In his remarks at a recent Practicing Law Institute program on securities regulation, Securities and Exchange Commission Chairman Jay Clayton once again addressed Initial Coin Offerings, or ICOs.  Mr. Clayton highlighted several issues in particular, including that in his view there is a lack of information about many online platforms that list and trade virtual coins or tokens offered and sold in ICOs, and that trading of tokens on these platforms is susceptible to price manipulation and other fraudulent trading practices.

UPDATE: In June 2021, the Ninth Circuit affirmed the dismissal of claims in the Gonzalez case, mostly on § 230 grounds. Subsequently, on October 3, 2022, the Supreme Court granted certiorari in Gonzalez (see our follow-up post).

UPDATE:  In a subsequent opinion, the court dismissed the plaintiffs’ third amended complaint. (See Gonzalez v. Google, Inc., 335 F.Supp.3d 1156 (N.D. Cal. 2018)).

Following the reasoning of several past decisions, a California district court dismissed claims against Google under the Anti-Terrorism Act (ATA), 18 U.S.C. § 2333, for allegedly providing “material support” to ISIS by allowing terrorists to use YouTube  (temporarily, before known accounts are terminated) as a tool to facilitate recruitment and commit terrorism.  (Gonzalez v. Google, Inc., 2017 WL 4773366 (N.D. Cal. Oct. 23, 2017)). The court rejected the plaintiffs’ arguments that Google provided the terrorists with material support by allowing them to sign up for accounts (or regenerate shuttered accounts) and then allegedly serve targeted ads alongside such posted videos.  It ruled that even careful pleadings cannot change the fact that, in substance, plaintiffs’ attempt to hold Google liable as a publisher of the terrorist’s detestable content was barred by Section 230 of the Communications Decency Act (“CDA Section 230” or “CDA”).   

UPDATE: On April 16, 2018, the British Columbia Supreme Court denied Google’s request to amend the Canadian delisting injunction based on the argument that the injunction would “require it to violate the laws of another jurisdiction, including interfering with freedom of expression.”  (Equustek Solutions Inc. v. Jack, 2018 BCSC 610 (Apr. 16, 2018)).  The Canadian court held that the effect of the California district court order (based upon CDA immunity) is that no action can be taken against Google to enforce the injunction in U.S. courts – but that would not restrict the ability of a Canadian court to issue its own orders “directed to parties over whom it has personal jurisdiction.”

“The U.S. decision does not establish that the injunction requires Google to violate American law. That would be the case if, for example, the [defendants] obtained an order from a U.S. court requiring Google to link to their websites. But there is no suggestion that any U.S. law prohibits Google from de-indexing those websites, either in compliance with the injunction or for any other reason. Absent the injunction, Google would be free to choose whether to list those websites and the injunction restricts that choice, but injunctions frequently restrain conduct that would otherwise be prima facie lawful. A party being restricted in its ability to exercise certain rights is not the same thing as that party being required to violate the law.”

In a decision that sets up a potential international comity showdown, a California district court granted Google’s request for a preliminary injunction preventing enforcement in the U.S. of a Canadian court order that compelled Google to globally de-list certain search results of a former distributor that had allegedly used its websites to unlawfully sell the defendant Equustek Solutions’s (“Equustek”) intellectual property. (Google LLC v. Equustek Solutions Inc., 2017 WL 5000834 (N.D. Cal.  Nov. 2, 2017)).

In granting Google’s request for a preliminary injunction, the court found that Google likely satisfied all three elements of qualifying for immunity under Section 230 of the Communications Decency Act, 47 U.S.C. §230(c)(1) (the “CDA” or “Section 230”) as a service provider that linked to third-party content, and that the Canadian court’s order implicated online free speech concerns.  Indeed, the court concluded its opinion with language that surely buoyed many online providers and open internet advocates that had previously expressed concerns about the extraterritorial effort of the Canadian order:

“By forcing intermediaries to remove links to third-party material, the Canadian order undermines the policy goals of Section 230 immunity and threatens free speech on the global internet.”

The controversial consumer gripe site, RipoffReport.com, is at it again.  The First Circuit recently affirmed a lower court’s ruling that RipoffReport.com was entitled to immunity under Section 230 of the Communications Decency Act, 47 U.S.C. §230(c)(1) (the “CDA” or “Section 230”) for defamation-related claims based on certain user posts on its site. (Small Justice LLC v. Xcentric Ventures LLC, 2017 WL 4534395 (1st Cir. Oct. 11, 2017)). This is the latest in a string of victories for RipoffReport.com on that issue. In this case, RipoffReport.com also successfully relied on its website “terms of use” to fend off a novel copyright attack from the plaintiff, the successor-in-interest to the copyright in the user postings at issue.  

