Goldman's Law: user generated content à pornography (whatever
advertisement
Threshold Inquiries Contracts (third party beneficiary?) Trespass to Chattels (spam, bots, privacy) For IAPs, not individuals Copyright (fed) (porn, file sharing, web browsing) TM (fed) (domain names, meta tags, ads, phishing) Publication Torts (social networks) + Personal injury caused by 3rd party content Privacy Spam Porn Does the state have PJx over D? Should you settle? o General/consent or o Are potential damages worth the costs? o Specific: o Which party is more sympathetic? In rem (over domain name) o Is technology too new in adoption cycle? Zippo sliding scale (disfavored) Is the law constitutional under the DCC? Toys ‘R’ Us minimum contacts What’s your story? Is the Internet exceptional? Would the judgment be enforceable? Does this case affect the future of the Internet? Formation (NEED KNOWLEDGE) o Conspicuous Mandatory Non-Leaky Click Through / Specht knowledge Use to make o Restatement Contracts §69 (Register.com) synthetic IP rights Amendments o Can’t reserve the right to unilaterally modify (but see TheGlobe.com) o Need notice, consideration, and a savings clause (Blockbuster.com) Common Law (hardest for P to get post-Hamidi, so statutes trump in practice) o Intentional use that causes or threatens to cause computer damage (Hamidi and Register.com) CFAA 18 USC §1030(a)(5) o (A) = knowingly transmit info causing certain harms o (B)-(C) = intentionally access w/out authorization (e.g. violate K or browsewrap license) causing certain harms (Ticketmaster) CA Penal Code §502(c) = knowingly/without permission access or use, causing any damage/loss Valid copyright = original work of authorship fixed in a tangible medium of expression (register for $) Infringement if violated §106 right to reproduce, distribute, derivative works, or public performance o Direct (need volitional action [argue users, not IAP], so not in Cablevision or Field) o Secondary (NEED A DIRECT INFRINGER 1st) Contributory =induces, causes or materially contributes to known specific infringement Inducement is a variant that applies to mixed-use technologies (Grokster) Vicarious = right/ability to supervise and direct financial interest in infringer’s acts Defenses o Fair Use (nature of use, nature of work, amount taken, market effect) o License (express [e.g. in TOS], compulsory, or implied [e.g. want to be seen]) (Ticketmaster) o 17 USC §512 Safe Harbors (Veoh and Viacom) §512(c) = no damages for hosting user content (follow notice & take down formalities) Purposes = limit consumer confusion and incentivize producers (tension) Valid TM = distinctive (inherently or via secondary meaning) Infringement (P’s priority and D’s use in commerce +) o Direct if likelihood of consumer confusion (Sleekcraft) Initial interest confusion (Falwell) is now merged into this (Network Automation) o Contributory (NEED A DIRECT INFRINGER 1st) Intentionally induce others to infringe or Continue to supply product with actual/constructive knowledge used to infringe o Defenses = nominative use and descriptive fair use Dilution of famous marks if D used it in commerce after it was famous and blurring/tarnishment o Defenses = fair use, news reporting, noncommercial use ACPA and UDRP/URS for domain names Defamation, Prosser’s 4 privacy torts, and harmful/inaccurate information But Promissory Estoppel if you promise to edit… Secondary liability (aka for 3rd party content) o Offline = publishers liable for content within their editorial discretion o Online = CDA applies to all COA except federal crimes, federal IP laws (© and TM), and ECPA 47 USC §230(c)(1) = websites aren’t liable for 3rd party user content unless they encourage or require illegal content b/c then part creators (Roommates.com) 47 USC §230(c)(2) = websites aren’t liable for filtering decisions Look at FTC Act (FIPs), ECPA, COPPA (kids), CFAA, state laws (e.g. contract, §502, identity theft) Beware of PII and Article III Standing Look at CAN-SPAM Act , TM law, CFAA, non-preempted state laws, and technological controls Can be obscenity (Miller), indecency (Pacifica or CDA), harmful to minors, child porn (Ferber & toxic) ------------------------------------------------------INTRODUCTION------------------------------------------------------ 1. The Internet a. Definitions (subject to evolution) i. Functional approach = every machine that communicates using TCP/IP (voluntary protocol of packet switching) or has an IP address (and is therefore part of the network) 1. The technological boundaries of the network 2. But really separate Internets (since govs. block access to certain domain names) ii. Relationship approach = universe of IAPs who trade packets with each other (all about contractual privity) iii. Activity approach = activities mediated by an electronic network (overinclusive) b. How it works i. International Web of linked open and closed networks and computers capable of: 1. Rapidly transmitting communications without direct human involvement 2. The automatic ability to re-route communications if any links are damaged and 3. Subdividing individual messages into smaller packets sent independently so if a computer gets overloaded the packets can be re-routed (aka packet switching) a. IP addresses = geographic information assigned by network operators (statically or dynamically) (controlled by IANA) b. Domain name = pneumonic device for the computer associated with corresponding IP address ii. Connect with an Internet Access Provider (cable or phone company, wireless…) 1. But by selling access to the Internet, which definition are they providing? iii. No single entity administers the Internet iv. Multiple methods of communication 1. One-to-one (email) 3. Real time communication (chat) 2. One-to-many (listserv) 4. Remote info retrieval (e.g. FTP, WWW) c. History i. Internet created in 1969 by the US Defense Department (ARPANet) 1. Goal = make network that could survive nuclear war by multiplying choke points 2. Benefits: a. Network stability (it survives as long as one link remains) b. Operational efficiency (so small messages don’t get stuck behind big ones) c. Easy to join and leave, just need to follow