Category Archives: Uncategorized

Fortnite player’s “anxiety and anguish” were not enough to support a lawsuit against game developer over data vulnerability

Plaintiff – one of the millions of people who have played Fortnite – sued Fortnite developer Epic Games based on a data vulnerability in the Fortnite platform and an apparent hacking incident that took place in 2018. After the case was moved from state court in Illinois to federal court there, and then to federal court in North Carolina, defendant moved to dismiss for failure to state a claim.

This young man is feeling anxiety and anguish. He probably would not have standing in a data breach case.

The court dismissed the case, finding that the court lacked subject matter jurisdiction, since plaintiff had not sufficiently alleged that he had suffered an “injury-in-fact”.

It held that the mere existence of a data vulnerability does not constitute injury-in-fact. Instead, a complaint must allege a sufficient factual basis from which to conclude either that plaintiff’s compromised data has been misused, or that it will be misused, such that concrete harms are actual or imminent.

In this case, plaintiff’s complaint contained no facts showing, or even suggesting, that his personal data had been used as a result of the cyber vulnerability. Plaintiff’s complaint did not even state that his data was taken, only that Fortnite had a cyber vulnerability that could have allowed hackers to access his data.

Plaintiff’s only alleged harms were “time and effort to mitigate the risk of identity theft” and “anxiety and anguish”. The court held that anxiety and anguish resulting from data breaches do not confer standing. And without a single fact alleged to show that future harms were certainly impending, the money, time, and effort spent by plaintiff were merely self-imposed harms in response to a speculative threat. In the court’s view, the threat of future injury was wholly speculative and insufficient for standing.

Krohm v. Epic Games, Inc., No. 19-173, 2019 WL 4861101 (E.D. N. Carolina, October 1, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Attorney-client privilege protected defendants’ lawyers’ communications with PR firm hired to combat negative online treatment

In defending intellectual property claims over video games, defendants’ law firm hired a public relations firm to assist it with “input on legal strategy, including regarding initial pleadings and communications about the case to counteract [plaintiff’s] false and negative statement.” Defendants were allegedly being targeted by negative online attacks by the plaintiff.

During discovery, plaintiff served a subpoena on the hired PR firm, seeking, among other things, all documents relating to the communciations between the PR firm and defendants’ counsel.

Defendants sought to quash the subpoena, arguing the information was protected from disclosure under the attorney-client privilege. The court quashed the subpoena.

It found that because defendants’ counsel (and not defendants themselves) hired the PR firm to provide PR counseling specifically for the purposes of litigation strategy, the attorney-client privilege extended to the communications between the PR firm and defendants’ counsel pertaining to “giving and receiving legal advice about the appropriate response to the lawsuit and making related public statements.”

Specifically, these communications were

  • confidential communications made
  • between lawyers and public relation consultants
  • hired by the lawyers to assist them in dealing with the media in cases or litigation
  • that were made for the purpose of giving or receiving advice
  • directed at handling the client’s legal problems that were undeniably protected by the attorney client privilege.

The court similarly found that the attorney work product doctrine extended to the communications exchanged between the PR firm and defendants’ counsel. As could be seen by the privilege log, documents such as a “draft Answer and Counterclaim” and a “draft press release” would contain “the mental impressions, conclusions, opinions, or legal theories of a party’s attorney or other representative concerning the litigation.” Moreover, documents such as a “draft Answer and Counterclaim” and a “draft press release” were “prepared in anticipation of litigation or for trial.” Defendants’ counsel also did not waive their work-product protection when they shared otherwise valid work product (e.g. draft Answers or Counterclaims) with the PR firm for assistance because the communications were intended to be confidential.

Stardock Systems, Inc. v. Reiche, 2018 WL 6259536 (N.D.Cal. Nov. 30, 2018)

See also: Emails sent through Yahoo account using work computer protected under attorney-client privilege

Summary judgment awarded to luxury brand against cybersquatter under ACPA

Plaintiff (the luxury brand Chanel) sued defendant under the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. 1125(d)) (“ACPA”) over defendant’s registration and use of the disputed domain name <chanelgraffiti.com>. Plaintiff moved for summary judgment on its ACPA claim. The court granted the motion.

Distinctiveness of plaintiff’s mark

Defendant did not contest that plaintiff’s CHANEL mark was distinctive at the time the disputed domain name was registered. Plaintiff had put forth evidence that it owned registered trademarks for the mark CHANEL, and the court noted that registered trademarks are presumed to be distinctive.

