Author Archives: Evan Brown (@internetcases)

Sony’s EULA did not protect it from liability under CFAA and for trespass to chattel

Plaintiff filed a class action lawsuit against Sony after Sony issued a software update that bricked plaintiff’s Sony Dash. Sony moved to dismiss for failure to state a claim. The court granted the motion on a number of claims but allowed the Computer Fraud and Abuse Act (CFAA) and trespass to chattel claims to move forward.

CFAA Claim

Sony had argued that the CFAA claim should fail because plaintiff had not alleged the software update was “without authorization,” given the language of the end user license agreement, which read:

From time to time, Sony … may automatically update or otherwise modify the Software, for example, but not limited to for purposes of error correction, improvement of features, and enhancement of security features. Such updates or modifications may change or delete the nature of features or other aspects of the Software, including but not limited to features you may rely upon. You hereby agree that such updates and modifications may occur at Sony’s sole discretion, and that Sony may condition continued use of the Software upon your complete installation or acceptance of such updates or modifications.

Specifically, Sony argued that the EULA authorized Sony to “modify” the software at any time, and warned that such modifications may change or delete the nature of features or other aspects of the software, including features the consumer may rely upon. A court addressed a similar argument in In re Apple, 596 F.Supp.2d 1288 (N.D. Cal. 2008). In that case, Apple, as defendant, relied on the following language to argue that it acted “with authorization” for purposes of the CFAA when bricking iPhones that had been unlocked to access third-party applications:

IF YOU HAVE MODIFIED YOUR IPHONE’S SOFTWARE, APPLYING THIS SOFTWARE UPDATE MAY RESULT IN YOUR IPHONE BECOMING PERMANENTLY INOPERABLE

In that case, the court concluded that usage of the term “may” (as in “may result” in damage) created too much ambiguity surrounding Apple’s warning and found plaintiff’s allegations as to its CFAA claim sufficient to defeat Apple’s motion to dismiss.

Here, Sony had used the same ambiguous “may” (as in “may change or delete the nature of features”) and even more uncertain language than in In re Apple. Unlike in In re Apple, Sony did not explicitly warn that a subsequent software update could render the Dash “permanently inoperable.” The EULA did not say that Sony could delete all features. Instead, it vaguely warned consumers that Sony “may change or delete the nature of features” that a consumer “may rely upon.” This sentence was also prefaced by the following: “From time to time, Sony … may automatically update or otherwise modify the Software, for example, but not limited to for purposes of error correction, improvement of features, and enhancement of security features.”

The court found that this preface implied that automatic software updates would improve or enhance the Dash – not destroy its functionality. The court could not say at this stage that by using the Dash and thus implicitly agreeing to the EULA, plaintiff authorized Sony to render his device inoperable. Accordingly, the court found that plaintiff plausibly pled that Sony acted “without authorization” in bricking the Dash.

Tresspass to Chattel

Under New Jersey law, “[a] cognizable claim for trespass to chattel occurs ‘when personal property, in the actual use of the owner, is injured or taken by a trespasser, so that the owner is deprived of the use of it.’” Arcand v. Brother Int’l Corp., 673 F. Supp. 2d 282, 312 (D.N.J. 2009) (quoting Luse v. Jones, 39 N.J.L. 707, 709 (N.J. 1877)). “[P]hysical contact with the chattel, for instance, where a person kicks another’s car bumper, is not required.” Id. “All that is required … is interference with the chattel as a direct or indirect result of an act done by the actor.” Id.

In this case, Sony’s software update bricked plaintiff’s Dash. The court found that contrary to Sony’s assertions, plaintiff had not consented to Sony rendering his device wholly nonfunctional by agreeing to the EULA.

Sony had also argued that plaintiff never owned the software used by the Dash (in accordance with the EULA) and therefore Sony could not be liable for altering that software in the update. But the court saw it otherwise — whether plaintiff owned the software, Sony, at a minimum, indirectly injured plaintiff’s physical Dash by rendering it completely nonfunctional through the software update. The court again looked to In re Apple wherein that court found that the plaintiffs plausibly pled trespass to chattel by alleging that Apple released a software update that rendered the plaintiffs’ iPhones permanently inoperable. On these facts, the court found that plaintiff had plausibly pled his trespass to chattel claim.

Grisafi v. Sony Electronics Inc., 2019 WL 1930756 (D.N.J. April 30, 2019)

Affirmative defense asserting that Copyright Act is unconstituational survives motion to strike

Plaintiff sued defendant search engine for copyright infringement alleging that defendant wrongfully reposted a picture plaintiff had taken. Defendant’s answer included a number of affirmative defenses. Plaintiff moved to strike the affirmative defenses. The court struck some of them but allowed at least a couple of them to survive.

