Archives for September 2015

DMCA Take-Down Notices with Little Detail on the Identity and Location of Infringing Material Are Often Found to Be Insufficient

25 Sep 2015 By Leave a Comment

If you are thinking about issuing a take-down notice to a website on which you have found material that infringes your copyright, make sure that you include sufficient detail on the identity and location of the infringing works. The case law indicates that the courts are taking an increasingly Arminian view (i.e., demanding “sinless perfection) of the detail that must be provided in a take-down notice to meet the Digital Millennium Copyright Act’s (DMCA) “substantial compliance” rule. 17 U.S.C. § 512(3).

The text of the DMCA provides that a take down notice must provide “information reasonably sufficient to permit the service provider to locate the material.” However, in many cases Court have ruled that to be effective take-down notices must identify the specific location of each infringing copy of a work. For example in Hendrickson v. eBay, Inc., 165 F. Supp.2d 1082 (C.D. Cal. 2001), in which the plaintiff claimed that eBay was permitting the sale of pirated copies of a movie on its site, the Court indicated that the plaintiff needed to “include the specific item numbers of the listings that are allegedly offering pirated copies of Manson for sale.”

There is one prominent case in which a plaintiff was allowed to take a shortcut in specifying the location of pirated material on a website — ALS Scan, Inc. v. RemarQ Communities, Inc., 239 F.3d 619 (4th Cir. 2001). However, the facts of this case are somewhat unusual — and do not represent the standard infringement scenario typically encountered when dealing with the interactive websites common today. The plaintiff, ALS, was in the business of creating and marketing adult photographs, and held the copyright for these photographs. The defendant, RemarQ, was an internet service provider that also hosted 30,000 newsgroups. Two of the newsgroups hosted by RemarQ actually included ALS’s name in their title: “alt.als” and “alt.bniaries.pictures.erotica.als.” Both of these newsgroups contained hundreds of ALS-copyrighted photographs.

ALS sent RemarQ a take-down notice that referenced these newsgroups, stated that they were created for the sole purpose of violating its copyrights and trademarks and demanded that RemarQ cease carrying the newsgroups. RemarQ refused to remove the newsgroups, but agreed to removed individual postings that infringed ALS’s copyright if ALS identified them “with sufficient specificity.” Id. at 621. ALS sued RemarQ, which defended by claiming that ALS had not substantially complied with the DMCA take-down notice standard and also that RemarQ had no knowledge of the alleged infringement. RemarQ argued that ALS had never provided it with a “representative list” of the infringing photographs and never identified that photos with sufficient detail for RemarQ to remove them.

The Fourth Circuit disagreed. It found that because ALS had identified the two sites “created for the sole purpose of publishing ALS’s copyrighted works”, asserted that “virtually” all the images on the sites were its copyrighted material, and referred RemarQ to the specific addresses of the website — this was sufficient. Id. at 625 (emphasis added).
However, in the modern world of interactive media, the circumstances that occurred in ALS v. RemarQ will be rarely repeated. Often, a copyright holder will find its works scattered in snippets throughout hundreds of thousands or millions of files on a website. In such cases, a take-down notice that fails to state the locations where the infringing materials can be found is likely to be found insufficient.

For example, in Arista Records, Inc. v. MP3Board, Inc., 2002 WL 1997918 (S.D.N.Y. 2002), the court examined the substantial compliance of three different take-down notices sent by the RIAA to a file-sharing site that provided users with links to other sites where pirated copies of copyrighted music were located. In the first two notices, the RIAA merely listed artists whose work was allegedly being infringed and asked MP3Board to remove links to these works. In the third notice, the RIAA named 21 artists and song titles which were representative of the works being infringed and attached printouts of MP3Board screen shots on which the RIAA indentified 662 links to infringing material.

The Court found that the first two notices fell far short of substantial compliance with the DMCA take-down notice rules. However, the third notice was sufficient because it “identified the material or activity claimed to be infringing and provided information sufficient to permit MP3Board to locate the links.” Id. at *9.

Recent cases have continued to find take-down notices non-compliant where they have failed to easily permit a service provider to locate the infringing material — such as Perfect 10 v. CCBill LLC, 481 F.3d 751 (9th Cir. 2007). The adverse consequences of failing to craft a sufficient take-down notice can be substantial, including having your subsequent suit for copyright infringement dismissed or even opening up yourself to a counter-suit for misrepresentation under 17 U.S.C. § 512(e)(2). So it is important to take the time to make sure that you get your take-down notice right.

If you have any questions about the sufficiency or effect of a take-down notice you wish to send or have received, feel free to contact me or a member of JMBM’s intellectual property practice group.

Filed Under: Blog, Cybercrime, News Tagged With: , , ,

Are interactive websites “developers” of all information they require users to provide in online profiles?

24 Sep 2015 By Leave a Comment

Is a digital media website the “developer” of all information that it requires users to include in on-line profiles? The disturbing answer, according to a recent court opinion, is “yes.”

