Author Archives: Evan Brown (@internetcases)

Intellectual property exception to CDA 230 immunity did not apply in case against Google

Plaintiff sued Google for false advertising and violations of New Jersey’s Consumer Fraud Act over Google’s provision of Adwords services for other defendants’ website, which plaintiff claimed sold counterfeit versions of plaintiff’s products. Google moved to dismiss these two claims and the court granted the motion. 

On the false advertising issue, the court held that plaintiff had failed to allege the critical element that Google was the party that made the alleged misrepresentations concerning the counterfeit products. 

As for the Consumer Fraud Act claim, the court held that Google enjoyed immunity from such a claim in accordance with the Communications Decency Act at 47 U.S.C. 230(c). 

Specifically, the court found: (1) Google’s services made Google the provider of an interactive computer service, (2) the claim sought to hold Google liable for the publishing of the offending ads, and (3) the offending ads were published by a party other than Google, namely, the purveyor of the allegedly counterfeit goods. CDA immunity applied because all three of these elements were met. 

The court rejected plaintiff’s argument that the New Jersey Consumer Fraud Act was an intellectual property statute and that therefore under Section 230(e)(2), CDA immunity did not apply. With immunity present, the court dismissed the consumer fraud claim. 

InvenTel Products, LLC v. Li, No. 19-9190, 2019 WL 5078807 (D.N.J. October 10, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown@internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Yahoo successor does not prevail in bid to obtain ymobile.com domain

Oath, Inc., the successor to Yahoo! Inc., filed an action under the Uniform Domain Name Dispute Resolution Policy (UDRP) against a domainer that acquired ymobile.com earlier in 2019. The split 3-member FORUM panel denied the complaint, finding that Oath failed to demonstrate that the respondent lacked rights or legitimate interests in the disputed domain name, and failed to show it registered and used the disputed domain name in bad faith. 

On the question of rights or legitimate interests, the panel found that the respondent’s purchase and sale of the domain name comprised of the generic term “mobile” prefixed by “y” was legitimate, so long as the respondent did not intend to capitalize on Oath’s YMOBILE mark, which is registered in Japan. The panel accepted the respondent’s assertion that it had no notice of the YMOBILE mark prior to acquiring the disputed domain name. 

Regarding bad faith registration and use, the panel similarly found that the respondent was not targeting the Y! or YMOBILE mark, and that it had no knowledge of the YMOBILE mark’s existence prior to acquiring the disputed domain name. 

One of the panelists dissented, arguing that the disputed domain name should have been transferred. He emphasized how the respondent was using the disputed domain name – which the panel found was identical to a mark the complainant owns – to display pay-per-click ads for goods and services competitive with the complainant’s. Some of the ads, for example, were for online games and downloadable software. And on the issue of bad faith, this panel member observed that although the respondent claimed to not know of the complainant’s YMOBILE mark, a simple web search would have revealed it. 

Oath Inc. v. Mira Hold, No. FA 1909001858330 (Forum, October 8, 2019)

Can a person bring a Computer Fraud and Abuse Act claim over unauthorized access to someone else’s computer?

Federal agents served a search warrant on plaintiff’s doctor’s office and thereby obtained access to plaintiff’s medical records, which were shared with a number of other parties involved in the criminal investigation of plaintiff’s doctor. Plaintiff sued under the Computer Fraud and Abuse Act (CFAA). Defendants moved to dismiss that claim. The court granted the motion. The CFAA prohibits unauthorized access to a “protected computer”. In dismissing the case, the court found, among other things, that there were no specific allegations that defendants accessed plaintiff’s computer.

Micks-Harm v. Nichols, No. 18-12634, 2019 WL 4781342 (E.D. Michigan, September 30, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Seventh Circuit requires trademark defendants to pay plaintiff’s attorneys’ fees

Court held this was an “exceptional case” and that trial court judge should have awarded plaintiff its attorneys’ fees under the Lanham Act.

While it is fairly common for successful litigants in copyright cases to be awarded the attorneys’ fees they incur in bringing or defending the case, that fee-shifting is not as common in trademark cases. There is a higher standard that must be met in trademark cases – the prevailing party must show that it has won an “exceptional case”. That recently occurred in the Seventh Circuit Court of Appeals. 

Plaintiff home remodeling company and defendants – a manufacturer of storm shelters and one of its owners individually – found themselves in a trademark dispute over rights to use a mark plaintiff had developed to use as a distributor of defendants’ storm shelters.