Unclean hands – Defendant apparently perceived some trollish behavior on the part of the plaintiff. Defendant alleged that, in light of plaintiff’s practice of taking photographs of no actual value, for which there is no market, and seeding them on the internet for the purpose of attempting to extort revenue through litigation, that the claims for equitable relief should be barred by unclean hands. Plaintiff objected, claiming that it was scandalous to characterize plaintiff’s enforcement efforts this way. The court found, though, that the defense was adequately pled and not scandalous. “While the … defense is unfavorable to Plaintiff, it does not ‘cast a cruelly derogatory light on’ Plaintiff as necessary for the Court to conclude that the defense is scandalous.”

Unconstitutionality of portions of Copyright Act – Defendant also asserted that 17 U.S.C. §§ 102 and 410, statues dealing with copyright protections, are unconstitutional as applied to pictures based on technological advancements in photography. Plaintiff responded by pointing out that the Supreme Court since 1884 has found copyright protection for photographs to be constitutional, and argued that defendant presented no cognizable legal argument to suggest that Congress exceeded its constitutional powers by enacting the Copyright Act. Perhaps surprisingly, the court rejected plaintiff’s argument. It noted that the defense was not insufficient, redundant, immaterial, impertinent, or scandalous, but that defendant was arguing that the law, or at least the application of the law, should be changed, and defendant presented grounds for its argument.

Miller v. 4Internet, LLC, 2019 WL 1937567 (D.Nev. April 30, 2019)

Fact that others had access to defendant’s wi-fi was no reason to quash subpoena in copyright case

In a suit against John Doe defendant for copyright infringement arising from defendant’s alleged distribution of plaintiff’s movies via BitTorrent, plaintiff sent a subpoena to Comcast – defendant’s ISP – seeking defendant’s identify.

Defendant moved to quash the subpoena, contending that being the target of the civil action was an undue burden, because there was a substantial likelihood that plaintiff would be unable to establish that defendant was actually the person responsible for the alleged infringement. Defendant also included a letter from his neighbor describing how that neighbor and others had used defendant’s wireless network.

The court denied the motion to quash. It held that even though defendant may turn out to be innocent, at this stage plaintiff was merely seeking to uncover his identity. The fact that other people had access to defendant’s unsecured wi-fi was immaterial. 

Strike 3 Holdings, LLC v. Doe, 2019 WL 1865919 (N.D.Cal. April 25, 2019)

Court allows blockchain platform to send subpoena seeking info about hacker

Plaintiff provides a blockchain asset trading platform and claimed that a hacker broke in and transferred 330,000 Tether and 100 Ether to a Bittrex account. Though Bittrex told plaintiff it had identified the relevant Bittrex account holder, it would not disclose the identity to plaintiff without a court order.

So plaintiff filed suit against the John Doe hacker for conversion, violation of the federal Computer Fraud and Abuse Act, and under Washington state law. Since it could not serve the complaint on the Doe defendant without knowing his identity, plaintiff sought permission from the court to take early discovery from Bittrex. The court granted the motion.

The court permitted plaintiff to send a subpoena to Bittrex requesting the name of the Doe defendant. Federal Rule of Civil Procedure 26(d) bars parties from seeking “discovery from any source before the parties have conferred as required by Rule 26(f), except in a proceeding exempted from initial disclosure under Rule 26(a)(1)(B), or when authorized by these rules, by stipulation, or by court order.” Fed. R. Civ. P. 26(d)(1). In determining whether to permit expedited discovery, the court required plaintiff to demonstrate that “good cause” existed to deviate from the standard pretrial schedule.

In the Ninth Circuit, a court evaluating whether a plaintiff establishes good cause to learn the identity of Doe defendants through early discovery examines whether the plaintiff (1) identifies the Doe defendant with sufficient specificity that the Court can determine that the defendant is a real person who can be sued in federal court, (2) recounts the steps taken to locate and identify the defendant, (3) demonstrates that the action can withstand a motion to dismiss, and (4) proves that the discovery is likely to lead to identifying information that will permit service of process. This test is often associated with the case of Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573, 578–80 (N.D. Cal. 1999).

