Expedia’s online clickwrap agreement upheld

i_agree

Plaintiff airline ticket buyer sued Expedia in court for, among other things, fraud, claiming that he was entitled to a refund of the price of his ticket because he had to cancel for medical reasons. Expedia moved to compel arbitration. The court granted the motion.

It found that plaintiff manifested his clear agreement to the arbitration clause in Expedia’s online terms and conditions when he selected the “complete booking” button on the “Review and book your trip” screen during his ticket purchase process.

It also found that each of plaintiff’s claims were encompassed by the arbitration agreement found in the online terms. The arbitration agreement entered into by the parties stated that “[a]ny and all Claims will be resolved by binding arbitration.” There was no apparent exception for fraud or contract claims, and plaintiff did not argue that any exception existed.

Van Den Heuvel v. Expedia Travel, 2017 WL 5133270 (E.D. Cal., November 6, 2017

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Puzzling privacy analysis in decision to unmask anonymous accused copyright infringers

photo-267569

Plaintiff porn company sued an unknown bittorrent user (identified as John Doe) alleging that defendant had downloaded and distributed more than 20 of plaintiff’s films. Plaintiff asked the court for leave to serve a subpoena on Optimum Online – the ISP associated with defendant’s IP address – prior to the Rule 26(f) conference. (As we have recently discussed, leave of court is required to start discovery before the Rule 26(f) conference, but a plaintiff cannot have that conference unless it knows who the defendant is.) Plaintiff already knew defendant’s IP address. It needed to serve the subpoena on the ISP to learn defendant’s real name and physical address so it could serve him with the complaint.

The court went through a well-established test to determine that good cause existed for allowing the expedited discovery. Drawing heavily on the case of Sony Music Entm’t, Inc. v. Does 1-40, 326 F. Supp. 2d 556 (S.D.N.Y. 2004), the court evaluated:

(1) the concreteness of the plaintiff’s showing of a prima facie claim of copyright infringement,

(2) the specificity of the discovery request,

(3) the absence of alternative means to obtain the subpoenaed information,

(4) the need for the subpoenaed information to advance the claim, and

(5) the objecting party’s expectation of privacy.

The court’s conclusions were not surprising on any of these elements. But it’s discussion under the fifth point, namely, the defendant’s expectation of privacy, was puzzling, and the court may have missed an important point.

It looked to the recent case involving Dred Pirate Roberts and Silk Road, namely, United States v. Ulbricht, 858 F.3d 71 (2d Cir. 2017). Leaning on the Ulbricht case, the court concluded that defendant had no reasonable expectation of privacy in the sought-after information (name and physical address) because there is no expectation of privacy in “subscriber information provided to an internet provider,” such as an IP address, and such information has been “voluntarily conveyed to third parties.”

While the court does not misquote the Ulbricht case, one is left to wonder why it would use that case to support discovery of the unknown subscriber’s name and physical address. At issue in Ulbricht was whether the government violated Dred Pirate Roberts’s Fourth Amendment rights when it obtained the IP address he was using. In this case, however, the plaintiff already knew the IP address from its forensic investigations. The sought-after information here was the name and physical address, not the IP address he used.

So looking to Ulbricht to say that the Doe defendant had no expectation of privacy in his IP address does nothing to shed information on the kind of expectation of privacy, if any, he should have had on his real name and physical address.

The court’s decision ultimately is not incorrect, but it did not need to consult with Ulbricht. As in the Sony Music case from which it drew the 5-part analysis, and in many other similar expedited discovery cases, the court could have simply found there was no reasonable expectation of privacy in the sought-after information, because the ISP’s terms of service put the subscriber on notice that it will turn over the information to third parties in certain circumstances like the ones arising in this case.

