January 25, 2012 Contracts, Copyright

Megaupload takedown reminds us why website terms and conditions can be important

Kashmir Hill pointed out that at least one erstwhile file sharing service has changed its business model in response to the federal government’s action against Megaupload. She observes that:

FileSonic users can’t be too happy to have one of the main features of the site taken away. But the company must be less worried about its breach of contract with existing users than it is about the possibility of getting the Megaupload treatment, i.e., arrest, seizure of its property, and a criminal indictment.

This raises an important point. Any kind of online service that pushes the legal envelope may want to build in some mechanisms to pull back with impunity if it gets freaked out or loses its envelope-pushing courage. Said another way, that service should not make promises to its users that it cannot keep in the event the service wants to change what it is doing.

Some well known user generated content sites do this pretty well already in their terms of service. For example:

  • Dropbox: “We reserve the right to suspend or end the Services at any time, with or without cause, and with or without notice.”
  • YouTube reserves the right to discontinue any aspect of the Service at any time.”
  • Reddit: “We also reserve the right to discontinue the Program, or change the content or formatting of the Program, at any time without notice to you, and to require the immediate cessation of any specific use of the Program.”
  • Facebook (being kind of vague): “If you . . . create risk or possible legal exposure for us, we can stop providing all or part of Facebook to you.”

All good examples of foresight in drafting website terms and conditions that help innovative sites with damage control.

January 24, 2012 Computer Crime, Privacy

Ordering defendant to decrypt hard drive did not violate her Fifth Amendment rights

U.S. v. Fricosu, 10-CR-00509 (D. Colo. January 23, 2012)

Pursuant to a warrant, federal agents seized defendant’s laptop from her home. When investigators turned it on, they saw the hard drive’s contents were encrypted using PGP Desktop. Defendant would not voluntarily turn over the password to decrypt the drive, so the Government filed an application under the All Writs Act to require defendant to “assist” in the execution of the search warrant. Defendant objected, asserting her privilege against self-incrimination under the Fifth Amendment.

The court rejected defendant’s arguments, granted the Government’s application and ordered defendant to provide an unencrypted copy of the hard drive. It found that the situation did not implicate defendant’s Fifth Amendment rights.

The Fifth Amendment provides that no person shall be compelled in any
criminal case to be a witness against himself. For the most part, this privilege only covers testimony. But an act that implicitly communicates a statement of fact may be within the purview of the privilege as well. For example, producing a document (or electronic data, for that matter) is an acknowledgment that the material:

  • exists
  • is in the possession or control of the producer
  • is authentic (i.e., is what it purports to be)

The court held that defendant’s Fifth Amendment rights were not implicated because providing an unencrypted copy of the hard drive did not serve to accomplish any of the three points listed above.

The feds had confiscated the computer, so they knew of the location and existence of the computer files. (The court found that the fact that investigators did not know the specific content of any specific files on the computer did not matter.) And as for the authenticity of the computer files, the government would presumably be able to do that in other ways. Among other things, the computer was found in defendant’s bedroom. Information on the screen that showed up when it was turned on contained defendant’s first name. And perhaps most damningly, investigators had a taped phone conversation between defendant and her ex-husband discussing the computer and the fact it was password protected.

January 23, 2012 Privacy

Supreme Court: GPS device attached to car was an unconstitutional search

U.S. v. Jones, 565 U.S. ___ (2012)

Decision looks to 18th century sensibilities on the sanctity of personal property to resolve modern day legal problem occasioned by technology.

Today the Supreme Court issued its opinion in U.S. v. Jones, which addresses the question of whether it was a “search or seizure” under the Fourth Amendment when the police attached a GPS tracking device to a drug suspect’s car. The information gathered from the device was used to convict defendant and send him to prison for life.

An originalist kind of opinion

Justice Scalia authored an opinion (which four other justices, including Roberts and Thomas, joined) holding that the placement of the GPS device on defendant’s car was a “physical intrusion [which] would have been considered a ‘search’ within the meaning of the Fourth Amendment when it was adopted.” Because the device was placed on the car outside the scope of the warrant authorizing it (after the warrant’s expiration and outside its geographic jurisdiction), defendant’s Fourth Amendment rights were violated.

Property is key

Key to Court’s opinion was the Fourth Amendment’s close connection to property. Historically, Fourth Amendment jurisprudence has been tied to the concept of common-law trespass. Later cases, such as Katz v. United States, 389 U.S. 347 (1967) deviated from that approach, looking more to a personal interest, namely one’s “reasonable expectation of privacy.”

