Header graphic for print

New Media and Technology Law Blog

Proposed “Bitlicense” Regulations Published to the New York Register

Posted in Digital Currency, Regulatory, Technology

Today’s New York State Register includes a Notice of Proposed Rule Making from the New York State Department of Financial Services (the “NYSDFS”) regarding the regulation of virtual currency (“Regulation of the Conduct of Virtual Currency Businesses,” No. DFS-29-14-00015-P).  The proposed rule calls for the creation of the “bitlicense” which the NYSDFS has hinted at in the past.   New York is the first state to actually propose such a licensing requirement for virtual currency businesses.

The Notice, which refers to the full text of the proposed rule made available by NYSDFS a few days earlier, marks the beginning of a 45-day window for public comment on the proposed rule.

The proposed rule appears to be drafted to carefully exclude merchants and bitcoin miners from the scope of the licensing requirement, but includes exchanges, digital wallet services, merchant service providers and others in the virtual currency ecosystem.  It imposes many of the same types of requirements that we already have in the area of money transmission and clearing house services, including capital requirements, anti-money laundering safeguards, and “know your customer” type issues. It also includes requirements with respect to business continuity and cyber security issues.

All entities involved in or planning on being involved in virtual currency-related businesses should study this proposed rule carefully. There is still an opportunity to voice concerns and have the final rule reflect any issues that the NYSDFS views as important.  It is likely that whatever is enacted in New York will be used as a model in other states that wish to enact a similar virtual currency licensing structure.

Sixth Circuit Reinforces CDA Immunity – Reverses Lower Court in Jones v. Dirty World

Posted in Defamation, Online Content

On June 16th, 2014, the Sixth Circuit reversed the lower court’s holding that the gossip site, TheDirty.com, was responsible for its users’ defamatory posts and could not rely on immunity under CDA Section 230.   The appeals court ruled that even though the gossip site selected and edited user-generated posts for posting and added non-defamatory, albeit sophomoric, comments following each post, the site was protected by CDA immunity because it was neither the creator nor the developer of the challenged defamatory posts and did not materially contribute to the defamatory nature of the user postings.  See Jones v. Dirty World Entm’t Recordings,LLC, 2014 WL 2694184 (6th Cir. June 16, 2014).

For a detailed recap of the background of the case and the lower court ruling, see our earlier post.

The appeals court adopted the 9th Circuit’s Roommates.com “material contribution test” to determine whether a website operator is a “developer” of content under the CDA (i.e., “development” refers to not merely to augmenting the content generally, but to materially contributing to its alleged unlawfulness).  Flatly rejecting the lower court’s reasoning that websites lose CDA immunity based upon editing content for display and otherwise “encouraging” unlawful content (in this case, based upon the defendant’s suggestive domain name and selection of content), the Sixth Circuit stated:

[O]ther courts have declined to hold that websites were not entitled to the immunity furnished by the CDA because they selected and edited content for display, thereby encouraging the posting of similar content. […] More importantly, an encouragement test would inflate the meaning of “development” to the point of eclipsing the immunity from publisher-liability that Congress established.

The Sixth Circuit also rejected the lower court’s theory that the website operator “adopted” or “ratified” the defamatory content by adding his own pithy commentary after user posts and therefore lost CDA immunity, ruling that a website operator cannot be responsible for what makes another party’s statement actionable by “commenting on that statement post hoc.”

While we have long considered the lower court ruling an outlier, the Sixth Circuit confirmed this.  The opinion did not break new ground, but it did reaffirm the basic concepts of broad CDA immunity that protect online service providers for claims related to user-generated content.  The appeals court expounded on the broad immunity the CDA offers for website operators – even those who peddle in salacious content – that exercise traditional publisher functions and also stressed the “limited circumstances under which exercises of those functions are not protected.”

Mobile Alphabet Soup…What Exactly Is an ATDS under the TCPA?

Posted in Electronic Direct Marketing, Mobile, Privacy
An Important Issue for Text-Message Marketers

There has been an uptick in litigation under the federal Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227 – likely due to the increased use of mobile marketing (not to mention the availability of statutory damages between $500 and $1,500 per violation).  And with the growth of easy technologies to reach smartphone users, compliance remains a careful proposition…FCC Commissioner Michael O’Rielly, in a blog post, suggested that as the FCC and the courts have interpreted the TCPA in the face of new technologies, “the rules have become complex and unclear.”  Not surprisingly, companies have filed petitions with the FCC seeking clarification on how the latest marketing techniques and customer contact methods are covered under the TCPA.  However, except for a few situations, the FCC has yet to process the backlog of petitions for rulemaking or declaratory rulings.

Even as companies strive to offer users new services and social applications that facilitate communication and streamline e-commerce transactions, they are rightfully concerned they might misinterpret some provision of the TCPA and face a class action suit.

