Google can, at least for now, disregard Canadian court order requiring deindexing worldwide

U.S. federal court issues preliminary injunction, holding that enforcement of Canadian order requiring Google to remove search results would run afoul of the Communications Decency Act (at 47 U.S.C. 230)

canada-us
Canadian company Equustek prevailed in litigation in Canada against rival Datalink on claims relating to trade secret misappropriation and unfair competition. After the litigation, Equustek asked Google to remove Datalink search results worldwide. Google initially refused altogether, but after a Canadian court entered an injunction against Datalink, Google removed Datalink results from google.ca. Then a Canadian court ordered Google to delist worldwide, and Google complied. Google objected to the order requiring worldwide delisting, and took the case all the way up to the Canadian Supreme Court, which affirmed the lower courts’ orders requiring worldwide delisting.

So Google filed suit in federal court in the United States, seeking a declaratory judgment that being required to abide by the Canadian order would, among other things, be contrary to the protections afforded to interactive computer service providers under the Communications Decency Act, at 47 U.S.C. 230.

The court entered the preliminary injunction (i.e., it found in favor of Google pending a final trial on the merits), holding that (1) Google would likely succeed on its claim under the Communications Decency Act, (2) it would suffer irreparable harm in the absence of preliminary relief, (3) the balance of equities weighed in its favor, and (4) an injunction was in the public interest.

Section 230 of the Communications Decency Act immunizes providers of interactive computer services against liability arising from content created by third parties. It states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” [More info about Section 230]

The court found that there was no question Google is a “provider” of an “interactive computer service.” Also, it found that Datalink—not Google—“provided” the information at issue. And finally, it found that the Canadian order would hold Google liable as the “publisher or speaker” of the information on Datalink’s websites. So the Canadian order treated Google as a publisher, and would impose liability for failing to remove third-party content from its search results. For these reasons, Section 230 applied.

Summarizing the holding, the court observed that:

The Canadian order would eliminate Section 230 immunity for service providers that link to third-party websites. By forcing intermediaries to remove links to third-party material, the Canadian order undermines the policy goals of Section 230 and threatens free speech on the global internet.

The case provides key insight into the evolving legal issues around global enforcement and governance.

Google, Inc. v. Equustek Solutions, Inc., 2017 WL 5000834 (N.D. Cal. November 2, 2017)

Court allows Microsoft to unmask unknown Comcast users accused of infringement

A federal court in Washington state has given the green light for Microsoft to subpoena records from Comcast to discover the identity of the person or persons associated with an IP address used to activate thousands of unauthorized copies of Microsoft software.

Statue_of_Anonymus_(Budapest,_2013)

Generally, in federal court litigation, a party cannot serve discovery requests or subpoenas until after the plaintiff and defendant have conferred (in a Rule 26(f) conference). But when the plaintiff does not know the identity of the defendant, there is a bootstrapping problem – discovery needs to be taken to find out the defendant with whom to conduct the conference. In situations like this, the plaintiff seeking to unmask an unknown defendant will file its complaint against one or more “John Does,” then ask the court for leave to serve discovery prior to the Rule 26(f) conference.

That is what happened in this case. It is a common tactic used by parties legitimately seeking to enforce intellectual property, as well as parties that may be considered copyright trolls. See, e.g., this early bittorrent case from 2011.

Microsoft filed its complaint and also filed a motion for leave to take discovery prior to the Rule 26(f) conference. Finding that good cause existed for the early discovery, the court granted the motion.

It held that

(1) Microsoft had associated the John Doe Defendants with specific acts of activating unauthorized software using product keys that were known to have been stolen from Microsoft, and had been used more times than were authorized for the particular software,

(2) Microsoft had adequately described the steps it took in an effort to locate and identify the John Doe defendants, specifically by utilizing its “cyberforensics” technology to analyze product key activation data, identifying patterns and characteristics which indicate software piracy,

(3) Microsoft had pleaded the essential elements to state a claim for copyright and trademark infringement, and

(4) the information proposed to be sought through a subpoena appeared likely to lead to identifying information that would allow Microsoft to serve the defendants with the lawsuit.

