Category Archives: Contracts

Sony’s EULA did not protect it from liability under CFAA and for trespass to chattel

Plaintiff filed a class action lawsuit against Sony after Sony issued a software update that bricked plaintiff’s Sony Dash. Sony moved to dismiss for failure to state a claim. The court granted the motion on a number of claims but allowed the Computer Fraud and Abuse Act (CFAA) and trespass to chattel claims to move forward.

CFAA Claim

Sony had argued that the CFAA claim should fail because plaintiff had not alleged the software update was “without authorization,” given the language of the end user license agreement, which read:

From time to time, Sony … may automatically update or otherwise modify the Software, for example, but not limited to for purposes of error correction, improvement of features, and enhancement of security features. Such updates or modifications may change or delete the nature of features or other aspects of the Software, including but not limited to features you may rely upon. You hereby agree that such updates and modifications may occur at Sony’s sole discretion, and that Sony may condition continued use of the Software upon your complete installation or acceptance of such updates or modifications.

Specifically, Sony argued that the EULA authorized Sony to “modify” the software at any time, and warned that such modifications may change or delete the nature of features or other aspects of the software, including features the consumer may rely upon. A court addressed a similar argument in In re Apple, 596 F.Supp.2d 1288 (N.D. Cal. 2008). In that case, Apple, as defendant, relied on the following language to argue that it acted “with authorization” for purposes of the CFAA when bricking iPhones that had been unlocked to access third-party applications:

IF YOU HAVE MODIFIED YOUR IPHONE’S SOFTWARE, APPLYING THIS SOFTWARE UPDATE MAY RESULT IN YOUR IPHONE BECOMING PERMANENTLY INOPERABLE

In that case, the court concluded that usage of the term “may” (as in “may result” in damage) created too much ambiguity surrounding Apple’s warning and found plaintiff’s allegations as to its CFAA claim sufficient to defeat Apple’s motion to dismiss.

Here, Sony had used the same ambiguous “may” (as in “may change or delete the nature of features”) and even more uncertain language than in In re Apple. Unlike in In re Apple, Sony did not explicitly warn that a subsequent software update could render the Dash “permanently inoperable.” The EULA did not say that Sony could delete all features. Instead, it vaguely warned consumers that Sony “may change or delete the nature of features” that a consumer “may rely upon.” This sentence was also prefaced by the following: “From time to time, Sony … may automatically update or otherwise modify the Software, for example, but not limited to for purposes of error correction, improvement of features, and enhancement of security features.”

The court found that this preface implied that automatic software updates would improve or enhance the Dash – not destroy its functionality. The court could not say at this stage that by using the Dash and thus implicitly agreeing to the EULA, plaintiff authorized Sony to render his device inoperable. Accordingly, the court found that plaintiff plausibly pled that Sony acted “without authorization” in bricking the Dash.

Tresspass to Chattel

Under New Jersey law, “[a] cognizable claim for trespass to chattel occurs ‘when personal property, in the actual use of the owner, is injured or taken by a trespasser, so that the owner is deprived of the use of it.’” Arcand v. Brother Int’l Corp., 673 F. Supp. 2d 282, 312 (D.N.J. 2009) (quoting Luse v. Jones, 39 N.J.L. 707, 709 (N.J. 1877)). “[P]hysical contact with the chattel, for instance, where a person kicks another’s car bumper, is not required.” Id. “All that is required … is interference with the chattel as a direct or indirect result of an act done by the actor.” Id.

In this case, Sony’s software update bricked plaintiff’s Dash. The court found that contrary to Sony’s assertions, plaintiff had not consented to Sony rendering his device wholly nonfunctional by agreeing to the EULA.

Sony had also argued that plaintiff never owned the software used by the Dash (in accordance with the EULA) and therefore Sony could not be liable for altering that software in the update. But the court saw it otherwise — whether plaintiff owned the software, Sony, at a minimum, indirectly injured plaintiff’s physical Dash by rendering it completely nonfunctional through the software update. The court again looked to In re Apple wherein that court found that the plaintiffs plausibly pled trespass to chattel by alleging that Apple released a software update that rendered the plaintiffs’ iPhones permanently inoperable. On these facts, the court found that plaintiff had plausibly pled his trespass to chattel claim.

Grisafi v. Sony Electronics Inc., 2019 WL 1930756 (D.N.J. April 30, 2019)

Failure to pay software license fees was breach of contract, not copyright infringement

As part of a larger business dispute that found its way into litigation, counterclaimant DDS sued counterdefendant EGS for copyright infringement after EGS allegedly used DDS’s software without paying required license fees. EGS moved to dismiss the copyright infringement claims, asserting that there was no copyright infringement occurring, only a breach of the license agreement. The court granted the motion to dismiss. 