TCP/IP ii. WWW developed at CERN in 1990 (uses common language--HTML and HTTP--to access documents via hyperlinks over the Internet) 2. Internet Exceptionalism a. Should we just apply given laws to it, or does it demand its own better/worse laws? b. Effect on speech i. Operating costs are low, so fewer barriers to publish (less power to incumbents) ii. May speak and listen interchangeably, blurring the distinction iii. Harder to tell where speech is coming from iv. So much easier to find information and form borderless communities c. Effect on discrimination i. Internet is not a place of public accommodation (Noah = chat rooms are not physical places, so not covered by the Civil Rights Act so harassment that is not ok offline is ok online) 1. So legal privilege to online over offline businesses (who incur policing costs) ii. Harder to discriminate b/c can’t see physical characteristics iii. Reduced risk of violence, and less shame in leaving an online community (easier, too) 3. Goldman’s Tips a. Apply hornbook law, but Internet cases are usually decided based on who you’re more sympathetic to (and remember: we hate spam more than even porn) i. Pro: self regulate (even if you fail to get it all) and self help (don’t use courts first) (Veoh) ii. Con: monopolists controlling expression, spammers, crazies (even worse than spammers), stealth tech./bad business practices (Ticketmaster) b. Always think about cost/benefit analysis for the company you represent (is it worth suing?) c. Argue that if you lose the Internet will be over b/c things like Google will be illegal (Field) d. Go through every cause of action available e. DO NOT: i. Use the term “Internet Service Provider” b/c covers Internet Access Providers and service/content providers ii. Use the terms clickwrap (instead say MNLCT) or browsewrap (which isn’t a contract) iii. Talk about the DMCA as a standalone thing b/c it had 5 very different sections 1. We talk about §1201-02 and §512 ----------------------------------------------PERSONAL JURISDICTION---------------------------------------------1. Is PJx proper? a. General Jx? i. Physical presence or systematic and continuous contacts as if physically there b. If not, then consent to Jx in the forum (e.g via contract)? c. If not, then specific Jx? i. State long arm statute (CA = DPC) and ii. DPC alternative tests 1. Minimum contacts: a. Minimum contacts with the forum i. = Purposeful availment b. Where Jx comports w/ traditional notions of fair play & substantial justice i. = Reasonably anticipate being hailed in to court (contact COA) (Hemi = fair to have PJx over website that sells cigarettes to Il. In violation of state law b/c shipped to every state except NY so elected to do businesses with them and knew it could opt out [explicitly rejects Zippo, but really like it + de minimis exception]) 2. Effects: D expressly aims intentional tort at the state and causes foreseeable harm 3. In rem (15 USC §1125(d)(2)): suing the property (online = domain names) 4. Online a. Zippo Sliding Scale (where contacts = commercial activity, P favorable) i. High = entity conducts business online, so Jx (even without contacts to that state) Essentially expanding purposeful availment prong of the Minimum Contacts test ii. Middle = “interactive” websites (depends on level of interactivity and commercial nature of exchange) iii. None = entity passively publishes content, so no Jx b. Toys ‘R’ Us Test (implicitly rejects Zippo, which is generally disfavored) i. Directly targeting website to the state ii. Knowingly interacting with forum residents via website or iii. Sufficient other related contacts (= website not aimed at NJ or even US but may still have sufficient non-Internet contacts, so look!) c. ALS Scan Test: i. Direct electronic activity into the state ii. Manifested intent of engaging in business/interactions w/ state iii. Activity creates the cause of action d. Is the judgment enforceable? If not, it’s a waste of time (if no people/property there to seize…) 2. The Geography of Internet Regulation a. Who should regulate the borderless Internet? i. International bodies (good b/c track’s network’s footprint, but no enforcement) 1. So ignore international laws unless there’s a risk they’re enforceable b/c you have assets they can grab there, you want to travel there, or US may enforce it (Toys) ii. Nations (makes the most sense, but no power over rogue nations and Congress sucks) iii. States (experimentation, but inconsistent, dumb ppl, and doesn’t match net. boundaries) 1. Plus, Dormant Commerce Clause (negative implications of CC) problem: a. SS (per se violation) for state laws that facially discriminate against outof-staters OR have an extraterritorial effect i. Goldman thinks all state Internet laws fail b/c no way to know where packets are going or prevent them from leaving the state ii. Reality = state porn laws fail, but state spam laws succeed (even though it’s harder to tell where email is coming from…) b. Balancing test for nondiscriminatory state laws that burden IC i. Ex. inconsistent regulatory burdens between states iv. Self-governance (responsive, but some wrongs can’t be fixed online) b. Reality = all of the above with no coordination (aka anarchy) 3. Locating Users a. How (can do anything with enough time and money!) i. Self-reporting (e.g. mailing address, credit card authentication) ii. Third party authentication (like a driver’s license…not popular in the marketplace) iii. Automatically reported by a device (e.g. GPS or triangulation) iv. IP address (geolocation = matching IP address to zip code of owner via ARIN database) b. Difficulties i. No accuracy test (limit of tech) iv. May just get owner’s location, not users (e.g. ii. Can anonymize with a proxy corporation’s HQ) iii. Caching v. Privacy pushback c. Why i. Police click, financial and identity fraud ii. Target ads and content iii. Restrict content (b/c contractual/legal limits on what can be sold where) (Yahoo = had yahoo.fr to comply with French laws but made no effort to restrict French access to yahoo.com. Since they could have with 70% accuracy, they should have) d. The more you know about your users, to more likely you’ll