August 18, 2010 Computer Crime, Privacy

Computer Fraud and Abuse Act, the Stored Communications Act, and unauthorized access

Monson v. The Whitby School, Inc., No. 09-1096, 2010 WL 3023873 (D.Conn. August 2, 2010)

Plaintiff Monson sued her former employer (a private school) for sex discrimination and related claims. The school filed counterclaims against Monson for, among other things, violation of (1) the Computer Fraud and Abuse Act (CFAA) and (2) the Stored Communications Act (SCA).

The counterclaims were based on allegations that Monson gained unauthorized access to the school’s email server to unlawfully view and delete email messages contained in the email accounts of other school employees. Upon learning of her impending termination, the school alleged, Monson used this unauthorized access to delete more than 1,500 email messages. Further, the school alleged that after Monson was terminated, she intentionally deleted data and software programs that resided on her school-issued computers before she returned them to the school.

Monson moved to dismiss the counterclaims. The court denied the motion.

CFAA claim

Monson argued that the school had not adequately pled that her actions — accessing and deleting data and software — were unauthorized. The court rejected this argument, finding that while it may be implausible (a la Twombly and Iqbal) that Monson wasn’t authorized to access her own email account, there was no reason to find it implausible she was not authorized to access the email accounts of others.

SCA claim

The court dismissed the SCA claim for essentially the same reason. Monson had argued that the school’s “formulaic” statement that she had accessed the stored electronic communications were not pled with enough detail to state a claim. The court found that the allegations were sufficient.

Photo courtesy of Flickr user croncast under this Creative Commons license.

August 9, 2010 Copyright

State law claims against Turnitin fail

Christen v. Iparadigms, LLC, No. 10-620, 2010 WL 3063137 (E.D.Va. Aug. 4, 2010)

Plaintiff was a graduate student and one of her professors uploaded a couple of plaintiff’s papers to the web-based plagiarism detection service Turnitin. You may remember how the Fourth Circuit held last year that this uploading and use of students’ papers is a protected fair use that would not subject Turnitin to liability for copyright infringement.

Perhaps recognizing the difficulties of a copyright case against Turnitin, plaintiff pursued various state-law, non-copyright claims based on Turnitin’s inclusion of plaintiff’s works in its database. So plaintiff sued for conversion, replevin and unjust enrichment.

The court dismissed all three of these claims, holding that they were preempted by the Copyright Act.

The Copyright Act specifically preempts all state-law rights that are equivalent to those protected under federal copyright law. Many courts apply a two-pronged test to determine if a particular state-law claim is preempted: (1) the work must be within the scope of the subject-matter of copyright, and (2) the rights granted under state law must be equivalent to any exclusive rights within the scope of federal copyright.

The court found that there was “no question” that the works at issue — plaintiff’s unpublished manuscripts — fell within the subject-matter of copyright protection.

It went on to find that plaintiff’s conversion claim was “simply a copyright infringement claim dressed in state-law clothing.” And the rights in the works that the plaintiff asserted — mainly, to use and reproduce the copyrighted work — were exclusive rights granted by the Copyright Act. The conversion claim also failed because plaintiff was not seeking the return or destruction of tangible property, just code stored on the Turnitin server.

The court dismissed the replevin claim on similar grounds. Because there was nothing tangible to be purged or returned, an action in replevin would not be viable. But even more importantly, replevin actions are no longer recognized under Virginia law, as the cause of action was repealed by statute.

Finally, the court held that plaintiff’s unjust enrichment claim failed. Citing to Nimmer and a batch of cases holding unjust enrichment cases to be preempted by the Copyright Act, the court held that a state-law cause of action for unjust enrichment should be regarded as an “equivalent right” to rights granted under the Copyright Act.

August 5, 2010 Defamation, Section 230

Communications Decency Act immunizes hosting provider from defamation liability

Johnson v. Arden, — F.3d —, 2010 WL 3023660 (8th Cir. August 4, 2010)

The Johnsons sell exotic cats. They filed a defamation lawsuit after discovering that some other cat-fanciers said mean things about them on Complaintsboard.com. Among the defendants was the company that hosted Complaintsboard.com – InMotion Hosting.

