Veoh eligible for DMCA Safe Harbor

[Brian Beckham is a contributor to Internet Cases and can be contacted at brian.beckham [at] gmail dot com.]

Io Group, Inc. v. Veoh Networks, Inc., 2008 WL 4065872 (N.D.Cal. Aug. 27, 2008)

The U.S. District Court for the Northern District of California ruled that Veoh’s hosting of user-provided content is protected by the DMCA safe harbor provision, and that it does not have a duty to police for potential copyright infringement on behalf of third-parties, but rather must act to remove infringing content when so put on notice.

IO produces adult films; Veoh hosts, inter alia, its own “Internet TV channels” and user-posted content (much like YouTube). In June 2006, IO discovered clips from ten (10) of its copyrighted films ranging from 6 seconds to 40 minutes in length hosted on Veoh. Rather than sending Veoh a “DMCA Notice & Takedown” letter, IO filed the instant copyright infringement suit. (Coincidentally, Veoh had already removed all adult content sua sponte — including IO’s prior to the suit). Had Veoh received such a notice, so the story goes, it would have removed the content, and terminated the posting individual’s account.

When a user submits a video for posting, Veoh’s system extracts certain metadata (e.g., file format and length), assigns a file number, extracts several still images (seen on the site as an icon), and converts the video to Flash. Prior to posting, Veoh’s employees randomly spot check the videos for compliance with Veoh’s policies (i.e., that the content is not infringing third-party copyrights). On at least one occasion, such a spot check revealed infringing content (an unreleased movie) which was not posted.

Veoh moved for summary judgment under the DMCA’s Safe Harbors which “provide protection from liability for: (1) transitory digital network communications; (2) system caching; (3) information residing on systems or networks at the direction of users; and (4) information location tools.” Ellison, 357 F.3d at 1076-77. Finding that Veoh is a Service Provider under the DMCA, the Court had little trouble in finding that it qualified for the Safe Harbors. IO admitted that Veoh “(a) has adopted and informed account holders of its repeat infringer policy and (b) accommodates, and does not interfere with, “standard technical measures” used to protect copyrighted works”, but took issue with the manner in which Veoh implemented its repeat infringer policy.

Veoh clearly established that it had a functioning DMCA Notice & Takedown system:

  • Veoh has identified its designated Copyright Agent to receive notification of claimed violations and included information about how and where to send notices of claimed infringement.
  • Veoh often responds to infringement notices the same day they are received.
  • When Veoh receives notice of infringement, after a first warning, the account is terminated and all content provided by that user disabled.
  • Veoh terminates access to other identical infringing files and permanently blocks them from being uploaded again.
  • Veoh has terminated over 1,000 users for copyright infringement.

The Court held that Veoh did not have a duty to investigate whether terminated users were re-appearing under pseudonyms, but that as long as it continued to effectively address alleged infringements, it continued to qualify for the DMCA Safe Harbors; moreover, it did not have to track users’ IP addresses to readily identify possibly fraudulent new user accounts.

The Court further noted that: “In essence, a service provider [Veoh] is eligible for safe harbor under section 512(c) if it (1) does not know of infringement; or (2) acts expeditiously to remove or disable access to the material when it (a) has actual knowledge, (b) is aware of facts or circumstances from which infringing activity is apparent, or (c) has received DMCA-compliant notice; and (3) either does not have the right and ability to control the infringing activity, or – if it does – that it does not receive a financial benefit directly attributable to the infringing activity.”

The Court found that (1) there was no question that Veoh did not know of the alleged infringement — since IO did not file a DMCA Notice (2) it acted expeditiously to remove user-posted infringing content, (3) it did not have actual knowledge of infringement, (4) it was not aware of infringing activity, and (5) it did not have the right and ability to control the infringing activity (the Court did not address any financial benefit).

In sum: the Court “[did] not find that the DMCA was intended to have Veoh shoulder the entire burden of policing third-party copyrights on its website (at the cost of losing its business if it cannot). Rather, the issue [was] whether Veoh [took] appropriate steps to deal with [alleged] copyright infringement.”