be subject to Jx ---------------------------------------------------------CONTRACTS--------------------------------------------------------- 1. General Contract Law a. Voluntary exchanges b. Objective manifestation of mutual assent (aka intent to be bound shown through overt words/act) i. Offer, acceptance and consideration = attempts to validate this c. Invisible hand d. Can synthetically manufacture the equivalent of IP rights in data through contracts e. Formation Interpretation Defenses Remedies 2. Crisis Online? a. Form contracts are ubiquitous online, but no one really believes clicking = consent b/c: i. No one reads it (and if they did they wouldn’t be able to understand it) ii. No ability to negotiate iii. They just want the payoff b. So why do we have giant EULAs? i. Because no robust set of default rules so you have to make them yourself! (see below) c. Or do contracts online just show us how much crap we tolerate in contracts offline? d. Offline analogies are garbage and ruin online contract law 3. Governing Laws a. UCC Article II = sale of physical goods (so applies to buying things online for delivery) b. CL = everything else c. UCITA (aka “UCC for the Internet”), but only enacted in Maryland and Virginia i. Unpopular b/c codified existing law which angered consumer advocates and is overbroad 4. Contracts online a. Changes from offline: i. Offline the edges of the paper mean something, but online you can link forever (no staple to communicate beginning or end) ii. More unconscionability attacks 1. Arbitration clauses for class actions are often unconscionable b/c means D wins iii. Special rules for SOF (e.g. electronic signatures are contracts are ok) iv. Special “Mailbox Rule” over electronic networks v. Increased parole evidence available when Internet negotiations are involved b. Main difference = formation i. Foolproof way of obtaining sufficient assent online = Mandatory Non-Leaky Click Through Agreement (where overt act shows intent to be bound) (Specht = also needs to be above the fold/conspicuous b/c that’s the only way a RP user would know of the agreement prior to acting) 1. Good to also include terms (not just a link) and require checking “I read this” box 2. So easy! But the Bermuda Triangle makes it hard to implement… a. No one talks to each other because: i. Marketers oversell ii. Engineers under-deliver and think they can intuit the law iii. Lawyers just say no (should say “sure, but you’ll be sued blind”) b. Prevent this by: i. Training ii. Embedding lawyers to catch problems early iii. Make pre-approved forms 3. Industry practice is often indefensible, so don’t just copy the big players! 4. Make sure it’s a bundled bootscreen license so third=party install sites won’t leave you exposed ii. Specht knowledge 1. Assent = when user objectively manifests an intent to be bound through overt acts or words, which can only happen if RPP would have known about the terms a. This is all you need, so Specht is a minimum (MNLCT guarantees it) iii. Restatement Contracts §69 = contract forms when the offeree takes the benefit knowing the terms and has a reasonable opportunity to reject but doesn’t (apple stand analogy) 1. About equity, but if the court goes here it’s reaching (Register.com = D’s robot submitted numerous queries, each time receiving notice of the terms, so it was bound b/c there’s a human at the end of the robot and it had to know, too) 2. Why isn’t this inconsistent with Specht? a. Need actual knowledge (can’t be obscured) and repeat player, so “assent” b. Courts are also less forgiving of businesses and spammers c. Amendments i. Need adequate consideration or else illusory (Blockbuster = can’t just reserve the right to modify it at will, put notice on the website, and apply changes immediately even though this is industry standard) BUT SEE (TheGlobe.com = MySpace got away with a unilateral amendment clause that applied retroactively b/c we hate spammers and they were just trying not to purchase ads) ii. Options: 1. MNLCT every time (but this is annoying and doesn’t solve legacy problem) 2. Spam users to notify them of changes (but huge bounce back rate) 3. Have a Savings Clause so it doesn’t apply retroactively (not enough in 9th Cir.) -----------------------------------------------------------TRESPASS----------------------------------------------------------- 1. Trespass to real property a. = any intrusion is actionable, whether or not there’s actual damages (n/a online) 2. Conversion and theft a. = protects personal property from permanent deprivation (usually n/a online) 3. Trespass to chattels (probably only direct liability) a. = personal property is damages but not taken away completely forever i. Ignored for years, but applicable to the Internet b/c packets move through our personal, physical property (servers, wires, routers, etc.) b. Linked to net neutrality c. Can synthetically manufacture the equivalent of IP rights in data by restricting access d. Common law i. Majority (Register.com = bots consumed a significant portion of P’s computer system’s capacity which did not incapacitate it, but would if others were allowed to devise similar systems, which is likely) 1. 2. 3. 4. System use Damage (as defined below in the chart) Actual or constructive notice that use is unpermitted Self-help attempt requirement (or else judge will ask why you’re here…) ii. CA (Hamdi = Intel gripper’s messages are minuscule and no threat of a larger scale operation by others, so no real damage and can’t win on this. But can stop him technologically or with other COAs) 1. System use 2. Causes or threatens to cause 3. Measureable loss to computer system resources (Hamdi = lost employee time and self help to block emails don’t count because not a harm to the chattel itself) e. Statutes (see below) i. Apply all 3 and both CL (see above)! Chattel Interference (always met online) Intentional use or physical contact Common Law *Hardest for P to get post Hamidi, so statutes trump in practice* Knowingly transmit 18 USC §1030(a)(5)(A) program/info/code/command Computer Fraud and Abuse Act 18 USC §1030(a)(5)(B) & (C) Intentional access without authorization (Ticketmaster = unauthorized