TRADEMARK LAW
Generally, 337–40
Actual or Intent to Use Applications, 345
ACPA Elements & Claims, 376–77
Anticybersquatting Consumer Protection Act, 376, 374–80
Commercial use (and Keywords), 381–82
Contributory Trademark Infringement, 358–64
Descriptive, 346
Dilution by Blurring, 365–67
Dilution by Tarnishment, 367–71
Dilution Claims, 367–71
Direct Infringement, 355–58
Distention of Trademarks, 339–40
Distinctiveness Spectrum, 345–47
Domain Name, 349–50
Elements of Trademark Applications, 344–45
Fair Use (Trademarks), 372
False Advertising, 354
False Designation of Origin, 353–54, 372–74
False Endorsement, 354, 374
Famous or Distinctive Elements for Dilution, 362
Fanciful or Coined, 346
Federal Dilution Claims, 372
Federal Trademark Registration, 340–42
Functional Limits of Trademarks, 349
In Rem Jurisdiction, 378–80
Internet-Related Trademark Claims, 352–80
Keywords and Commercial Use, 382–84
Keyword Trademark Litigation, 380–81
Nominative Fair Use, 372
Non-Commercial Use, 372
Parodies, 372
Registration Advantages, 341–42
Secondary Trademark Infringement, 361–63
Service Mark, 348
493
493
494
495
496
WIKIPEDIA (WIKI)
Generally, 1
WORLD WIDE WEB APPLICATIONS
Generally, 18–9
Aldidko, 19
Apple, 19
Flixster, 19
Goodreads, 19
iHeart Radio, 19
iPad, 19
iPhone, 19
iTunes, 19
Instagram, 19
Kindle, 19
Netflix, 19
Pandora, 19
Powerramp, 19
Soundcloud, 19
Spotify, 19
Zeebox, 19
WORLD WIDE WEB CONSORTIUM
Generally, 21
OWL, 21
RDF, 21
XML, 21
See also WGIG Report, Solum’s Internet Governance Theories XML
Generally, 21
ZITTRAIN’S GENERATIVE INTERNET
Generally, 49–50
DRM Systems, 49
Generative Technologies, 49
iPod as Appliance, 49–50
See also, Law as Code, Solum’s Internet Governance Theories