Category Archives: DMCA

Emails held sufficient to amend employment contracts in NY

[Brian Beckham is a contributor to Internet Cases and can be contacted at brian.beckham [at] gmail dot com.]

The New York Court of Appeals, 1st Division recently upheld a lower court ruling that a series of “signed” emails is a sufficient writing to modify a contract.

Plaintiff Stevens sold his business (L-S) to Defendant Publicis under two contracts: a stock-purchase agreement including an initial up-front payment, and an employment contract whereby Plaintiff would continue as Chairman and CEO of the new company (PDNY) for three years with additional contingent fees based on earnings. Shortly after the acquisition, problems arose, including loss of a major client and failure to meet revenue and profit targets. Approximately halfway into the three-year term, Plaintiff was removed as CEO and presented 3 options for continued employment. The then-acting CEO of PDNY (Bloom) exchanged a series of emails with Plaintiff. The culmination of this exchange was an email from Bloom on behalf of PDNY describing his understanding of the parties’ terms regarding Plaintiff’s new role at PDNY that Plaintiff’s time would be allocated 70% towards new business development, 20% in maintaining former L-S clients, and 10% devoted to management/operations of PDNY.

Plaintiff responded the next day by email stating: “…I want to thank you again for helping me…That being said, I accept your proposal with total enthusiasm and excitement…” Bloom for PDNY replied the same day: “I am thrilled with your decision…all of us will continue to work in the spirit of partnership to achieve our mutual goal.”

The bottom of each email had the typed name of the sender.

The lower court held, and the Court of Appeals sustained that the parties had agreed in writing (by their emails) to modify Plaintiff’s duties under his employment contract, specifically because both sides expressed their unqualified acceptance of the modification to the contract. (Bloom’s email set forth the terms of the proposed contractual modification, Plaintiff accepted those terms by his email, and Bloom’s reply memorialized that acceptance). Plaintiff also confirmed his acceptance of the modified contract terms in another email to PDNY’s COO.

The Court of Appeals held that Plaintiff’s (and Bloom’s) emails “constitute ‘signed writings’ within the meaning of the statute of frauds, since plaintiff’s name at the end of his e-mail signified his intent to authenticate the contents.” Moreover, the signed writings (the emails) satisfied a requirement of the original employment contract that any modifications must be signed by all parties, i.e., the several emails served as counter-signatures. The same result may not have been reached in a different state, but at least in NY, “signed” emails can be valid for contract purposes.

Case is: Stevens v. Publicis, S.A., 602716/03.

The vexing linkage between access and protection in DMCA anticircumvention analysis

A couple of days ago David Donoghue wrote about the recent case of Nordstrom Consulting, Inc. v. M&S Technologies, Inc., No. 06-3234, 2008 WL 623660 (N.D. Ill. March 4, 2008). Dave’s post gives a very thorough treatment of all aspects of the case, which involve primarily allegations of infringement of the copyright in software.

The case also involved a claim of circumvention under the Digital Millennium Copyright Act, at 17 U.S.C. 1201(a). The court granted the defendants’ summary judgment motion on this claim.

The dispute arose from a rather typical set of facts. The parties had collaborated on the development of some software. Along the way the principal author of the software became dissatisfied and parted ways. Litigation ensued over the parties’ ownership and use of the source code.

Before plaintiff Nordstrom officially severed ties, he went on vacation. While he was gone, one of the defendant’s employees (Butler) sent Nordstrom an email saying that Butler needed access to the source code which was stored on a computer there in the office, in order to help out a customer. Nordstrom didn’t respond for several days, and in the meantime, Butler disabled the BIOS password for the computer.

Nordstrom sued under Section 1201 over this disabling of the password. The court relied heavily on the Federal Circuit’s decision in Chamberlain Group, Inc. v. Skylink Technologies, Inc., 381 F.3d 1178 (Fed. Cir. 2004) to conclude that there was no violation of Section 1201’s anticircumvention provisions.

The Chamberlain case draws a necessary connection between circumvention and infringement. And the presence of this connection is the vexing part of the analysis. A quick reading of Section 1201 does not reveal the link.

