Legal Research, Issues, and Practice in Cyberspace - Jurisdiction, International Issues & Digital Discovery Todd Krieger & Cyrus Daftary April 7th, 2014 1 Agenda Administrative Discussion Jurisdiction International Digital Discovery Questions & Answers 2 Administrative Discussions Week 8 Doing Business Online START Week 4 Creating and Entity Week One Welcome & Introduction Week 5 Access to Technology, ADA Week 9 Tax Week 6 1st Amendment, Social Media Week 10 Jurisdiction Week 3 Patents & Trademark Week 7 Privacy Issues Week 12 Class Projects Week 13 Class Projects Week 11 Class Project 3 Jurisdiction A court’s power to adjudicate a controversy. Defined by ‘long-arm’ statute and due process clause of constitution. 4 Jurisdiction - History 1945 - International Shoe vs Washington: defendant must maintain ‘minimum contacts’ with forum state – if it doesn’t offend the traditional notions of fair play and substantial justice. Due process requires fairness and justice. Example: Out of state salesperson who does business in California. Gave courts some discretion. 5 Jurisdiction - History (cont’d) 1980 - World Wide Volkswagen vs Woodson: Plaintiff buys car in New York and is injured in Oklahoma. The court finds conduct must be directed towards forum state not merely placing a product in the stream of commerce. 6 Specific v. General Jurisdiction General jurisdiction: (Helicopteros Nacioinales de Colombia, S.A. vs Hall) Continuous and systematic contacts with the forum state. Controversy need not arise out of the defendant's activities in the state. Specific jurisdiction: (Burger King vs Rudzewics) Cause of action arises directly from defendant’s contact with the forum state. 7 Evolution of Online Jurisdiction Early websites were informational, online brochures. Early on, disputes were independent of the websites. Plaintiffs tried to use the websites to assert jurisdiction, usually with little success; they needed to show something more. Lawyers and judges were still learning about the technology. 8 Early Conflicting Cases – Sporadic Internet Activities Website and toll free number – (Graphic Controls Corp. vs Utah Med. Prods. Inc.) – (Inset Sys. vs Instruction Set, Inc.) Soliciting and maintaining a website for future business with knowledge of in-state access – (Hearst Corp. vs Goldberger) – (State by Humphrey vs Granite Gate Resorts) Source: Todd D. Leitstein - A Solution for Personal Jurisdiction on the Internet, 59 La. L. Rev. 565, 1999 9 First Rational Framework Zippo vs Zippo.com : – Lighter Company vs Online E-mail/Content provider. – 3,000 customers in PA; 7 agreements with PA based ISPs. Sliding scale of jurisdiction Doing Business/Interactivity Jurisdiction 10 Zippo Three Prong Test (1) The defendant must have sufficient minimum contacts with the forum state. (2) The claim asserted against the defendant must arise out of those contacts. (3) The exercise of jurisdiction must be reasonable. Courts in the 5th, 9th, and 10th Circuits have used the Zippo sliding scale consistently, but some courts have attempted to refine the test. 11 Expanding Zippo Court in Cybersell, Inc. vs Cybersell, Inc. stated while the level of interactivity was a crucial factor for jurisdiction, interactivity alone did not provide grounds for jurisdiction, but instead required something more to establish minimum contacts. – “Something more” consisted of ‘targeting’ or intentional Internet activity expressly aimed at the forum state. S. Morantz, Inc. vs Hang, using Zippo and targeting approach found an interactive website that did not allow for online sales and was not directed at PA residents did not provide minimum contacts with PA over a NY defendant. 12 The “Effects” Test An alternative to the Zippo sliding scale test is the effects-based approach. Courts focus their analysis on the actual effects a website had in a particular jurisdiction and do not focus on the technology used. The effects test originated in Calder vs Shirley Jones, in which a CA entertainer sued a FL publisher for libel. The effects test has been applied in Blumenthal vs Drudge and Pavolich vs DVD Copy Control Assn. 13 International Transactions 14 An All Too Common Scenario Salesperson has a huge new urgent opportunity and wants to use the usual agreement. Their contact speaks English, so it is no problem if the customer is in another country, right? It depends… 15 One Size Does Not Fit All A standard form agreement might be fine overseas… …until there is a dispute How would a local court interpret the rights of the parties? Can your client enforce their rights? – Protecting IP – Getting paid Is it lawful to do business there? What is required for the transaction to be valid? 