In a May 22, 2009 ruling, Judge Schell of the Eastern District of Texas dismissed a complaint for negligence, gross negligence and strict products liability against MySpace brought by on behalf of a 15 year old girl who was assaulted by a person whom she met on MySpace.com. See Doe IX v. MySpace, Inc., United States District Court, Eastern District of Texas, No. 4:08-CV-140 (Order granting motion to dismiss). The plaintiff claimed that MySpace was negligent for “refusing to employ reasonable safety features on its website.” Order at 2. The plaintiff also argued that MySpace was not entitled to Communications Decency Act immunity because it provided prompts to assist users in creating profiles and thus was a co-developer of the profiles. Presumably the criminal who assaulted the plaintiff had been assisted by these prompts in creating the profile through which he met the plaintiff. Id.

The court rejected both of these arguments. On the first claim, the Court held that in effect the claim was attempting to hold MySpace liable for publishing information furnished by another information content provider. “Failing to employ reason safety features” means much the same thing as negligently deciding whether or not to publish a particular profile — a traditional function of a publisher. Id. at 2.

On the second claim, the plaintiff argued that MySpace was a co-developer of the profiles on its sites because when a user creates a profile, MySpace prompts the user to enter additional information about “Interests & Personality”, “Name”, “Basic Info”, Background and Lifestyle,” Schools,” Companies,” Networking,” and “Song & Video on Profile.” The plaintiff claimed that the use of such prompts in Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008) was held to make a website a developer of information on the profile. Id. at 3.

The judge rejected this claim, because “[t]he Ninth Circuit repeatedly stated throughout its en banc opinion that the Roommates.com website required its users to provide certain information as a condition of its use and was, therefore, an (sic) information content provider.” Because MySpace users are not required to provide any additional information, MySpace is not an information content provider. Order at 3.

The result in this case is not out of line with prior decisions on the Communications Decency Act. However, I do take issue with his reasoning in finding the MySpace was not a co-developer of its user profiles. While it is true that inRoommate, users were required to enter certain information in profiles, it was not this factor alone that made Roommate a developer of the information on those profiles. After all, many interactive websites require a user to enter basic information such as the user’s name, email address and gender. Rather, the problem for Roommate was that the information it required users to provider was found to be discriminatory. As the Ninth Circuit noted: “Not only does Roommate ask these questions, Roommate makes answering the discriminatory questions a condition of doing business.” Fair Housing Council, 521 U.S. F.3d at 1166.

The real issue for ISP liability should be whether it is culpable in eliciting the illegal content from a third party. As long as an ISP provides neutral tools to assist users in creating and searching for content — as MySpace appears to have done here — then it should get Communications Decency Act protection as not being the publisher or speaker of this material. On the other hand, if a website encourages users to post illegal material, that is a different story.

Filed Under: Blog, Cybercrime, News Tagged With: , ,

Did Recent Decisions on the Scope of Immunity under the Communications Decency Act Inform Craigslist’s Decision to Modify Its Site?

21 Sep 2015 By Leave a Comment

Ninth Circuit

A May 7, 2009 ruling by the Ninth Circuit means that digital media companies will have to be careful about what they say when dealing with a complaint about an offending post. In another of a series of recent cases that have begun to find limits in the “immunity” provided by the Communications Decency Act, on May 7, 2009, a Ninth Circuit three-judge panel held that the CDA provides no protection to an internet service provider who promises, but then fails, to remove content provided by a third party.

Barnes v. Yahoo!, Inc. __ F.3d___, 2009 WL 1232367 (9th Cir. 2009) concerned an alleged fact situation in which after the breakup of their relations, the plaintiff’s boyfriend began to post profiles regarding the plaintiff (Barnes) on Yahoo websites and in Yahoo chatrooms. These posts contained nude photos of the plaintiff, a solicitation to engage in sexual intercourse and provided the address and phone number at her place of employment. Before long, Barnes was peppered with emails, phone calls and personal visits, “all in expectation of sex.” 2009 WL 1232367 at *1. A virtual repeat of Carafano v. Metrosplash.com, Inc., 339 F.3d 1119, 1122 (9th Cir. 2003).

Barnes sent Yahoo several formal requests for the takedown of the posts. Nothing happened. Then, the day before a local news outlet was preparing to broadcast a report on the incident, Yahoo’s director of communications called Barnes, asked her to fax directly the previous statements she had mailed and told Barnes that she would “personally walk the statements over to the division responsible for stopping unauthorized profiles and they would take care of it.” 2009 WL 1232367 at *1.

Barnes claims that she relied on this statement and took no further action on the profiles. However, apparently still failing to get any action, two months later Barnes filed this suit against Yahoo. Shortly thereafter, the profiles disappeared. Id.

Barnes sued Yahoo under two causes of action: (i) negligent undertaking, and (ii) promissory estoppel. “Negligent undertaking” is based on the principal that if you decide to help someone else out, as a Good Samaritan, to protect their person or things, you are subject to liability if you act negligently. “Promissory estoppel” is based on the idea that if you make a promise, with the intent that a third party rely on it, you can be held liable if you fail to perform that promise.