This past week, the Supreme Court denied the petitions for certiorari in two noteworthy Ninth Circuit decisions that had interpreted the scope of liability under the federal Computer Fraud and Abuse Act (CFAA) in the context of wrongful access of company networks by employees and in instances involving unwanted data

In an unpublished opinion, the Ninth Circuit affirmed a lower court’s ruling that had sent a putative class action against Amazon over its pricing practices to arbitration, as per Amazon’s terms of service. (Wiseley v. Amazon.com, Inc., No. 15-56799 (9th Cir. Sept. 19, 2017) (unpublished)).  In finding that Amazon’s “Conditions of Use” were not unconscionable and presented in a reasonable manner, this holding differs from a Second Circuit decision from last year that declined to compel arbitration because reasonable minds could disagree regarding the sufficiency of notice provided to Amazon.com customers when placing an order through the website. (On remand, a New York magistrate judge ruled that the court should grant Amazon’s motion to compel arbitration on other grounds based upon the plaintiff’s constructive knowledge of the terms.)

In a new development in an important scraping dispute, LinkedIn appealed the lower court’s decision to grant a preliminary injunction compelling LinkedIn to disable any technical measures it had employed to block the defendant’s data scraping activities.  LinkedIn’s brief was filed on October 3, 2017.  In it, LinkedIn asserts that

This month, in one of the many recently-filed Illinois biometric privacy suits, a class action complaint alleging violations of Illinois’s Biometric Information Privacy Act (BIPA) was lodged against Wow Bao, a restaurant chain, over its use of self-order kiosks that allow customers to use faceprints as a method to authenticate purchases. (Morris v. Wow Bao LLC, No. 2017-CH-12029 (Ill. Cir. Ct. filed Sept. 5, 2017)).  The suit against Wow Bao was not the only BIPA-related suit filed in September, as several businesses with an Illinois presence, including Crunch Fitness and Speedway, Inc., were served with complaints. And more than a week ago, an Illinois federal court refused to dismiss BIPA claims against photo storage service Shutterfly over claims that its photo tagging feature created a faceprint of the non-user plaintiff after a friend uploaded a group photo, and upon the service’s suggestion, then tagged the plaintiff, thereby storing plaintiff’s faceprint and name in Shutterfly’s database without his notice or consent. (Monroy v. Shutterfly, Inc., No. 16-10984 (N.D. Ill. Sept. 15, 2017)).

This week’s Apple X announcement was not more than a few hours old, and the questions began to come in. Apple’s introduction of Face ID facial recognition on its new phone – although already available in some form on several Android phones – generated curiosity, concerns and creativity.  Unfortunately, the details about specifically how the recognition feature will really work are yet unknown.  All the public knows right now is that the phone’s facial “capture” function, powered by an updated camera and sensor array, will direct 30,000 infrared dots around a user’s face and create a hashed value that will presumably be matched against a user’s face during the unlocking procedure.

The questions and issues this raises are too numerous and varied to address in a single blog post. I will simply point out that the concerns over Face ID range from spoofing (e.g., Can the phone be unlocked by a picture? [Apple says no, explaining that the system will map the depth of faces]) to security (e.g., Is the “face map” or hashed value stored in a database which can be breached? [Apple, says no, like fingerprints in Apple’s current Touch ID feature, the face map will be securely stored locally on the device]).

One issue that I thought was particularly interesting, however, relates to the ability of apps residing on a phone to interact with facial captures. Unless disabled, Face ID could potentially be “always on,” ready to capture facial images to authenticate the unlocking of the phone, and possibly capturing facial images as the user interacts with the unlocked phone.  So, clients have asked: Will the apps on the phone be able to access and use those facial captures?

UPDATE:  Last month, the First Circuit affirmed the dismissal of the action, holding that there was no language in Homeaway’s “Basic Rental Guarantee” that makes any representation or warranty that Homeaway pre-screened listings before they were posted, as the document, at that time, simply established a process for obtaining a refund of up to $1000 (subject to certain conditions). (Hiam v. HomeAway.com, Inc., No. 17-1898 (1st Cir. Apr. 12, 2018)).  Beyond examining the Guarantee, the court followed the lower court’s reasoning that focused on HomeAway’s business-specific terms and conditions, which expressly notified users that listings are not pre-screened (“[W]e have no duty to pre-screen content posted on the Site by members, travelers or other users”).  With dismissal based upon the language of HomeAway’s Guarantee and site terms, the appeals court declined to opine on whether the dismissal was also justified on CDA Section 230 grounds.

In a resounding victory for well-drafted terms and conditions and robust immunity under Section 230 of the Communications Decency Act, 47 U.S.C. § 230 (“CDA Section 230”), a Massachusetts district court granted summary judgment in favor of HomeAway, the online vacation rental marketplace, on two users’ claims stemming from a dispute over a property listing on the VRBO.com site. (Hiam v. HomeAway.com, Inc., No. 16-10360 (D. Mass. July 27, 2017)).   In its opinion, the court not only held that CDA Section 230 bars HomeAway from being treated as a “seller of travel services” under state consumer protection regulations, but also that HomeAway’s terms and conditions and privacy policy expressly disavowed any promises to pre-screen or monitor rental listings or release member information upon a user’s request.