There is much speculation as to how, if at all, this case will affect the Viacom / YouTube case. YouTube praised the decision, Viacom noted the differences. Each case turns on its own facts, but to the extent there are similarities, this decision is wind in YouTube’s sails.

Case is: IO Group Inc.(Plaintiff), v. Veoh Networks, Inc. (Defendant)

Slamming Wikipedia’s reliability not enough in immigration case

Badasa v. Mukasey, — F.3d —, 2008 WL 3981817 (8th Cir. Aug. 29, 2008)

Illegal alien Badasa sought asylum in the United States. To establish her identity, she submitted to the Immigration Judge a “laissez-passer” issued by the Ethiopian government. Opposing the application for asylum, the Department of Homeland Security submitted a number of items, including a Wikipedia article, to show that a laissez-passer is merely a document issued for a one-time purpose based on information provided by the applicant. The Immigration Judge was not convinced that the laissez-passer established Badasa’s identity, and denied the application for asylum.

Badasa appealed to the Board of Immigration Appeals, which agreed that asylum should be denied. It soundly criticized Wikipedia’s reliability to establish the meaning of the document at issue, but found there was enough other evidence to support the Immigration Judge’s conclusion that Badasa had failed to establish her identity. But the Board of Immigration Appeals failed to discuss this other evidence, therefore running afoul of the administrative law textbook case of SEC v. Chenery, 318 U.S. 80 (1943).

So the Eighth Circuit sent the case back to the Board of Immigration Appeals to make additional findings. The court observed that the Board of Immigration Appeals found that “Badasa was not prejudiced by the [Immigration Judge’s] reliance on Wikipedia, but [the Board of Immigration Appeals] made no independent determination that Badasa failed to establish her identity.” In short, the Board of Immigration Appeals had focused only on why the use of Wikipedia made the case less “solid,” and did not address the lack of solidity found in any of the other evidence connected with the laissez-passer used to establish identity.

Negligence claim allowed in laptop theft case

Ruiz v. Gap, Inc., 540 F.Supp.2d 1121 (N.D. Cal. March 24, 2008)

In 2006, Ruiz applied for a job at the Gap and was required to provide his Social Security number. A vendor hired by the Gap for recruiting stored Ruiz’s information on a laptop which, as luck would have it, was stolen.

Though he was not (at least yet) the victim of identity theft, Ruiz sued the Gap for negligence. The Gap moved for judgment on the pleadings which the court also treated as a motion to dismiss for failure to state a claim. The court denied the motion to dismiss as to negligence (and granted the motion as to claims for bailment, unfair competition and violation of the California constitutional right to privacy). But Ruiz’s standing to bring the claim was tenuous.

The Gap had argued that Ruiz lacked standing. His only alleged harm was that he was at an increased risk for identity theft. The court’s analysis of the Gap’s objection to standing focused on the first element of the Lujan test (Lujan v. Defenders of Wildlife, 504 U.S. 555 (1992)), namely, whether Ruiz’s alleged injury was “concrete and particularized.”

The Ninth Circuit has held for allegations of future harm to confer standing, the threat must be credible, and the plaintiff must show that there is a “significant possibility” that future harm will ensue. The Lujan case (which is the leading Supreme Court authority on standing) essentially creates a “benefit of the doubt” for plaintiffs at the pleading stage — a court is to presume that general allegations embrace those specific allegations that are necessary to show a particularized injury. Ruiz’s general allegations of the threat of future harm were thus sufficient to confer standing.

But the court gave a warning to Ruiz that the threshold of standing does not apply only to pleadings, but is an indispensable part of a plaintiff’s case throughout. In other words, he’ll have to come up with more later to keep the case in court.

So in denying the motion to dismiss the negligence claim, the court incorporated its standing analysis. The only issue on the point of negligence was whether Ruiz had suffered an injury. Ruiz’s general allegations were sufficient.