In the last decade, the legal debate surrounding the TCPA was over whether a text message was a “call” under the statute (it is) and whether the statute was implicated, absent certain exceptions, even if the user is not charged for receipt of a text message (it is).  In recent years, different legal issues are at the forefront: the contours of express consent and revocation of consent, the definition of non-telemarketing calls, a safe harbor for non-marketing calls and messages to discontinued mobile numbers, the status of one-time confirmatory text messages, class action certification, jurisdictional questions, as well as what constitutes an automatic telephone dialing system (an “ATDS”) under the statute.  Indeed, the latter issue – whether or not the call was made using an ATDS – is often the focus in the early stages of litigation since it is a prima facie element of a TCPA claim and companies try to knock out suits based upon the argument that the equipment used to transmit the messages in question does not implicate the TCPA.

Generally speaking, the three elements of a TCPA claim are: (1) the defendant called a cellular telephone number; (2) using an automatic telephone dialing system — the ATDS; (3) without the recipient’s prior express consent.  The term ATDS means equipment that has “the capacity (a) to store or produce telephone numbers to be called, using a random or sequential number generator; and (b) to dial such numbers.” 47 U.S.C. § 227(a)(1).  Importantly, a system need not actually store, produce, or call randomly or sequentially generated numbers, it need only have the capacity to do it.  The current debate is over what it means for an autodialing device to have the “capacity” to generate random numbers — whether that capacity may be theoretical or whether the device must possess the present capacity at the time the messages were transmitted.

A recent Illinois district court decision arguably took an expansive view of the definition of an ATDS in a dispute involving an allegedly unsolicited promotional text message sent by the social network, Path, Inc. In Sterk v. Path, Inc., No. 13-cv-02330 (N.D. Ill. May 30, 2014), the court ruled that the equipment Path used to send the text message was an ATDS, even though such equipment did not actually make the call using a random or sequential number generator.

The Ninth Circuit and a number of other courts have held that the operative determination is whether the equipment used to place a call could possibly be used to store or produce phone numbers using a random or sequential number generator, not whether the equipment was actually used in such a way to place the call or send the text messages at issue.  However, marketers have pointed out that this definition must have some outer limit because every smartphone could conceivably be engineered to store or produce numbers using a random or sequential number generator by simply downloading an app. The TCPA, the marketers note, surely does not mean to define every telephone or device as an ATDS subjecting the sender to liability for every unsolicited call or text message to a mobile phone.  Underneath this backdrop, courts have wrestled with whether the definition of an ATDS should rely on present capacity or potential capacity.

In a narrow ruling, the District Court for the Northeren District of Alabama court ruled that a telephone system is only covered by the TCPA if, at the time the calls at issue were made, the system had the capacity, without “substantial modification or alteration,” to store or produce numbers using a random or sequential number generator, even if the sender did not use that automatic dialing capacity.  See Hunt v. 21st Mortgage Corp., 2013 WL 5230061 (N.D. Ala. Sept. 17, 2013), further proceedings at Hunt v. 21st Mortgage Corp., 2014 WL 426275 (N.D. Ala. Feb. 4, 2014).  To meet the TCPA definition of an “automatic telephone dialing system,” the Hunt court stated that a system must have a present capacity, at the time the calls were being made, to store or produce and call numbers from a number generator, otherwise the sender cannot be liable under the TCPA.  This limitation of “present capacity” was echoed by a California state court in Stockwell v. Credit Management, L.P., No. 30-2012-00596110 (Cal. Super., Orange Cty. Oct. 3, 2013).  The Stockwell court focused on the present capacity of the defendant’s equipment, granting summary judgment in favor of the defendant because its calling device did not have a number generator.

The court in Sterk v. Path, Inc. arguably took a more expansive view of what constitutes an ATDS.  The Illinois court relied on FCC decisions that stated that an ATDS may include predictive dialing equipment that automatically dial numbers from a stored list without human intervention, even when the equipment lacks the capacity to dial telephone numbers using a random or sequential number generator.  In following the FCC’s guidance, the court stressed the main requirement for an ATDS is not the capacity to generate random or sequential numbers, but rather to “dial numbers without human intervention.”  See e.g., In re Rules & Regulations Implementing the TCPA, 18 FCC Rcd. 14014 (FCC 2003).  The court found that the equipment used by Path, which sent messages from a stored list without human intervention, was comparable to the predictive dialers that have been found by the FCC to constitute an ATDS – “The uploading of call lists from Path users is essentially the same as when a call list is entered by a telemarketer in a database. It is the ultimate calling from the list by the automated equipment that is the violation of the TCPA.” Path argued “human interaction” was present when users affirmatively clicked through prompts to upload their phone contacts to Path’s list, but the court stated that such conduct merely pertained to the collection of numbers, not the act of calling.

The court also rejected Path’s argument that such an interpretation would lead to the “absurd” result that every cell phone that could make calls from a list is an ATDS.  The Path court reasoned that the TCPA only prohibits improper use of an ATDS and that if a person uses a mobile phone to send countless unsolicited text messages that produce the harm envisioned under the statute, “it would not be an absurd result to find that the cell phone user had violated the TCPA.”