In this case, the court found that good cause supported plaintiff’s request for leave to take expedited discovery to ascertain sufficient identifying information about the Doe defendant. Plaintiff had provided evidence that appeared to trace the allegedly stolen funds to an account on Bittrex, and plaintiff’s conversation with Bittrex indicated that Doe’s identity as the account holder was likely already known or ascertainable. The court also found that plaintiff’s request seeking identifying information related to Doe was reasonably likely to lead to the production of information that would permit plaintiff to serve process.

ZG TOP Technology Co., Ltd. v. John Doe, 2019 WL 917418 (W.D. Wash., February 25, 2019)

Installing earlier software version that lacked license check feature triggered DMCA anticircumvention liability

EGS and DDS were in a dispute over the use of DDS’s software. [You can read about the copyright infringement claims here.] DDS claimed EGS had failed to pay license fees for its software. So DDS installed an update that would confirm the current license, and if the license was not up to date, would lock the program. In response, EGS elected to use a previously-licensed and older version of the software that did not contain the license check feature. Because of this, DDS claimed that EGS violated the anticircumvention provisions of the Digital Millennium Copyright Act

EGS moved to dismiss the DMCA anticircumvention claim. The court denied the motion. 

The DMCA provides, in relevant part, that “[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title.” It goes on to state that “to ‘circumvent a technological measure’ means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.” It also explains that “a technological measure ‘effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” 

EGS had argued in part that it did not violate the anticircumvention provisions because its conduct was like the defendant in the case of I.M.S. Inquiry Management Systems, Ltd. v. Berkshire Info. Systems, Inc., 307 F. Supp. 2d 521 (S.D.N.Y. 2004). In that case, the defendant used a legitimate username and password to gain access to the protected work. 

The court acknowledged that like the situation in I.M.S., EGS did not do anything to change or manipulate the DDS software. However, as the court noted, the fact remained that EGS allegedly removed the software and reinstalled a prior version. For that reason, I.M.S. and the similar case of Navistar, Inc. v. New Baltimore Garage, Inc., 2012 WL 4338816 (N.D. Ill. Sept. 20, 2012), were not to the contrary.

First, those cases acknowledged that removing a technological measure suffices to state a claim under the DMCA. Second, EGS had leaned heavily on the fact that DDS analogized its license check to a password protection system, and that the district courts in I.M.S. and Navistar reasoned that “using a password to access a copyrighted work, even without authorization, does not constitute circumvention under the DMCA …” But implicit in those courts’ reasoning was a recognition that the licensee already knew the password and thus had the key to the castle.

In this case, to the contrary, EGS had no way to go through the license check and access the current software except by removing it entirely. Accordingly, the court found that a more apt analogy was that EGS circumvented “the deployed technological measure in the measure’s gatekeeping capacity” by uprooting the locked gate.

Eclipse Gaming Systems, LLC v. Antonucci, 2019 WL 3988687 (N.D. Ill. Jan. 31, 2019)

See also:

Failure to pay software license fees was breach of contract, not copyright infringement

As part of a larger business dispute that found its way into litigation, counterclaimant DDS sued counterdefendant EGS for copyright infringement after EGS allegedly used DDS’s software without paying required license fees. EGS moved to dismiss the copyright infringement claims, asserting that there was no copyright infringement occurring, only a breach of the license agreement. The court granted the motion to dismiss. 

The court found that the provision of the agreement between the parties, requiring EGS to pay license fees, was a covenant and not a condition that must be met for use of the software to be authorized. The finding was critical because whether the failure of a non-exclusive licensee to pay royalties constitutes copyright infringement turns on the distinction between a promise subject to a condition and a covenant or contractual promise. Broadly speaking, the promise to pay royalties in a license agreement is generally considered a covenant, not a condition. 

In this case, the agreement between the parties provided that:

Upon [EGS’s] payment of [a one-time fee], and subject in each instance to [EGS’s] subsequent timely payment of the applicable [recurring] licensing fee, [DDS] hereby grants to [EGS] a limited, nonexclusive license . . . . 

The court determined this language established that DDS would install its software and then EGS would pay for the right to use the software. Under this line of thinking, the duty to pay fees did not accrue until the software was installed, meaning that payment could not be a condition on the rights to use the software (and that nonpayment would not be a failure of that condition). 

Eclipse Gaming Systems, LLC v. Antonucci, 2019 WL 3988687 (N.D. Ill. Jan. 31, 2019)

See also:

Arbitration provision in web-based contract was not enforceable

Defendants moved to compel arbitration based upon a purported arbitration clause in an agreement between them and plaintiffs that plaintiffs electronically signed through defendants’ website.

