Six interesting technology law issues raised in the Facebook IPO

Patent trolls, open source, do not track, SOPA, PIPA and much, much more: Facebook’s IPO filing has a real zoo of issues.

The securities laws require that companies going public identify risk factors that could adversely affect the company’s stock. Facebook’s S-1 filing, which it sent to the SEC today, identified almost 40 such factors. A number of these risks are examples of technology law issues that almost any internet company would face, particularly companies whose product is the users.

(1) Advertising regulation. In providing detail about the nature of this risk, Facebook mentions “adverse legal developments relating to advertising, including legislative and regulatory developments” and “the impact of new technologies that could block or obscure the display of our ads and other commercial content.” Facebook is likely concerned about the various technological and legal restrictions on online behavioral advertising, whether in the form of mandatory opportunities for users to opt-out of data collection or or the more aggressive “do not track” idea. The value of the advertising is of course tied to its effectiveness, and any technological, regulatory or legislative measures to enhance user privacy is a risk to Facebook’s revenue.

(2) Data security. No one knows exactly how much information Facebook has about its users. Not only does it have all the content uploaded by its 845 million users, it has the information that could be gleaned from the staggering 100 billion friendships among those users. [More stats] A data breach puts Facebook at risk of a PR backlash, regulatory investigations from the FTC, and civil liability to its users for negligence and other causes of action. But Facebook would not be left without remedy, having in its arsenal civil actions under the Computer Fraud and Abuse Act and the Stored Communications Act (among other laws) against the perpetrators. It is also likely the federal government would step in to enforce the criminal provisions of these acts as well.

(3) Changing laws. The section of the S-1 discussing this risk factor provides a laundry list of the various issues that online businesses face. Among them: user privacy, rights of publicity, data protection, intellectual property, electronic contracts, competition, protection of minors, consumer protection, taxation, and online payment services. Facebook is understandably concerned that changes to any of these areas of the law, anywhere in the world, could make doing business more expensive or, even worse, make parts of the service unlawful. Though not mentioned by name here, SOPA, PIPA, and do-not-track legislation are clearly in Facebook’s mind when it notes that “there have been a number of recent legislative proposals in the United States . . . that would impose new obligations in areas such as privacy and liability for copyright infringement by third parties.”

(4) Intellectual property protection. The company begins its discussion of this risk with a few obvious observations, namely, how the company may be adversely affected if it is unable to secure trademark, copyright or patent registration for its various intellectual property assets. Later in the disclosure, though, Facebook says some really interesting things about open source:

As a result of our open source contributions and the use of open source in our products, we may license or be required to license innovations that turn out to be material to our business and may also be exposed to increased litigation risk. If the protection of our proprietary rights is inadequate to prevent unauthorized use or appropriation by third parties, the value of our brand and other intangible assets may be diminished and competitors may be able to more effectively mimic our service and methods of operations.

(5) Patent troll lawsuits. Facebook notes that internet and technology companies “frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights.” But it goes on to give special attention to those “non-practicing entities” (read: patent trolls) “that own patents and other intellectual property rights,” which “often attempt to aggressively assert their rights in order to extract value from technology companies.” Facebook believes that as its profile continues to rise, especially in the glory of its IPO, it will increasingly become the target of patent trolls. For now it does not seem worried: “[W]e do not believe that the final outcome of intellectual property claims that we currently face will have a material adverse effect on our business.” Instead, those endeavors are a suck on resources: “[D]efending patent and other intellectual property claims is costly and can impose a significant burden on management and employees….” And there is also the risk that these lawsuits might turn out badly, and Facebook would have to pay judgments, get licenses, or develop workarounds.

(6) Tort liability for user-generated content. Facebook acknowledges that it faces, and will face, claims relating to information that is published or made available on the site by its users, including claims concerning defamation, intellectual property rights, rights of publicity and privacy, and personal injury torts. Though it does not specifically mention the robust immunity from liability over third party content provided by 47 U.S.C. 230, Facebook indicates a certain confidence in the protections afforded by U.S. law from tort liability. It is the international scene that gives Facebook concern here: “This risk is enhanced in certain jurisdictions outside the United States where our protection from liability for third-party actions may be unclear and where we may be less protected under local laws than we are in the United States.”

You have to hand it to the teams of professionals who have put together Facebook’s IPO filing. I suppose the billions of dollars at stake can serve as a motivation for thoroughness. In any event, the well-articulated discussion of these risks in the S-1 is an interesting read, and can serve to guide the many lesser-valued companies out there.

Oregon media shield law did not protect blogger from having to reveal her sources

Obsidian Finance Group, LLC v. Cox, 2011 WL 5999334 (D.Or. November 30, 2011)

Plaintiff filed a defamation lawsuit against defendant, who self-identified as an “investigative blogger” and a member of the “media.” Defendant asked the court to protect her from having to turn over the identity of the sources she spoke with in connection with drafting the allegedly defamatory content. She claimed that she was covered under Oregon’s media shield law, which provides in relevant part that:

No person connected with, employed by or engaged in any medium of communication to the public shall be required by … a judicial officer … to disclose, by subpoena or otherwise … [t]he source of any published or unpublished information obtained by the person in the course of gathering, receiving or processing information for any medium of communication to the public[.]