Given the potential exposure of a TCPA action involving numerous messages, companies will continue to use the ATDS defense to try to obtain a dismissal during the early stages of a case following limited discovery.  While it is a technical, factually-dependent argument that may require expert declarations explaining the capabilities of the dialing equipment in question, it is often more preferable than trying to argue consent, particularly given the stricter telemarketing rules that went into effect in October 2013.  As discussed, several decisions have been defense-friendly in limiting the scope of the ATDS definition, yet without clear guidance from the FCC, each court may take its own route to an interpretation. As always, companies should stay abreast of developments and review their mobile marketing practices and procedures to ensure that they are in compliance.


FINRA Issues Investor Alert Concerning Bitcoin Trading and Speculation

Posted in Digital Currency, Online Commerce, Regulatory, Technology

Bitcoin remains fixed on the front pages of the business and technology news for both the salacious and the positive. Much attention has been paid to the collapse of the former top bitcoin exchange, Mt. Gox, stemming from the purported theft of nearly $500 million in bitcoins.  The temporary suspension of trading in the securities of one technology company producing a mobile bitcoin platform, the venture capital investment in bitcoin-related startups, and the rash of cyberhacking incidents against digital wallet services have all been prominently featured in the press.  In addition, the advent of alternative cryptocurrencies beyond bitcoin, the dubious discovery of mysterious bitcoin founder Satoshi Nakamoto, and the increased acceptance of bitcoin by major e-commerce sites have made the headlines as well.

Amid the news coverage, interest in bitcoin has grown, but so has the scrutiny.

On March 11, 2014, FINRA issued an Investor Alert to caution investors of the “significant risks” of buying and speculating in bitcoin and other digital currencies, as well as the risk of fraud and cybercrime related to online bitcoin exchanges and other bitcoin-related service providers.

Specifically, the alert outlines several risks surrounding the usage of and speculating in bitcoins, including:

  • Bitcoin and other digital currencies are not legal tender and if the trust built up among individual users and businesses should vanish, bitcoins would be valueless.
  • Online exchanges that allow users to buy and sell bitcoins and digital wallet services that allow users to store bitcoin are magnets for cyberthieves.  Unlike banks that offer federal protections for depositors, there are no safeguards for bitcoins stored with service providers.
  • Because bitcoin transactions are essentially anonymous, users must take extra care to avoid fraudsters posing as legitimate services.  Importantly, a completed bitcoin transaction cannot be reversed and refunds are contingent on the willingness of the parties.  The alert cautions that fraudulent schemes are not limited to the web – for instance, last year, the SEC brought suit against the operator of a bitcoin-related Ponzi scheme and even issued its own Investor Alert about Ponzi schemes involving virtual currencies.
  • Bitcoins have been used for illicit transactions and such activities could impact users and speculators if an online exchange or service is shut down by law enforcement.
  • Bitcoin speculation, like any investment, brings financial risk.  Price volatility has been bitcoin’s hallmark in recent years, and there is no uniform value of bitcoin across the various exchanges.  Moreover, outside events such as the collapse of an online exchange, a hacking incident of an e-wallet service or regulation imposed by a foreign government can dramatically affect the currency’s value.  As the alert states: “In short, bitcoin speculation is extremely risky.”

State regulators have also taken note of the risks to investors and users of bitcoin. Notably, the FINRA alert comes on the heels of the New York Department of Financial Services announcing that it is accepting formal proposals to operate digital currency exchanges in New York in conjunction with the agency establishing its oversight of the nascent industry, as well as the Texas Securities Commissioner entering an Emergency Cease and Desist Order against a Texas energy exploration company that sought bitcoins from potential investors.  The Texas State Securities Board also issued its own bitcoin Investor Alert.

Where is it all headed?  Given the variable nature of bitcoin, it’s hard to foresee the future.  Still, many questions remain: How will state or federal regulation affect the bitcoin ecosystem in the coming year?  Will volatility and data security lapses destroy confidence in bitcoin and chill speculation, or will bitcoin persevere and gain more legitimacy?  Will bitcoin emerge as a standard payment option, remain a niche product, or otherwise become less interesting, but more predictable under new regulations?

We will keep you posted as we learn more and work through these issues with our clients.

Bitcoins: Legal and Business Issues

Posted in Digital Currency, Technology

On Monday, the Senate Committee On Homeland Security and Governmental Affairs held the first of two days of hearings on Bitcoin and digital currencies — Beyond Silk Road: Potential Risks, Threats, and Promises of Virtual Currencies.  During the “surprisingly friendly” hearings, the price of bitcoin soared as regulators, officials, and academics offered cautious, but positive views on the prospect of bitcoin within the greater economy and the future challenges for law enforcement regarding digital currency.