Network Solutions’s forum selection clause enforced


Doe v. Network Solutions, LLC, No. 07-5115, 2008 WL 191419 (N.D. Cal. January 22, 2008)

Plaintiff Doe alleged violations of the Electronic Communications Privacy Act and similar California statutes when he discovered that personal and financial information about him had allegedly been obtained from a webmail account he established with Network Solutions. Citing to the forum selection clause in the click-wrap agreement Doe had entered into several times, Network Solutions moved to dismiss the action under Fed. R. Civ. P. 12(b)(3) for improper venue.

The court granted the motion to dismiss, finding that the claims brought by plaintiff were within the scope of the clause, and that enforcement would not be unreasonable. The matter was dismissed without prejudice to refile in the Eastern District of Virginia.

The forum selection clause provided, in relevant part, that it governed “any disputes between [customer] and Network Solutions under, arising out of, or related in any way to this Agreement. . . .” In holding that the claims fell within the scope of the clause, the court observed that although there were no claims for breach of contract, the claims arose out of plaintiff’s status as a customer and related to the services, thus implicating the contractual relationship. Moreover, the language “under, arising out of, or related in any way to [the] agreement” led the court to conclude that the clause was to be construed broadly.

In determining that enforcement of the clause would not be unreasonable, the court rejected plaintiff’s argument that it would contravene public policy, as the choice of law provision (naming Virginia) would preclude recovery under various California statutes. The court noted that California law had not expressed any policy against enforcement of a forum selection clause in the context of the claims asserted, and that a clause providing a forum which permits different or less favorable remedies is not, alone, a basis for invalidating the clause.

Damage under CFAA must involve some diminution of the system to be actionable

Garelli Wong & Assoc. v. Nichols, No. 07-6227, 2008 WL 161790 (N.D. Ill. January 16, 2008)

A recent decision from the U.S. District Court for the Northern District of Illinois presents a pretty typical fact pattern (employee leaves with sensitive data to work for a competitor), but also gives some useful guidance on the scope of the Computer Fraud and Abuse Act, 18 U.S.C. 1030 et seq. (CFAA).

Plaintiff Garelli Wong and Associates provides temporary placement for accounting professionals. When defendant Nichols worked for Garelli, he signed an NDA and learned a lot about the company’s clients, employees and strategy.

So when Garelli learned that Nichols allegedly copied a bunch of information before jumping ship, it sued. In addition to breach of contract, Garelli claimed Nichols violated the CFAA.

Nichols moved to dismiss the CFAA claim pursuant to Fed. R. Civ. P. 12(b)(6). The court granted the motion. It held that the CFAA requires a plaintiff to plead both damage and loss, and that Garelli failed to sufficiently plead both.

The CFAA defines “damage” as “impairment to the integrity or availability of data, a program, a system, or information.” Citing approvingly to the unpublished case of ResDev v. Lot Builders, 2005 WL 1924743 (M.D. Fla. August 10, 2005), which held that the word “integrity” required “some diminution in the completeness or useability of data or information on a computer system,” the court sided with Nichols. He had contended that CFAA liability does not arise merely by copying data. A violation of the CFAA requires more — some adverse effect on the system.

Garelli’s loss allegation essentially got Twomblied. The court found that Garelli’s allegations of loss — essentially a formulaic recitation of the CFAA’s $5,000 threshold language — did not provide the grounds of the entitlement to relief with more than labels and conclusions.

Anonymous alleged infringer identified with little substantive inquiry into infringement claim

[In re Subpoena Issued Pursuant to the Digital Millennium Copyrigt Act to: 43SB.com, No. 07- 6236, 2007 WL 4335441 (D. Idaho, December 7, 2007).]

When the general counsel for Melaleuca, Inc. saw some negative content someone had posted about the company on the Web site 43rdstateblues.com, he sent a cease and desist letter demanding the content be removed. The letter, however, did not accomplish its intended purpose. Instead, the site owner posted the entire letter.