16 The U.S. has an Unusual Legal Climate Contingency fee plaintiff’s counsel Punitive and multiple damages Discovery Class action law suits Common law system Some companies actively avoid the U.S. as a forum Plaintiffs may be less likely to find the same windfall in other countries 17 Intellectual Property Rights Vary by Country Copyright: U.S. participates multiple copyright treaties, but copyright definition and enforcement varies by countries and treaties are not universal. Patent: U.S. patents do not give the patent holder rights overseas. Trade Secrets: trade secret rights vary by country. NAFTA & GATT provide some protection. 18 The EU takes a different view of software licensing than the U.S. UsedSoft GmbH vs Oracle International Corp “With the payment for services you receive, exclusively for your internal business purposes, for an unlimited period a non-exclusive non-transferable user right free of charge for everything that Oracle develops and makes available to you on the basis of this agreement” Court ruled downloaded perpetual license was a sale. Consider finite term for licenses and technological measures to limit transfers. Limit transferability of maintenance contracts. Compare with Vernor case. 19 Distribution Chain How many layers are there between the end user and the seller? The rights of the parties may vary if there are other parties between them. Statutory risks in appointing distributors and agents overseas: – Penalties for termination – FCPA compliance – Control of brand / trademarks – Export control Who will perform support services? 20 There May Be Few Choices “…Article (23) of the Kuwaiti Commercial Code states that non-Kuwaiti citizens may not pursue any commercial activities in Kuwait, unless having a Kuwaiti partner. This partner's share must not be less than (51%). Article (24) sets forth that any foreign company may not establish a branch in Kuwait and cannot pursue its commercial activities in Kuwait unless having a Kuwaiti agent.” “..The principal may not decline to renew the agency agreement upon its expiration without paying the agent equitable compensation for the non-renewal, provided that the agent provides evidence that he is not at fault and that his activities successfully promoted the principal’s products.” 21 Work With Local Counsel Local subject matter expertise Realistic risk assessment Language skills (where applicable) Cultural awareness Able to assist with negotiations Can help navigate through a dispute. 22 Language Considerations Contractual obligations can be diluted in translation: – Double check key clauses with local counsel or other trusted native speaker. – Even automated translations can give a hint at a problem. – Have side by side English translation with English prevailing, where permitted. Consider local language requirements. 23 Automated Translations Are Not Always Accurate 24 Get Accounting Insight Shift tax burden to the other party. Tax rates vary by country and depend on categorization of goods: – Rate may be different if technology is delivered digitally or on a tangible medium – Support service rate may vary from tech license – Creating a local nexus can have profound tax consequences – Who will provide local services? Be aware of currency exchange issues. Can payment be sent directly to the U.S.? 25 Negotiations Overseas Local contract negotiation styles will differ – Focus on building a relationship – Turnaround time can vary by regions – Be sensitive to local time zones and holidays. “SPECIAL CIRCUMSTANCES: The workweek in Kuwait is Sunday through Thursday for most businesses, government offices, and commercial banks.” (US State Department) For important issues, video conference, telephone, or face to face discussions can be more efficient than email. Leverage business team to assist in working with the other party. 26 Select a Predictable Forum for Disputes Local entities may prefer their local court and choice of law. Foreign forum and choice of law clause may not be enforceable. Arbitration offers a reasonable alternative. – Define rules and forum – Reserve the right to obtain injunctive relief What resources are needed if there is a dispute? Maintaining confidentiality during the dispute Local dispute may be a leap of faith. 27 Standard Clauses May Not Be Enforceable Validity of warranty exclusions, disclaimers, and limitations on liability vary by region: – Reverse engineering exclusion in the EU – Statutory warranty remedies – No limitations for death or personal injury in the UK. Other standard clauses may be illegal: – Interest for late payment under Sharia law. 28 Business to Consumer Sales Overseas Require Additional Caution The European Union has enacted consumer protection directives that set the minimum standard in the member states. Typical U.S. style disclaimers may invite local scrutiny (OFT – UK) : – sellers cannot restrict consumers’ rights to reject faulty goods – warranties must be reasonable – contracts must be clear and easy to understand without hidden ‘traps.’ 