Defendants disregarded on oral license agreement it had with plaintiff and used the mark for years outside the territorial scope of the license. The evidence showed that defendants intended to just buy the mark in the event plaintiff noticed defendants’ out-of-scope use.

Plaintiff indeed noticed and sued. The trademark infringement case went to trial. The trial court – though it found in plaintiff’s favor on the liability question and awarded more than $17 million in damages to plaintiff – declined to order defendants to pay plaintiff’s attorneys fees. Plaintiff sought review of the denial of attorney’s fees with the Seventh Circuit.

On appeal, the court reversed and remanded. It found that the trial court’s findings made this an “exceptional case” and thus appropriate for an award of attorneys’ fees.

Specifically, the court found that defendants’ conduct was willful, egregious and intentional. Likewise, defendants had acted in bad faith and maliciously, and refused to cease infringing activity, causing plaintiff unnecessary trouble and expense.

4SEMO.com Inc. v. Southern Illinois Storm Shelters, Inc., Nos. 18-1998 & 18-2095 (7th Cir., October 7, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Fortnite player’s “anxiety and anguish” were not enough to support a lawsuit against game developer over data vulnerability

Plaintiff – one of the millions of people who have played Fortnite – sued Fortnite developer Epic Games based on a data vulnerability in the Fortnite platform and an apparent hacking incident that took place in 2018. After the case was moved from state court in Illinois to federal court there, and then to federal court in North Carolina, defendant moved to dismiss for failure to state a claim.

This young man is feeling anxiety and anguish. He probably would not have standing in a data breach case.

The court dismissed the case, finding that the court lacked subject matter jurisdiction, since plaintiff had not sufficiently alleged that he had suffered an “injury-in-fact”.

It held that the mere existence of a data vulnerability does not constitute injury-in-fact. Instead, a complaint must allege a sufficient factual basis from which to conclude either that plaintiff’s compromised data has been misused, or that it will be misused, such that concrete harms are actual or imminent.

In this case, plaintiff’s complaint contained no facts showing, or even suggesting, that his personal data had been used as a result of the cyber vulnerability. Plaintiff’s complaint did not even state that his data was taken, only that Fortnite had a cyber vulnerability that could have allowed hackers to access his data.

Plaintiff’s only alleged harms were “time and effort to mitigate the risk of identity theft” and “anxiety and anguish”. The court held that anxiety and anguish resulting from data breaches do not confer standing. And without a single fact alleged to show that future harms were certainly impending, the money, time, and effort spent by plaintiff were merely self-imposed harms in response to a speculative threat. In the court’s view, the threat of future injury was wholly speculative and insufficient for standing.

Krohm v. Epic Games, Inc., No. 19-173, 2019 WL 4861101 (E.D. N. Carolina, October 1, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Case shows the surprising narrowness of a key hacking statute definition

Plaintiff sued defendant for violation of the Computer Fraud and Abuse Act (“CFAA”). For almost 20 years, defendant had worked for a company that developed plaintiff’s proprietary software system. In this capacity, defendant had access to plaintiff’s customer database, accounting system and other confidential information. After leaving the work he was performing for plaintiff, defendant founded his own competing venture. 

Defendant moved to dismiss the CFAA claim. The court granted the motion to dismiss. The court held that defendant did not exceed the scope of his authorized access by accessing certain of plaintiff’s documents, files or drives for the benefit of his own venture. Citing to United States v. Nosal, 676 F.3d 854, (9th Cir. 2012), the court observed that the Ninth Circuit has defined “exceeds authorized access” narrowly to include only someone who is authorized to access only certain data or files but accesses unauthorized data or files – or to put it simply: hacking. 

In this case, defendant was authorized to access plaintiff’s systems by virtue of the work he was hired to do in connection with plaintiff’s proprietary software systems. Plaintiff had attempted to draw a distinction between the work he was doing for his former employer and the actions he was undertaking to benefit his new venture (even though those actions were one and the same conduct). The court rejected this reasoning: “[E]ven if defendant accessed [plaintiff’s] information for the eventual benefit of [defendant’s new venture], that does not mean he could not have also accessed it for [his former employer’s] authorized purpose of building software.”

It is worth noting that the contours of “exceeding authorized access” under the CFAA give rise to a circuit split. It is fruitful to consider whether the outcome of this case may have been different, for example, in the Seventh Circuit, under the doctrines set out in Int’l Airport Ctr., L.L.C. v. Citrin, 440 F.3d 418 (7th Cir.2006).