The court gave two reasons for finding that defendant was not covered by the shield law. First, although defendant thought of herself as the “media,” the record failed to show that she was affiliated with any newspaper, magazine, periodical, book, pamphlet, news service, wire service, news or feature syndicate, broadcast station or network, or cable television system. Thus, according to the court, she was not entitled to the protections of the law in the first instance.

Second, even if defendant were otherwise entitled to those protections, another part of the statute specifically provides that “[t]he provisions of [the shield law] do not apply with respect to the content or source of allegedly defamatory information, in [a] civil action for defamation wherein the defendant asserts a defense based on the content or source of such information.” Because this case was a civil action for defamation, defendant could not rely on the media shield law.

Court protects identity of anonymous email sender

Sandals Resorts Intern. Ltd. v. Google, Inc., — N.Y.S.2d —, 2011 WL 1885939, (N.Y.A.D. 1 Dept., May 19, 2011)

Some unknown person sent an email to a number of undisclosed recipients containing information that was critical of the hiring and other business practices of the Caribbean resort Sandals. Irritated by this communication, Sandals filed an action in New York state court seeking a subpoena to compel Google to identify the owner of the offending Gmail account.

The trial court denied the petition seeking discovery. Sandals sought review with the appellate court. On appeal, the court affirmed the denial of the petition for discovery.

Under New York law, a person or entity can learn the identity of an unknown possible defendant only when it demonstrates that it has “a meritorious cause of action and that the information sought is material and necessary to the actionable wrong.” In this case, the court held that the petition failed to demonstrate that Sandals had a meritorious cause of action.

The court found that nothing in the petition identified specific assertions of fact as false. It also found that the lower court did not err in reasoning that the failure to allege the nature of the injuries caused by the statements in the email were fatal to the petition.

It went on to find that even if the petition had sufficiently alleged the email injured Sandals’ business reputation or damaged its credit standing, it would still deny the application for disclosure of the account holder’s identification on the ground that the subject email was constitutionally protected opinion.

In discussing this portion of its decision, the court said some interesting things about the nature of internet communications, apparently allowing a certain characterization of online speech to affect its rationale:

The culture of Internet communications, as distinct from that of print media such a newspapers and magazines, has been characterized as encouraging a “freewheeling, anything-goes writing style.” […] [T]he e-mail at issue here . . . bears some similarity to the type of handbills and pamphlets whose anonymity is protected when their publication is prompted by the desire to question, challenge and criticize the practices of those in power without incurring adverse consequences such as economic or official retaliation. […] Indeed, the anonymity of the e-mail makes it more likely that a reasonable reader would view its assertions with some skepticism and tend to treat its contents as opinion rather than as fact.

The court made clear that these observations were “in no way intended to immunize e-mails the focus and purpose of which are to disseminate injurious falsehoods about their subjects.” The real cause for concern, and the thing to protect against, in the court’s view, was “the use of subpoenas by corporations and plaintiffs with business interests to enlist the help of ISPs via court orders to silence their online critics, which threatens to stifle the free exchange of ideas.”

Texas supreme court says identities of anonymous bloggers should not be disclosed

In re Does, — S.W.3d —, 2011 WL 1447544 (Texas, April 15, 2011)

The issue of anonymity is a hot topic in internet law. The question of whether an internet user known only by an IP address or username or website name should be identified arises fairly often in the early stages of internet defamation and certain copyright infringement cases. For example, the issue is a big one in the numerous copyright cases that have been brought recently against BitTorrent users who get subpoenas after being accused of trading copyrighted works online.

The supreme court of Texas has issued an opinion that protects the anonymity of a couple of bloggers who were accused of defamation, copyright infringement and invasion of privacy by another blogger. The court ordered that a subpoena served on Google (who hosted the Blogger accounts in question) be quashed.

Texas rules of procedure (Rule 202) allow a petitioner to take depositions before a lawsuit is filed in order to investigate a potential claim. The petitioner in this case filed such an action, and Google agreed to turn over the information about the anonymous Blogger users.

But the anonymous bloggers objected, and moved to quash the deposition subpoena, arguing that the findings required for the discovery to be taken had not been made.

The trial court was required to find that:

(1) allowing the petitioner to take the requested depositions may prevent a failure or delay of justice in an anticipated suit; or

(2) the likely benefit of allowing the petitioner to take the requested deposition to investigate a potential claim outweighs the burden or expense of the procedure.

Neither of these findings were made. Petitioner had tried to argue that the findings were not necessary because he had gotten the agreement of Google to turn over the information.

But the court saw how that missed the point. It held that without the required findings, the discovery could not be taken in the face of objections brought by other interested parties (the parties whose identities were at risk of being revealed).

While many courts have evaluated this kind of question using a first amendment analysis (i.e., is the John Doe’s interest in speaking anonymously outweighed by the plaintiff’s right to seek redress), the court in this case looked to more general concerns of avoiding litigation abuse. Citing to a law review article by Professor Hoffman, the court observed that there is “cause for concern about insufficient judicial attention to petitions to take presuit discovery” and that “judges should maintain an active oversight role to ensure that [such discovery is] not misused”.

1 2 3 4 5 6 7 11 12 13