But the Chamberlain court held that Section 1201’s prohibition on circumvention does not give rise to a new property interest, only a new cause of action, one that goes after circumvention of methods controlling access to protected works. One can’t pursue a defendant just for circumvention in a vacuum, so to speak. The circumvention has to bear some “reasonable relationship to the protections that the Copyright Act otherwise affords copyright owners.” Chamberlain, 381 F.3d at 1202. In other words, without infringement or the facilitation of infringement arising from the cirumvention, a cause of action under 1201 does not arise. The linkage is one between access and protection.

The holding of the Nordstrom case as to the DMCA claim picks up on this link between access and protection. Summary judgment on the circumvention claim was proper because the plaintiff could not show that Butler’s disabling of the BIOS password protection on the computer storing the source code enabled any infringement. The evidence before the court was that Butler accessed the code to fix a problem on behalf of an authorized licensee of the software. Because of the license, there could be no infringement. Without any connection to infringement, under the teaching of Chamberlain, a cause of action for circumvention could not be sustained.

Beaded jewelry website tussle turns into lawsuit alleging bogus DMCA takedown notice

Does a hosting provider breach the contract with its customer when it responds to a DMCA takedown notice concerning its customer’s content? The plaintiff in this case would have you believe that. [Download the Complaint]

Jades Creations, LLC v. White, No. 07-50225 (N.D. Ill., Filed November 16, 2007)

Rockford, Illinois-based Jades Creations, LLC has filed suit in federal court against its competitor in the beaded jewelry industry over what Jades claims were unmeritorious takedown notices sent to Earthlink under the Digital Millennium Copyright Act.

Back in October, SW Creations sent a DMCA takedown notice to Earthlink, the host of Jades Creations’ Web site, claiming that material located thereupon infringed SW Creations’ copyright and trademark rights. (Never mind the DMCA does not apply to trademarks.) Jades, of course, disputed the fact that there was infringing content on its site, and successfully had access to its site restored after sending Earthlink a counternotification.

But Jades didn’t stop there. Obviously perturbed by what it believed to be an unwarranted takedown notice that caused it to lose business, it filed a lawsuit in the Northern District of Illinois, asking for a declaration of non-infringement and asserting various tort claims for the takedown notice.

One of the claims is for tortious interference with the contract between Jades and her hosting provider Earthlink. This is intriguing, but it looks like there could be a bit of a hurdle here.

Under Illinois law, a successful plaintiff in a tortious interference with contract action has to prove, among other things, that an actual breach of contract occurred because of the defendant’s conduct. Belden Corp. v. InterNorth, Inc., 413 N.E.2d 98 (Ill. App. 1st Dist. 1980). Did Earthlink breach the contract with its hosting customer when it obeyed the demands of a third party DMCA takedown notice?

Jades alleges that this was a breach (see paragraph 60 of the complaint). Do you agree?

Earthlink’s terms of service can be found here. And remember, 17 U.S.C. 512(g) provides that “a service provider shall not be liable to any person for any claim based on the service provider’s good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.”

Court finds CAPTCHA likely protectible under DMCA

Ticketmaster L.L.C. v. RMG Technologies, Inc., — F.Supp.2d —-, 2007 WL 2988403 (C. D. Cal. Oct. 15, 2007)

RMG Technologies developed an application that allowed its users to automatically access to search for tickets and buy them up by the dozens. Ticketmaster sued RMG, alleging, among other things, copyright infringement, breach of contract, and violation of the anticircumvention provisions of the Digital Millennium Copyright Act found at 17 U.S.C. 1201.

Ticketmaster moved for preliminary injunction on several of the counts in the complaint, and the court granted the motion. It held that Ticketmaster was likely to succeed on its claims of copyright infringement, in that RMG’s access to the Ticketmaster website exceeded the scope of the license to do so granted by the site’s browsewrap agreement. The court also held that under Grokster, Ticketmaster was also likely to succeed in showing that RMG was indirectly liable for inducing infringement through the promotion of the application.