Melaleuca did not give up, but just adapted its strategy. It served a DMCA subpoena [see 17 U.S.C. §512(h)] on the site, seeking to identify the person who posted the letter “so that [Melaleuca] might seek redress for copyright infringement.” Melaleuca claimed that its copyright rights in the letter were infringed when it was posted online. (Claiming copyright in cease and desist letters is not a new tactic.  See, e.g., here and here.) 

The website moved to quash the subpoena, asserting, among other things, that the letter was not subject to copyright protection, and that the failure by Melaleuca to establish a prima facie case of copyright ownership was fatal to the subpoena.

The court denied the motion to quash. The Web site had argued that Melaleuca could not own a copyright in the letter, according to 17 U.S.C. 102(b)’s exclusion of “any idea, procedure, process, system, method of operation, concept, principle or discovery” form copyright protection. But the court rejected that argument.

Declining to “go into an in-depth analysis of the merits of a copyright infringement claim in determining whether to quash [the] subpoena,” the court found that Melaleuca’s copyright registration in the letter was sufficient to establish ownership of a valid copyright.  As for alleged copying, the court found that posting of the entire letter was sufficient.

There are a couple of interesting observations to be made from this decision.  First, unlike cases in which plaintiffs seek to uncover the identity of anonymous defendants accused of defamation [see here], this court gave – relatively speaking – little inquiry into the merits of the plaintiff’s case.  Perhaps it felt that such an analysis was not necessary given that the Copyright Office had already determined copyrightable subject matter to exist (when it issued the registration certificate).

A second interesting question arises when one considers how the court might have ruled had the defendant asserted fair use as a basis for the motion to quash. (Doesn’t it seem like posting a cease and desist letter on the Internet, ostensibly for eliciting public ridicule, is a transformative use?) Given the fact intensive inquiry of a fair use analysis, the court would have probably reached the same conclusion, if anything to put off the factfinding until later.  But would a court do that in other cases where the offending, anonymous use is more obviously fair?     

Arizona state court adopts three part test for unmasking anonymous online speakers

Test adds an additional “balancing of the competing interests” element to the Cahill test

Mobilisa, Inc. v. Doe, — P.3d —-, 2007 WL 4167007 (Ariz. App. November 27, 2007)

Plaintiff filed suit in Washington state court against an anonymous (“John Doe”) defendant which it accused of violating the Computer Fraud and Abuse Act and the Stored Communications Act. Doe allegedly accessed the plaintiff’s computer system and obtained a copy of an “intimate” email which he forwarded to a number of people.

Plaintiff served a subpoena on Doe’s Arizona-based email provider, seeking to uncover Doe’s true identity. The email provider and Doe individually, through counsel, objected, but the Arizona court ordered that Doe’s identity be revealed. The court looked to the 2005 case of Doe v. Cahill which requires (1) that the anonymous party sought to be unmask be given notice of the proceedings, and (2) that the party seeking the identity of the anonymous party put forth sufficient facts to survive a motion for summary judgment.

Doe appealed the lower court’s order which required he be identified. On appeal, the Arizona Court of Appeals remanded the matter back to the trial court. It held that although the court correctly applied the two Cahill factors, it should have considered a third factor, namely, a balancing of the relative interests of the parties. Consideration of this third factor, the court held, would help ensure that the important First Amendment rights at issue in anonymous speech cases would be adequately protected.

No spoliation sanctions for deletion of email where CD copies had been made

Bakhtiari v. Lutz, — F.3d —-, 2007 WL 3377215 (8th Cir. November 15, 2007)

Not too many e-discovery (or any type of discovery) disputes get to the federal courts of appeal. But we have a recent decision from the Eighth Circuit that addressed the topic of “spoliation” when emails had been deleted.

A party in litigation is guilty of spoliation when the court finds that he or she “intentionally destroyed evidence with a desire to suppress the truth.” Greyhound Lines, Inc. v. Wade, 485 F.3d 1032, 1035 (8th Cir. 2007). Plaintiff Bakhtiari filed suit against the University of Missouri-Rolla and a number of administrators there, alleging Title VII and civil rights violations. He had been terminated from his position as a teaching assistant in the chemistry department.