The court found that defendants failed to meet their burden to show, by undisputed material facts, that the parties entered into an agreement to arbitrate the claims in the case. The court looked to the Ninth Circuit decision in Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014) to support the idea that courts will enforce clickwrap-type agreements where the user indicates actual notice of the terms of the agreement or was required to acknowledge the terms of the agreement before proceeding with further use of the site. Enforcement of a browsewrap-type agreement, which lacks such an acknowledgment, will depend upon whether the website’s design and content would put “a reasonably prudent user on inquiry notice of the terms of the contract.” The conspicuousness of the terms and notices, as well as the overall design of the webpage, will contribute to the determination that a user was on inquiry notice.

In this case, according to the court, defendants had not offered evidence explaining the design and content of the webpage in question, or how the agreement appeared on the website. The court could not determine whether the terms of the agreement appeared on the registration page itself, or if a user would have had to click a link to see the full terms. Likewise, the court could not determine other factors that might contribute to determining plaintiffs’ notice of the terms, such as the size of the font or other aspects of the appearance and presentation of the terms online. The declaration offered by defendant did not provide evidence to show that: (1) either of the plaintiffs had actual knowledge of the arbitration agreement; or (2) whether the agreement was a clickwrap or a browsewrap agreement, how the website was designed and where these terms appeared, and whether plaintiffs assented by clicking an “I agree” box, or were deemed to agree by continuing in the registration process.

Given the lack of evidence of how the registration process appeared on its website, how one of the plaintiffs had declared that he did not see an arbitration agreement, and the reasonable doubts and inferences that must be drawn in that plaintiff’s favor under the applicable standard, the court found that plaintiffs had presented a genuine issue of fact concerning notice of, and assent to, the arbitration agreement here. The court could not find that plaintiffs were reasonably on notice of the agreement to arbitrate, and the accordingly the motion to compel was denied.

Chen v. Premier Financial Alliance, Inc., 2019 WL 280944 (N.D. Cal. Jan. 22, 2019)

Company cannot avoid DMCA liability for false CMI by claiming it used its own name

Plaintiff sued defendant claiming defendant violated the DMCA by providing and distributing false copyright management information (“CMI”), in violation of 17 U.S.C. § 1202(a)(1)–(2). Defendant had placed its brand name and logo on and adjacent to plaintiff’s photo within defendant’s advertising material. 

The part the DMCA relevant to this case provides that “[n]o person shall knowingly and with the intent to induce, enable, facilitate, or conceal infringement — (1) provide copyright management information that is false, or (2) distribute or import for distribution copyright management information that is false.”

Section 1202(c) defines CMI as “any of the following information conveyed in connection with copies or phonorecords of a work or performances or displays of a work, including in digital form, except that such term does not include any personally identifying information about a user of a work or of a copy, phonorecord, performance, or display of a work: …” (emphasis added). It goes on to list eight types of CMI, as relevant in this case: (2) the name of, and other identifying information about, the author of the work; (3) the name of, and other identifying information about, the copyright owner of the work, including the information set forth in a notice of copyright; and (7) identifying numbers or symbols referring to such information or links to such information.

Defendant moved to dismiss, arguing that the plain language of § 1202(c) excepts from the definition of CMI “any personally identifying information about a user of a work or of a copy, phonorecord, performance, or display of a work.” It reasoned that because plaintiff’s complaint defined defendant as a “user” of the photograph (i.e., by alleging that defendant used the photograph for commercial promotion) and because personally identifiable information includes names, the name of a user of a work is not, and cannot, be CMI.

The court rejected this argument and denied the motion to dismiss. It looked to the decision of another federal court, Tiermy v. Moschino S.P.A., No. 15-CV-5900, 2016 WL 4942033 (C.D. Cal. Jan. 13, 2016) in which a defendant had made a similar argument. As that court noted, defendant’s argument fell short on a logical basis. Taking defendant’s theory to the extreme, virtually any person who took another’s work and placed their name or brand on it could be considered a “user of a work” rather than an infringer, and escape liability. The court found that was not the intent of the statute, which is to protect the integrity of CMI by prohibiting the provision of false CMI. The court held that it cannot be, and defendant provided no authority in support, that an alleged infringer can escape liability under § 1202(a) simply because the false CMI put forth is the alleged infringer’s own name.

Roth v. The Walsh Co., 2019 WL 318404 (E.D. Wis. Jan. 24, 2019)

Should revenge porn victims be allowed to proceed anonymously in court?