The court found that the provision of the agreement between the parties, requiring EGS to pay license fees, was a covenant and not a condition that must be met for use of the software to be authorized. The finding was critical because whether the failure of a non-exclusive licensee to pay royalties constitutes copyright infringement turns on the distinction between a promise subject to a condition and a covenant or contractual promise. Broadly speaking, the promise to pay royalties in a license agreement is generally considered a covenant, not a condition. 

In this case, the agreement between the parties provided that:

Upon [EGS’s] payment of [a one-time fee], and subject in each instance to [EGS’s] subsequent timely payment of the applicable [recurring] licensing fee, [DDS] hereby grants to [EGS] a limited, nonexclusive license . . . . 

The court determined this language established that DDS would install its software and then EGS would pay for the right to use the software. Under this line of thinking, the duty to pay fees did not accrue until the software was installed, meaning that payment could not be a condition on the rights to use the software (and that nonpayment would not be a failure of that condition). 

Eclipse Gaming Systems, LLC v. Antonucci, 2019 WL 3988687 (N.D. Ill. Jan. 31, 2019)

See also:

Arbitration provision in web-based contract was not enforceable

Defendants moved to compel arbitration based upon a purported arbitration clause in an agreement between them and plaintiffs that plaintiffs electronically signed through defendants’ website.

The court found that defendants failed to meet their burden to show, by undisputed material facts, that the parties entered into an agreement to arbitrate the claims in the case. The court looked to the Ninth Circuit decision in Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014) to support the idea that courts will enforce clickwrap-type agreements where the user indicates actual notice of the terms of the agreement or was required to acknowledge the terms of the agreement before proceeding with further use of the site. Enforcement of a browsewrap-type agreement, which lacks such an acknowledgment, will depend upon whether the website’s design and content would put “a reasonably prudent user on inquiry notice of the terms of the contract.” The conspicuousness of the terms and notices, as well as the overall design of the webpage, will contribute to the determination that a user was on inquiry notice.

In this case, according to the court, defendants had not offered evidence explaining the design and content of the webpage in question, or how the agreement appeared on the website. The court could not determine whether the terms of the agreement appeared on the registration page itself, or if a user would have had to click a link to see the full terms. Likewise, the court could not determine other factors that might contribute to determining plaintiffs’ notice of the terms, such as the size of the font or other aspects of the appearance and presentation of the terms online. The declaration offered by defendant did not provide evidence to show that: (1) either of the plaintiffs had actual knowledge of the arbitration agreement; or (2) whether the agreement was a clickwrap or a browsewrap agreement, how the website was designed and where these terms appeared, and whether plaintiffs assented by clicking an “I agree” box, or were deemed to agree by continuing in the registration process.

Given the lack of evidence of how the registration process appeared on its website, how one of the plaintiffs had declared that he did not see an arbitration agreement, and the reasonable doubts and inferences that must be drawn in that plaintiff’s favor under the applicable standard, the court found that plaintiffs had presented a genuine issue of fact concerning notice of, and assent to, the arbitration agreement here. The court could not find that plaintiffs were reasonably on notice of the agreement to arbitrate, and the accordingly the motion to compel was denied.

Chen v. Premier Financial Alliance, Inc., 2019 WL 280944 (N.D. Cal. Jan. 22, 2019)

Facebook did not violate HIPAA by using data showing users browsed healthcare-related websites

Plaintiffs sued Facebook and other entities, including the American Cancer Society, alleging that Facebook violated numerous federal and state laws by collecting and using plaintiffs’ browsing data from various healthcare-related websites. The district court dismissed the action and plaintiffs sought review with the Ninth Circuit. On appeal, the court affirmed the dismissal.

The appellate court held that the district court properly determined that plaintiffs consented to Facebook’s data tracking and collection practices.

Plaintiffs consented to Facebook’s terms

It noted that in determining consent, courts consider whether the circumstances, considered as a whole, demonstrate that a reasonable person understood that an action would be carried out so that their acquiescence demonstrates knowing authorization.

In this case, plaintiffs did not dispute that their acceptance of Facebook’s Terms and Policies constituted a valid contract. Those Terms and Policies contained numerous disclosures related to information collection on third-party websites, including:

  • “We collect information when you visit or use third-party websites and apps that use our Services …. This includes information about the websites and apps you visit, your use of our Services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us,” and
  • “[W]e use all of the information we have about you to show you relevant ads.”

