Archives for July 2015

Golan v. Holder: Colorado Federal Court Finds that Federal Law Restoring Expired

17 Jul 2015 By Leave a Comment

A number of press reports have given the impression that the Colorado District Court’s ruling in Golan v. Holder (fn1) means that that Federal laws reviving expired copyrights violate First Amendment protections on free speech. The actual ruling is far narrower.

In 1993, Congress enacted 17 U.S.C. Section 104A, to permit foreign authors whose copyrights had fallen into the public domain for technical reasons (such as by failing to renew the copyright with the U.S. Copyright Office) to restore their copyrights. Section 104A solely permitted “restoration” of copyright protection for works from “a nation other than the United States.” (fn2) Section 104A was added after the United States joined the Berne Convention for the Protection of Literary and Artistic Works — a treaty first enacted in 1886, but not joined by the U.S. until 1988. Article 18 of the Convention requires member nations to provide copyright protections to works by foreign authors so long as the term of protection in the country of origin has not expired as to the work.

The plaintiffs were U.S. artists who used works by foreign artists that had been in the public domain before 1994, such as Sergei Prokofiev’s “Peter and the Wolf.” The plaintiffs claimed that after Section 104A was enacted, they were subjected to higher performance fees, sheet music rentals and other royalties. In some cases, these costs were prohibitive. (fn3)

The Golan case was the brainchild of Stanford Law professor, founder and co-director of the Center for Internet and Society and Director of the Fair Use Project, Lawrence Lessig. The original complaint claimed that Section 104A shrunk the public domain and thereby violated the limitations on congressional power inherent in the Copyright Clause, and violated First Amendment rights to free expression. The Colorado District Court originally rejected these claims. However, on appeal, the Tenth Circuit found that a legitimate First Amendment claim existed and remanded the case for First Amendment analysis.

The basis for the Tenth Circuit’s ruling was the U.S. Supreme Court ruling in Eldred v. Ashcroft (fn4), in which the Supreme Court stated that a Congressional act modifying copyright law might be subject to First Amendment scrutiny if it “altered the traditional contours of copyright protection.” (fn5) While the Tenth Circuit could not find federal authority that explained the phrase “traditional contours”, it concluded that the traditional contours of copyright protection included the principle that “works in the public domain remain there.” (fn6) It based this on the notion that the general sequence is that copyrighted works has always progressed from “1) creation; 2) to copyright; 3) to the public domain” and that Section 104A changed this sequence. (fn7)

Filed Under: Blog, Cybercrime, News Tagged With: ,

Tort Liability from Data Thefts: The Race is to the Swift

12 Jul 2015 By Leave a Comment

A thief breaks into the corporate headquarters of your digital media company and steals a laptop. He uses the laptop to gain access to your customers’ files, and gleans sensitive information, including their drivers license data, social security numbers and bank account data. Can you be liable to customers for this theft? The answer, at present, is theoretically “yes”, but in many cases, “no” — if you take the right steps.

Many states have statutes protecting personal information of consumers. For example, the California Civil Code requires businesses to: (i) destroy personal information when it is no longer to be retained by the business; (ii) “implement and maintain reasonable security procedures” to protect personal information from unauthorized access; (iii) disclose any breach of security which has caused disclosure of personal information, and (iv) disclose any personal information provided to third parties on the consumer’s request. (Fn 1) The Civil Code provides that a customer may sue to recover damages, as well as injunctive relief, for any violation of these rules. (Fn 2)

So if a thief steals your customer data, and your failure to meet these standards causes your customers to suffer losses — yes — you can be found liable.

But, while these laws have been on the books for about five years, they do not seem to have resulted in a lot of large judgments. There are no reported appellate cases directly dealing with any of them and few unreported court orders mention them.

One reason for this may be the sheer economics of consumer rights litigation. Most consumer rights cases involve small dollars. Because the plaintiff generally must bear his own attorneys fees, few cases hold the promise of a sufficiently large recovery to warrant paying the fees to win the case. This is why the real action in consumer rights cases is in consumer class actions. Combining thousands or millions of cases together can yield sufficient damages to justify the attorney time expended. In addition, bringing a case as a class action may give plaintiffs an argument that they are also entitled to an attorney fee award under state statutes awarding fees for actions taken in the public interest or in defense of civil rights. (Fn 3)

However, even data theft cases brought as class actions have faced significant hurdles. This is mainly because the lead plaintiffs have often been unable to allege actual injuries resulting from the cyber security breach.

Filed Under: Blog, Cybercrime, News Tagged With: ,

Will Cloud Computing Create a Thunderstorm?: Loophole Permits Private Emails and other Digital Data Stored by Third Parties to Be Divulged to the Public without Stored Communications Act Liability

12 Jul 2015 By Leave a Comment

As data storage moves from equipment controlled by its authors into the “cloud” — storage on equipment controlled by third parties — there is an increased risk that unauthorized third parties will access this data and use it for nefarious purposes. The Stored Communications Act (“SCA”, 18 U.S.C. § 2701 et seq.) is widely thought to provide protection from disclosure for emails and other private data that are in such electronic storage. However, a less-known loophole in the SCA can permit stored information to be accessed without the author’s permission and then divulged to competitors, to adversaries, to strangers, or to the general public, without liability under the SCA.

