Copyright registration certificate was invalid because of inaccurate information provided to Copyright Office

Although the author of a work owns the copyright the moment that work is created, Section 411 of the Copyright Act (17 U.S.C. 411) provides that the copyright owner must register the copyright before the owner can bring suit for infringement. If there is no valid registration certificate, the lawsuit cannot move forward. 

Unauthorized Access Under the Computer Fraud and Abuse Act

In a recent case from the Ninth Circuit, the defendant challenged the validity of the plaintiff’s registration certificate, and the lower court dismissed the matter on summary judgment. Plaintiff sought review with the Ninth Circuit. On appeal, the court affirmed the summary judgment.  

The appellate court agreed with the district court that plaintiff’s certificate of registration was invalid because: 

  • There was no genuine dispute that plaintiff knew that it included inaccurate information in its copyright application. Plaintiff falsely represented that the copy of its website it submitted was not how it looked on the publication date listed in the application.
  • The Register of Copyrights told the court that it would have refused registration had it known about the inaccurate information.  

Because Plaintiff’s certificate of registration was invalid, plaintiff failed to satisfy the registration precondition under Section 411 to bring a copyright infringement claim. 

SellPoolSuppliesonline.com, LLC v. Ugly Pools Arizona, Inc., 2020 WL 1527774 (9th Cir. March 31, 2020) 

Video: 3 trademark essentials for your business

Here are three key ideas for selecting and protecting your company’s trademark:

(1) choose a distinctive mark that is not descriptive,

(2) conduct clearance so that you will not infringe, and

(3) seek registration with the United States Patent and Trademark Office.

Malware detection software provider gets important victory allowing it to flag unwanted driver installer

Despite a recent Ninth Circuit decision denying immunity to malware detection software for targeting competitor’s software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program.

Plaintiff provided software that works in real time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. Defendant provided malware detection software designed to scan consumer’s computers and to report potentially unwanted programs. After defendant’s software categorized plaintiff’s sofware as a potentially unwanted program, plaintiff sued, putting forth a number of business torts, including business disparagement, tortious interference and common law unfair competition.

Defendant moved to dismiss under 47 U.S.C. 230(c)(2)(B), which provides that no provider of an interactive computer service shall be held liable on account of any action taken to enable or make available others the technical means to restrict access to material that the provider deems to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.

The court granted the motion to dismiss, holding that Malwarebytes was immune from suit under Section 230. It differentiated the case from the Ninth Circuit’s recent decision in Enigma Software Group USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019), in which the court held that Section 230 immunity did not protect Malwarebytes for designating a competitor’s anti-malware software as “otherwise objectionable”. In this case, the court found that plaintiff’s software did not make it a competitor to defendant. Since the parties were not direct competitors, the limitations on Section 230’s protection did not apply.

The case can be met with a bit of a sigh of relief to those who, along with Professor Goldman expressed concern that the Enigma case would make it more difficult for anti-malware providers to offer their services. Though Enigma did limit Section 230 protection for these vendors, this decision shows that Section 230 immunity in this space is not dead.  

Asurvio LP v. Malwarebytes, Inc., 2020 WL 1478345 (N.D. Cal. March 26, 2020)

Video: How to stop phishing using your company’s trademarks

COVID-19: Phishing is up since the beginning of the Coronavirus crisis began. Companies can file a straightforward action to stop fraudsters using domain names similar to the company’s trademark.

Related blog post: How companies can use their trademarks to combat COVID-19-related phishing

Video: How to avoid breaking a software or technology agreement

There are a number of things software providers can be doing right now to reduce problems with customers in the coming weeks and months. 

Please like and subscribe and leave a comment. Thanks!

How companies can use their trademarks to combat COVID-19-related phishing

Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email.

Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries – not just the financial sector – are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief.

Varieties of Phish Species

Phishing schemes can take a variety of forms. A fraudster may register a domain name similar to the company’s legitimate domain name and use it to send email messages to the company’s customers, requesting payment and providing wire instructions. Distracted or untrained customers who receive the email may unwittingly wire funds as instructed in the fraudulent email to an account owned by the criminal. Or the phishing party may set up a legitimate looking but fake website at a domain name similar to the company’s legitimate domain name, and direct users there to purportedly log in, thereby disclosing their usernames, passwords, and perhaps additional sensitive information.