Microsoft Corp. v. John Does 1-10, 2017 WL 4958047 (W.D. Wash., November 1, 2017)

Image courtesy Dmitrij Rodionov under Creative Commons Attribution-Share Alike 3.0 Unported license. Licensed granted hereby under same terms.

Court orders transfer of domain name at preliminary injunction stage of trademark case

Plaintiff sued a competitor under the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) (“ACPA”)) and brought other trademark-related claims concerning the competitor’s alleged online scam of selling infringing nutritional supplement products. Plaintiff also sued the domain name privacy protection service Namecheap, which the competitor had used to register the domain name. As part of the order granting plaintiff’s motion for preliminary injunction, the court ordered Namecheap to transfer the domain name to plaintiff.

The court noted that a preliminary injunction “is an extraordinary remedy never awarded as of right,” and that the “traditional purpose of a preliminary injunction is to protect the status quo and to prevent irreparable harm during the pendency of the lawsuit.” Given these parameters, one may be reasonably surprised that the court went so far as to transfer the domain name before the case could be taken all the way through trial. Usually the transfer of the domain name is part of the final remedy awarded in a cybersquatting case, whether under the ACPA or the Uniform Domain Name Dispute Resolution Policy.

The opinion did not address the issue of whether the domain name transfer prior to trial might go further than to “protect the status quo”. It would seem the court could have just as easily protected the status quo by ordering the domain name not be used. The court apparently found the evidence to be drastically in favor of plaintiff. And since the defendant-competitor did not show up for the hearing, plaintiff’s evidence went unrebutted.

Nutramax Laboratories, Inc. v. Nutra Max Labs, Inc., 2017 WL 4707447 (D.S.C. October 20, 2017)

See also:

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Online terms of service restricting competitor access to website were unenforceable

If you are in the habit of reading online terms and conditions, you may have encountered a provision that looks something like this:

You may not use the site to gain competitive intelligence about [Provider] to compete with [Provider] or its affiliates.

A court recently held that a provision containing essentially this language was not enforceable against a competitor accused of accessing and copying website content. The court found the provision to be an overly broad non-compete covenant under applicable state law, and likely against public policy. For this reason (among others), the court denied the plaintiff website owner’s motion for a temporary restraining order against the defendant competitor.

The court observed that the restriction was without any geographic or temporal limit. Nor was the provision saved by the requirement that use of “competitive intelligence” be the subject of restricted use. In this particular case, plaintiff was complaining of defendant’s use of information on the publicly-visible portions of plaintiff’s website. Under Illinois law, in order for a covenant not to compete be enforceable, the covenant must secure some “protectable interest” such as a trade secret. For purposes of denying the motion for a temporary restraining order, the court found that a covenant restricting the use of such widely disseminated, freely available information is likely unenforceable.

TopstepTrader, LLC v. OneUp Trader, LLC, 2017 WL 2798397 (N.D. Ill. June 28, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Eleventh Circuit requires copyright owner to obtain registration certificate before filing suit

Although an author owns the copyright in a work the moment he or she creates the work, a court will not hear a case over infringement of the work until the work is registered with the Copyright Office. Here is relevant language from the Copyright Act:

[N]o civil action for infringement of the copyright in any United States work shall be instituted until . . . registration of the copyright claim has been made in accordance with this title.

17 U.S.C. 411(a). Since the Copyright Office issues a certificate of registration when it registers the copyright in a work, one view is that the statute requires a copyright plaintiff to have that registration certificate in hand before filing suit.

But that is not how courts have always applied the statute. Other language in the Copyright Act says that:

the owner of copyright or of any exclusive right in the work may obtain registration of the copyright claim by delivering to the Copyright Office the deposit specified by this section, together with the application and fee specified by sections 409 and 708 [of the Copyright Act].

17 U.S.C. 408(a). Notice how 408(a) does not talk about receiving a registration certificate – it seems to indicate that registration occurs simply by the owner submitting the application, fee and deposit. Some courts have read this portion of the statute this way, and allowed a plaintiff to file suit for copyright infringement after submitting the materials to the Copyright Office but before the registration certificate is issued.

So there is a split among the federal circuits on this issue, namely, between the “registration approach” (requiring certificate in hand) and the “application approach” (requiring only that the application, fee and deposit have been made).