29 Consumer Protection Directives Data Protection Directive 95/46/EC Distance Selling Directive 97/7/EC Unfair Terms in Consumer Contracts Directive 93/13/EEC Electronic Commerce Directive 2000/31/EC 30 Export Control U.S. Department of Commerce Bureau of Industry responsible for most export regulations – Export Administration Regulations (EAR) Applies to all U.S. companies: – – – – Employees Subsidiaries Agents Distributors Software transfer can be considered an export: – – – – E-mail FTP Download Provision of source code subject to EAR to foreign national in the U.S. 31 Export Administration Regulations Restrictions and requirements depend upon: – – – – What is exported? Where is the recipient? Who is the recipient? How will the item be used? EAR apply no matter whether the software originated in the U.S. or elsewhere. Certain exports could be prohibited or require a license. 32 Some Exports have Additional Regulations Defense services and munitions – Department of State, Directorate of Defense Trade Controls (DTC) Defense-related goods, services, and technologies – Defense Technology Security Administration Nuclear materials and equipment – Nuclear Regulatory Commission, Office of International Programs Nuclear technology and technical data for nuclear power and special nuclear materials – Department of Energy, Office of Arms Controls and Nonproliferation, Export Control Division Licenses for natural gas and electric power – Department of Energy, Office of Fuels Programs Export of wildlife and endangered and threatened species – Department of the Interior, U.S. Fish and Wildlife Service Controlled substances and the import-export of listed chemicals used in the production of control substances under the Controlled Substances Act – Drug Enforcement Administration, Office of Diversion Control, Import-Export Unit Drugs and medical devices – Food and Drug Administration, Office of Compliance, Food and Drug Administration, Import/Export Hazardous waste exports – Environmental Protection Agency, Office of Solid Waste, International and Transportation Branch 33 Export Restrictions Depend on Classification of the Software Export Control Classification Number (ECCN) determines the licensing requirements under the EAR. Items are categorized into 10 categories, each further delineated into five product groups: Categories 0 = Nuclear Materials, Facilities, and Equipment (and Miscellaneous Items) 1 = Materials, Chemicals, Microorganisms and Toxins 2 = Materials Processing 3 = Electronics 4 = Computers 5 = Telecommunications and Information Security 6 = Sensors and Lasers 7 = Navigation and Avionics 8 = Marine 9 = Propulsion Systems, Space Vehicles, and Related Equipment Most goods are not classified (EAR99). Product Groups A. Systems, Equipment and Components B. Test, Inspection and Production Equipment C. Material D. Software E. Technology 34 Export Restrictions Vary by Country Cross reference ECCN with the Commerce Country Chart 35 Embargoed Countries Have Additional Restrictions Restricted Countries: – – – – – Cuba Iran North Korea Northern Sudan Syria Restrictions vary by country The list is subject to change Export licenses are still permitted for some categories, but very restricted. 36 Restrictions Vary by Recipient Individuals and organizations may be prohibited from receiving any goods from the U.S. or require a license. EAR99 goods or other goods not requiring a license are restricted. Restricted Entity List (EAR Part 744 Supplement 4). Treasury Department Specially Designated Nationals and Blocked Persons List. Unverified / Red Flag List. Denied Persons List. 37 Exports are Restricted by Use EAR99 items and other categories are restricted by use: – Items used by parties involved in WMD are prohibited without a license. – Nuclear uses. – Rocket propulsion systems. – Maritime nuclear propulsion. – Chemical & biological weapons. – Certain foreign vessels or aircraft. 38 Substantial Penalties for NonCompliance Criminal sanctions >$1 million Criminal penalties Revocation of export privileges Reference: – http://www.bis.doc.gov/licensing/exportingbasics.htm – http://www.bis.doc.gov/licensing/bis_exports2.pdf 39 Foreign Corrupt Practice Act Prohibits illicit payments by U.S. companies to foreign officials Prohibited Payments: It is unlawful to pay or offer to pay “anything of value” to a “foreign official” to influence official action or to secure any improper business advantage in order to obtain or retain business. 