Regal West Corporation v. Nguyen, No. 19-5374, 2019 WL 4748393 (W.D.Washington, September 30, 2019)

Court will not aid company that was banned from accessing Facebook API

Facebook’s ability to decisively police the integrity of its platforms was without question a pressing public interest.

Plaintiffs provided software-as-a-service to help their clients locate social media content, gain approval to use that content, and then re-purpose it in the clients’ own advertising and marketing activities.

Previously, plaintiffs had operated in partnership with Facebook, whereby plaintiffs had access to the Facebook Open Graph API. In late August 2019 (a few weeks after a Business Insider article identified plaintiffs as misusing the Instagram platform) Facebook terminated the marketing partnership and access to the API.

After efforts to informally resolve the situation failed, plaintiffs, perhaps emboldened by the Ninth Circuit’s recent decision in hiQ v. LinkedIn, sued Facebook and Instagram asserting a number of claims, including breach of contract and tortious interference, and also sought a declaratory judgment that plaintiffs did not violate the Computer Fraud and Abuse Act. Plaintiffs sought a temporary restraining order that would have restored access to the platforms pending the case’s determination on the merits. But the court denied the motion. 

No irreparable harm likely

The court rejected plaintiffs’ argument that they would suffer irreparable harm if access was not restored. It found that plaintiffs’ allegations of imminent harms shared a common fatal flaw in that they merely alleged speculative harm – they did not sufficiently demonstrate that irreparable harm was likely to occur.

Plaintiffs did establish for purposes of this motion that much (though not all) of the work they conducted for clients before losing API access involved Facebook. But the court found that plaintiffs had not sufficiently shown that they would actually lose current customers, or fail to acquire new prospective customers, if access were not restored. 

Further, the court found that plaintiffs’ CEO’s statement that “this will soon reach a tipping point where [plaintiffs] can no longer operate” was not specific enough to demonstrate there was irreparable harm. “The extraordinary relief of a pre-adjudicatory injunction demands more precision with respect to when irreparable harm will occur than ‘soon.’ Such vague statements are insufficient evidence to show a threat of extinction.”

Not in the public’s interest

The court also found that the “public’s interest caution[ed] against issuing injunctive relief at this time.” 

Plaintiffs argued that the public interest favored an injunction because one would prevent the imminent destruction of plaintiffs’ business, preserve employee jobs, and generally allow plaintiffs to continue operating. Additionally, they argued that the public interest would be served by enjoining defendants’ wrongful conduct.

Defendants argued that the public had an interest in allowing Facebook to exclude those who act impermissibly on its platform and jeopardize user privacy by, in this instance, automating data collection and scraping content en masse. Defendants argued that the public has an interest in allowing them latitude to enforce rules preventing abuse of their platforms.

The court decided that awarding injunctive relief at this stage would compel Facebook to permit a suspected abuser of its platform and its users’ privacy to continue to access its platform and users’ data for weeks longer, until a preliminary injunction motion could be resolved. Moreover, as precedent within Facebook’s policy-setting organization and potentially with other courts, issuing an injunction at this stage could handicap Facebook’s ability to decisively police its social-media platforms in the first instance. Facebook’s enforcement activities would be compromised if judicial review were expected to precede rather than follow its enforcement actions.

And although the public certainly has some interest in avoiding the dissolution of companies and the accompanying loss of employment, the court found that Facebook’s ability to decisively police the integrity of its platforms was without question a pressing public interest. In particular, the court noted, the public has a strong interest in the integrity of Facebook’s platforms, policing of those platforms for abuses, and protection of users’ privacy.

Stackla, Inc. v. Facebook Inc., No. 19-5849, 2019 WL 4738288 (N.D. Cal., September 27, 2019)

Plaintiff failed to make key arguments in bid to unmask anonymous online defendants

Plaintiff sued some unknown defendants for breach of contract and violations of the Computer Fraud and Abuse Act, based on the defendants’ deceptive conduct that tricked some internet users into signing up for plaintiff’s paid services. The unknown defendants would receive affiliate commissions from operating this scheme. This caused reputation problems for plaintiff.

Plaintiff sought early discovery to ascertain the identities of the unknown defendants. The court denied the motion.

The Federal Rules of Civil Procedure do not permit a party to seek discovery from the adverse parties in the case until all parties have conducted an initial conference under Rule 26(f). But when the defendants are unknown, that conference cannot take place. So the plaintiff needs to conduct discovery to find out who they are. In situations like these, for the required early discovery to occur and the unknown defendants to be identified (so that the conference can take place), the court must enter an order permitting early discovery.