In response to Barnes’ complaint, Yahoo argued that it was immune from liability under the Communications Decency Act (47 U.S.C. § 230(c)). The Ninth Circuit agreed as to the negligent undertaking claim, but not as to promissory estoppel. The difference for the Court was the nature of the specific act on which Yahoo was being sued under the two legal theories — Yahoo’s failure to take down the posts v. Yahoo’s failure to keep its promise to take down the posts.

Filed Under: Blog, Cybercrime, News Tagged With: , ,

Lasco Foods v. Hall and Shaw: Can an Employee Be Liable Under Federal Wiretap

14 Sep 2015 By Leave a Comment

Judge Jean Hamilton’s recent order in Lasco Foods, Inc. v. Hall and Shaw Sales, Marketing & Consulting, LLC, E.D. Missouri (October 26, 2009) held that an ex-employee who accesses information on a company-issued laptop for a purpose adverse to the company can be liable under the federal Stored Communications Act (SCA). Judge Hamilton’s ruling also suggests that even current employees can be held liable under the SCA as well, if they access information from a laptop for a purpose that violates their duty of loyalty to the company.

This ruling is important, because the SCA provides for criminal penalties, as well civil actions, against offenders. 18 U.S.C. §§ 2701(b), 2707. Tens of millions of U.S. employees are issued company-owned laptops, and countless employees download information from these computers for purposes adverse to their former employer’s interests, both during and after leaving the company. Under Judge Hamilton’s ruling, many thousands of these employees theoretically stand in jeopardy of federal prison time.

But is Judge Hamilton’s ruling right? At least one other recent ruling suggests that the SCA cannot be used in this situation at all. See Thule Towing Systems, LLC v. McNallie, E.D.Mich., No. 2:09-cv-10905, Order (July 15, 2009). Other case law suggests that the SCA only reaches employees who access to emails and other communications stored on company-owned computers has been expressly revoked.

Judge Hamilton’s decision was based on SCA Section 2701, which provides that “whoever (1) intentionally accesses without authorization a facility through which an electronics communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such a system shall be punished as provided in subsection (b) of this section.” 18 U.S.C. § 2701(a).

Here, Lasco had alleged that the defendants, Shaw and Hall, were long-time Lasco sales executives and had been provided with company laptops for use in company business. In 2008, Shaw and Hall decided to start a competing restaurant food supply. Both before and after Lasco became aware of this new business, but which they were still Lasco employees, the defendants allegedly “accessed, printed, copied and/or downloaded” a substantial amount of data from their laptops, as well as from Lasco’s network, for use in their competing business. See Lasco Foods, Inc. v. Hall and Shaw Sales, Marketing & Consulting LLC, E.D.Missouri, No. 4:08-cv-01683, Third Amended Complaint (May 15, 2009).

Using principles of agency laws, Judge Hamilton reasoned as follows:

“While Lasco afforded Defendants access to its computers, networks and information for purposes of their employment, Lasco alleged that Hall and Shaw accessed Lasco’s Information to benefit the interests of Defendants, not Lasco. Defendant Hall and Shaw’s authorization to access this information ceased when they breached their duty of loyalty to Lasco and their employment terminated” (emphasis added).

Filed Under: Blog, News Tagged With: , , , , , ,

Chinese Search Engine Suit Proceeds Against Register.com

4 Sep 2015 By Leave a Comment

A federal court will permit Baidu, Inc., a leading Chinese search engine company, to sue Register.com for gross negligence, recklessness, and breach of contract.

The lawsuit arose after a hacker took over Baidu’s Register.com account and interrupted its service for two days in January 2010. Among other things, the hacker redirected Baidu’s users to the Web site of the Iranian Cyber Army. Baidu claimed the hacker wrested control of Baidu’s account as a result of errors made by Register.com’s tech support Internet “chat” staff. According to the complaint: ”Although the Intruder gave the Rep an incorrect response to [a] security question, the Rep nonetheless proceeded with processing the Intruder’s request to change Baidu’s email address; [and] [w]hen the Intruder sent the Rep a bogus security code, the Rep did not notice that it was the wrong code, apparently because the Rep didn’t even bother to check it against the original security code.” The Intruder then allegedly changed the password and hacked into Baidu’s account. Baidu claimed injury to its reputation and business totaling “millions” of dollars.

Register.com moved to dismiss the complaint, asserting a “Limitation of Liability” clause from its Master Services Agreement with Baidu. Among other things, the clause provided that Register. com “will not be liable, under any circumstances, for any (a) termination, suspension, loss, or modification of … Services, (b) use of or the inability to use the Service(s), (c) interruption of business, (d) access delays or access interruptions to this site or a service ….”

Judge Denny Chin of the US District Court for the Southern District of New York held that Register’s contractual limitation of liability clause did not shield the company from allegations of gross negligence and willful misconduct. The Judge held that while limitation of liability clauses are generally enforceable, “an exculpatory agreement … will not exonerate a party from liability under all circumstances. Under announced public policy, it will not apply to exemption of willful or grossly negligent acts [citation omitted].” The opinion notes that if Baidu proves its allegations, “then Register failed to follow its own security protocols and essentially handed over control of Baidu’s account to an unauthorized Intruder….”

The judge ordered a pre-trial conference for August 11th.

Filed Under: Blog, Cybercrime, News Tagged With: , ,