I recently gave a presentation on bitcoins, entitled Bitcoin — Legal and Business Issues Surrounding the Digital Currency.  Among other things, I discussed:  bitcoins generally, the emerging bitcoin marketplace, the legal issues and data security concerns surrounding bitcoin, as well as practical business advice (including the risks and benefits) for merchants and e-retailers  that are considering accepting bitcoin.

Stay tuned for further developments!

No Expansion of CFAA Liability for Monetary Exploit of Software Bug

Posted in Computer Fraud and Abuse Act, Software, Videogames

In the game Monopoly, lucky players landing on Community Chest might turn over the highly desirable “Bank Error in Your Favor, Collect $200″ card.  By the next turn, the proceeds are usually invested in properties and houses, yet, some might wonder whether accepting such a windfall was proper in the first place…or could lead to criminal charges.

This concept was tested when police arrested two video poker players who were exploiting a software bug that allowed them to multiply jackpots with just a sequence of pushed buttons.  See United States v. Kane, No 11-mj-00001 (D. Nev. filed Jan. 19, 2011).  The defendants were charged with violations of the Computer Fraud and Abuse Act (“CFAA”), a federal statute that prohibits computer hacking and unauthorized access into computer networks.  The question was whether the defendants “exceeded authorized access” when they took advantage of an exploit in a video poker machine to win hundreds of thousands of dollars.

The CFAA was enacted in 1984 and provides, in pertinent part, that anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains. . . information from any protected computer” commits a crime. 18 U.S.C. § 1030(a)(2)(C). It defines “exceeds authorized access” as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” Id. § 1030(e)(6).

The Kane prosecution is a recent example of a “technology statute” being aggressively applied to issues or disputes that were not even conceived of when the statute was enacted. The CFAA was directed at classic computer “hacking” activities where it was easier to determine when an outsider lacked “authorized access” to a network.  But the language of the Act is susceptible to broader application, and it has been brought to bear in many contexts beyond the hacking scenario, including employee misappropriation of company data, unwanted copying or misuse of website data, and now, the “gaming” of video poker machines.

In Kane, the Government alleged that the defendants discovered an exploit in certain video poker machines that allowed the players, over the course of two years at different casinos, to falsely maximize the payouts for a winning hand.  Apparently, the defendant Kane uncovered the glitch in the machine after hours and hours of playing.  In short, once the “double up” feature of the poker machine was activated (i.e., an option that allowed players to make double-or-nothing bets), the defendants then legitimately played until they obtained a winning hand.  Then, after using a complex combination of game changes, bill insertions and cash outs — a sequence of pushed buttons — they would use the “double up” feature to change the stakes in the middle of the game to the highest denomination, and trigger a second jackpot. Because of a series of programming errors, the machine re-evaluated the original game at the new, higher denomination, paying a jackpot which paid out at a higher denomination than the defendants had initially wagered. [click here for Wired's excellent account of the entire caper].  The Government did not allege that the defendants physically tampered with the video poker machines.

After winning several large jackpots at a Las Vegas casino in one afternoon, the management became suspicious and summoned Nevada Gaming Control Board engineers who discovered the software anomaly in the machine.  The defendants were later arrested and charged with conspiracy to commit wire fraud and violations of the CFAA based upon allegations that they exceeded authorized access to a protected computer in furtherance of fraud.

The defendants had moved to dismiss the CFAA claims and last year the magistrate issued a report recommending that the district court dismiss those charges.  See United States v. Kane, No. 11-cr-00022 (D. Nev. Report and Recommendation Oct. 15, 2012).  The defendants asserted that the CFAA claim should be dismissed because: (1) a video poker machine is not a “protected computer” under the statute (i.e., a computer “which is used in or affecting interstate or foreign commerce or communication”); and (2) the defendants did not “exceed [their] authorized access” to the video poker machines.

In recommending dismissal, the magistrate first found that a video poker machine was not a “protected computer” under the statute because, unlike a computer network or online database connected to the internet, a video poker machine was a standalone computerized machine unconnected to interstate commerce. The magistrate also found that the defendants did not exceed authorized access to the video poker machine.  The court rejected the Government’s argument that while the defendants were authorized to play video poker, the defendants were not authorized to configure play in a manner that produced false payouts not intended by the casino.  Unlike the employer-employee situation, where the use of computer use policies, password protection, encryption and system monitoring defines the level of “access,” gamblers do not agree to any terms of use and the bounds of play are enforced by the video poker software itself.

The magistrate cited United States v. Nosal, 676 F.3d 854 (9th Cir. 2012), where an en banc Ninth Circuit upheld the lower court’s dismissal of CFAA charges stemming from an ex-employee’s misappropriation of proprietary documents in violation of his employer’s computer use policy. [For additional information about the case, see our prior post].