access and/or exceeded authorized access in browsewrap (don’t need MNLCT) Damage (no scienter required) Physically dispossessed temporarily Impaired condition/quality/value Lost use (not access) for substantial time period or Bodily harm or harm to legally protected interest (CompuServe = customer goodwill) (Bidders Edge = potential for other spammers to imitate D and impair access) Intentionally impair integrity/availability of data/program/ system/info without authorization causing: Loss of $5k/year (including remediation and costs/lost revenues from service interruption) = EASY o Split whether you can aggregate microharms Medical harm or physical injury Threat to public health/safety Damage to government computer Damage to 10+ computers/year (probably includes anything connected to the network) Same as above (but no intentionality requirement) (B) = reckless impairment (C) = requires “loss” Knowingly without permission: Any damage or loss (including verification expenses) (2) access and take/copy/use data from a comp. system/ net. Why this is the easiest for P Civil COA, too (3) use computer services (7) access computer system/ net f. What is “authorization”? i. If you haven’t restricted or expressly revoked access you have impliedly allowed it ii. Can revoke permission via a “browsewrap” = not a contract, but enough for §1030 claim g. Includes “misuse” of computer services like Lori Drew and the MySpace suicide (must still establish requisite damage) CA Penal §502(c) ---------------------------------------------INTELLECTUAL PROPERTY--------------------------------------------- 1. Copyright a. Elements of a Valid Copyright i. Original works of authorship 1. = distinction between ideas and facts (not protected) and expression (protected) ii. Fixed in a tangible medium of expression (broad) 1. = things like writing down, recording…as opposed to spontaneous conversation 2. It’s only a copy if it’s fixed, and it’s only fixed if it’s embodied in a tangible medium of expression for more than transitory duration (Cablevision = keeping a copy of a TV show for 1.2 seconds before sending it to personal storage for each user doesn’t count. And since the users take the volitional conduct to make the copy by pressing the button, they’re the only ones directly liable [Kinko’s comparison]) iii. Protection commences upon fixation, but must register to sue 1. Register within 3 months to get statutory damages and attorney’s fees (or else you won’t get anything for online infringement b/c often no real damages) b. Copyright Holder’s Rights (in US): i. Exclusive under §106 right to: 1. Reproduce (but you can make a copy of things you own for personal use) 2. Distribute 3. Derivative works 4. Publicly/digitally perform/display ii. Within: 1. Life of author + 70 years (if joint work then 70 years after last surviving) 2. Work for hire = lesser of 95 years from publication or 120 from creation a. If made within scope of employment or specially ordered under statute 3. Pre 1923 = PUBLIC DOMAIN iii. Can transfer as a personal property right via writing 1. Can terminate after 35 years by serving written notice c. COA = Infringement i. Direct = violate §106 rights (no intent/knowledge required) (Veoh = even if service provider manipulates user files to make them workable within its site’s system, they’re still the user’s file b/c he originated the upload) 1. Must be volitional (Cablevision = user pressed the button to access shows on demand, so cable company can only be secondarily liable…threw users under the bus!) (Field = user clicks on link to get cached copy, so Google can only be secondarily liable) And must be fixed (Cablevision = only transitory duration so not a copy) ii. Secondary liability (ALWAYS NEED TO FIND DIRECT FIRST) 1. Contributory = with knowledge of the infringing activity, induces, causes or materially contributes to the infringing activity of another (aider/abettor) 2. Vicarious = right/ability to supervise infringer’s acts (not just by hosting content per Veoh) and a direct financial interest in those acts iii. Criminal 17 USC §506(a) = willful infringement and commercial advantage, $1k worth of infringement in 180 days or publishing pre-release work online 1. Everyone has done this, so we’re all saved by prosecutorial discretion d. Defenses/Exceptions 2. i. Fair Use §107 (it’s all a spectrum, and really working backwards to result you want) 1. Nature of use Don’t build a business on a. - Commercial ? + Transformative? If last copy is fair this b/c it’s very uncertain. 2. Nature of work use, all prior are Denial of it is a moral a. + Facts? +Published? excused as well vote, and better for 3. Amount/substantiality of portion taken (Perfect 10 v. Amazon) individuals than companies a. - Large %? - The heart? (Ticketmaster = no fair use b/c 4. Market effect violated browsewrap/contract) a. - Substitutes for each other? - Profit? ii. Licenses (implied, express, or compulsory licenses for music streaming, covers, etc.) (Field = Google had implied license to crawl and cache a webpage b/c can easily tell it not to in code) 1. Express EULA/TOS should negate implied license e. Online Issues i. DMCA 1. 17 USC §1201-02 (doesn’t really apply because market has rejected DRM) a. Can’t (Ticketmaster = can’t circumvent CAPTCHA with bots. See case for elements): i. Design/produce a product primarily for circumvention ii. Make one available despite only limited legitimate commercial significance or iii. Market one for use in circumvention of a controlling technological measure b. Protects copyright management information, so can’t remove/modify attribution from a file 2. 17 USC §512 Safe Harbors (enacted in 1998, so pretty much a relic) a. = safe harbor for transmitting data (rarely litigated) b. = safe harbor for caching (no longer relevant for how IAPs cache today) c. = safe harbor for hosting user content (notice and takedown) Specify which safe harbor i. Affirmative defense to damages (not injunction) if: you’re talking about! 1. Service provider (broad; ok to modify content [Veoh]) 2. Adopted a policy to terminate repeat infringers 3. Reasoanbly implment policy (Veoh = good faith, not 100% success) If these formalities aren’t met, then revert back to normal infringement analysis 4. 