The court found that a reasonable person viewing those disclosures would understand that Facebook maintained the practices of (a) collecting its users’ data from third-party sites and (b) later using the data for advertising purposes. This was “knowing authorization”.

“But it’s health-related data”

The court rejected plaintiffs claim that—though they gave general consent to Facebook’s data tracking and collection practices—they did not consent to the collection of health-related data due to its “qualitatively different” and “sensitive” nature.

The court did not agree that the collected data was so different or sensitive. The data showed only that plaintiffs searched and viewed publicly available health information that could not, in and of itself, reveal details of an individual’s health status or medical history.

This notion supported the court’s conclusion that the use of the information did not violate the Health Information Portability and Accountability Act of 1996 (“HIPAA”) and its California counterpart.

The court held that information available on publicly accessible websites stands in stark contrast to the personally identifiable patient records and medical histories protected by HIPAA and other statutes — information that unequivocally provides a window into an individual’s personal medical history.

Smith v. Facebook, Inc., 2018 WL 6432974 (9th Cir. Dec. 6, 2018)

Facebook and iOS game developer’s browsewrap terms of service were not enforceable

Plaintiffs sued defendant game developer in court alleging defendant’s game (Available on Facebook and via an iOS app) constituted illegal gambling in violation of Washington state law, and that they should get back the money they spent on virtual chips bought in-game.

Defendant moved to compel arbitration. The court denied the motion. It held that the game did not present its terms of service in a manner that would place users on notice of the provisions. Since the plaintiffs never effectively agreed to resolve their claims through arbitration, it was proper to allow the case to stay in court.

The court noted a number of problems with the game’s “browsewrap” agreement.

When a user would first access the Facebook app, the “App Terms” link on the initial pop-up window was located far below the “Continue” button in small grey text. The court found that the pop-up window’s main purpose was to gain permission for data sharing between Facebook and defendant, and was not a point traditionally associated with binding terms unrelated to the data sharing itself.

When a user would first download the iPhone app, the app page contained a link to the “License Agreement” that could only be viewed after significant scrolling. Compounding the problem was the fact that a user could download the app directly from the search results list within the App Store without ever accessing the particular app page. So neither the initial link on Facebook or on the mobile app was coupled with a notification informing a user that downloading or playing defendant’s game created a binding agreement.

The hyperlinks within the game itself also did not put a user on inquiry notice.

On Facebook, the “Terms of Use” hyperlink was located at the very bottom of the gameplay screen in small font next to several other links, and was not visible unless a user would scroll down.

On the mobile app, the link to the Terms of Use was located within a settings menu that a player might never have even needed to access. Furthermore, links that were available only via the settings menu were not “temporally coupled” with a discrete act of manifesting assent, such as downloading an app or making a purchase, and were thus less likely to put a reasonable user on inquiry notice.

Benson v. Double Down Interactive, LLC, 2018 WL 5921062 (W.D.Wa. Nov. 13, 2018)

See also:

Plaintiff could not have agreed to arbitrate claims over website before the website was even created

Ticketmaster.com terms of use did not govern claims arising from related ticket exchange website

Plaintiff sued defendants Ticketmaster and Live Nation asserting violation of the Americans With Disabilities Act and a similar state law. He claimed that Ticketmaster’s NFL Ticket Exchange website did not provide information about wheelchair-accessible seating. Defendants filed a motion asking the court to compel the parties to arbitrate the case. The court denied the motion.

Neither party argued that the terms and conditions of the Ticket Exchange website governed the dispute between them. Defendants instead argued that the clickwrap agreement governing previous purchases defendant had made from ticketmaster.com for concerts applied to plaintiff’s use of the Ticket Exchange website.

This clickwrap agreement contained an arbitration provision that changed over time. Before November 2012, the provision contained broad language stating that the parties “agree[d] to arbitrate all disputes and claims between [them].” The language after November 2012 limited the arbitration provision to any “dispute or claim relating in any way to [plaintiff’s] use of the Site, or to products or services sold or distributed by … or through [defendants].” The definition of “Site” did not include the Ticket Exchange website.

The court rejected defendants’ arguments that the ticketmaster.com terms of service governed plaintiff’s use of the Ticket Exchange website.

The pre-November 2012 terms governed only “the use of ticketmaster.com and mobile versions thereof.” The court observed that at the time, the Ticket Exchange website did not yet exist, and that ticketmaster.com contained a “section” serving the same purpose as the now-existing Ticket Exchange website. Accordingly, the court held that plaintiff would not be deemed to have agreed to arbitrate claims relating to his use of a website before the website was even created.