In recommending dismissal of the CFAA charges, the magistrate stated that the phrase “exceeds authorized access” in the CFAA does not extend to violations of use restrictions:

Here, the Government has asserted that, although the Defendants were authorized to play the video poker machines and access information for that purpose, the way that they used the information exceeded their authorization. This argument is directly analogous to the government’s argument in Nosal and it fares no better here. As Nosal makes clear, the CFAA does not regulate the way individuals use the information which they are otherwise authorized to access. Here, the Defendants’ alleged actions did not exceed their authorized access.

Following the magistrate’s report, the district court ordered supplemental briefing from the parties regarding whether the defendants exceeded authorized access under the CFAA in light of the Nosal ruling and whether the defendants’ conduct could be comparable to hacking or misuse under the statute.  This past spring, the Government voluntarily dismissed the CFAA charges, leaving the defendants to face the wire fraud claims.  After several continuances, the trial is currently set for December 3, 2013 on the remaining counts.

As evidenced in Kane, the Ninth Circuit’s Nosal ruling continues to have important implications for the availability of a federal cause of action for misappropriation of data, as well as cases involving unauthorized access to websites and other computerized services.

Staving Off Scrapers of User-Generated Content with Electronic Copyright Transfers… A Legal (But, Perhaps Not a Practical) Solution

Posted in Copyright, Internet, Licensing, Online Content

It’s a problem that has vexed website owners since the days of the dot-com boom – how to make certain user-generated content available to users or subscribers, but also prevent competitors and other unauthorized parties from scraping, linking to or otherwise accessing that content for their own commercial purposes.

The law on scraping and linking remains undeveloped, and has not provided clear remedies for this kind of access.  Given the state of the law, sites often employ the “kitchen sink” strategy against scraping competitors: throwing multiple claims at the unauthorized party in the hope that at least one viable legal theory survives.  We last wrote about this approach in a May 2009 post when Facebook brought a multi-count suit against Power Ventures, an online service that allowed social networking users to access all of their accounts through one interface.

One tool that website owners would like to have to combat unauthorized use of user-generated content is copyright — that is, the ability to allege that the unauthorized use of user-generated content constitutes an infringement of the website publisher’s copyright.  Unfortunately, there is a problem….

Website providers that collect user-generated content typically include licensing provisions in their terms of use whereby users grant the site a non-exclusive license to content while (implicitly or explicitly) providing that the ownership of any copyright in such content remains with the user.  The use of a clickwrap agreement to convey a non-exclusive license to such content is a standard practice. Under Copyright Act Section 501, however, a non-exclusive licensee may not bring an action for copyright infringement.

Accordingly, a website provider that wants legal standing to bring a copyright claim against unwanted entities scraping content needs an online agreement that grants additional rights – namely, an exclusive license or an actual transfer of ownership in the underlying copyright.  Putting aside – for a moment – the issue of how users will react if a website owner tries to do this, the question is, from a legal perspective, can one obtain an exclusive license or assignment of copyright through online terms of use assented to by users?

This issue was recently addressed by the Fourth Circuit in a dispute between a real estate multiple listing service and an online real estate information aggregator over the copying of photographs and listing information. The listing service provider asserted claims with respect to user-submitted photographs as a copyright owner, based upon an agreement presented to its users when they uploaded photographs to the provider’s database. We previously discussed this dispute in a prior post when the lower court granted a preliminary injunction against the defendant-aggregator. Metropolitan Regional Information Sys., Inc. v. American Home Realty Network, Inc., 888 F. Supp. 2d 691 (D. Md. 2012).  The defendant filed an interlocutory appeal challenging the order and the Fourth Circuit affirmed the lower court’s ruling.  Metropolitan Regional Info. Sys., Inc. v. American Home Realty Network, Inc., 2013 WL 3722365 (4th Cir. July 17, 2013).

In the case, the parties were competitors in the real estate listing business. The plaintiff (“MRIS”) operated an online fee-based “multiple listing service” for real estate brokers and agents. Brokers and agents who entered into a subscriber agreement with MRIS could upload their listing information, including photographs of properties, to the MRIS site, and then display those and other listings on their own websites.  By uploading information, brokers and agents agreed to terms containing the following provision:

All images submitted to the MRIS Service become the exclusive property of [MRIS]. By submitting an image, you hereby irrevocably assign (and agree to assign) to MRIS, free and clear of any restrictions or encumbrances, all of your rights, title and interest in and to the image submitted. This assignment includes, without limitation, all worldwide copyrights in and to the image, and the right to sue for past and future infringements. [emphasis added]

The defendant (“AHRN”) was an aggregator that took listing data from public domain sources and online databases like MRIS and made it directly available to consumers on its “real estate referral” website.  AHRN had not acquired permission from MRIS to reproduce, display, or otherwise use the MRIS Database.  MRIS brought copyright infringement claims against AHRN for the alleged unauthorized use of MRIS listings, particularly the uploaded photographs of properties. The lower court entered a preliminary injunction order prohibiting AHRN’s display of MRIS’s photographs on AHRN website, and in a subsequent decision, clarified the scope of the injunction, stating that the injunction only covered AHRN’s use of MRIS’s photographs–not the database compilation itself or any textual elements that might be considered part of the compilation.