Recently, the Eleventh Circuit Court of Appeals weighed in on the issue. It sided with the registration approach – holding that the plain language of the Copyright Act requires it.

Plaintiff owned the copyright in online articles to which it granted a license to defendant website operator under a subscription agreement. The agreement required defendant to discontinue publication of the licensed content when the agreement terminated. But after termination, the articles remained online. So plaintiff sued for copyright infringement.

The lower court dismissed the action on defendant’s motion because plaintiff had not alleged receipt of the copyright registration certificate in the works at issue. It had only alleged that it had filed the applications to register the copyright claims in the works. Plaintiff sought review with the Eleventh Circuit. On appeal, the court affirmed the dismissal.

The court concluded that the Copyright Act defines registration as a process that requires action by both the copyright owner and the Copyright Office. It relied heavily on language from Section 410 of the Copyright Act that reads as follows:

When, after examination, the Register of Copyrights determines that, in accordance with the provisions of this title, the material deposited constitutes copyrightable subject matter and that the other legal and formal requirements of this title have been met, the Register shall register the claim and issue to the applicant a certificate of registration under the seal of the Copyright Office.

17 U.S.C. 410 (emphasis added). Bolstered by the dictionary definition of “after,” the court held “that registration occurs only after examination of an application necessarily means that registration occurs ‘[l]ater in time than’ or ‘subsequent to’ the filing of the application for registration.”

Fourth Estate Public Benefit Corporation v. Wall-Street.com, LLC, —F.3d —, 2017 WL 2191243 (11th Cir. May 18, 2017)

See also: Is a copyright registration required before filing an infringement lawsuit?

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

No liability for cable company that retained customer information in violation of law

Court essentially holds “no harm, no foul” in case involving violation of federal privacy statute. The case fails to provide an incentive for “privacy by design”.

Can a company that is obligated by law to destroy information about its former customers be held liable under that law if, after the contract with the customer ends, the company does not destroy the information as required? A recent decision from the United States Court of Appeals for the Eighth Circuit (which is located in St. Louis) gives some insight into that issue. The case is called Braitberg v. Charter Communications, Inc., — F.3d —, 2016 WL 4698283 (8th Cir., Sep. 8, 2016).

12493182714_859e827fe6_z

Plaintiff filed a lawsuit against his former cable company after he learned that the company held on to his personally identifiable information, including his social security number, years after he had terminated his cable service. The cable company was obligated under the federal Cable Communications Policy Act to “destroy personally identifiable information if the information is no longer necessary for the purpose for which it was collected.”

The lower court dismissed the lawsuit on the basis that plaintiff had not properly demonstrated that he had standing to bring the lawsuit. Plaintiff appealed to the Eighth Circuit. On review, the court of appeals affirmed the dismissal of the lawsuit.

The appellate court’s decision was informed by the recent Supreme Court decision in Spokeo, Inc. v. Robins, 136 S.Ct. 1540 (S.Ct. 2016), which addressed, among other things, the question of whether a plaintiff asserting violation of a privacy statute has standing to sue.

As a general matter, Article III of the Constitution limits the jurisdiction of the federal courts to actual “cases or controversies”. A party invoking federal jurisdiction must show, among other things, that the alleged injury is both “concrete and particularized” and “actual or imminent, not conjectural or hypothetical”.

In this case, the Court of Appeals found that plaintiff had not alleged an injury in fact as required under Article III and the Spokeo decision. His complaint asserted merely “a bare procedural violation, divorced from any concrete harm.”

The court’s opinion goes on to provide some examples of when the violation of a privacy statute would give rise to standing. It does this by noting certain things that plaintiff did not allege. He did not, for example allege that defendant had disclosed information to a third party, that any other party accessed the data, or that defendant used the information in any way after the termination of the agreement. Simply stated, he identified no material risk of harm from the retention. This speculative or hypothetical risk was insufficient for him to bring the lawsuit.

One unfortunate side effect of this decision is that it does little to encourage the implementation of “privacy by design” in the development of online platforms. As we have discussed before, various interests, including the federal government, have encouraged companies to develop systems in a way that only keeps data around for as long as it is needed. The federal courts’ unwillingness to recognize liability in situations where data is indeed kept around longer than necessary, even in violation of the law, does not provide an incentive for the utilization of privacy by design practices.