A court can authorize early discovery to identify unknown defendants if there is good cause. In determining whether there is good cause, courts consider whether the plaintiff:

  • can identify the missing party with sufficient specificity such that the court can determine that defendant is a real person or entity who could be sued in federal court;
  • has identified all previous steps taken to locate the elusive defendant; 
  • has articulated claims against defendant that would withstand a motion to dismiss; and 
  • has demonstrated that there is a reasonable likelihood of being able to identify the defendant through discovery such that service of process would be possible.

In this case, the court found that plaintiff failed to identify the defendants with sufficient specificity, and did not demonstrate that each defendant was a real person or entity who would be subject to jurisdiction in the Northern District of California. Plaintiff had not explained why defendants would be subject to the jurisdiction of the court, as defendants’ activities seemed directed at Argentina, and plaintiff’s harm was felt in Argentina and other parts of Latin America. The only apparent connection defendants had with the Northern District of California was that they used domain name services from California companies. Plaintiff provided no authority to suggest this was sufficient to create jurisdiction.

Plaintiff also failed to explain what steps it had taken to locate defendants. Citing to Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573 (N.D. Cal. 1999), the court noted that “[t]his element is aimed at ensuring that plaintiffs make a good faith effort to comply with the requirements of service of process and specifically identifying defendants.” 

In its motion, plaintiff only stated that there were no more practical measures that would permit it to identify the unknown defendants, but did not identify what measures – if any – were taken. For example, plaintiff was apparently able to identify defendants as affiliates, and that a contract existed, giving rise to legal liability. It was therefore not clear why plaintiff was unable to identify defendants based on the contract.

Binbit Argentina, S.A. v. Does 1-25, No. 19-5384, 2019 WL 4645159 (N.D. Cal., September 24, 2019)

See also:

Web design feature killed express license argument in copyright case

Plaintiff sued defendant for copyright infringement over unlicensed use of plaintiff’s musical works in advertisements that defendant created and uploaded to YouTube. Defendant argued that the language and structure of plaintiff’s website – from which the works were downloaded – resulted in an express license or at least an implied license to use the musical works for commercial purposes. The court rejected these arguments and awarded summary judgment to plaintiff. 

No express license

The basis for defendant’s argument that plaintiff’s website gave rise to an express license is not clear. In any event, plaintiff argued that a browsewrap agreement in place on the website established that the works could not be used for commercial purposes without the payment of a license fee. Citing to the well-known browsewrap case of Specht v. Netscape, 306 F.3d 17 (2d Cir. 2002), defendant argued that it did not have notice of the terms and conditions of the browsewrap agreement.

The court distinguished this case from Specht. In this case, plaintiff’s home page contained – similar to the case of Major v. McCallister, 302 S.W.3d 227 (Mo. Ct. App. 2009) – “immediately visible” hyperlinks that referenced terms of use and licensing information. A user did not have to scroll to find these links. So the terms and conditions of the browsewrap agreement were enforceable. Since the browsewrap agreement contained provisions requiring a license for commercial use, no reasonable jury could find that plaintiff had granted defendant an express license to use the musical works for commercial purposes free of charge. 

No implied license

Defendant argued in the alternative that plaintiff had granted defendant an implied license to use the musical works, based on (1) plaintiff’s company name “Freeplay,” and (2) the absence of any conspicuous warning that the works were not available for commercial use. 

The court found these arguments to be “easily disposed of.” Citing to I.A.E., Inc. v. Shaver, 74 F.3d 768 (7th Cir. 1996), the court noted that an implied license exists only when: 

  • a person (the licensee) requests the creation of a work,
  • the creator (the licensor) makes that particular work and delivers it to the licensee who requested it, and 
  • the licensor intends that the licensee-requestor copy and distribute his work.

The court found that defendant failed to prove any of these elements. Defendant never asked plaintiff to create any works. Nor did plaintiff make any works at defendant’s request to be used in defendant’s YouTube videos. Moreover, given plaintiff’s paid license requirements for business use of the copyrighted works available on its website, it could not be said that plaintiff intended that defendant download and distribute those works free of charge. Accordingly, the court found that no implied license existed.

Freeplay Music, LLC v. Dave Arbogast Buick-GMC, Inc., No. 17-42, 2019 WL 4647305 (S.D. Ohio, September 24, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.