On appeal, the court addressed, among other things, the issue of whether a MRIS subscriber who assented to online terms of use prior to uploading copyrighted photographs signed a written copyright assignment in those photographs consistent with Section 204(a) of the Copyright Act, 17 U.S.C. § 204(a). Specifically, the defendant AHRN argued that a subscriber’s electronic assent to the MRIS terms did not operate as an assignment of rights under § 204. The plaintiff MRIS responded that an electronic transfer satisfies § 204’s writing and signature requirements, particularly in light of the later-enacted E-Sign Act, 15 U.S.C. § 7001.

Under §204(a), a transfer of one or more of the exclusive rights of copyright ownership by assignment or exclusive license “is not valid unless an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or such owner’s duly authorized agent.” Generally speaking, a qualifying writing under Section 204(a) need not contain an elaborate explanation or any particular “magic words.”

The E-Sign Act, which sought to bring uniformity to state electronic signatures law, mandates that no signature be denied legal effect simply because it is in electronic form and that, barring certain exceptions, a contract may not be denied legal effect solely because an electronic signature or electronic record was used in its formation. 15 U.S.C. §§ 7001(a)(1), (a)(2).

The court first found that because Section 204(a) of the Copyright Act requires transfers be “written” and “signed,” the E-Sign Act’s dictates on electronic signatures would apply to the copyright transfer provisions.  The court ultimately held that an electronic agreement may effect a valid transfer of copyright interests under Section 204 of the Copyright Act, affirming the lower court’s ruling that MRIS was likely to succeed against AHRN in establishing its ownership of copyright interests in the copied photographs.

This ruling is important for online businesses that want an alternative litigation strategy to protect their user-generated content from scraping by competitors for commercial purposes.  However, this strategy may not be feasible in every instance; the user “politics” on each site are different.  For example, while the users of the business-to-business MRIS online database were professional real estate agents who may have accepted the concept of assigning the copyright in listing photographs, other consumer-oriented social media sites or photo sharing services have experienced user backlash over similar changes to website terms of use. Indeed, last year, the online classified ad provider Craigslist encountered a flurry of controversy when it changed its terms of service for a limited time to gain exclusive rights to user content, in preparation to litigate claims against certain aggregators that were scraping content from its site and republishing it on websites and mobile apps (See generally Craigslist, Inc. v. 3Taps, Inc., 2013 WL 1819999 (N.D. Cal. Apr. 30, 2013).



Trade Dress Can Be Viable Means of Protecting Websites from Competitor’s Look-Alike Sites

Posted in Online Content, Technology

Somewhere between a well-recognized website design like Google’s home page and a fledgling e-commerce venture built with free web building software lives most other websites.  Depending on the investment in the development and the operator’s design ethic, some websites may display unique, distinctive portals that are key to attracting and retaining customers.  For those with a unique look, it might be possible that the “trade dress” of their sites – the unique look and feel – could be protectable, and therefore useful in fending off competitors who copy their online presence.

This past August, a Louisiana district court joined courts in the Western District of Pennsylvania, the Western District of Washington, the Western District of Texas, and the Northern District of California in recognizing the viability of a trade dress infringement claim based on a website’s look and feel. Express Lien (“Zlien”) alleged that a competitor, National Association of Credit Management (“NACM”), a Maryland non-profit corporation, had mimicked the “look and feel” of its website and caused consumer confusion.  Express Lien Inc. v. National Ass’n of Credit Management Inc., 2013 WL 4517944 (E.D. La. August 23, 2013).

Generally speaking, the “trade dress” of a product concerns the total image of a product and may include features such as size, shape, color or color combinations, texture or graphics and it may be eligible for protection if it is nonfunctional and distinctive (or has acquired secondary meaning in the marketplace as being identified with its producer or source). To maintain an action for trade dress infringement, a plaintiff must allege that a competitor’s product design or packaging is likely to confuse consumers as to the product source. Most trade dress infringement actions involve the packaging or labeling of goods; however, in the last decade, courts have begun to entertain trade dress claims based upon website design or “look and feel.”    

In this case, Zlien is an online business that provides information to the construction industry, such as legal forms and information on state lien statutes. Zlien alleged substantial investment in its website, including in the color, code elements and orientation. According to Zlien, the website design was widely recognized by consumers and helped drive sales. In its complaint, Zlien claimed that NACM copied Zlien’s stylistic choices of color, font, hyperlinks, and content, so much so that that the similarities were “likely to cause confusion” and caused Zlien to suffer damages to its profits, sales and business. Zlein also alleged copyright infringement, based on NACM’s use of content from the Zlien site’s pages.

 In response, NACM filed a motion to dismiss Zlien’s complaint. 