Braitberg v. Charter Communications, Inc., — F.3d —, 2016 WL 4698283 (8th Cir., Sep. 8, 2016)

Photo courtesy Flickr user Justin Hall under this Creative Commons license.

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Facebook hacking victim’s CFAA and SCA claims not barred by statutes of limitation

Knowledge that email account had been hacked did not start the statutes of limitation clock ticking for Computer Fraud and Abuse Act and Stored Communications Act claims based on alleged related hacking of Facebook account occurring several months later.

Plaintiff sued her ex-boyfriend in federal court for allegedly accessing her Facebook and Aol email accounts. She brought claims under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”), and the Stored Communications Act, 18 U.S.C. § 2701, et seq. (“SCA”).

Both the CFAA and the SCA have two-year statutes of limitation. Defendant moved to dismiss, arguing that the limitation periods had expired.

The district court granted the motion to dismiss, but plaintiff sought review with the Second Circuit Court of Appeals. On appeal, the court affirmed the dismissal as to the email account, but reversed and remanded as to the Facebook account.

In August 2011, plaintiff discovered that someone had altered her Aol email account password. Later that month someone used her email account to send lewd and derogatory sexually-themed messages about her to people in her contact list. A few months later, similar things happened with her Facebook account — she discovered she could not log in in February 2012, and in March 2012 someone publicly posted sexually-themed messages using her account. She figured out it was her (now married) ex-boyfriend and filed suit.

The district court dismissed the claims because it found plaintiff first discovered facts giving rise to the claims in August 2011, but did not file suit until more than two years later, in January 2014. The Court of Appeals agreed with the district court as to the email account. She had enough facts in 2011 to know her Aol account had been compromised, and waited too long to file suit over that. But that was not the case with the Facebook account. The district court had concluded plaintiff knew in 2011 that her “computer” had been compromised. The Court of Appeals observed that the lower court failed to properly recognize the nuance concerning which computer systems were being accessed without authorization. Unauthorized access to the Facebook server gave rise to the claims relating to the Facebook account. The 2011 knowledge about her email being hacked did not bear on whether she knew her Facebook account would be compromised. The court observed:

We take judicial notice of the fact that it is not uncommon for one person to hold several or many Internet accounts, possibly with several or many different usernames and passwords, less than all of which may be compromised at any one time. At least on the facts as alleged by the plaintiff, it does not follow from the fact that the plaintiff discovered that one such account — AOL e-mail — had been compromised that she thereby had a reasonable opportunity to discover, or should be expected to have discovered, that another of her accounts — Facebook — might similarly have become compromised.

The decision gives us an opportunity to think about how users’ interests in having their data kept secure from third party access attaches to devices and systems that may be quite remote from where the user is located. The typical victim of a hack or data breach these days is not going to be the owner of the server that is compromised. Instead, the incident will typically involve the compromising of a system somewhere else that is hosting the user’s information or communications. This decision from the Second Circuit recognizes that reality, and contributes to the reasonable opportunity for redress in those situations.

Sewell v. Bernardin, — F.3d —, 2015 WL 4619519 (2nd Cir. August 4, 2015)

Evan Brown is an attorney in Chicago helping clients manage issues involving technology and new media.

In software dispute, court enforces forum selection clause and transfers case from California to Michigan

Though parties often think of forum selection clauses as throwaway “boilerplate” language, a recent case demonstrates the influence such a clause can have on where litigation takes place.

Plaintiff sued defendant in California for fraud and other claims relating to the alleged defective performance of electronic medical records software. Defendant moved to transfer the matter to federal court in Michigan, based on a forum selection clause in the agreement that provided, in relevant part, that “[a]ny and all litigation arising from or relating to this Agreement will be filed and prosecuted before any court of competent subject matter jurisdiction in the State of Michigan.” Plaintiff objected to the motion, arguing that enforcement would violate California public policy in a number of ways. The court rejected plaintiff’s arguments and granted the motion to transfer.