Reasonable expectation of privacy does not matter here

The Government had argued that there was no search here because defendant had no reasonable expectation of privacy in the underbody of his car, nor in the information about the public places he went. The court rejected that argument. Instead, it observed that “[a]t bottom, we must ‘assur[e] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.”

This “at bottom” analysis meant looking to the property interest defendant had (as informed by principles of common law trespass). By attaching the device to defendant’s car, the officers encroached on a protected area.

Open questions about information tracking

The case involved more than the mere transmission of electronic signals. In dicta, the court noted that in cases that do not involve physical intrusion, the Katz “reasonable expectation of privacy” analysis would apply. And the court was able to skirt the thorny question of whether the pervasive gathering of information while assisted by technology (something that it would take an army of agents and vehicles to accomplish) would be unconstitutional:

It may be that achieving the same result through electronic means, without an accompanying trespass, is an unconstitutional invasion of privacy, but the present case does not require us to answer that question.

Many commentators have observed that the case bears similarities to United States v. Knotts, 460 U. S. 276 (1982) which involved a location-transmitting “beeper” that was placed in a canister of chloroform, which made its way into the defendant’s trunk. In Knotts, the Court held that the gathering of location information in such a fashion did not violate the Fourth Amendment. The Jones case is different — in Knotts, the cops were not reponsible for placing the canister into the vehicle. Here, the cops actually had to encroach on defendant’s property (and even changed the batteries on the device at a later date).

The Court’s decision comes as a relief to those who worried about the Orwellian-like consequences of a Government victory. It appears that all of us — including the Justices of the Supreme Court themselves — are free from indiscriminate government surveilance of this sort. It will be interesting to go back and watch This Week in Law Episode 137, where we discussed this case and its issues.

What do you think? Was the court correct in looking at 18th century doctrines to solve a 21st century problem? Let’s have a conversation below.

January 22, 2012 Privacy

Cops violated Fourth Amendment in warrantless search of digital camera

Schlossberg v. Solesbee, 2012 WL 141741 (D.Or. January 18, 2012)

Plaintiff was being questioned by defendant police officer when defendant noticed plaintiff was using a digital camera to capture the exchange. The cop got enraged and took the camera away. He arrested plaintiff and looked through the files on the camera without getting a warrant.

So plaintiff filed a civil rights lawsuit. Before trial, the court asked the parties to file briefs on whether plaintiff’s Fourth Amendment rights were violated. The court found that the warrantless search of the camera was an unlawful search incident to an arrest, thereby violating the Fourth Amendment.

In its decision, the court noted that cases which have allowed warrantless searches of electronic devices incident to arrest established a dangerous new rule, namely, that any citizen committing even the most minor arrestable offense is at risk of having his or her most intimate information viewed by an arresting officer. The court recounted the case of some cops who, in a warrantless search of a drunk driving suspect’s cell phone, found and shared some naked photos of the suspect’s girlfriend. See Newhard v. Borders, 649 F.Supp.2d 440 (W.D. Va 2009).

The court disagreed with the rationale of previous cases that held electronic devices such as phones and cameras were like “closed containers” and were thereby subject to warrantless searches. It found that warrantless searches of electronic devices are not reasonable when they are incident to a valid arrest absent a showing that the search is necessary to:

  • prevent the destruction of evidence
  • ensure officer safety, or
  • address other exigent circumstances

The court further found that all electronic devices should be subject to this broad protection — police should not have to distinguish between laptops, traditional cell phones, smart phones and cameras before deciding whether to proceed with a search of the device incident to arrest.

In sum, the court found that because plaintiff had a high expectation of privacy in his camera’s contents, defendant should not have reviewed its contents in a search incident to the arrest. He should have gotten a warrant instead.

So what do you think? Did the court get this one right?

January 20, 2012 Copyright

If you critique SOPA, read the text. If you read the text, read it right.

Earlier this week Eriq Gardner speculated in a tweet that less than one tenth of one percent of folks have actually read the SOPA legislation. I bet he’s right. It’s good to read the statute. But what might be worse than not reading it is reading it wrongly and thereafter propagating misunderstanding.

One of the motifs that has permeated the SOPA discussion is this idea that evil (usually corporate) interests could shut down entire, innocent sites based on one piece of user generated content on that site that is, or links to, infringing material.

Some commentators, such as the usually astute Khan Academy in the video embedded below, have gone so far as to say that one little transgression by one user could bring down all of Facebook, YouTube, or Vimeo. (That discussion begins at about the 5:00 mark where the narrator purports to parse the language of Section 103 of SOPA.)