Sassy is my parents' cat. She hisses whenever I'm around, though they say she's a nice cat otherwise.

The district court dismissed the case against the hosting company, finding that the Communications Decency Act at 47 U.S.C. §230 (“Section 230”) immunized the hosting provider from liability. The Johnsons sought review with the Eighth Circuit Court of Appeals. On appeal, the court affirmed the dismissal.

Though Section 230 immunity has been around since 1996, this was the first time the Eighth Circuit had been presented with the question.

Section 230 provides, in relevant part, that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” It also says that “[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.”

The Johnsons argued that Section 230 did not immunize the hosting company. Instead, they argued, it did just what it says – provides that a party in the position of the hosting company should not be treated as a publisher or speaker of information provided by third parties. The Johnsons argued that the host should be liable in this case regardless of Section 230, because under Missouri law, defendants can be jointly liable when they commit a wrong by concert of action and with common intent and purpose.

The court rejected the Johnsons’ argument, holding that Section 230 bars plaintiffs from making providers legally responsible for information that third parties created and developed. Adopting the Fourth Circuit’s holding in Nemet Chevrolet v. Consumeraffiars.com, the court held that “Congress thus established a general rule that providers of interactive computer services are liable only for speech that is properly attributable to them.”

No evidence in the record showed how the offending posts could be attributed to the hosting provider. It was undisputed that the host did not originate the material that the Johnsons deemed damaging.

Given this failure to show the content originated with the provider, the court found in favor of robust immunity, joining with the majority of other federal circuits that have addressed intermediary liability in the context of Section 230.

July 26, 2010 Contracts, Litigation

Forum selection clause in clickwrap agreement enforceable

Meier v. Midwest Recreational Clearninghouse, LLC, 2010 WL 2738921 (E.D. Cal. July 12, 2010)

Plaintiffs live in California and bought an RV online from a vendor in Minnesota. The vendor’s website terms of service had a provision requiring that all disputes “arising out of or related to the use” of the website be brought in state court in Minnesota.

When plaintiffs — who were unhappy about the RV — brought a lawsuit in federal court in California, defendants moved to dismiss for improper venue. The court granted the motion.

The court noted that under the Bremen case, forum selection clauses are prima facie enforceable. And the Carnival Cruise Lines case takes that notion even further, giving forum selection clauses this presumption of enforceability in preprinted agreements.

In this case, plaintiffs argued that the court shouldn’t enforce the forum selection clause because it wasn’t freely bargained for. And they claimed that enforcing it would effectively deny them their day in court.

But that did not sway the judge. The court found that there was no bad faith motive that put the forum selection clause in the clickwrap agreement. And even though litigating in Minnesota might be inconvenient for California residents, it was not enough to bar them from the judicial system.

Moreover, just like the Supreme Court noted in Carnival Cruise Lines, the presence of forum selection clauses can reduce the costs of litigation because they cut down on the number of pretrial motions arguing over venue. And they also help consumers — this cost savings should ostensibly be passed on.

Related articles by Zemanta
Enhanced by Zemanta
July 13, 2010 Anonymity

Ninth Circuit orders anonymous internet speakers be identified

In re Anonymous Online Speakers, — F.3d —, 2010 WL 2721490 (9th Cir. July 12, 2010)

Quixtar (which used to be Amway) sued Signature Management TEAM (“TEAM”) for tortious interference and other claims, alleging that TEAM engaged in a smear campaign against Quixtar on the internet. In his deposition, TEAM’s online content manager refused to answer questions concerning the identity of the authors of certain statements made against Quixtar online. On Quixtar’s motion, the court ordered that the online content manager answer some of the questions concerning the anonymous speakers.

The anonymous speakers sought mandamus relief from the Ninth Circuit. On appeal, the court denied the request. It held that the district court’s decision was not “clearly erroneous as a matter of law.”

The district court had applied the stringent test set out in Doe v. Cahill, which requires, among other things, that the party seeking the identity of an anonymous internet speaker present enough facts to support a hypothetical motion for summary judgment.