Confusing similarity

The court found that the disputed domain name was confusingly similar to plaintiff’s mark. Citing 5 McCarthy on Trademarks § 25:78 (4th ed. 2002), the court held that “[i]n the cybersquatting context, ‘confusingly similar’ must simply mean that the plaintiff’s mark and the defendant’s domain name are so similar in sight, sound, or meaning that they could be confused.” The court found that defendant offered no admissible evidence to suggest that chanelgraffiti.com was not confusingly similar to the mark CHANEL.

Even with the additional word “graffiti” appearing within the disputed domain name, the court found that the similarities between the CHANEL mark and the disputed domain name were “instantly apparent because of the inclusion of the word” CHANEL in the disputed domain name. Moreover, defendant did not claim that the term “chanel” was meant to reference anything other than the luxury brand. Similarly, the court found that the including of the term “graffiti” did not self-evidently connote a type of criticism or disregard for the brand that rises to a meaningful level of distinction.

Bad faith intent

The court also found that there was no reasonable dispute that defendant had a bad faith intent to profit from the CHANEL mark. It found that bad faith could be inferred from defendant’s intent to divert consumers from plaintiff’s online location to a site accessible under the disputed domain name that could harm the goodwill represented by plaintiff’s mark, either for commercial gain or with the intent to tarnish or disparage plaintiff’s mark, by creating a likelihood of confusion as to the source, sponsorship, affiliation, or endorsement of the site.

The court found that the disputed domain name unquestionably advertised products containing plaintiff’s mark and had product descriptions that read “CHANEL inspired graffiti bags.” Defendant disputed that he had any control over the content of the site, stating that he did not operate the website and had no connection to the disputed domain name outside of registering it.

Whether and to what extent the site was used or operated by defendant, however, was beside the point under ACPA. Defendant did not dispute that his registration of the disputed domain name, regardless of the content of the site, would divert customers from plaintiff’s website by creating a likelihood of confusion as to the affiliation of defendant’s site, which was a “quintessential example of bad faith within the meaning of ACPA.”

Chanel, Inc. v. Richardson, 2018 WL 6097865 (S.D.N.Y. November 20, 2018)

Expedia’s online clickwrap agreement upheld

i_agree

Plaintiff airline ticket buyer sued Expedia in court for, among other things, fraud, claiming that he was entitled to a refund of the price of his ticket because he had to cancel for medical reasons. Expedia moved to compel arbitration. The court granted the motion.

It found that plaintiff manifested his clear agreement to the arbitration clause in Expedia’s online terms and conditions when he selected the “complete booking” button on the “Review and book your trip” screen during his ticket purchase process.

It also found that each of plaintiff’s claims were encompassed by the arbitration agreement found in the online terms. The arbitration agreement entered into by the parties stated that “[a]ny and all Claims will be resolved by binding arbitration.” There was no apparent exception for fraud or contract claims, and plaintiff did not argue that any exception existed.

Van Den Heuvel v. Expedia Travel, 2017 WL 5133270 (E.D. Cal., November 6, 2017

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Microsoft letter to GitHub over DRM-free music software is not the first copyright-ironic action against an intermediary

TorrentFreak has reported that Microsoft demanded that GitHub take the code repository of an app that provides access to unprotected Xbox Music tracks. Some are calling it ironic, given that Microsoft is offering access to DRM-free music through its API.

The situation is reminiscent (though not legally identical) to the weirdness we observed way back in 2006 when YouTube asked TechCruch to take down a tool that allowed people to download video clips. We recognized early on that YouTube was a copyright renegade. So it was surprising that it would take such an aggressive tactic toward purveyors of software that would make use of copyrighted works easier.

The Microsoft of today is certainly not the YouTube of 2006. So naturally its interests are different. But comparing the two scenarios yields the common conundrum of how one company that wants to more smoothly make content available deals with other technologies and platforms that do the same thing, but cut out the main monetizing opportunity.

It could be a phenomenon of copyright’s outdatedness. Both YouTube and Microsoft took action against others who were distributing technologies that touched on infringement by means of making copies of the works. That will likely remain an important protection under copyright law even after meaningful reform. But what is really at stake is the right to access content. If that were a meaningful right under the Copyright Act, companies would be less likely to take enforcement actions that appear on the surface to be ironic.