As to the November 2012-onward terms, the court easily determined those did not apply, as they did, by their own terms, apply only to the Site (which did not include Ticket Exchange). And since Plaintiff had made no purchase on the Ticket Exchange website, the scope of the terms purporting to cover “products or services sold or distributed by … or through [defendants]” still failed to reach the Ticket Exchange website.

Long v. Live Nation Worldwide, 2017 WL 5194978 (W.D. Wash., November 9, 2017)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Court reinstates SCO’s misappropriation claim against IBM in long-running lawsuit

For almost a decade and a half, SCO and IBM have been fighting over their collaboration gone wrong concerning the development of a new version of UNIX for Intel processors. The case has garnered much attention, including from the open source community. You can read the backstory here on the Wikipedia page for the dispute. The case has been on appeal to the Tenth Circuit, which released its opinion on October 30. The decision was a mixed ruling – the court affirmed summary judgment in favor of IBM on most of the issues, but ruled in favor of SCO on one important claim – misappropriation.

SCO sued IBM for the tort of misappropriation (a form of unfair competition) arising from IBM’s alleged use in its own product of source code that SCO had contributed to the joint efforts to develop the new UNIX version. The district court granted IBM’s motion for summary judgment on the misappropriation claim, holding that such a claim was barred under New York law’s “independent tort doctrine”. SCO sought review with the Tenth Circuit Court of Appeals. The court reversed and remanded the case on the misappropriation claim.

This doctrine provides that a simple breach of contract is not to be considered a tort unless a legal duty independent of the contract itself has been violated. This separate duty must spring from circumstances extraneous to, and not constituting elements of, the contract, although it may be connected with and dependent upon the contract.

In this case, the court held that while IBM and SCO may not have had a formal partnership or joint venture as a matter of law, they surely enjoyed a business relationship in which each reposed a degree of trust and confidence in the other. In such a situation, there exists a duty not to take a business collaborator’s property in bad faith and without its consent in order to compete against that owner’s use of the same property.

SCO v. IBM, — F.3d —, 2017 WL 4872572 (10th Cir., October 30, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Live by the browsewrap, die by the browsewrap

Company could not argue it was not bound by competitor’s browsewrap agreement, because it used a browsewrap agreement for its own website.

server_wrap

Oilpro filed a counterclaim for breach of contract against its competitor, DHI, arguing that DHI breached the agreement it had with Oilpro – such agreement being in a browsewrap agreement found on Oilpro’s website – to not scrape, crawl, or use other automated means to download data from Oilpro’s website. DHI moved to dismiss the breach of contract claim, arguing that Oilpro had insufficiently pled that DHI assented to the terms of the browsewrap agreement. The court denied the motion to dismiss.

In browsewrap cases, because there is no affirmative step to acknowledge assent to the agreement, the party claiming breach has to show that a valid contract exists by demonstrating that the breaching party had actual or constructive knowledge of the terms and conditions. Just having a link to the terms at the bottom of the page, or having them available for review (without having to affirmatively click on something) may not be enough (though there are exceptions to this).

Here, the court found that Oilpro was not relying only on the fact that the agreement was on the pages of the website and available. Instead, Oilpro pointed to DHI’s own web design practices to support its knowledge of the terms of the browsewrap agreement. In the court’s words:

Oilpro alleges constructive notice because DHI has a similar site with a similar browsewrap agreement. Thus, even if there are no allegations that DHI took affirmative action to acknowledge assent, the court finds that the allegations relating to DHI’s constructive knowledge provide more than that the agreement was available and raise the claim to plausible.

So the case stands for the proposition that a company that uses a browsewrap agreement on its own website is less likely to be able to argue it is unaware of other companies’ browsewrap agreements. Said another way, browsewrap-using companies may have a higher standard of diligence in their own online dealings.

It should be noted, however, that the conclusion in this case is likely to apply only in the B2B context, and will likely not affect the enforceability (or non-enforceability) of browsewrap agreements in consumer context. The court said “[t]his conclusion is confined, of course, to instances where both parties are sophisticated businesses that use browsewrap agreements on their websites.”

DHI Group, Inc. v. Kent et al., 2017 WL 4837730 (S.D. Texas, October 26, 2017).

Photo courtesy Flickr user Patrick Finnegan under this Creative Commons license.

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Reverse engineering of competitor’s software cost company big

Companies developing software to mimic the functionality of competitors’ products should beware the broad scope of what may constitute reverse engineering. A recent federal case from the Fourth Circuit underscores this idea.