Strike 3 Holdings, LLC v. Doe, 2017 WL 5001474 (D.Conn., November 1, 2017)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Google can, at least for now, disregard Canadian court order requiring deindexing worldwide

U.S. federal court issues preliminary injunction, holding that enforcement of Canadian order requiring Google to remove search results would run afoul of the Communications Decency Act (at 47 U.S.C. 230)

canada-us
Canadian company Equustek prevailed in litigation in Canada against rival Datalink on claims relating to trade secret misappropriation and unfair competition. After the litigation, Equustek asked Google to remove Datalink search results worldwide. Google initially refused altogether, but after a Canadian court entered an injunction against Datalink, Google removed Datalink results from google.ca. Then a Canadian court ordered Google to delist worldwide, and Google complied. Google objected to the order requiring worldwide delisting, and took the case all the way up to the Canadian Supreme Court, which affirmed the lower courts’ orders requiring worldwide delisting.

So Google filed suit in federal court in the United States, seeking a declaratory judgment that being required to abide by the Canadian order would, among other things, be contrary to the protections afforded to interactive computer service providers under the Communications Decency Act, at 47 U.S.C. 230.

The court entered the preliminary injunction (i.e., it found in favor of Google pending a final trial on the merits), holding that (1) Google would likely succeed on its claim under the Communications Decency Act, (2) it would suffer irreparable harm in the absence of preliminary relief, (3) the balance of equities weighed in its favor, and (4) an injunction was in the public interest.

Section 230 of the Communications Decency Act immunizes providers of interactive computer services against liability arising from content created by third parties. It states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” [More info about Section 230]

The court found that there was no question Google is a “provider” of an “interactive computer service.” Also, it found that Datalink—not Google—“provided” the information at issue. And finally, it found that the Canadian order would hold Google liable as the “publisher or speaker” of the information on Datalink’s websites. So the Canadian order treated Google as a publisher, and would impose liability for failing to remove third-party content from its search results. For these reasons, Section 230 applied.

Summarizing the holding, the court observed that:

The Canadian order would eliminate Section 230 immunity for service providers that link to third-party websites. By forcing intermediaries to remove links to third-party material, the Canadian order undermines the policy goals of Section 230 and threatens free speech on the global internet.

The case provides key insight into the evolving legal issues around global enforcement and governance.

Google, Inc. v. Equustek Solutions, Inc., 2017 WL 5000834 (N.D. Cal. November 2, 2017)

Court allows Microsoft to unmask unknown Comcast users accused of infringement

A federal court in Washington state has given the green light for Microsoft to subpoena records from Comcast to discover the identity of the person or persons associated with an IP address used to activate thousands of unauthorized copies of Microsoft software.

Statue_of_Anonymus_(Budapest,_2013)

Generally, in federal court litigation, a party cannot serve discovery requests or subpoenas until after the plaintiff and defendant have conferred (in a Rule 26(f) conference). But when the plaintiff does not know the identity of the defendant, there is a bootstrapping problem – discovery needs to be taken to find out the defendant with whom to conduct the conference. In situations like this, the plaintiff seeking to unmask an unknown defendant will file its complaint against one or more “John Does,” then ask the court for leave to serve discovery prior to the Rule 26(f) conference.

That is what happened in this case. It is a common tactic used by parties legitimately seeking to enforce intellectual property, as well as parties that may be considered copyright trolls. See, e.g., this early bittorrent case from 2011.

Microsoft filed its complaint and also filed a motion for leave to take discovery prior to the Rule 26(f) conference. Finding that good cause existed for the early discovery, the court granted the motion.

It held that

(1) Microsoft had associated the John Doe Defendants with specific acts of activating unauthorized software using product keys that were known to have been stolen from Microsoft, and had been used more times than were authorized for the particular software,

(2) Microsoft had adequately described the steps it took in an effort to locate and identify the John Doe defendants, specifically by utilizing its “cyberforensics” technology to analyze product key activation data, identifying patterns and characteristics which indicate software piracy,

(3) Microsoft had pleaded the essential elements to state a claim for copyright and trademark infringement, and

(4) the information proposed to be sought through a subpoena appeared likely to lead to identifying information that would allow Microsoft to serve the defendants with the lawsuit.

Microsoft Corp. v. John Does 1-10, 2017 WL 4958047 (W.D. Wash., November 1, 2017)

Image courtesy Dmitrij Rodionov under Creative Commons Attribution-Share Alike 3.0 Unported license. Licensed granted hereby under same terms.