Evan Brown is an attorney in Chicago advising clients on matters dealing with copyright, technology, the internet and new media.

One must conscientiously and systematically perform abstraction-filtration-comparison test in software copyright infringement matters

In all copyright infringement cases, a plaintiff must prove, among other things, that the defendant copied elements of plaintiff’s work that are protected by copyright. This is key because not all copying is infringement – some of what is copied may be merely ideas, processes, facts, in the public domain, or scenes a faire material. It’s not illegal to copy those things. So a successful plaintiff has to show more than “copying in fact”. It must show “illegal copying”.

Software infringement cases present some nuance for this analysis. A computer program has different levels of abstraction (i.e. from main purpose down to object code), and when the only similarities are at higher levels of abstraction, there is less chance that infringement has occurred. Some courts employ the “abstraction-filtration-comparison test” to evaluate whether a defendant accused of infringing the copyright in software has indeed illegally copied protected elements of the plaintiff’s work:

At the abstraction step, we separate the ideas (and basic utilitarian functions), which are not protectable, from the particular expression of the work. Then, we filter out the nonprotectable components of the product from the original expression. Finally, we compare the remaining protected elements to the allegedly copied work to determine if the two works are substantially similar.

Plaintiff sued one of its founders for copyright infringement after that founder had moved to another company and had developed software allegedly similar to software he had created while at plaintiff-company. The parties agreed to have a special master evaluate the parties’ software to opine on whether defendant had infringed. The special master found there to be infringement, and the district court agreed, ordering that copies of defendant’s software be destroyed.

Defendant sought review in the Tenth Circuit. On appeal, the court vacated and remanded. It held that the special master failed to properly document the steps involved in conducting the abstraction-filtration-comparison test.

The court found there was little evidence the special master performed the abstraction step. Although “[a]pplication of the abstractions test will necessarily vary from case-to-case and program-to-program,” a “computer program can often be parsed into at least six levels of generally declining abstraction: (i) the main purpose, (ii) the program structure or architecture, (iii) modules, (iv) algorithms and data structures, (v) source code, and (vi) object code.” In the court’s mind, “[a]bstraction is important, and it cannot be neglected here.”

The failure to “conscientiously and systematically” perform the abstraction step tainted the remainder of the three-part test. The court criticized the special master’s application of the filtration and comparison steps, observing that the special master apparently proceeded from the false premise that an infringement analysis begins and ends with “copying in fact.” The special master went to great lengths to show that defendant took steps to conceal his copying of source code (e.g., by omitting comments). But having not first properly separated out (by filtering) the unprotected elements after abstraction, the special master’s report was not sturdy enough to support a finding in the district court that infringement had occurred.

Paycom Payroll, LLC v. Richison, — F.3d —, 2014 WL 3377679 (10th Cir. July 11, 2014)

Tomcar sales using Bitcoin reveal some new norms

The Australian off-road utility vehicle manufacturer Tomcar has begun accepting Bitcoin as a form of payment for its direct sales to customers. This example of Bitcoin’s expansion into the marketplace sends a few interesting messages, among them:

  • Sellers and buyers will be motivated to use the cryptocurrency for reasons other than anonymity: Tomcar’s stated reason for liking Bitcoin is to avoid credit card transaction fees and unfavorable international currency exchange rates.
  • Bitcoin plays a role in the supply chain, not just in transactions with the end user. Tomcar is paying some of its suppliers using Bitcoin. The Winklevoss twins say Bitcoin could become the currency for an entire country.
  • Payment gateway CoinJar (which Tomcar uses) is an interesting specimen. It’s not just the Brothers Winklevii who are investing in the Bitcoin marketplace.
  • The Silk Road shutdown was a good thing. Cryptocurrency lends itself well to a seedy marketplace. And those seeds, watered with unscrupulousness, will bear fruit of bad reputation. Tomcar’s founder hails Silk Road’s demise, since a lack of association with the unlawful will do the currency some PR good.

One can’t help but wonder whether there are some opportunities to reinforce some stereotypes when thinking about Tomcar and the people who would buy them. The off-road utility of the vehicles would come in handy in the post-apocalyptic world occasioned by the collapse of modern governments – the very entities running a monetary system that the Bitcoin enthusiast gladly wishes to circumvent.