We are fortunate to have the means and motivation to rally around an issue like SOPA and make it a topic of worldwide discussion. But it turns unfortunate when some of the loudest criticism is based on misinformation. That’s happening now.

It is silly to think that one person could bring down Facebook and leave its almost a billion users in the dark. It is silly to think that Congress would enact legislation making that possible. Those thoughts are silly because they are not based on reality. One user could not cause Facebook to be shut down, and SOPA does provide content owners with a way to accomplish that.

If you take a close look at SOPA, (and of course you should) you see that this “one person taking down Facebook” conclusion is not supported by the language of the statute.

If a federal judge is convinced that a site is “dedicated to the theft of U.S. property,” then he or she can enter an injunction (according to the Federal Rules of Civil Procedure and all the case law attendant thereto) shutting down that site’s domain name.

The present misunderstanding comes from a reading of SOPA’s definition in Section 103 of what it means for a site to be “dedicated to the theft of U.S. property.” That definition is much narrower than what other commentators would have you believe. Among other things, the site has to be:

  • primarily designed or operated for the purpose of offering goods or services in a manner that engages in, enables, or facilitates infringement, circumvention or counterfeiting,
  • have only limited purpose or use other than offering goods or services in a manner that engages in, enables, or facilitates infringement, circumvention or counterfeiting, or
  • be marketed by its operator or another acting in concert with that operator for use in offering goods or services in a manner that engages in, enables, or facilitates infringement, circumvention or counterfeiting.

A less-than-careful reading leads one to think that the definition brings in any site that enables or facilitates infringement, circumvention or counterfeiting. Read the definition again. Is Facebook primarily designed to rip off US property? Is it used for only a little more (i.e., does it have a limited purpose) other than to enable or promote piracy? Does Mark Zuckerberg say that is what it is for? Because the answers to these questions are no, no and no, a federal judge would not conclude that Facebook is a site dedicated to the theft of U.S. property.

If that federal judge were to so conclude, then he would likely be smoking dope. And if that is the state of affairs, then our problem is not SOPA, but federal judges smoking dope.

The fervent opposition to SOPA leads one to be reminded, like David Newhoff was in this piece, of the “death panel” hyperbole that surrounded the healthcare debate. It might be the same part of the brain at work that caused all the irrationality in Vancouver after the Stanley Cup. I’m just sayin’.

Principled and reasonable debate is awesome. Misguided arguments waste everyone’s time.

January 18, 2012 Copyright

SOPA/PIPA reading list

This list is a work in progress. Newer additions are at the top of the list.

January 17, 2012 Anonymity, Copyright, Electronic Discovery, Evidence

No deposition of account holder allowed until he is named as defendant in BitTorrent copyright case

Hard Drive Productions, Inc. v. Doe, 2012 WL 90412 (E.D. Cal. July 11, 2012)

In a mass copyright infringement suit, plaintiff served a subpoena on an internet service provider and got the identifying information for the account holder suspected of trading a copy of a movie via BitTorrent. The account holder was uncooperative with plaintiff’s offers to settle, and denied downloading the file.

Instead of simply naming the identified account holder as a defendant in the case and proceeding with ordinary discovery, plaintiff asked the court for leave to take “expedited discovery,” namely, to depose the account holder to learn about:

  • the account holder’s involvement with the alleged distribution
  • his computers and network setup
  • his technical savvy
  • other users who may have had access to the computers or network

The court denied plaintiff’s request for leave to engage in the expedited discovery. It found that unlike other copyright cases in which anonymous infringers were identified, the efforts in this case “went far beyond seeking to identify a Doe defendant.” Instead, the court observed, it would be “a full-on deposition during which [the account holder] who plaintiff admits is likely not represented by counsel, may unwarily incriminate himself on the record before he has even been named as a defendant and served with process.”

January 15, 2012 Contracts

Wedding photographer not responsible for risque photos of bride posted online

Bostwick v. Christian Oth, Inc., 2012 WL 44065 (N.Y.A.D. 1 Dept. January 10, 2012)

Plaintiff bride logged onto her wedding photographer’s website and saw photos of herself wearing only underwear. She emailed an employee of the photographer, who promised to take the offending photos down. But they remained on the website even after plaintiff shared the online password with her family and friends.

So she sued the photographer for breach of contract, fraud and concealment, and negligent infliction of emotional distress. The trial court threw the case out on summary judgment. Plaintiff sought review, but the appellate court affirmed.