Background – the Development Process

Plaintiff SAS and defendant WPL are competitors in the market for software used to manage and analyze large and complex sets of data. Plaintiff for many years has distributed its proprietary software applications (the SAS System) that run programs written in the eponymous language SAS. WPL sought to create an application to compete with the SAS System, namely, an application it could take to market that would run programs written in SAS. It successfully developed such an application (called the WPS), and customers began dropping the SAS System in favor of the WPS.

As part of its efforts to develop the WPS, defendant obtained a license to use the “Learning Edition” provided by plaintiff – an environment designed for programmers to learn how to code in SAS. Among the provisions in the software license agreement for the Learning Edition was a restriction against reverse engineering the software.

In developing the WPS, defendant did not try to decompile the Learning Edition, or otherwise “tear it down” or “look under the hood.” Instead, it would run SAS code through both the Learning Edition and the WPS, evaluate the outputs from both systems, and tweak the C++ code comprising the WPS to get the outputs to match.

Trial Court Litigation

Plaintiff sued defendant in both U.S. federal court and the U.K. alleging a number of claims, including copyright infringement, breach of contract, deceptive trade practices, and fraud. Of particular importance was the breach of contract claim – plaintiff claimed that defendant’s method of developing the WPS, through adjusting the WPS code based on output compared with Learning Edition output – was reverse engineering prohibited under the terms of the Learning Edition license agreement.

The lower court agreed with plaintiff, and found defendant liable for breach of contract due to reverse engineering, at the summary judgment stage. The case proceeded to trial on other issues where, along with the damages for breach of contract and for deceptive trade practices, the court awarded almost $80 million in damages to plaintiff. Defendant sought review with the Fourth Circuit. On appeal, the court affirmed the lower court’s decision on the reverse engineering issue.

Appellate Court: This Was Reverse Engineering

More specifically, defendant had argued on appeal that the lower court’s summary judgment on the breach of contract/reverse engineering claim was improper because the term “reverse engineering” in the license agreement was ambiguous. Plaintiff and defendant offered competing definitions for what they thought reverse engineering ought to mean. Defendant proposed a narrow definition – essentially, that reverse engineering must have as its objective the re-creation of source code. Plaintiff, however, offered a broader definition, encompassing other efforts to “analyze a product to learn the details of its design, construction, or production in order to produce a copy or improved version.”

The differences in definitions were important – defendant had not sought to, nor did, access or copy the source code of the Learning Edition. If the definition of reverse engineering were limited to the re-creating of source code, then the development of the WPS should be okay.

But the court did not agree with defendant. Finding the language in the software license agreement to be unambiguous, the court observed that “nontechnical words are to be given a meaning consistent with the sense in which they are used in ordinary speech, unless the context clearly requires otherwise.” The court then consulted dictionary definitions for the term “reverse engineer” and also evaluated the broad vs. narrow definitions proposed by the parties in light of other prohibitions (e.g., against “reverse assembly” and “decompilation”) in the same provision of the license agreement. Simply stated, the court found that the agreement was clear on what conduct constitutes reverse engineering, and defendant’s actions fit within that scope.

SAS Institute, Inc. v. World Programming Ltd., — F.3d —, 2017 WL 4781380 (4th Cir. October 24, 2017)

See also:

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Online terms of service restricting competitor access to website were unenforceable

If you are in the habit of reading online terms and conditions, you may have encountered a provision that looks something like this:

You may not use the site to gain competitive intelligence about [Provider] to compete with [Provider] or its affiliates.

A court recently held that a provision containing essentially this language was not enforceable against a competitor accused of accessing and copying website content. The court found the provision to be an overly broad non-compete covenant under applicable state law, and likely against public policy. For this reason (among others), the court denied the plaintiff website owner’s motion for a temporary restraining order against the defendant competitor.

The court observed that the restriction was without any geographic or temporal limit. Nor was the provision saved by the requirement that use of “competitive intelligence” be the subject of restricted use. In this particular case, plaintiff was complaining of defendant’s use of information on the publicly-visible portions of plaintiff’s website. Under Illinois law, in order for a covenant not to compete be enforceable, the covenant must secure some “protectable interest” such as a trade secret. For purposes of denying the motion for a temporary restraining order, the court found that a covenant restricting the use of such widely disseminated, freely available information is likely unenforceable.

TopstepTrader, LLC v. OneUp Trader, LLC, 2017 WL 2798397 (N.D. Ill. June 28, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.