Plaintiff argued that transfer would go against California’s public policy against unfair business practices, and would also be against the policy of incentivizing medical providers to adopt electronic medical records systems. The court rejected these arguments because plaintiff’s motion dealt with venue, i.e., where the lawsuit would occur, not which substantive law would apply. Given that the potential existed for the federal court in Michigan to consider whether California law should apply, transferring the case would not cut against public policy.

The court further rejected plaintiff’s argument that the forum selection clause was unconscionable, given that plaintiff did not dispute that she read the clause, and was a sophisticated party. Moreover, citing to language of the Supreme Court on the issue, the court refused to consider arguments about the parties’ private interests. “When parties agree to a forum-selection clause, they waive the right to challenge the preselected forum as inconvenient or less convenient for themselves or their witnesses, or for their pursuit of the litigation.”

East Bay Women’s Health, Inc. v. gloStream, Inc., 2014 WL 1618382 (N.D.Cal. April 21, 2014)

Evan Brown is an attorney in Chicago, advising clients on matters dealing with technology, the internet and new media. Follow him on Twitter @internetcases

Related:

[This is a cross post from the InfoLawGroup blog.]

Does publication on the web give rise to “access” in copyright infringement analysis?

2003lookbackPlaintiff sued defendant for copyright infringement. Defendant moved for judgment on the pleadings (which is essentially the same thing as a motion to dismiss for failure to state a claim except it is after defendant files an answer). Defendant asserted that plaintiff had not pled copyright infringement because under the Seventh Circuit’s “substantial similarity” test to demonstrate infringement, plaintiff had not pled defendant had “access” to the allegedly infringed work.

The court rejected defendant’s argument and denied the motion for judgment on the pleadings on this issue.

In some copyright infringement cases, a plaintiff may not have direct evidence that the defendant committed infringement. In those situations, a finder of fact may infer that infringement has occurred when it is shown that:

  • the defendant had access to the copyrighted work; and
  • the accused work is substantially similar to the copyrighted work.

In this case, defendant argued it never had access to plaintiff’s designs that it was alleged to have infringed. But the court considered the online publication, 11 years ago, of plaintiff’s designs, to find access for purposes of the motion for judgment on the pleadings:

With regard to online publication, in 2003, [plaintiff] first published the [allegedly infringed work] at [its website]. The Internet already was widely used and accessible at that time. Because the non-movant is entitled to reasonable favorable inferences in evaluating a motion for judgment on the pleadings, the online publication is enough to establish access for purposes of denying [defendant’s] motion for judgment on the pleadings.

The court’s decision provides no meaningful analysis as to why publication on the web gives rise to access. It states the finding above in such a conclusory manner as if to indicate it sets forth some per se rule. But one is left to wonder whether other factual nuance would change the answer to the inquiry: What if publication were in 1993 rather than 2003, at a time when many, many fewer people were on the web? What if the publication were behind a paywall for which defendant had no authorization to pass? What if defendant pled it did not utilize the web for this sort of information, or, even more compellingly, not at all?

Skyline Design, Inc. v. McGrory Glass, Inc., 2014 WL 258564 (N.D.Ill. January 23, 2014)

Judge who sent Facebook friend request to wife in pending divorce proceeding should have been disqualified

facebook-friend-request-446x298While a divorce case was pending, the judge overseeing the case sent the wife a Facebook friend request. The wife did not accept the request. Thereafter, the judge entered a final judgment that was more favorable to the husband. After the wife found out about other cases in which the judge had reached out to litigants through social media, she filed a motion to disqualify the judge. The judge refused to disqualify herself.

The wife sought review with the appellate court. On appeal, the court reversed and remanded, holding that the judge should have disqualified herself:

The “friend” request placed the litigant between the proverbial rock and a hard place: either engage in improper ex parte communications with the judge presiding over the case or risk offending the judge by not accepting the “friend” request.

Moreover, the court found the problem of friending a party in a pending case “of far more concern” than a judge’s Facebook friendship with a lawyer. Forbidding judges and counsel to be Facebook friends, especially in smaller counties with tight-knit legal communities, would be unworkable. But with a friend request from the judge, a party has a “well founded fear” of not receiving a fair and impartial trial.

Chace v. Loisel, — So.3d —, 2014 WL 258620 (Fla.App. 5 Dist. January 24, 2014)

Posts navigation

1 2 3 4 7 8 9