5 elements: – – – – – Applies to any employee or agent of client in any location Unlawful to offer, pay, or promise to give “anything of value” The payment must be intended to induce misuse of an official position To any foreign official or political party To influence official action or to secure any improper advantage in order to “obtain or retain business” http://www.justice.gov/criminal/fraud/fcpa/guide.pdf 40 Prohibited Payments Prohibited Payments: cannot offer, pay, or promise to give “anything of value” – – – – – – – Cash Services Payment of Travel Expenses Excessive Entertainment Expenses Lavish Gifts Favorable Loans Charitable Contributions 41 Exceptions Payment Lawful Under Foreign Law – Must be in the written law or regulations of the foreign country – Traditional, customary, or not enforced restrictions do not qualify Reasonable Business Expenditure – To promote a business or product – Includes trip expenses, tours of company facilities, product demonstrations and training – Must be reasonable and bona fide 42 “it is difficult to envision any scenario in which the provision of cups of coffee, taxi fare, or company promotional items of nominal value would ever evidence corrupt intent” “single instances of large, extravagant gift-giving (such as sports cars, fur coats, and other luxury items) as well as widespread gifts of smaller items as part of a pattern of bribes” Lawful 43 Questionable Helpful guide: http://www.sec.gov/spotlight/fcpa/fcparesource-guide.pdf FCPA Enforcement Penalties may include substantial fines, debarment, disgorgement of profits, and prison Recent enforcement actions: – Siemens (Iraq, Argentina, Bangladesh, Venezuela, Iraq, Israel, Nigeria, Vietnam, China, Russia, Mexico) $800 million – Aibel (Nigeria) $4.2 million – AGA Medical Corp. (China) /$2 million – Con-Way Inc. (Philippines) $300,000 – Faro Technologies (China) $2.95 million – Willbros Group (Bolivia, Ecuador, Nigeria) $32.3 million 44 Even Lawful Exceptions can be a Publicity Nightmare NHS contractor hosts US junket for health staff “ABOUT 150 hospital managers and medical staff were flown to the US, for a conference that included a 1980s-themed street party which was hosted by one of the biggest contractors in the National Health Service. An entire street was cordoned off to allow guests to watch bands and sip free drinks at local bars last Tuesday. The event was hosted by X Vendor, which is bidding for NHS contracts worth hundreds of millions of pounds. Some trusts sent as many as 11 staff for the four-day conference, with X Vendor paying for some of the flights and hotel bills in exchange for the trusts helping to develop and promote its technology. The total cost for flight and accommodation for the NHS staff was more than £150,000.” . 45 Domestic Anti-Corruption Rules also Apply Most jurisdictions have statutes prohibiting bribery Exceptions to the FCPA may be contrary to local law. Training and compliance programs are critical. 46 What is Discovery? “Discovery” refers to the process of compelling another party to provide information, which may include documents, during the course of litigation. Gives litigants access to information relevant to the dispute. Discovery requests may be very broad and burdensome, especially in business litigation. Facebook postings and other seemingly private information can be within the scope of a discovery request. – Case discussion: Gatto v United Airlines 47 Digital Discovery and Data Retention Most new information is electronic. Companies need codified policies for retention of digital and printed information or they could be overwhelmed by a discovery request. Define retention periods based on legal, business, and personal obligations. Must follow policies carefully. Third party solutions available. 48 Federal Rules of Civil Procedure For Electronic Discovery Implemented 12/06 Rules put in place process for party to demand access to information that is claimed to be ‘burdensome to access and produce.’ Companies may have hundreds of unorganized legacy back-up tapes with year of e-mails and other information New rules provide exceptions for good faith inadvertent destruction. 49 New Rules Harmonize Electronic Discovery Practices Attorneys involved in litigation must address electronic discovery at the earliest stage of discovery planning. New rules provide a framework for courts and easier guidance to assist clients. 50 Some Specific Requirements: Rule 26(a)(1)(B) changes ‘data compilations’ to ‘electronically stored information’. – (similar amendments to other rules) Rule 16(b) amended to require that scheduling order may include electronically stored information. Rule 26(f) requires parties to confer and discuss issues related to electronic information. Rule 26(b)(2)(B) addresses the burden for data that is not readily accessible. Party receiving request must establish unreasonableness of request. Rule 37(f) accommodates the accidental loss or destruction during a routine operation of electronic information if the party took reasonable steps for preservation. – Keep in mind other changes as well. – http://www.ims-expertservices.com/newsletters/nov/eddrules-111406.htm 51 Courts Have Defined Expectations of Digital Discovery “Now that the key issues have been addressed and national standards are developing, parties and their counsel are fully on notice of their responsibility to preserve and produce electronically stored information.” – Judge Shura Scheindlin, Zubulake v. Warburg – Final jury verdict: $29 million. Complying with digital discovery requests may be very expensive, time consuming and implicating. 