On the DMCA claim, Ticketmaster claimed that by providing the ability for users to get around the CAPTCHAs that have to be solved in order to purchase tickets, RMG trafficked in technology that circumvents a technological measure used to prevent access to a work protected by copyright. (CAPTCHAs are the little challenge-response tests that appear frequently on websites requiring login or authentication, used to help ensure that it’s really a human and not a bot trying to access the website.)

One of RMG’s primary arguments against the preliminary injunction on DMCA grounds was that the CAPTCHAs were not “technological measures” used to circumvent the access protection, but were merely images. The court rejected this argument, looking to the language of the DMCA which provides, in relevant part, that “a technological measure ‘effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.”

In this case, the court found that CAPTCHAS meet these criteria, because in their ordinary course of operation, they require the application of information before access to the work being protected is allowed.

Opinion appears below, or click through if it’s not showing up in the RSS feed:

Internet Archive malfunction leads to interesting DMCA and infringement case

Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, — F.Supp.2d —-, 2007 WL 2085358 (E.D. Pa., July 20, 2007). [Download the opinion]

(This case has been pretty well covered already in the legal blogosphere, including here and here, but this is my $0.02 anyway.)

Plaintiff Healthcare Advocates sued defendant law firm Harding, Earley Follmer & Frailey, as well as a number of attorneys and staff at the firm for copyright infringement and violation of the anticircumvention provisions of the Digital Millennium Copyright Act (“DMCA”). The defendants moved for summary judgment, asserting that the alleged infringement was excused under the doctrine of fair use, and that the alleged conduct under the DMCA did not constitute a “circumvention” as contemplated under the statute. The court granted the defendants’ motion for summary judgment.

The dispute between the parties arose from a novel factual scenario. The defendants used the Internet Archive’s Wayback Machine to access cached versions of the plaintiff’s website. A few days earlier, the plaintiffs had configured a robots.txt file to be used in connection with their site, which should have – in the normal course of operations – prevented the web pages from showing up in the Internet Archive. [More on robots.txt files] But as it turns out, the Internet Archive’s servers were malfunctioning when the defendants conducted their searches, so the pages that should have been excluded under the instructions in the robots.txt file showed up anyway.

The plaintiff claimed that by viewing the archived pages on their office computers without authorization (such lack of permission stemming from the exclusion instructions in the robots.txt file), the defendants violated the plaintiff’s exclusive right under 17 U.S.C. §106 to publicly display their copyrighted works, thereby committing infringement. And by accessing the cached versions in spite of the robots.txt file, the plaintiff argued, the defendants circumvented a technological measure used to prevent access to a copyrighted work, in violation of 17 U.S.C. §1201.

The court agreed that the plaintiffs established the two necessary elements of copyright infringement, namely, (1) ownership of valid copyrights in the web pages, and (2) that the defendants, by viewing the web pages on their office computers, violated the exclusive display right under §106. But the court went on to determine that there was no infringement, because the use made by the defendants was a protected fair use.

On the fair use question, the most significant factor in the court’s analysis was the “purpose and character” of the subsequent use that the defendants had made. The defendants had viewed the archived web pages in connection with their work in defending their client against allegations of infringement in another case brought by Healthcare Advocates. In holding that this investigation of the plaintiff’s online materials was a permissible fair use, the court stated that “[i]t would be an absurd result if an attorney defending a client against charges of trademark and copyright infringement was not allowed to view and copy publicly available material, especially mater that his client was alleged to have infringed.”

As for the DMCA anticircumvention claims, the court held that because the malfunctioning of the Internet Archive servers made it such that the exclusion instructions in the robots.txt file were not present, there was no protective measure in place to be circumvented. Plaintiffs had argued that even though the protective measure was not in place, defendants should have known that they did not have permission to view the cached pages, as some of the requests were met with messages that the page was blocked by the website owner. The court rejected this argument, and, nodding to the case of I.M.S. Inquiry Mgmt. Sys., Ltd. v. Bershire Info. Sys., Inc., 307 F.Supp.2d 521 (S.D.N.Y. 2004), held that a lack of permission is not circumvention under the DMCA.

More evidence needed for YouTube’s DMCA defense

Viacom’s lawsuit against YouTube has gotten quite a bit of attention, but it wasn’t the first case of its kind filed. Almost a year ago, helicopter pilot and journalist Robert Tur sued YouTube for infringement of some well-known video he shot during the Rodney King Riots.