How will we handle the legal issues of self-driving cars?

The technology to support self-driving cars is a reality. At this point the challenge is largely economic — it costs around $100,000 to equip a self-driving car with the sensors and other hardware to push it toward autonomy. Another challenge is social. We tie a lot of our identity to our cars and the freedom they afford. This freedom might as well be in our human DNA. There’s no one still living on the planet who knew a time before the automobile.

A third challenge is legal. And it’s much easier to ask the questions than to answer them.

  • How will we set the standards for hardware and software performance?
  • Should we adjust the speed limit?
  • How will we allocate fault when there is an accident?
  • Will the cost of insurance go down if there is less risk on the road?
  • Are we willing to give over so much information when our self-driving cars join the “internet of things”?
  • What protections will we give to automobile makers and the manufacturers of autonomous systems?

On that last question, legislative protection of entire industries is not unprecedented. Gun makers and internet service providers find protection from the unfortunate choices made by the users of their products.

In any event, the self-driving norm is emerging, and is bolstered by new data about how safe and cost-effective it is. There are big savings in terms of dollars and lives. The legal and social issues will have to sort themselves out.

Court okays firing FDNY lieutenant who posted 911 caller info to Facebook

Palleschi v. Cassano, — N.Y.S.2d —, 2013 WL 322573 (N.Y.A.D. 1 Dept. January 29, 2013)

Petitioner — an emergency medical services supervisor and lieutenant in the New York Fire Department — admitted that he posted a picture to Facebook of a computer screen containing confidential and privileged information about a 911 caller’s complaint of a gynecological emergency. The pic also showed the caller’s name, address and telephone number.

He added the caption, “[c]an’t make this up,” apparently for his 460 friends’ enjoyment.

Petitioner sought review of the Commissioner’s decision to fire him. The court affirmed the decision. If found that in light of the serious nature of the conduct, the penalty did not shock any sense of fairness.

Online terms of service were not effective to prohibit data scraping

CollegeSource, Inc. v. AcademyOne, Inc., 2012 WL 5269213 (E.D. Pa. October 25, 2012)

paint scraping

Plaintiff sued its competitor, another platform for providing online college transfer services. Among other things, plaintiff alleged that defendant breached plaintiff’s online terms of service, violated the Computer Fraud and Abuse Act, and was unjustly enriched by copying and “scraping” course catalog information from plaintiff’s service and using that collected data to populate defendant’s own database.

Defendant moved for summary judgment on these claims. The court granted the motion.

Breach of Contract

The court held that defendant’s scraping and collection efforts did not fall within the scope of plaintiff’s online terms of service.

Although certain of defendant’s employees had subscribed to plaintiff’s premium services (and thereby agreed to tems of service that prohibited data scraping), the documents and information defendants used were gathered through a different service. Plaintiffs provided a function called “CataLink”, through which colleges could link website visitors to documents stored on plaintiff’s server. End users clicking on those links would not be presented with any terms of service by which to be bound.

Plaintiffs attempted an unsuccessful workaround on this point, arguing that the terms for the subscription services bound users of all “Services” provided by plaintiff (including the separate CataLink services). The court rejected this argument, finding it possible that a typical user may never even have known he visited a CataLink link. Moreover, the court found, if plaintiff had intended its subscriber agreement to include CataLink, it did not make its intention clear.

Unjust Enrichment

The court held that plaintiff’s unjust enrichment claim was preempted by the Copyright Act. Plaintiff asserted that defendant was unjustly enriched because it copied and displayed on its website course descriptions from plaintiff’s catalogs, and in doing so derived a financial benefit. And plaintiff argued that the facts in this case differed substantially from those required to state a claim for copyright infringement, in that defendant had misrepresented, or had taken in an underhanded way. But the court found that these elements (misrepresentation and acting underhandedly) did not avoid preemption. Nor did the element of “benefit conferred” defeat preemption, since a copyright infringer always accepts the benefit of the copyrighted work.

Computer Fraud and Abuse Act

The court found that defendant did not violate the Computer Fraud and Abuse Act, because the documents alleged to have been copied were available to the general public. And since plaintiff obtained the documents using the CataLink service — which, as discussed above was not subject to the terms of service — there were no contractual restrictions to define “without authorization” or “exceed[ing] authorized access” as used in the CFAA.

Image courtesy Flickr user fontplaydotcom under this Creative Commons license.