5. 6. 7. 8. Communicate policy to users Accommodate “standard technical measures” (unclear…) Designate agent to receive §512(c)(3) notices Post agent’s contact info on website (usually in EULA) No knoweldge of infringement OR awareness of red flags of obvious infrnigement (Viacom = need actual knowledge of identifiable infringement. Knowledge of prevalence of such activity doesn’t count, and if you have to investigate then it’s not a red flag) 9. No right/ability to control infringment (Veoh = ability to control the system ≠ ability to control activity b/c defeats purpose of §. Need ability to control actual infringment by stopping it before it was OR direct financial interest in it (aka where it draws in users) and 10. Must expeditiously respond to §512(c)(3) notices uploaded) ii. §512(c)(3) takedown notices are valid if: 1. IDs the infringed work or a representative sample 2. IDs infringing copies so service provider can find them a. Need specific URLs or something definitive Often not required b/c service b. Ps hate this because the burden is on them (Viacom = providers allow automatic have to give YouTube URLs, not tell them to look for stuff) takedowns to avoid lawsuits 3. Must state they have a good faith belief use is unauthorized 4. Must state complaint is accurate & authorized by ©-owner 5. Must have signature of authorized person 6. Must have contact information to follow up iii. Ambiguous… does it preclude all infringement, or just direct? 1. Veoh assumed all, so just go with that d. = safe harbor for linking (rarely litigated, also notice and takedown) e. = safe harbor for universities (rarely litigated) f. = liability for sending bogus takedown notices i. 9th Cir. subjective standard, so copyright holder can always win g. = safe harbor for counter-notifications (aka “put-back requests”) i. Usually ignored, so effectively worthless h. = expedited process for identifying infringers (very powerful) i. Automatic subpoena for the names from IAPs ii. Web browsing (see right) 1. Presumed infringement b/c reproduction and distribution of page templates 2. Defenses: a. Implied license and/or i. But these can be revoked explicitly via browsewrap (Ticketmaster = direct infringement when D goes to the website to configure the robot and caches a copy of it in RAM in violation of the Terms of Use) b. Fair use (as a matter of public policy?) iii. P2P file sharing (see right) 1. Subset of copyright law (since rulings don’t make sense outside this context) (Viacom) 2. Infringers a. B, C and D (no $, but can scare them) i. Liable b/c reproduced w/ no fair use (Gonzalez) b. A offers a mixed-use technology (users choose whether to use it for legitimate or illegitimate purposes) and has all the $ (Sony = if capable of Could have long-term value if copyright holders just let it grow up…This is an anti-start up doctrine commercially significant noninfringing uses then can’t hold manufacturer liable based solely on distribution, here VCRs) i. Can be liable under inducement (Grokster = indirectly liable for infringement by users b/c induced as shown by marketing itself as Napster, profiting from ad space which was only demanded since users swapped copyrighted work and making no effort to filter copyrighted material ) 1. Prima facie case (all about D’s state of mind): a. Distributing a device b. With the object of promoting its use to infringe c. As shown by clear expression or other affirmative steps taken to foster infringement 2. Consequences: a. Copyright holders litigate you to death b. Every email is relevant, so never speak your mind c. BitTorrent problem = C downloads a little from everyone, so hard to ID d. Cyber lockers (Dropbox) and linking sites? Should covered by §512(c) 3. Only way not to get sued = strike deals with copyright holders to stream (Spotify) 4. Note: 17 USC §506 = criminal infringement if $1k of retail value in x days 5. Focus is not on Internet Access Providers’ graduated response a. = automated system gives you warnings and eventually cuts your access to the Internet, with the burden on the user to explain activity b. Protected under §512(a), but this saves administrative costs and bandwidth 2. Trade secret a. = valuable secret/information b. Internet doesn’t change much, except there is a problem when misappropriated info is put online 3. Trademark (= word/symbol that designates product source) a. Purposes (TENSION) i. Limit consumer confusion and ii. Protect producers so they keep investing b. Elements of Valid TM (no registration needed, but benefits) i. Ownership of valid TM that is distinctive Duty to police your mark, but 1. Inherently if: takes a lot of apathy for court a. Arbitrary (ex. Apple) to find you forfeited rights… b. Fanciful (ex. Oreo) c. Suggestive (ex. Greyhound) 2. Needs secondary meaning if descriptive (ex. Dress Barn) 3. Not if generic (ex. Kleenex) c. Causes of Action i. Infringement 1. Types a. Direct i. P’s priority ii. D’s use in commerce 1. Interpretation 1: any activity covered by the CC 2. Interpretation 2: designating source in ad copy/packaging 3. Trend is to make this easy to satisfy by basically ignoring it (Falwell = domain name acts as off-site marketing aid) iii. Likelihood of consumer confusion about product source 1. Sleekcraft test, considering: Strength of P’s mark D’s intent D’s use of mark (related goods?) Similar marketing/advertising channels Similarity (sight, sound, meaning) Purchaser’s degree of care (↑ if more $) Actual confusion Likelihood of product expansion 2. Really just a way to answer the original question, and not exhaustive (Network Automation = also consider labeling and appearance of ads and context for search engines) iv. Initial interest confusion (merged with above) 1. = idea that consumers see something that diverts their attention and then choose to stay once they are no longer confused (Falwell = domain name can’t do it along, need to look at the website content, too. And if no profit then doesn’t apply to grippers b/c don’t want to insulate markholder from criticism) 2. 