Breach of contract

The court found that defendant was authorized by agreement to post the photos. Defendant owned the copyright in the photos and otherwise had the right to put the proofs online. Any demand by plaintiff that the photos be taken down did not serve to revoke any of defendant’s rights, as plaintiff never had the rights to make such a determination to begin with. Moreover, the court found that because the agreement between the parties had an integration clause which provided that any amendments had to be in writing, the subsequent communications between plaintiff and defendant’s employee did not serve to amend the contract. (This decision by the court is puzzling, as the communications about taking the photos down were apparently by email. Other New York courts have held emails sufficient to amend written contracts.)

Fraud and concealment

To have been successful on her fraud and concealment claim, plaintiff was required to show, among other things, that she reasonably relied on defendant’s statement that the underwear photos had been taken offline before she gave the password to her friends and family. The court found in favor of defendant on this point because plaintiff could have checked to see whether the photos were actually taken down before she allowed others to access the photos. What’s more, the court found that the failure to take the photos down was not “concealment” but merely an oversight.

Negligent infliction of emotional distress

Despite its sympathy with plaintiff, and an acknowledgment that having others see the photos would be embarrassing and upsetting, the court found that plaintiff failed to establish a case of negligent infliction of emotional distress. This part of the case failed because plaintiff did not show that she had been exposed to an unreasonable risk of bodily injury or death. There was nothing in the record to cause plaintiff to fear that she was exposed to physical harm.

December 20, 2011 Trademarks, Unfair Competition

Use of trademark in gripe site subdomain was not likely to cause confusion

Ascentive, LLC v. Opinion Corp., 2001 WL 6181452 (E.D.N.Y. December 13, 2011)

Plaintiffs sued gripe site pissedconsumer.com for trademark infringement and other forms of unfair competition. The court denied plaintiffs’ motion for preliminary injunction. It found, among other things, that defendants’ use of plaintiffs’ trademarks as subdomains (e.g., ascentive.pissedconsumer.com) was not likely to cause confusion.

The court looked to other cases where gripe site operators chose negative words to use in conjunction with the company being criticized. Over the years, gripe site operators have commonly chosen to add the word “sucks” to the target brand. For example, in Taubman Co. v. Webfeats, 319 F.3d 770 (6th Cir. 2003), the court held there was no trademark violation by the site taubmansucks.com.

Other “suck” parts of the URL have risen above the trademark infringement fray. A case from over a decade ago found that the web address compupix.com/ballysucks would not create a likelihood of confusion because no reasonable visitor to the site would assume it to come from the same source or think it to be affiliated with, connected with, or sponsored by Bally’s. Bally Total Fitness v. Faber, 29 F.Supp.2d 1161 (C.D. Cal. 1998).

And it’s not just that these brands purport to suck. In Taylor Building Corp. v. Benfield, 507 F.Supp.2d 832 (S.D. Ohio 2007), the court found that taylorhomesripoff.com, used in connection with a forum for criticizing plaintiff, did not create any likelihood of confusion.

In this case, the notion of being “pissed” joins a lexicon of permissible gripe site nomenclature (depending on the circumstances, of course). So says the court: “Like the word ‘sucks,’ the word ‘pissed’ has entered the vernacular as a word instinct with criticism and negativity. Thus, no reasonable visitor to the [offending pages] would assume the sites to be affiliated with [plaintiffs], and PissedConsumer’s use of plaintiffs’ marks in the various domain names at issue is not likely to cause confusion as to source.”

Aside: Good lawyering by my friend Ron Coleman for the defendants in this case.

December 18, 2011 Contracts

Court enforces online terms and conditions incorporated by reference in invoices

Clickwrap and browsewrap agreements are not the only enforceable online contracts.

Fadal Machining Centers, LLC v. Compumachine, Inc., 2011 WL 6254979 (9th Cir. December 15, 2011)

Plaintiff manufacturer sued one of its distributors over unpaid invoices. Defendant moved to dismiss, citing to an arbitration provision in the terms and conditions on plaintiff’s website. The district court dismissed the complaint and plaintiff sought review with the Ninth Circuit. On appeal, the court affirmed.

It held that the district court did not err in concluding an arbitration agreement existed between the parties. Though the language of the hard copy distribution agreement did not address arbitration, it provided that plaintiff could unilaterally establish terms of sale from time to time. Each invoice referred to plaintiff’s website’s terms and conditions. The court found that these referred-to terms and conditions “clearly and unmistakably delegated the question of arbitrability to an arbitrator.”

The decision supports the notion that contracting parties (particularly merchants selling goods) may rely on provisions not spelled out in any documents exchanged between them, but appearing online and incorporated by reference. In other words, certain online contracts other than clickwrap and browsewrap agreements may be enforceable.

Scroll to top