Website liable for statutory damages and attorney’s fees for copyright infringement

Plaintiff photojournalism company sued defendant retail website operator for copyright infringement arising from the publication on the site of two celebrity photographs. Plaintiff moved for summary judgment on its copyright infringement claim. The court granted the motion.

Infringement Claim

Defendant argued that the copyright registration – which was a compilation of photographs taken over a couple of months – did not cover the photographs in question, because the registration made no specific mention of the photos. But the court rejected this argument, finding that the registration certificate for the compilation was valid because (a) all the photographs were by the same photographer, (b) all the photographs were published in the same calendar year, and (c) all the photographs had the same copyright claimant. Defendant could not point to any specific evidence in the record to cast doubt on the validity of the registration.

The parties did not dispute that defendant’s employees copied and reposted the photographs. Accordingly, the court found that plaintiff had established the elements required for a copyright infringement claim.

But defendant argued that it had a license to reuse the photographs, based on the terms of the E! website from which it obtained the photos. The court easily rejected this argument, noting that the defendant had not provided a copy of that purported license agreement, nor come up with any other evidence to support the claim.

Statutory Damages and Attorney’s Fees

The court awarded $750 in statutory damages – the minimum amount that the Copyright Act authorizes. The court based this in part on looking at the actual licensing fees charged for the photographs. Plaintiffs had charged E! a license fee of $75 for use of the photos. Even trebling this amount would not bring the damage calculation within the statutory minimum. So the court raised it to the lowest threshold permitted under the act.

As for attorney’s fees, the court found it appropriate to award fees to promote the stated purposes of the Copyright Act. Specifically, shifting fees here, in the court’s view, served to encourage and reward innovators for their contributions in the march toward progress rather than burdening them with the costs of defending their protected works.

Fameflynet, Inc. v. The Shoshanna Collection, — F.Supp.3d —, 2017 WL 4402568 (S.D.N.Y. October 2, 2017)

Confusing UDRP decision regarding proof required for showing of no rights or legitimate interests

(This is a cross-post from UDRP Tracker.)

In the case of BroadPath Healthcare Solutions / Jerry Robertson v. Maria Piro / Nova Nordisk, a one-member NAF Panel held that the Complainant failed to meet the second UDRP element, namely, it failed to establish that the Respondent lacked rights or legitimate interests in the disputed domain name <broad-path.org>.

The decision is confusing because the opinion appears to be self-contradictory. The Panel noted that the Complainant alleged (1) the Respondent is not commonly known by the disputed domain name, (2) that the Complainant had not authorized, licensed, or otherwise permitted the Respondent to use the Complainant’s mark, and (3) that the Respondent does not use the disputed domain name in connection with a bona fide offering of goods or services or legitimate noncommercial or fair use. Rather, the Complainant argued, the Respondent was attempting to pass off as the Complainant to facilitate fraud on Internet users.

Ordinarily, in an uncontested UDRP matter (such as this one, where the Respondent did not file a response), such allegations would be enough to establish a prima facie showing on the second UDRP element. It is unclear what more the Panel expected to see in terms of proof of lack of rights or legitimate interests. The prima facie showing requirement is used in light of the difficulty of proving a negative, which is what the second UDRP element calls for.

In any event, despite the Complainant’s allegations listed in the decision, the Panel concluded, in summary fashion without explanation, that the Complainant failed to make a legally cognizable argument under this second UDRP element. For this reason, the Panel did not go on to analyze the bad faith element, but instead denied the Complaint.

BroadPath Healthcare Solutions / Jerry Robertson v. Maria Piro / Nova Nordisk, Claim Number: FA1709001748692 (NAF October 31, 2017)

Court reinstates SCO’s misappropriation claim against IBM in long-running lawsuit

For almost a decade and a half, SCO and IBM have been fighting over their collaboration gone wrong concerning the development of a new version of UNIX for Intel processors. The case has garnered much attention, including from the open source community. You can read the backstory here on the Wikipedia page for the dispute. The case has been on appeal to the Tenth Circuit, which released its opinion on October 30. The decision was a mixed ruling – the court affirmed summary judgment in favor of IBM on most of the issues, but ruled in favor of SCO on one important claim – misappropriation.