The SCA provides that any person who intentionally accesses stored electronic communications without authorization or beyond the scope of his authorization is subject to civil and criminal penalties. 18 U.S.C. § 2701(a), (b). However, there are two important exceptions to this protection:

Even if an author of a communication has not authorized a third party to access that communication, the SCA provides that this unauthorized third party is immune from liability if he/she was authorized to gain access by the provider of the electronic communications service –such as the ISP or the business the operates the network. The SCA further provides that an unauthorized third party is also immune if he/she has been given permission to access the communication by a user of the service on which the communication is stored — such as a member of a private website, such as a MySpace page.

This means that even if the author has not consented for anyone except for the recipients to access his/her private emails, a lot of people could still be looking at them, copying them and doing who knows whatelse to them — with SCA-immunity.

That sounds bad enough. However, the next section in the SCA — Section 2702 — opens the door to unauthorized disclosure even wider.

Filed Under: Blog, Cybercrime, News Tagged With: , ,

Zango, Inc. v. Kaspersky Lab, Inc.: The Ninth Circuit Gets to the Right Destination But By the Wrong Route

12 Jul 2015 By Leave a Comment

The Ninth Circuit’s recent ruling in Zango, Inc. v. Kaspersky Lab, Inc. is one of the few that directly deal with the provisions in the Communications Decency Act that provide immunity from suit for the screening activities of internet service providers. The relevant section, 47 U.S.C. § 230(c)(2), provides as follows:

“No provider or user of an interactive computer service shall be held liable on account of —

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to make available to information content providers or others the technical means to restrict access to material described in paragraph [A].”

The plaintiff in the case, Zango, Inc., is a now-defunct Internet entertainment company that provided access to a catalog of online videos, games and music to users who agreed to view advertisements while surfing the internet. The defendant, Kaspersky Lab, Inc., is still live and kicking, and is a Moscow-based firm which bills itself as “a leading anti-virus software and Internet Security software solution for your home computer or business.”

According to the court, Kaspersky’s software classified Zango as “adware,” a type of malware. Once installed on a user’s computer, adware monitors a user’s browsing habits and causes “pop-up” ads to appear throughout the browsing session. Adware can open up links with websites that themselves contain malware that can infect a personal computer. Kaspersky’s software disabled key features of Zango’s software and through a series of routines, ultimately blocked the use of Zango.

Zango sued Kaspersky, seeking an injunction against its blocking activities. In defense, Kaspersky invoked the protection of §230(c)(2)(B), cited above.

The Ninth Circuit concluded that Kaspersky was “plainly immunized” by the Communications Decency Act. This conclusion was based on its analysis of §230(c)(2)(B) and two related definition sections: § 230(f)(2) which defines the term “interactive computer service” to mean any “information service, system, or access software provider that provides or enables computer access by multiple users to a computer server . . . “; and § 230(f)(4) which defines the term “access software provider” to include providers of software that filter content.

Combining these three sections, the Court concluded that a provider of filtering software or services may not be held liable for any action taken to make its filtering software available “so long as the provider enables access by multiple users to a computer service.” The Court then noted that Kaspersky “provides or enables computer access by multiple users to a “computer server” by providing its customers with online access to its update servers.”

Filed Under: Blog, Cybercrime, News Tagged With: , , , ,

Court Case Teaches Two Lessons in Domain Name Management

8 Jul 2015 By Leave a Comment

From the Ninth Circuit Court of Appeals (and Eric Goldman’s always-excellent blog ) comes a cautionary tale of how not to handle a domain name.

First, don’t let an individual register your company domain name in his or her personal name. In DSPT Int’l v. Nahum,  the Founder of DSPT Int’l (”DSPT”), a clothing importer and distributor, brought in a Partner to help evolve the brand. Partner’s brother handled the Web site design and then registered the domain in Partner’s (but not the company’s) name. This became a problem for the company when Partner left to go to work for a competitor – and partner had the ability to (and, in fact, did) shut down DSPT’s heavily trafficked site.

Second, don’t hold the domain hostage in order to lever up your position in a business dispute. Here, Partner alleged that Founder and the company owed him several thousand dollars in commissions. Founder disagreed. Soon after Partner left, as the court noted, DSPT’s Web site “mysteriously disappeared.”

DSPT sued Partner, alleging, among other things, that Partner had violated the Anticybersquatting Consumer Protection Act (”ACPA” — which is part of the federal Lanham Act). At trial, partner testified that “he would transfer the domain to DSPT after [Partner] and DSPT were able to resolve the ‘monetary issues regarding [Partner’s] commisions.’” A jury found that Partner had violated ACPA and awarded DSPT $152,000 for lost sales and other damages. Partner appealed, seeking to overturn the jury verdict.