The court rejected NACM’s argument that Zlien failed to plead the necessary elements for trade dress infringement because it did not own a registered trademark in its website. The court held that trade dress protection is not dependent on registration. NACM’s argument that a comparison of the websites revealed no trade dress infringement also failed. The court found that alleging that there were some differences between the websites on corresponding pages was not significant enough to warrant dismissal at this early stage of the litigation.

The court also rejected NACM’s motion to dismiss Zlein’s copyright claims. NACM argued that the underlying information on Zlien’s website, state statutes, is not copyrightable, to which Zlien responded that the content of the website qualifies as a compilation. The court reasoned that NACM did not prove that the material at issue was not a compilation as a matter of law.

While this case is far from over, the Express Lien decision follows recent decisions that have allowed properly pleaded website related trade dress claims to survive dismissal.  See e.g., Sleep Science Partners v. Lieberman, 2010 WL 1881770 (N.D. Cal. May 10, 2010).

Meanwhile, if a company wants to preserve trade dress protection for a website it maintains or is building, the website trade dress needs to be distinctive and synonymous with the company or its products and services. Further, it is important that the trade dress elements are not functional or standard or essential to the operation of any website.

Once again, this is an example where the lawyers, designers and technologists in an organization should be in communication to ensure maximum protection for the online assets of the organization.

The First Amendment Goes Digital – Clicking “Like” on Facebook is Speech

Posted in First Amendment, Online Content, Technology

With around 1.15 billion members, Facebook is a massive, global forum for communicating with friends and the world.  For many users, it often feels as if their news feeds are clogged with vapid comments about the weather, meal choices or the ever-present need for coffee.  But under other circumstances, such as the Arab Spring or in the wake of a controversial Supreme Court opinion, Facebook can become a powerful tool for political speech.  Beyond postings, photos and videos, drilling down to the most basic level, one click of a “Like” button can speak volumes.

In a decision that expands the First Amendment’s definition of protectable speech, the United States Court of Appeals for the Fourth Circuit held in Bland v. Roberts, 2013 WL 5228033 (4th Cir. Sept. 18, 2013)  that clicking the “like” button on a Facebook page qualifies as speech.

In Bland, former sheriff’s deputies of the Sherriff’s Office in Hampton, Virginia alleged that the Sheriff violated their First Amendment rights by choosing not to reappoint them based upon their lack of political affiliation with him during the election campaign.  One plaintiff, Daniel Ray Carter, Jr., expressed his political views via Facebook by, among other things, clicking “like” on the Facebook page of the Sheriff’s opponent and posting comments indicating support for the Sheriff’s opponent on the same Facebook page.  The Sheriff, upon learning about the actions of Carter, warned them that such actions “would cost him his job.”  Upon being re-elected, the Sheriff did not reappoint any of the plaintiffs to their previous positions in the Sheriff’s Office.  Carter alleged that the Sheriff violated his First Amendment rights when he refused to reappoint him based upon his apparent lack of political allegiance to the Sheriff evidenced by Carter’s Facebook “like” of the Sheriff’s opponent.

The lower court ruled that Carter’s Facebook “like” was not expressive speech and that he failed to prove a causal link between his support of the Sheriff’s opponent and his non-reappointment. However, the Fourth Circuit reversed as to Carter’s claims and held that “liking” a Facebook page fell within the bounds of constitutionally protected speech (to be sure, although the appeals court reinstated Carter’s claim, it held that Carter could only seek reinstatement as a remedy, as the Sheriff was protected against a claim of monetary damages due to qualified immunity). 

The court’s reasoning was buttressed by its understanding of the expressive effect of a Facebook “like” in the online realm. According to the court, clicking “like” on the Sheriff’s opponent’s Facebook page caused the page’s name and a photo of the candidate to show up on the user’s own Facebook page, as well as triggering an item to appear on the news feed of the user’s Facebook friends. Clicking on the “like” button, as the Court noted, “literally causes to be published the statement that the User ‘likes’ something, which is itself a substantive statement.”  In fact, the court stressed that social media offers individuals a powerful message board to communicate political and other views to the larger public through the mere use of a tiny button: “That a user may use a single mouse click to produce that message that he likes the page instead of typing the same message with several individual key strokes is of no constitutional significance.”   By pressing the “like” button, represented by a thumbs-up icon, Carter symbolically conveyed his support for the Sheriff’s opponent — the “Internet equivalent of displaying a political sign in one’s front yard, which the Supreme Court has held is substantive speech.”   

While James Madison likely did not have Facebook in mind when he drafted the First Amendment, the Court’s decision modernizes the First Amendment a bit. With the ubiquity of social media, it’s a welcome treat that the court took time to understand the technology and adapt the law to the evolving digital age.”