52 High Profile Cases Have Led to Big Verdicts Coleman v. Morgan Stanley: $1.45 Billion jury verdict for overwriting e-mails, failing to timely process backup tapes, failure to produce relevant e-mails and attachments. U.S. v. Philip Morris , 327 F. Supp. 2d 21: $2.75 Million in sanctions for failure to follow order to preserve e-mails and other e-discovery violations. 53 In Re Information Management Services, Inc. Derivative Litigation Case discussion: Digital discovery + employee e-mail privacy + attorney client privilege (oh my). 54 Meta-data May Be Critical Metadata = ‘data about data’ Metadata must remain intact: – History (date of creation and modification) – Tracking (who created the document and where does it reside) – Comments and annotation. Metadata may leave an implicating trail. – Previously deleted text – Comments – Identity of those who worked on document – Dates and times of work. – Changes in date in Windows may not be the same in the underlying DOS. 55 Electronic Discovery Can be Very Expensive Average may be $1-3 million Litigants need efficient data search and management strategies – Law firms bill for searches on an hourly basis Data may not be in a common or searchable format 56 Data Security is a Relatively New Area of Liability Company computers may house sensitive consumer data and trade secrets. Failure to adequately protect consumer data has led to high profile settlements with the FTC: – – – – Choicepoint: $15 million TJX BJs Wholesale Club Hannafords – 3/08 - 4 million credit card numbers compromised – Target Failure to adequately protect trade secrets can also create a corporate disaster. 57 Sensitive Digital Data May Reside in Surprising Places http://www.cbsnews.com/8301-18563_1626412439.html http://business.ftc.gov/documents/bus43copier-data-security 58 Nevada SB 267 Was Passed in Response Section 4 of this bill requires a business entity or a data collector to ensure that any personal information which is stored on the data storage device of a copier, facsimile machine or multifunction device in the possession of the business entity or data collector is securely encrypted or destroyed by certain approved methods before the business entity or data collector relinquishes ownership, physical control or custody of the copier, facsimile machine or multifunction device to another person. http://openstates.org/nv/bills/76/SB267/documents/NVD00008333/ 59 Companies are Obligated to Protect Sensitive Data and Report Breaches Most states require notification of residents if personal data is compromised and many other states are not far behind. – Massachusetts 93H – http://www.mass.gov/ocabr/business/identity-theft/requirements-for-securitybreach-notifications.html Hundreds of data breaches have been reported Reporting has led to bad publicity and fines. Marriott reported the loss of 200,000 names in missing backup tapes. Some reporting requirements are exempted if the data was encrypted. 60 ID Theft Has Impacted Millions of Americans U.S. consumers lost billions to identity theft in 2013 ID Theft consumes time and money. Consumers are more careful with their personal information. – Vulnerable to phishing attacks – As safe as the company where they used their credit card. IRS Criminal Investigation Targets Identity Theft Refund Fraud FS-2013-4, February 2014 The IRS has seen a significant increase in refund fraud that involves identity thieves who file false claims for refunds by stealing and using someone's Social Security number. http://www.irs.gov/uac/Newsroom/IRS-Criminal-Investigation-Targets-Identity-Theft-Refund-Fraud-2014 61 Phishing Attacks Can Be Cleverly Disguised 62 Data Thieves Actively Target Websites and Corporate Networks May use e-mail viruses to crack networks Target specific applications to get sensitive data – Once the perimeter security is cracked, the entire network may be available. Hijack remote computers to anonymously attack sites. 63 Reasonable Measures To Protect Sensitive Information Policies – http://www.mass.gov/ocabr/docs/idtheft/compliance-checklist.pdf Encryption Intrusion detection Firewalls Password protection Anti-virus programs Physical security of laptops and portable media. 64 Questions & Answers 65