Taking Sites Down with the UDRP

Everyone who registers a domain has to agree, by contract, to have disputes over the domain name’s ownership resolved through an administrative proceeding (similar to arbitration). The Uniform Domain Name Dispute Resolution Policy (UDRP) governs disputes over .com, .net, .org and many other domain name registrations. The World Intellectual Property Organization (WIPO) provides administrative panels who decide disputes under the UDRP. These are decided “on the papers” with each party having the opportunity to submit arguments and supporting documentation. The time and expense of a UDRP proceeding is a small fraction of what one sees in typical litigation – UDRP cases usually conclude within weeks, and generally cost a few thousand dollars.

The UDRP Frowns Upon Phishing

To be successful in bringing a UDRP proceeding, a party has to prove (1) that it owns a trademark that is identical or confusingly similar to the disputed domain name, (2) that the party that registered the disputed domain name has no rights or legitimate interests in the disputed domain name, and (3) that the disputed domain name was registered and has been used in bad faith.

UDRP panels typically show little tolerance for blatant phishing efforts. Companies bringing UDRP actions against registrants of domain names registered for phishing purposes enjoy a high rate of success. A good phishing effort (that is, “good” in the sense that the fake domain name succeeds in deceiving) will require using words similar to the company’s mark. So the first element is usually a low hurdle. On the second and third elements, UDRP panels are readily persuaded that a party using a disputed domain name for phishing gains no rights or legitimate interests, and demonstrates clear bad faith. “Using the disputed domain name to send fraudulent email is a strong example of bad faith under the [UDRP].” Samaritan’s Purse v. Domains By Proxy, LLC / Christopher Orientale NA, WIPO Case No. D2019-2403 

Technology vendors must be proactive in dealing with COVID-19 problems

Early action now on possible performance issues will “flatten the curve” of customer problems in the coming weeks and months. 

Here are three things technology and software vendors can do right now to get ahead of problems that may appear (if they are not already) with services such as development, implementation and support:

  • Check your contracts to see whether there are any “material assumptions” that have failed or will fail – perhaps because of some governmental action or unavailability of personnel.
  • Consider whether a change order would be appropriate to redefine the scope of services, timing for performance, or the fees to be charged.
  • See if any delay in your performance is excused on the basis of force majeure. If so, do you need to give notice to your customer that you are claiming force majeure?

Learn from IBM: Do what is required when there are failures of material assumptions.

In 2006, the State of Indiana signed a $1.3 billion contract with IBM to revamp the technology of the State’s welfare system. The economy went south in 2008. In the complicated breach of contract litigation that followed, IBM argued, among other things, that the economic downturn resulted in the failure of one of the material assumptions of the agreement. IBM urged the court to consider that failure of assumption when deciding whether IBM had materially breached its contract to develop and deploy the system.

The Indiana supreme court rejected IBM’s arguments. Why? Not because the economic downturn was not a failure of a material assumption. (It might have been.) Indeed, the contract specifically said that one of the parties’ material assumptions was that the economy would not take a downturn. But IBM did not do what the contract required in light of the downturn – it did not submit a change order request in response to the failure of the assumption, as the contract required.

Change orders anyway?

Even if your contract does not contain material assumptions, it may contain a procedure for procuring change orders. Parties include change order provisions so that they have an organized pathway for making changes to the scope, timing or pricing when circumstances – whether dramatic or trivial – change while the contract is being performed. Vendors should consider whether a simple change to the parties’ obligations can be made now to reduce bigger problems later. It is better for a ship to correct its course early in the journey rather than after many weary days at sea.

And from a practical, customer-focused perspective, the discussions around possible change orders gives a vendor the opportunity to communicate with its customer. This gives the vendor the chance to assure the customer that services are safe in the long run, and can work to build trust and goodwill that will be key in the further development and collaboration that is going to happen in the technology space once this COVID-19 episode has come to a close. 