Both parties filed motions for summary judgment, and last week the court denied both motions. The rulings shed some light on how the safe harbor provisions of the Digital Millennium Copyright Act (“DMCA”) may play out in future lawsuits over user-generated content.

YouTube argued in its motion that it qualified for safe harbor protection “based on what it purport[ed] to be its definitive ability to satisfy all of the requirements of the statutory scheme.” The court neatly parsed seven requirements from 17 U.S.C. §512 that a service provider must meet to sail into the safe harbor:

(1) adoption and reasonable implementation of a termination policy for subscribers and account holders who are repeat infringers;

(2) accommodation and non-interference with “standard technical measures” that copyright owners use to protect their works;

(3) infringement is “by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider”;

(4) lack of actual knowledge of the infringing material or no awareness of facts or circumstances from which infringing activity is apparent on the system or network, and expeditious action to remove or disable access to material upon obtaining such knowledge or awareness;

(5) no “financial benefit” directly attributable to the infringing activity,” if it had “the right and ability to control such activity”;

(6) expeditious response to remove or disable access to infringing material upon notification from the copyright owner; and

(7) proper designation of an agent to receive such notification.

The difficulty arose for YouTube under the fifth point, namely, in connection with its argument that it gained no “financial benefit” directly attributable to the infringing activity,” and did not have “the right and ability to control such activity.”

Citing to the recent 9th Circuit case of Perfect 10 v. CCBill, the court observed that this point is actually two requirements in one: a provider’s receipt of a financial benefit is only implicated where it also has the right and ability to control the infringing activity. So if YouTube did not have the right and ability to control the alleged infringing activity, there was no reason to engage in the “financial benefit” analysis.

The court held that there was insufficient evidence to allow it to determine whether YouTube had the right and ability to control the infringing activity. The court’s comments on this point are intriguing, and foreshadow what might be some interesting issues in discovery. “There is clearly a significant amount of maintenance and management that YouTube exerts over its website, but the nature and extent of that management is unclear.” The court went on to note the lack of evidence as to “the process undertaken by YouTube from the time a user submits a video clip to the point of display on the YouTube website.”

Tur v. YouTube, Inc., No. 06-4436, (C.D.Cal. June 20, 2007)

Plain meaning, plain silliness under the DMCA anticircumvention provisions

CNET is reporting on a cease and desist letter some company has sent to Microsoft, Apple, Adobe and others. (I’m not going to mention the company by name because I don’t want to play into what Jessica Litman and I agree is an attempt to garner some unwarranted publicity — see the CNET article.) Simply stated, the company, which has apparently developed some kind of technology designed to prevent ripping of digital audio streams, claims that Microsoft et al. are actively avoiding the implementation of the company’s technology in their products. It clams that this avoidance is a circumvention prohibited under the DMCA.

I don’t opine much on this site, but this company’s theory is based on, at best, a hypertechnical and unsupportable reading of the DMCA. As you know, “circumvention” under the DMCA means to “descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.”

Did you see the word “avoid” there? That’s what the company is apparently hanging its hat on. And the argument sounds clever, until you actually think about the DMCA and what it says.

One has to read the DMCA prohibitions on avoiding, bypassing, removing, deactivating, or impairing technological measures along with the terms immediately preceding, namely, descrambling and decrypting. These prohibited activities share a common theme of some sort of active disabling of the technology, not simply choosing not to use an available technology.

There’s a maxim that Aristotle probably made up called sui generis that lawyers and courts are supposed to use when interpreting statutes. Essentially, when you see a group of terms together in a statute, one is to attribute a common meaning to those terms. Interpreting the meaning of “to avoid” in the way that this company suggests would not be consistent with this principle.

I sincerely hope to not see any reported decisions on these facts.

Hefty award to Sony in action against seller of PlayStation 2 “mod chips”

Court awards over $6 million in DMCA statutory damages

Defendant Filipiak ran an online business that sold, among other things, “mod chips” that allowed Sony PlayStation and PlayStation 2 consoles to play copied games. Sony filed suit against Filipiak under the Digital Millennium Copyright Act (“DMCA”), which makes it illegal to sell any device that is primarily designed or produced to circumvent a technological measure that effectively controls access to copyrighted works. 17 U.S.C. §1201(a)(2).