Plaintiff and her twin sister sued her ex-boyfriend and an unknown John Doe accusing them of copyright infringement and other torts such as invasion of privacy. They claimed the defendants posted intimate and nude photos of plaintiffs online without their consent. And defendants had posted one of the plaintiff’s name and other information on social media in connection with the photos.

Arguing that they had a substantial privacy right that outweighed the customary and constitutionally-embedded presumption of openness in judicial proceedings, plaintiffs asked the court for permission to proceed anonymously. But the court denied the motion.

Plaintiffs’ privacy arguments

Plaintiffs had primarily argued that proceeding under their real names would require them to disclose information of the utmost intimacy and that if they were required to attach their names to the litigation, there would be a public record connecting their names to the harm and exploitation they had suffered which could result in even more people viewing the very images that were stolen and disseminated without their consent.

Court: the harm had already been done

The court rejected these arguments. It observed that the photographs had been published on the internet for approximately seven years and had been sent to people they know. Plaintiffs admitted that one of them could be identified in some of the photographs because her face and a distinctive tattoo were visible. And John Doe had already published that plaintiff’s contact information which resulted in her being inundated with phone calls, text messages, emails, and Instagram, Facebook, and Twitter messages.

So in the court’s mind it appeared that that plaintiff’s identity was already known or discoverable. In addition, that plaintiff had obtained copyright registrations for many of the photographs and the copyright registration was a public document that clearly identified her by name.

As for the twin sister, although her identity had not been similarly made public, the court found that “no great stretch [was] required to identify her through public records as [the other plaintiff’s] twin sister.”

Consequently, the court was not persuaded that plaintiffs’ privacy interests outweighed the public’s right of access in judicial proceedings.

M.C. v. Geiger, 2018 WL 6503582 (M.D.Fla. Dec. 11, 2018)

Restraining order entered against website that encouraged contacting children of plaintiff’s employees

Plaintiff sued defendant (who was an unhappy customer of plaintiff) under the Lanham Act (for trademark infringement) and for defamation. Defendant had registered a domain name using plaintiff’s company name and had set up a website that, among other things, he used to impersonate plaintiff’s employees and provide information about employees’ family members, some of whom were minors.

Plaintiff moved for a temporary restraining order and the court granted the motion.

The Website

The website was structured and designed in a way that made it appear as though it was affiliated with plaintiff. For example, it included a copyright notice identifying plaintiff as the owner. It also included allegedly false statements about plaintiff. For example, it included the following quotation, which was attributed to plaintiff’s CEO:

Well of course we engage in bad faith tactics like delaying and denying our policy holders [sic] valid claims. How do you think me [sic], my key executive officers, and my board members stay so damn rich. [sic]

The court found that plaintiff had shown a likelihood of success on the merits of its claims.

Lanham Act Claim

It found that defendant used plaintiff’s marks for the purpose of confusing the public by creating a website that looked as though it was a part of plaintiff’s business operations. This was evidenced by, for example, the inclusion of a copyright notice on the website.

Defamation

On the defamation claim, the court found that the nature of the statements about plaintiff, plaintiff’s assertion that they were false, and the allegation that the statements were posted on the internet sufficed to satisfy the first two elements of a defamation claim, namely, that they were false and defamatory statements pertaining to the plaintiff and were unprivileged publications to a third party. The allegations in the complaint were also sufficient to indicate that defendant “negligently disregarded the falsity of the statements.”

Furthermore, the statements on the website concerned the way that plaintiff processed its insurance claims, which related to the business of the company and the profession of plaintiff’s employees who handled the processing of claims. Therefore, the final element was also satisfied.

First Amendment Limitations

The court’s limitation in the TRO is interesting to note. To the extent that plaintiff sought injunctive relief directed at defendant’s speech encouraging others to contact the company and its employees with complaints about the business, whether at the workplace or at home, or at public “ad hominem” comments, the court would not grant the emergency relief that was sought.

The court also would not prohibit defendant from publishing allegations that plaintiff had engaged in fraudulent or improper business practices, or from publishing the personally identifying information of plaintiff’s employees, officers, agents, and directors. Plaintiff’s submission failed to demonstrate to the court’s satisfaction how such injunctive relief would not unlawfully impair defendant’s First Amendment rights.

The did, however, enjoin defendant from encouraging others to contact the children and other family members of employees about plaintiff’s business practices because contact of that nature had the potential to cause irreparable emotional harm to those family members, who have no employment or professional relationship with defendant.

Symetra Life Ins. Co. v. Emerson, 2018 WL 6338723(D. Maine, Dec. 4, 2018)