9th Cir. regrets inventing this, so now must show likelihood of confusion, not just diversion (Network Automation) b. Contributory (NEED DIRECT 1st) i. Intentionally induce 3rd party to infringe or ii. Continue to supply the product with actual/constructive knowledge it is being used to infringe 1. Ex. when service provider directly controls the instrumentality used to infringe (only domain name registration is safe) c. Vicarious (very narrow set of agency principles) 2. Defenses a. Nominative use (NKOTB), when: i. D is using P’s TM to refer to P ii. No good synonym to refer to P iii. D took only so much of the mark as necessary to refer to P and iv. D didn’t do anything to suggest sponsorship by P b. Descriptive fair use i. = D uses a descriptive TM to refer to its dictionary definition ii. Dilution of Famous Marks (only direct, no contributory/vicarious) 1. Prima facie case: a. Famous = widely recognized by general consuming public of US as source indicator (consider ads, sales, surveys, registration…) b. D used it in commerce after it became famous (assumed like above?) c. Likelihood of dilution via: i. Blurring = association that impairs distinctiveness ii. Tarnishment = association that harms reputation 2. Defenses (not the same as for infringement, so could still be liable there): a. Fair use (includes comparative advertising) b. News reporting/commentary c. Noncommercial use (so how did P meet prima facie case?!) a. Online Issues iii. Domain Names = pneumonic for IP addresses (these wars are just proxy wars for content, so everyone but the lawyers lose!) 1. Besides infringement and dilution, can bring claims under: a. ACPA 15 USC §1125(d) (aka Anti-Cybersquatting) i. Prima facie case: 1. D has a bad faith and intent to profit (Falwell = no bad faith intent to profit for griper, but yes for PETA.org) and 2. D registers, traffics in, or uses a domain name that: a. Is identical/confusingly similar to distinctive TM or b. Dilutes a famous TM ii. Remedies: 1. Cancel or transfer registration 2. Damages < $100k and attorneys’ fees b. Private adjudication within the domain name system via I-CANN i. UDRP 1. Prima facie case: a. Domain name is identical/confusing similar to TM b. D has no legitimate interest in it c. D engaged in bad faith (don’t need intent to profit) 2. Remedy = cancel/transfer registration ii. URS (for easy cases) 1. = UDRP by “clear and convincing” 2. Remedy = suspend the registration (~TRO) c. State domain name protection laws (no litigation; should void b/c DCC) iv. Keyword Metatags (which are assumed to be a use in commerce) 1. Judges hate them (seem surreptitious) and you will lose, so don’t use them (Promatek = ok to use P’s TM since D repairs P’s products, but can’t do it in metatag because calculated to deceive consumers) v. Search Engines and Competitor Keyword Ads (= use in commerce [Network Automation]) 1. TM Owner vs. Advertiser a. Google’s TM policy takes care of most of these i. Blocks ads with TM in ad copy if TM owner asks except: 1. Descriptive/generic use Cease and desist letters work, 2. Resellers, component/replacement part dealers but risk declaratory judgment 3. Informational sites (not including parody or gripers) ii. But doesn’t block TM-ed keywords (where the litigation is) b. No likelihood of confusion so long as consumers understand the brands and competition in the marketplace i. Consider strength of mark, actual confusion, degree of care, and labeling/context of the ad in results page (Network Automation) ii. Litigation cost > value of ads, so waste of money! 2. TM Owner vs. Search Engine a. Google always wins b/c consumers aren’t confused by their practice of auctioning P’s TM to 3rd parties (Rosetta Stone) b. Result of technology adoption cycle (came after Google was mainstream) 3. Takeaways a. All depends on the story: surreptitious stealing or market competition? b. Courts are split because purposes of TM law are in tension here 4. Hot news a. = protects time-sensitive news (facts, so not copyrighted) (e.g. stock recommendations) 5. Utility Patents a. = novel, useful, non-obvious ideas b. Internet doesn’t change much except that people are patenting the way Internet companies work 6. Can synthetically manufacture IP rights via contract or trespass to chattels ------------------------------------------------------PORNOGRAPHY-----------------------------------------------------Goldman’s Law: user generated content pornography (whatever that means) copyright infringement 1. Obscenity a. Outside the 1st Am. if it meets the Miller test: i. Average person applying contemporary community standards would find the work taken as a whole to appeal to the prurient interests 1. What is the “community” online? ii. Depicts/describes in a patently offensive way sexual conduct specifically defined by the applicable state law and iii. Whole lacks serious literary, artistic, political or scientific value viewed by natl. standard b. Goldman’s Rules: i. Bestiality and child porn meet this every time ii. Text should not be obscene 2. Indecency a. FCC definition from Pacifica = language that describes in terms patently offensive as measured by contemporary community standards for the broadcast medium, sexual or excretory activities and organs, at times of the day when there is a reasonable risk that kids may be in the audience b. CDA definition = any communication that in context depicts/describes in patently offensive terms as measured by contemporary community standards sexual or excretory activities or organs 3. Harmful to Minors a. Patently offensive to prevailing standards in adult community as a whole with respect to what is suitable for minors b. Appeals to the prurient interests of minors and c. Is utterly without redeeming social importance for minors 4. Child Pornography a. Outside the 1st Am. if it meets the Ferber test: i. Visually depicts sexual conduct by kids below a specified age where the conduct proscribed is suitably limited and described by state statute (because harms kids) b. Possession is illegal; service providers have to report it (Protection of Kids from Sexual Predators Act) 5. Statutes (since Congress hates porn) (states too, but ignore those b/c struck down on DCC grounds) a. CDA = first