The Ninth Circuit looked to the nature of the speech at issue — commercial speech — and held that the Cahill standard was too high. But the application of a too-high standard did not mean that the lower court should be reversed. The outcome would have been the same (i.e., the anonymous speakers would have been ordered unmasked) even if the district court had correctly applied a lower standard appropriate for commercial speech.

This is a significant case on the topic of anonymity because it is only the third federal circuit opinion to consider the question as to when unknown online speakers should be identified. The others are NLRB v. Midland Daily News (6th Cir. 1998) and Lefkoe v. Jos. A. Bank Clothiers, (4th Cir. 2009).

July 13, 2010 Fraud/Misrepresentation, Spam

State law spam claim in federal court not pled with required particularity

Hypertouch, Inc. v. Azoogle.com, Inc., 2010 WL 2712217 (9th Cir. July 9, 2010)

Pleading in federal court is generally a straightforward matter. Federal Rule of Civil Procedure 8 requires only that the plaintiff set forth a short and plain statement as to why that party is entitled to relief. But in cases involving fraud, there is a heightened pleading standard imposed by Rule 9.

In the case of Hypertouch, Inc. v. Azoogle.com, Inc., the plaintiff sued the defendants in federal court over almost 400,000 allegedly spam email messages. Hypertouch brought claims under California law (California Business and Professions Code § 17529.5(a)) but did not meet the heightened pleading standard of Rule 9. So the district court dismissed the case.

Plaintiff appealed to the Ninth Circuit. On review, the appellate court affirmed. It found that not only does the California statute speak in terms of commercial e-mail advertisements that contain “falsified,” “misrepresented,” “forged,” or misleading information — terms common to fraud allegations — but the complaint repeatedly described the advertisements and their content as “fraudulent.” The court held that plaintiff could not circumvent the requirements of the Rules by arguing that it did not plead all of the allegations sufficiently to set forth a claim of fraud.

It’s important to note that the court made clear, despite its holding, that it was not articulating a standard for pleading under this California statute. It merely found that in the circumstances of this case, the claim was not pled with the requisite particularity.

July 7, 2010 Right of Publicity

Use of name and image in YouTube clip did not support right of publicity claim

Fuentes v. Mega Media Holdings, Inc. 2010 WL 2634512 (S.D. Fla. June 30, 2010)

Plaintiff is a famous Cuban author who has written extensively about Raul Castro and other members of the Castro regime. The producers of the Maria Elvira Live show used plaintiff’s name and image in the content of one of the show’s episodes.

In addition to broadcasting the episode on TV, the producers uploaded clips from the show to YouTube. Plaintiff had not consented to that appearance and sued for, among other things, violation of Florida’s right of publicity statute, Florida Statute 540.08.

The show moved to dismiss the right of publicity claim and the court granted the motion.

It held that use of plaintiff’s name and image in this way did not violate the statute because the use was not “for purposes of trade or for commercial or advertsing purposes.” Looking to analogous cases (which, of course, did not involve social media), the court held that for this statutory standard to be met, the use of the name or image has to be separate and apart from the broadcast itself.

In these other cases, the individuals featured in the content of an audiovisual work sued under the statute and lost.

In Lane v. MRA Holdings, the plaintiff sued the producers of Girls Gone Wild. She lost even though her picture appeared on the cover of the DVD. In Tyne v. Time Warner, some individuals who were incorporated into the movie A Perfect Storm lost on the same grounds — their name and image had not been used separate and apart from the work itself.

July 2, 2010 Contracts, Copyright

New copyright lawsuit involves Creative Commons

GateHouse Media, Inc. v. That’s Great News, LLC, No. 10-50164 (N.D. Ill. filed 6/30/2010)

A lawsuit filed this past week in the Northern District of Illinois includes a claim that the defendant violated the terms of a Creative Commons license covering the plaintiff’s copyrighted works. GateHouse Media publishes a slew of local newspapers, including the Rockford Register Star in Rockford, Illinois. The Register Star provides premium online content to its subscribers, and makes that content available under a Creative Commons Attribution-NonCommercial-NoDerivs license.

GateHouse sued a company that sells reprints of articles — including articles from the Register Star — on fancy plaques to the people who are featured in those articles. Since GateHouse has its own reprint business, it views the defendant’s work as a competitive threat.