SCO sued IBM for the tort of misappropriation (a form of unfair competition) arising from IBM’s alleged use in its own product of source code that SCO had contributed to the joint efforts to develop the new UNIX version. The district court granted IBM’s motion for summary judgment on the misappropriation claim, holding that such a claim was barred under New York law’s “independent tort doctrine”. SCO sought review with the Tenth Circuit Court of Appeals. The court reversed and remanded the case on the misappropriation claim.

This doctrine provides that a simple breach of contract is not to be considered a tort unless a legal duty independent of the contract itself has been violated. This separate duty must spring from circumstances extraneous to, and not constituting elements of, the contract, although it may be connected with and dependent upon the contract.

In this case, the court held that while IBM and SCO may not have had a formal partnership or joint venture as a matter of law, they surely enjoyed a business relationship in which each reposed a degree of trust and confidence in the other. In such a situation, there exists a duty not to take a business collaborator’s property in bad faith and without its consent in order to compete against that owner’s use of the same property.

SCO v. IBM, — F.3d —, 2017 WL 4872572 (10th Cir., October 30, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Live by the browsewrap, die by the browsewrap

Company could not argue it was not bound by competitor’s browsewrap agreement, because it used a browsewrap agreement for its own website.

server_wrap

Oilpro filed a counterclaim for breach of contract against its competitor, DHI, arguing that DHI breached the agreement it had with Oilpro – such agreement being in a browsewrap agreement found on Oilpro’s website – to not scrape, crawl, or use other automated means to download data from Oilpro’s website. DHI moved to dismiss the breach of contract claim, arguing that Oilpro had insufficiently pled that DHI assented to the terms of the browsewrap agreement. The court denied the motion to dismiss.

In browsewrap cases, because there is no affirmative step to acknowledge assent to the agreement, the party claiming breach has to show that a valid contract exists by demonstrating that the breaching party had actual or constructive knowledge of the terms and conditions. Just having a link to the terms at the bottom of the page, or having them available for review (without having to affirmatively click on something) may not be enough (though there are exceptions to this).

Here, the court found that Oilpro was not relying only on the fact that the agreement was on the pages of the website and available. Instead, Oilpro pointed to DHI’s own web design practices to support its knowledge of the terms of the browsewrap agreement. In the court’s words:

Oilpro alleges constructive notice because DHI has a similar site with a similar browsewrap agreement. Thus, even if there are no allegations that DHI took affirmative action to acknowledge assent, the court finds that the allegations relating to DHI’s constructive knowledge provide more than that the agreement was available and raise the claim to plausible.

So the case stands for the proposition that a company that uses a browsewrap agreement on its own website is less likely to be able to argue it is unaware of other companies’ browsewrap agreements. Said another way, browsewrap-using companies may have a higher standard of diligence in their own online dealings.

It should be noted, however, that the conclusion in this case is likely to apply only in the B2B context, and will likely not affect the enforceability (or non-enforceability) of browsewrap agreements in consumer context. The court said “[t]his conclusion is confined, of course, to instances where both parties are sophisticated businesses that use browsewrap agreements on their websites.”

DHI Group, Inc. v. Kent et al., 2017 WL 4837730 (S.D. Texas, October 26, 2017).

Photo courtesy Flickr user Patrick Finnegan under this Creative Commons license.

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Online platform’s EULA barred software developer from claiming copyright ownership

eulaDeveloper entered into an agreement with the TD Ameritrade platform that gave him access to the platform’s APIs so that he could develop his own analytical tools. He claimed that without his authorization, the platform incorporated his software routines into its own technology. Developer sued for copyright infringement.

The platform moved to dismiss the claim and the court granted the motion.