attempt to address the Internet so they screwed up big time (Reno = can’t criminalize dissemination of patently offensive/harmful to minors material online with definitions) b. Child Online Protection Act = free teaser content behind a pay wall (Ashcroft = focus on technological filtering, not banning. Burden on the readers, not content producers) c. d. e. f. g. h. Child Porn Prevention Act = can’t create simulated child porn (SCOTUS overturned) Children’s Internet Protection Act = publicly funded computers need filters (ok to condition $) Dot Kids implementation and Efficiency Act = what kind of sites can be on .kids.us Truth in Domain Names Act = can’t have domain names to attract kids and lead them to porn 18 USC §2257 = internet pornographers need to keep records/make disclosures Adam Walsh Child Protection and Safety Act = sex offender registry -------------------------------------------------PUBLICATION TORTS-------------------------------------------------Also personal injury caused by third party content (Moreno = intervening tortfeasor, Myspace = 230 immunity) 1. Defamation a. Prima Facie Case i. [False] statement of fact ii. Published (i.e. communicated) to someone else iii. Injurious to reputation (unless per se defamatory) iv. No scienter required b. Defenses i. Truth ii. Opinion iii. P didn’t demand a retraction when statutorily required or iv. 1st Amendment if: 1. Relates to a matter of public concern and a. What is “public concern” on the Internet with niche communities? 2. D lacked minimum scienter: a. In regards to public individuals = need actual malice b. In regards to private individuals = need negligence c. Single publication rule = publication (upload online) sets SOL unless there is republication 2. Miscellaneous a. Prosser’s 4 Privacy Torts i. False Light = offensive publication of true fact that recklessly puts person in a false light ii. Public Disclosure of Private Acts = publicize true but private fact w/out sufficient public interest (about expectation of privacy, even after subsequent postings) iii. Intrusion into Seclusion = offensive intrusion into private place (ex. photos in backyard) iv. Publicity Right = use of person’s name/likeness for commercial advantage (STATE IP) b. Harmful/Inaccurate Information (ex. saying mushroom isn’t poisonous) i. Negligence standard c. All subject to 1st Am. limits 3. Online = Change to Secondary Liability via CDA (original party may still be liable) a. Offline, publishers often liable for 3rd party content w/in their editorial discretion, but not online i. Ps hate this law because it’s a break from tort law and there’s no way around it, but try: 1. Showing D was a content provider “in part” ala Roommates.com by encouraging or requiring input of illegal content (aka not a “neutral tool”) 2. Try to bring federal IP claims 3. If you have a promise and detrimental reliance, do promissory estoppel b. 47 USC §230(c)(1) i. Policy: 1. Don’t want to disincentivize efforts to regulate material! ii. Language (dated): 1. “No provider or user of an interactive computer service… Internet a. = anyone online sued in their publishing/editorial/screening capacity (Doe Exceptionalism = can’t have fancy pleading to make it premises liability) at its finest 2. …Shall be treated as the publisher or speaker… (which any claim for 3rd party content/actions does) 3. …Of any information provided by another information content provider” a. = any person that is responsible, in whole or in part, for creation of info (Roommates.com = pull down tools weren’t neutral, and requiring input which violates the FHA makes the website part content provider. But free text boxes are ok) 4. Excluding information that violates federal crimes, [federal] IP laws, and ECPA a. In 9th Cir. this also preempts state IP laws like publicity rights 5. Even if they have notice the content was harmful (Zeran = AOL not liable for defamation on its messages boards even after it was asked to take it down) 6. And even if they exercise editorial discretion (= decisions to publish, withdraw, postpone or alter content) a. But edits can’t cause illegality to newly arise iii. Effect = websites are not liable for 3rd party users’ content unless they encourage illegal content or design the site to require users to input illegal content (RARE: even cases citing Roommates.com did so for D, so bring motion to dismiss) c. 47 USC §230(c)(2) i. = No provider of an ICS shall be held liable on account of any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be objectionable (excluding information that violates federal crimes, [federal] IP laws, and ECPA) ii. Used for website filtering decisions, ex. Google de-indexing websites, anti-spam vendor classifications, etc. 1. So website’s own activity leads to immunity d. Compare to Copyright (17 USC §512(c)) i. 47 USC §230 is waaaaay easier for Ds. See: 47 USC §230 (Publication) ICS provider/user (so everyone) Who Everything buy [federal] IP, federal Claims covered crimes, ECPA Duty upon notice None (Zeran said this would be bad) Effect of scienter None (unless you encourage or demand input of illegal content, which is RARE) None: automatically applies Prerequisites 17 USC §512(c) (Copyright) Online service provider (so everyone) Copyright Expeditious take down (notice-based liability) No safe harbor if you have actual knowledge or red flags (infringement is apparent on face) Registration and other formalities (so tons) -----------------------------------------------------------PRIVACY------------------------------------------------------------ 1. Definitions a. b. c. d. Decisional Freedom from government surveillance Freedom from private snooping Freedom from unwanted marketing 2. No privacy claim if no expectation of privacy (i.e. posting online) 3. Laws a. FTC Act: unfair/deceptive trade practices i. Fair information principles (FIPs): 1. Notice 2. Choice (beyond thumbs up/down) 3. Access (to what they know about you) 4. Security ii. Applies to every business in the country, but only test and egregious cases are brought b. ECPA (aka The Wiretap Act) i. No one understands it and doesn’t translate well online ii. Applies to: 1. Intentional (Pharmatrak = no consent b/c companies required assurances no PII was taken and consumers didn’t know—did knowledge to consent—and yes interception b/c contemporaneous, but not intentional b/c not conscious objective [inadvertence/mistake isn’t enough]) 2. Interception of private communications while in transit 3. Access to stored communications (e.g. voicemail) 4. Disclosure of transactional information to the government (= metadata) a. Need subpoenas, etc. Consent c. COPPA = i. Applies to commercial websites that market to, or knowingly collect data from, kids ≤12 defense 1. So do everything you can not to be governed by it, including: a. Don’t collect personal data b. If you do, don’t collect age information or kick kids out c. If you need ages, have a pull down menu saying “under 18” so don’t know ii. If you are covered, need to: 1. Post COPPA-compliant privacy policy (notice) 2. Obtain verifiable parental consent before data collection, use, disclosure (choice) 3. Let parents review collected data and restrict future collection/use (access) 4. Use reasonable security procedures (security) 5. Not condition participation in sweepstakes on unnecessary data disclosure iii. But contracts by kids under 18 are void anyway… d. CFAA 18 USC §1030 i. (a)(4)-(5) = trespass to chattels (see above) ii. (a)(2) = intentionally accessing computer to remove information from it (Specht) e. Industry-specific regulations f. State laws (shouldn’t even exist because of DCC…) i. Trade secret ii. iii. iv. v. vi. vii. viii. Prosser’s 4 Privacy Torts (see above) False advertising/consumer protection law Computer crime laws (ECPA equivalents) like CA §502 (see above) Contract breach Data breach notification laws (all states have different requirements) Obligation to display privacy policies Identity theft laws/”e-personation” (would have applied to Rolando if better timing) 1. E.g. CA Penal Code §528.5 2. E.g. §530.5(a) willfully obtaining PII and using it for an unlawful purpose (In re Rolando= willfully obtained email password when he was given it and remembered it, then defamed P by exposing her to hatred by posting lewd things on others walls using her FB account) ix. CA Reader Privacy 4. Personally Identifiable Information a. Laws treat PII differently, so try not to collect it or be aware of the extra requirements b. Definitions i. Narrow = something you can use to contact or ID a person without any other info (in CA a zip code is enough) ii. Broad = something that, if put with another database, is enough (what COPPA is moving towards) iii. Takeaway: don’t say you don’t collect it b/c it’s impossible to know (Pharmatrak) 5. Article III Standing a. To access federal courts must have: i. Injury-in-fact 1. Concrete and particularized 2. Actual or imminent (not conjectural or hypothetical) ii. Causation iii. Redressability b. Problem for privacy cases i. Breach of contract is not a standalone harm ii. Is violating a statute? (case pending) --------------------------------------------------------------SPAM--------------------------------------------------------------1990s problem, with illusory harms already addressed by existing laws, technology, and the marketplace 1. CAN-SPAM Act (enforced by FTC, but also limited private COAs for IAPs (which includes ISPs per TheGlobe.com) a. Definition = unsolicited electronic message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (both over and under inclusive) i. Broad! (TheGlobe.com = applies to internal messaging systems like MySpace even though doesn’t follow tech specs of “email” b/c otherwise would subvert Congressional intent) ii. Murky area that frustrates Congress’ purpose: 1. Texts, IMs, wall postings and pop-up ads? 2. Law firm newsletters and unsolicited resumes? b. Goal = to preempt confusing state landscape, especially CA’s opt-in law c. Restrictions: i. No materially false/misleading header information (e.g. name, address, IP) 1. Advertisers are liable if (different from offline): a. Reckless b. Receive economic benefit and c. Don’t take reasonable steps to prevent/report it ii. No misleading subject line iii. Must include a working and clear/conspicuous opt-out mechanism iv. Must label it as advertising and show a valid physical postal address v. If sexually explicit, but label as such in the subject line vi. Aggravations (i.e. enhanced penalties) for: 1. Email harvesting from a website with a restrictive privacy policy 2. Dictionary/random attacks (TheGlobe.com) 3. Automatic registrations of email accounts to send spam 4. Knowingly relaying unpermitted spam d. Supplements CFAA 2. TM law (e.g. covers phishing) 3. CFAA (Note: Hamidi wasn’t covered by CAN-SPAM b/c not promoting a commercial product) 4. Private regulation/technological controls (e.g. block lists, collaborative filtering, sender auth.) 5. State laws (probably unconstitutional under DCC, but may give individuals a COA) a. Preempted: i. Any law that expressly regulates the use of email to send commercial messages, except to the extent the law prohibits falsity/deception (most say must rise to level of fraud) b. Not preempted: i. State laws not specific to email (e.g. contracts, torts) ii. Other state laws to the extent they relate to acts of fraud or computer crime (e.g. consumer protection, trespass to chattels) ------------------------------------------------SOCIAL NETWORKING------------------------------------------------- 1. Takeaways a. Exceptionalism: regulation of social networking sites differs not only from offline enterprises, but from other websites as well b. It’s publishing content even if it feels private (seductive) i. So have to stand behind your words b/c no reasonable expectation to privacy (Moreno) ii. CDA applies and you won’t get to sue the ISP (Doe) c. Litigators should always raid social media sites, and if evidence of duplicity then can get discovery (Zimmerman = social network is non-privileged so can’t hide relevant information behind selfregulated privacy settings since he chose to disclose it and those who receive it aren’t limited in what they can do with it, so other side gets his password b/c feels like there’s a spoliation problem [judge obviously knows nothing about FB])