The question on appeal was whether Partner’s decision to hold the domain and Web site hostage constituted “registration or use”  with “a bad faith intent to profit from plaintiff’s mark” under ACPA. Partner argued his conduct was not prohibited by ACPA — that “he used DSPT’s mark to gain leverage over DSPT in bargaining for money he claimed he was owed, not to sell under DSPT’s mark or sell the mark to DSPT.”

The appeals court  affirmed the trial court  and ruled that Partner had violated ACPA. The court noted that while ACPA “was intended to prevent cybersquatters from registering well-known brand names as internet domain names in order to make the trademark owners buy the ability to do business under their own names,” the statute was, nevertheless, ”written more broadly than what may have been the political catalyst that got it passed.” As a result, the court ruled that “[i]t is bad faith to hold a domain name for ransom where the holder uses it to get money from the owner of the trademark rather than to sell goods.”

Filed Under: Blog, News Tagged With: , , , ,

U.S. v. Kilbride: 9th Circuit’s Holding that Internet Obscenity Laws Should Be Governed by a National Standard Rests on Shaky Grounds

3 Jul 2015 By Leave a Comment

Digital media law: The 9th Circuit has done it again. In its ruling last week in U.S. v. Kilbride, the 9th Circuit announced that “a national community standard must be applied in regulating obscene speech on the Internet, including obscenity disseminated by email.” (Case Nos. 07-10528, 07-10534, October 28, 2009). The 9th Circuit stated that its holding followed the view expressed by a majority of U.S. Supreme Court Justices in Ashcroft v ACLU, 535 U.S. 564 (2002) that application of a national community standard in Internet obscenity cases would not “generate serious constitutional concerns.”

The Justices said no such thing. To the contrary, Justice Kennedy, whom the 9th Circuit includes in the majority supposedly agreeing with its holding, wrote that “it is neither realistic nor beyond constitutional doubt for Congress, in effect, to impose the community standards of Maine or Mississippi on Las Vegas and New York” through a national obscenity law. Ashcroft v. ACLU, 535 U.S. at 597. If the U.S. Supreme Court takes the appeal of Kilbride, the 9th Circuit’s ruling here could well be reversed.

The Kilbride case involves the appeal of the criminal convictions of two spammers, Jeffrey Kilbride and James Schaffer, who distributed two sexually explicit images via email throughout the U.S. The Defendants’ spam operation was enormous and generated some 662,000 complaints to the FTC from persons around the country.

The Defendants were ultimately charged with violations of two Federal obscenity laws — 18 U.S.C. § 1462 and 1465, which prohibit the importation into the U.S., and the transportation in interstate commerce, of “obscene, lewd, lascivious, or filthy” books, pictures and other media. Both statutes apply to distribution of materials via the Internet, and specifically include distribution via an “interactive computer service,” as defined by the Communications Decency Act. A conviction under Section 1465 has been upheld for images sent from a computer bulletin board in one state to a personal computer in another state. U.S. v. Thomas, 74 F.3d 701 (6th Cir. 1996).

Prior U.S. Supreme Court decisions have held that obscenity is to be determined by the standards of the local communityin which the publication was made. However in Kilbride, the Defendants were prosecuted for their national distribution of obscene materials. As part of its case, the government called eight witnesses from various parts of the country who had filed complaints with the FTC about the Defendants’ emails. These witnesses testified about the circumstances under which they had received the Defendants’ emails, their reaction and attitudes towards these images and their views on pornography generally. The government also introduced evidence regarding the 662,000 other complaints they had received about the images. For its part, the defense introduced evidence regarding community attitudes towards pornography drawn solely from Arizona — the judicial district where the case was prosecuted.

At the close of evidence, the jury was instructed that it should use the standards of the “community as a whole, that is to say by society at large, or people in general” in determining whether the images distributed by the Defendants were obscene. This community was “not defined by a precise geographic area”, so the jury could consider evidence of standards existing outside Arizona. They were also told that they could consider their “own experience and judgment” as well as the evidence presented in making this determination. The jury ultimately returned a verdict finding the Defendants guilty under the two statutes.

On appeal to the 9th Circuit, the Defendants argued that these instructions were improper, because they asked the jury to apply a global or societal standard for obscenity. The Defendants claimed that because the distribution of the emails was made nationally, the District Court should have instructed the jury to apply a “national” obscenity standard.

The 9th Circuit agreed that the Defendants had a point. It cited a 2002 plurality U.S. Supreme Court decision regarding the Child Online Protection Act (COPA), in which two Justices, O’Connor and Breyer, had stated that a “national standard” should be used for laws involving distribution of obscene material over the Internet. Ashcroft v. ACLU, 535 U.S. 564, 122 S.Ct. 1700 (2002). Justice O’Connor stated that community standards for obscenity vary greatly throughout the country. However, persons using the Internet to publish materials are unable to control the geographic location of their audience. As a result, requiring Internet publishers to hold to a “local community” standard for obscenity, would require them to adopt the most restrictive view of obscenity taken by any community in the country. In Justice O’Connor’s view, this would “potentially suppress an inordinate amount of expression.” Id. at 587.

Filed Under: Blog, Cybercrime, News Tagged With: , , , , , , , ,