New California Law Impacts Use of Information from Minors, Offers Right to Delete

Posted in Legislation, Online Content, Privacy

Law Targets Sites and Mobile Apps Directed to Minors, Offers “Online Eraser”     

Likely to Have Nationwide Effect

On July 1st of this year, new amendments to the Children’s Online Privacy Protection Act Rule (COPPA Rule) came into effect, with perhaps the most pronounced changes being the expansion of COPPA to apply to geolocation information and persistent identifiers used in behavioral advertising.  Critics called the amendments jumbled and a compliance headache, while privacy advocates were buoyed, but thought the changes did not go far enough to protect the online privacy of children.  Still others contended that federal law contains a gap that fails to offer privacy protections for teenage users.

Once again, the California state government has stepped up to fill what it perceives to be a void in federal online privacy protection, this time to address certain restrictions on the use of information collected from minors and to give minors an online “eraser” of sorts. In late September, Gov. Brown signed S.B.568, which expanded the privacy rights for California minors in the digital world.

“Minors”, by the way, are defined under the law as residents of California under age 18 – this definition in itself is an expansion of the protections afforded to children under COPPA, which addresses the collection and use of information from children under 13.  That is not the only expansion of COPPA presented by this new law.  The federal COPPA Rule is primarily concerned with mandating notice and parental consent mechanisms before qualifying sites or mobile apps can engage in certain data collection and data tracking activities with respect to children under 13.  The California statute’s marketing restrictions for minors contain no parental consent procedures  – rather, restrictions for covered web services directed to minors that relate to certain specified categories of activities that are illegal for individuals under 18 years of age.

As a practical matter, compliance with this law will require certain changes in the way website publishers collect and process user information.  For example, it is much easier for online operators to determine whether their websites are directed to children under 13 as opposed to “directed to minors” under 18.  Going forward, sites and apps will have to reevaluate their intended audience, as well as establish procedures for when a minor user self-reports his or her age, triggering the site having actual knowledge of a minor using its service.

S.B.568 has two principal parts:  minor marketing restrictions and the data “eraser.”

Marketing Restrictions: The new California law prohibits an operator of a website, online service or mobile app directed to minors or one with actual knowledge that a minor is using its online site or mobile app from marketing or advertising specified types of products or services to minors. The law also prohibits an operator from knowingly using, disclosing, compiling, or allowing a third party to use, disclose, or compile the personal information of a minor for the purpose of marketing or advertising specified types of products or services. Moreover, the law makes this prohibition applicable to an advertising service that is notified by a covered operator that the site, service, or application is directed to a minor.  The statute lists 19 categories of prohibited content covered by the law’s marketing restrictions, including, firearms, alcohol, tobacco, drug paraphernalia, vandalism tools and fireworks.  Notably, the law does not require an operator to collect or retain the ages of users, and provides operators with a safe harbor for “reasonable actions in good faith” designed to avoid violations of the marketing restrictions.

Online Eraser: The second part of S.B. 568 requires operators of websites and applications that are directed to minors, or that know that a minor is using its site or application, to allow minors that are registered users, to remove (or to request and obtain removal of) their own posted content. The operators must also provide notice and clear instructions to minors explaining their rights regarding removal of their own content. Notably, SB 568 does not require operators to completely delete the content from its servers; it only requires that the content be no longer visible to other users of the service and the public.  There are certain exceptions to this “online eraser” right, such as circumstances where any other provision of federal or state law requires the operator or third party to maintain the content, the content is stored on or posted to the operator’s site or application by a third party, the operator anonymizes the content, the minor fails to follow the instructions regarding removal, or the minor has received “compensation or other consideration for providing the content.”

Both prongs of the law raise many questions:

  • How does a site or application owner determine whether it is covered by S.B.568? Under the statute, a website, online service, or mobile app “directed to minors” means an “Internet Web site, online service, online application, or mobile application, or a portion thereof, that is created for the purpose of reaching an audience that is predominately comprised of minors, and is not intended for a more general audience comprised of adults.”
  • What will qualify for “reasonable actions in good faith” under the safe harbor?  What are the legal ramifications of an independent online ad network serving unlawful ads to minors without the knowledge of an otherwise compliant site operator?
  • How does a site implement the “eraser” function? With user tools to eliminate UGC, or will the site control the removal process via an online request form?  Will a removal request necessarily cause the removal of other users’ content (e.g. social media postings of other users that comment on a removed comment or submitted photo)?
  • The online eraser right seemingly applies only to minors.  How should a site or app handle requests from adults wishing to remove content they posted when they were minors?  Should sites simply offer the tool to all users to avoid compliance issues?
  • What qualifies as “compensation or other consideration for providing the content” under the exceptions to the online eraser right? Would this include free products, coupon codes, or the right to receive exclusive ‘limited time’ offers?
  • What changes are required in the site’s privacy policies?

The law will come into effect on January 1, 2015. Any company with a website that can be accessed by California residents should assess the impact of these new requirements in the coming year. Considering that most, if not all, major websites and apps necessarily have or will have California-based users, this state law may become a de facto national standard, particularly since technical controls to screen or segregate California users may be unworkable.

[Incidentally, California also recently enacted a new law addressing online tracking, so it appears that the California legislature continues its focus on web privacy].