Soon after Bakhtiari was terminated, but before he filed suit, the university’s IT staff backed up the contents of his email account onto two CDs. The university then allowed the messages to be deleted as part of “automated systems maintenance.” It turned over a copy of the CDs to Bakhtiari, but he claimed that large portions of data were missing.

At the trial court level, Bakhtiari claimed that the university should be sanctioned for spoliation for deleting the email messages from the server. The court denied this motion, however, and Bakhtiari sought review with the Eighth Circuit. On appeal, the court affirmed the denial of the motion.

The appellate court held that the lower court did not abuse its discretion in finding that the IT staff had taken appropriate steps to backup the data, and that Bakhtiari may himself have been responsible for the missing portions. Moreover, there was credible evidence that third parties had access to the account before the backups were made, and that Bakhtiari had asked that portions be deleted. Bakhtiari had failed to demonstrate, the court held, that the university acted with a “desire to suppress the truth.”

This case is not off to a good start

Windy City Marketing, Inc. v. Places Advertising, Inc., No. 07-6401 (N.D. Ill., filed November 12, 2007) [Download the complaint]

Windy City Marketing, a Chicago company, has filed a federal lawsuit against a startup competitor, Places Advertising, Inc. The suit alleges infringement of copyright allegedly owned by Windy City Marketing in certain bound marketing pieces called “inside chicago”. Windy City Marketing claims that Places Advertising has wrongfully copied the marketing materials and is distributing those to Windy City Marketing’s customers.

The big problem with the complaint is that there is no allegation that Windy City Marketing owns a registration in the works at issue. A quick read of Section 411 of the Copyright Act will reveal what’s wrong with this picture. You gotta have a registration before you can file a lawsuit for copyright infringement. For the plaintiff’s sake, thank goodness for Fed. R. Civ. P. 15.

Be careful with email because your employer is “looking over your shoulder”

Workplace email policy destroyed attorney-client privilege

Scott v. Beth Israel Medical Center, — N.Y.S.2d —-, 2007 WL 3053351 (N.Y. Sup. October 17, 2007).

Dr. Scott, who used to work for Beth Israel Medical Center in New York, sued his former employer for breach of contract and a number of other different things. Before he was terminated, however, he had used his work email account to send messages to his attorneys, discussing potential litigation against Beth Israel.

When Dr. Scott found out that Beth Israel was in possession of these email messages, he asked the court to order that those messages be returned to him. He argued that they were protected from disclosure to Beth Israel under the attorney client privilege.

Beth Israel argued that they were not subject to the privilege because they were not made “in confidence.” There was an email policy in place that provided, among other things, that the computers were to be used for business purposes only, that employees had no personal right of privacy in the material they create or receive through Beth Israel’s computer systems, and that Beth Israel had the right to access and disclose material on its system.

Dr. Scott argued that New York law [CPLR 4548] protected the confidentiality. Simply stated, CPLR 4548 provides that a communication shouldn’t lose its privileged character just because it’s transmitted electronically.

The court denied Dr. Scott’s motion for a protective order, finding that the messages were not protected by the attorney client privilege.

It looked to the case of In re Asia Global Crossing, 322 B.R. 247 (S.D.N.Y. 2005) to conclude that the presence of the email policy destroyed the confidential nature of the communications. The policy banned personal use, the hospital had the right to review the email messages (despite Scott’s unsuccessful HIPAA argument), and Dr. Scott had notice of the policy.

The decision has implications for both individuals and the attorneys who represent them. Employees should be aware that when they are sending messages through their employer’s system, they may not be communicating in confidence. And attorneys sending email messages to their clients’ work email accounts, on matters not relating to the representation of the employer, must be careful not to unwittingly violate the attorney client privilege.

What’s more, although the decision is based on email communications, it could affect the results of any case involving instant messaging or text messaging through the company’s server.

Posts navigation

1 2 3 4 5 6 7 8 9