The complaint has all the claims you’d expect under these facts — copyright infringement, trademark infringement and various claims under Illinois unfair competition law. It also has a breach of contract claim, in which GateHouse invokes the terms of the Creative Commons license, going after the defendant’s commercial use of the licensed material.

Ponder if you will why GateHouse chose to pursue a violation of the Creative Commons license as a breach of contract claim and not as copyright infringement. The license terms are written as conditions and not covenants. So it seems like the defendant’s alleged use would be outside the scope of the license and therefore infringement. Any ideas why plaintiff is proceeding this way?

Enhanced by Zemanta
June 25, 2010 Contracts

Portability policies are an intriguing innovation

One of the fundamental and inherent technical shifts that are happening as computing moves to the cloud — for enterprise functioning and for more personal things like enjoyment of social media — pertains to the location of the user data being acted upon. Just think about how many different sites and providers across the web store and process and display uploaded user information.

The utility of this information is, in general, enhanced when there are well-understood ways that the uploaded data — whether as-uploaded or as-modified by the service or through user collaboration — can be moved to other computing environments. In some circumstances, easily-moved data is a good thing (think social networking profiles). In other circumstances, a user may want to know that his or her data will securely stay put (think medical information). The contours of the ability to move information is the subject of the notion of “data portability.”

It’s getting to the point where data portability is a real, practical issue. And it’s important enough that the topic should be addressed in terms of the legal relations between user and provider. Enter “portability policies.”

A portability policy — much like a website terms of service or privacy policy — serves to specify the understandings and the legal obligations between parties to a technological transaction. PortabilityPolicy.org is a new project from the DataPortability Project to make the portability policy drafting process easier, and the end results more standardized.

It looks intriguing. Here’s more information about the project from Techdirt.

Photo courtesy Flickr user Extra Ketchup under this Creative Commons license.

June 23, 2010 Copyright, DMCA

YouTube victorious in copyright case brought by Viacom

District court grants summary judgment, finding YouTube protected by DMCA safe harbor.

Viacom v. YouTube, No. 07-2103, (S.D.N.Y. June 23, 2010)

The question of whether and to what extent a website operator should be liable for the copyright infringement occasioned by the content uploaded by the site’s users is one of the central problems of internet law. In talks I’ve given on this topic of “secondary liability,” I’ve often referred it simply as “the YouTube problem”: should YouTube be liable for the infringing content people upload, especially when it knows that there is infringing material.

Charlie Bit My Finger - Harry and his little b...
Image via Wikipedia

Today was a big day in the history of that problem. The district court granted summary judgment in favor of YouTube in the notorious billion dollar copyright lawsuit brought against YouTube by Viacom way back in 2007.

The court held that the safe harbor provisions of the Digital Millennium Copyright Act (“DMCA”) (at 17 USC 512) protected YouTube from Viacom’s direct and secondary copyright claims.

Simply stated, the DMCA protects online service providers from liability for copyright infringement arising from content uploaded by end users if a number of conditions are met. Among those conditions are that the service provider “not have actual knowledge that the material or an activity using the material on the system or network is infringing,” or in the absence of such actual knowledge, “is not aware of facts or circumstances from which infringing activity is apparent.”

The major issue in the case was whether YouTube met these conditions of “non-knowledge” (that’s my term, not the court’s) so that it could be in the DMCA safe harbor. Viacom argued that the infringement was so pervasive on YouTube that the site should have been aware of the infringement and thus not in the safe harbor. YouTube of course argued otherwise.

The court sided with YouTube :

Mere knowledge of prevalence of such activity in general is not enough. . . . To let knowledge of a generalized practice of infringement in the industry, or of a proclivity of users to post infringing materials, impose responsibility on service providers to discover which of their users’ postings infringe a copyright would contravene the structure and operation of the DMCA.

Given the magnitude of the case, there’s little doubt this isn’t the end of the story — we’ll almost certainly see the case appealed to the Second Circuit Court of Appeals. Stay tuned.

Related articles by Zemanta
Enhanced by Zemanta
Scroll to top