Filipiak stipulated to liability for selling circumvention devices. The court awarded Sony over $6 million in statutory damages under 17 U.S.C. §1203(c)(3)(A), which provides that

At any time before final judgment is entered, a complaining party may elect to recover an award of statutory damages for each violation of [17 U.S.C. § 1201] in the sum of not less than $200 or more than $2,500 per act of circumvention, device, product, component, offer, or performance of service, as the court considers just.

The court drew a number of noteworthy conclusions in arriving at the damages figure. First, it held that §1203(c)(3)(A) authorizes a separate award of statutory damages for each device sold. (Filipiak had sold thousands of devices.) Next, the court looked to §504 of the Copyright Act (17 U.S.C. §504) to help it construe the meaning of the word “just” as it appears in §1203. No previous case had construed the meaning of the term in §1203, so the attorney’s fees provision of §504 provided guidance.

The amount of damages was calculated by awarding $800 per mod chip sold before June 12, 2004, and the full amount of $2,500 per mod chip sold after June 12, 2004. On that date, Filipiak had signed a stipulated injunction in which he agreed to discontinue sales of the chips and related software. The court concluded that the sales made after Filipiak signed the agreement constituted a willful violation of the DMCA, thus justifying a higher amount of statutory damages.

Sony Computer Entertainment America, Inc. v. Filipiak, (Slip. Op.) 2005 WL 3556676 (N.D. Cal., December 27, 2005).


Unauthorized use of username and password not a “circumvention” under DMCA

The recent case of Egilman v. Keller & Heckman LLP addressed a close question arising under a provision of the Digital Millennium Copyright Act (“DMCA”) found at 17 U.S.C. § 1201. The issue was whether accessing a computer system through the unauthorized use of a valid username and password constitutes an unlawful circumvention of a technological measure. The court held that such conduct is not “circumvention,” and thus not a violation of the DMCA.

Plaintiff Egilman maintained a website that was only available to visitors who entered a correct username and password. He had employed such measures so that only certain people (e.g., his students) would have access. Egilman alleged that, without authorization, the defendants obtained the correct username and password combination, and subsequently gained “improper and illegal” access to the site. He filed suit in federal court asserting, among other things, that the use of the unauthorized username and password was an illegal circumvention of a technological measure, in violation of 17 U.S.C. § 1201.

One defendant moved to dismiss for failure to state a claim, and the others moved for judgment on the pleadings. The court granted the motions.

An essential fact that drove the court’s holding was that the username and password which the defendants allegedly used were the actual username and password which the plaintiff had chosen to protect his website from unauthorized access. For this reason, the defendants were alleged to have merely “used” the technological measure put in place by the plaintiff, and not to have “circumvented” the measure. The court specifically adopted the language and analysis of the case of I.M.S. Inquiry Mgmt. Sys., Ltd. v. Berkshire Info. Sys., Inc., 307 F.Supp.2d 521 (S.D.N.Y. 2004), a case with similar facts and issues.

Quoting from I.M.S., the court stated:

Whatever the impropriety of defendant’s conduct, the DMCA and the anti-circumvention provision at issue do not target the unauthorized use of a password intentionally issued by plaintiff to another entity.

The court went so far as to say:

It was irrelevant who provided the username/password combination to the defendant, or, given that the combination itself was legitimate, how it was obtained. (Emphasis added.)

With this last statement, namely, that the means by which the username and password are obtained is irrelevant, did the court adjudicate a loophole in Section 1201? What if a defendant uses technological means to guess a username and crack a password? In that case, the defendant would ultimately be using the plaintiff’s intended username and password, and thus, according to the court, would merely be “using” and not “circumventing” a technological measure. In such a case, could one really say that for purposes of a Section 1201 analysis, how a username and password are obtained is irrelevant?

Egilman v. Keller & Heckman, LLP, — F.Supp.2d —, 2005 WL 3077260 (D.D.C., November 10, 2005).

[Text of opinion]