Force majeure notice – it is critically important

In the litigation against the state of Indiana, IBM also claimed that severe flooding in the state in 2008 was a force majeure event that excused IBM’s performance. Again, as with the argument for failure of material assumption, IBM did not do what it was required to do under the terms of the contract to avail itself of this excuse in performance.

The court found that force majeure did not apply because IBM did not give appropriate notice as required under the agreement. This highlights a critical takeaway – if a vendor sees an upcoming need to claim that it cannot perform due to some circumstance arising from causes outside its control, it is better to place the customer on notice of that fact sooner rather than later.   

So, here are the key questions to ask right now:

  • Has a material assumption failed? If so, what must I do?
  • Would a request for change order be appropriate?
  • What do I need to do before claiming force majeure?

Being proactive now, in the early stages of the COVID-19 crisis, will – just as in the epidemiological context – flatten the curve of problems later.

State of Indiana v. IBM Corp., 51 N.E.3d 150 (Ind. 2016)

Breaking a contract because of COVID-19 – force majeure and other issues

Changing market and other economic situations will no doubt put many parties in the situation of not being able to perform under the contracts they’ve entered into. Below is a brief video outlining the doctrines of:

  • force majeure
  • frustration of purpose
  • impossibility

During this lockdown I hope to generate more content like this. Please like and subscribe! Thanks. 

Ninth Circuit: Section 230 barred tortious interference claim

Amazon.com scored a Ninth Circuit win on Section 230 grounds when the court affirmed the lower court’s summary judgment against a pro se plaintiff’s claim against Amazon for tortious interference with prospective and actual business relations, and interference with an economic advantage. The claim apparently arose out of a third party posting a review on Amazon that plaintiff did not like. Citing to Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009), the court observed that the Communications Decency Act (at Section 230(c)(1)) provides immunity from liability if a claim “inherently requires the court to treat the defendant as the ‘publisher or speaker’ of content provided by another.” Plaintiff had failed to raise a genuine dispute of material fact as to whether Amazon was not a publisher or speaker of content within the meaning of Section 230.

Sen v. Amazon.com, 2020 WL 708701 (9th Cir. February 12, 2020)

Facebook hacking that causes emotional distress – does the CFAA provide recovery?

A recent federal case from Virginia provides information on the types of “losses” that are actionable under the federal anti-hacking statute, the Computer Fraud and Abuse Act (“CFAA”).

Unauthorized Access Under the Computer Fraud and Abuse Act

Underlying facts

Plaintiff worked as a campaign manager, communications director and private sector employee of a Virginia state legislator. While plaintiff was in the hospital, defendant allegedly, without authorization, accessed plaintiff’s Facebook, Gmail and Google Docs accounts, and tried to access her Wells Fargo online account.

Plaintiff’s lawsuit

Plaintiff sued, alleging a number of claims, among them a claim for violation of the CFAA. Defendant moved to dismiss. Although the court denied the motion to dismiss on other grounds, it held that plaintiff’s alleged emotional distress was not the type of “loss” that is actionable under the CFAA.

Loss under the CFAA

One can bring a civil action under the CFAA if the defendant’s alleged conduct involves certain factors. One of those factors, set out at 18 U.S.C. § 1030(c)(4)(A)(i)(II), provides recovery if there is “the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals”.

Plaintiff alleged that defendant’s unauthorized access and attempted access to her accounts caused her to sustain a “loss” under this definition because it caused her to suffer emotional distress for which she needed to seek counseling.

The court disagreed with plaintiff’s assertions. Essentially, the court held, the modification of or impairment of a plaintiff’s treatment must be based on impairment due to the ability to access or used deleted or corrupted medical records. As an example – this was not in the court’s opinion but is provided by the author of this post – one might be able to state a claim if, for example, medical records were modified by a hacker to change prescription information. Further, the court held, to recover under the relevant provision of the CFAA, a defendant’s violation must modify or impair an individual’s medical treatment as it already exists, not merely cause the plaintiff mental pain and suffering that requires additional care.

Hains v. Adams, 2019 WL 5929259 (E.D. Virginia, November 12, 2019)

« Older posts

© 2020 internetcases

Theme by Anders NorenUp ↑