Developer had presented to the court a registration certificate as evidence that he owned the copyright in the software he created. Such a registration certificate serves as prima facie evidence of copyright ownership, and establishes a rebuttable presumption of such ownership.

In its argument to dismiss developer’s claims, the platform pointed to its agreement with developer that stated, among other things, that use of the services “[would] not confer any title, ownership interest, or any intellectual property rights to me.” It also expressly prohibited the developer from creating derivative works from the services. The platform looked to these provisions in the agreement to rebut the presumption that the developer owned the copyright in the tools. The court agreed.

Developer argued that the platform had actually encouraged – and thereby authorized – the development of tools such as the ones he had created. But the court observed that while such a claim is “possible,” the developer had failed to allege any facts to demonstrate that the claim is “plausible.” So in sum, the court credited the terms of the agreement, and took those terms to preclude the developer from owning the copyright in the software he had developed.  It should be noted that the court left open the option for plaintiff to re-plead. But that does little to mitigate the extent to which the court’s reasoning here as to how the agreement could limit a claim of copyright is questionable.

TD Ameritrade v. Matthews, 2017 WL 4812035 (D. Alaska, October 25, 2017)

[Post updated 27 Oct 2017 at 8:08 CST to address option to re-plead.]

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

YouTube not liable for aiding ISIS in Paris attack

The Communications Decency Act provided immunity to Google in a suit brought against it by the family of an American college student killed in the November 2015 attack.

Plaintiffs filed suit against Google (as operator of YouTube) alleging violation of federal laws that prohibit providing material support to terrorists, arising from the November 2015 Paris attack that ISIS carried out. Plaintiffs argued that the YouTube platform, among other things, aided in recruitment and provided ISIS the means to distribute messages about its activities.

Google moved to dismiss the lawsuit, arguing that Section 230 of the Communications Decency Act (47 U.S.C. 230) provided immunity from suit. The court granted the motion to dismiss.

Section 230 Generally

Section 230(c) provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Accordingly, Section 230 precludes liability that treats a website as the publisher or speaker of information users provide on the website, protecting websites from liability for material posted on the website by someone else.

JASTA Did Not Repeal Section 230 Immunity

In response to Google’s arguments in favor of Section 230 immunity, plaintiffs first argued that a recent federal statute – the Justice Against Sponsors of Terrorism Act, or “JASTA” – effectively repealed the immunity conferred to interactive computer services by Section 230. Plaintiffs focused on language in the statute that stated that its purpose “is to provide civil litigants with the broadest possible basis, consistent with the Constitution of the United States, to seek relief” against terrorists and those who assist them.

The court rejected plaintiffs’ arguments that JASTA repealed Section 230 immunity. Significantly, the statute did not expressly repeal Section 230’s protections, nor did it do so implicitly by evincing any “clear and manifest” congressional intent to repeal any part of the Communications Decency Act.

Section 230 Need Not Be Applied Outside the United States

Plaintiffs also argued that Section 230 immunity did not arise because the Communications Decency Act should not apply outside the territorial jurisdiction of the United States. According to plaintiffs, Google provided support and resources to ISIS outside the United States (in Europe and the Middle East), ISIS’s use of Google’s resources was outside the United States, and the Paris attacks and plaintiffs’ relative’s death took place outside the United States.

The court rejected this argument, holding that Section 230’s focus is on limiting liability. The application of the statute to achieve that objective must occur where the immunity is needed, namely, at the place of litigation. Since the potential for liability, and the application of immunity was occurring in the United States, there was no need to apply Section 230 “extraterritorially”.

Immunity Protected Google

Google argued that plaintiffs’ claims sought to treat it as the publisher or speaker of the offending ISIS content, thus satisfying one of the requirements for Section 230 immunity. Plaintiffs countered that their lawsuit did not depend on the characterization of Google as the publisher or speaker of ISIS’s content, because their claims focused on Google’s violations of the federal criminal statutes that bar the provision of material support to terrorists.

But the court found that the conduct Google was accused of — among other things, failing to ensure that ISIS members who had been kicked off could not re-establish accounts — fit within the traditional editorial functions of a website operator. Accordingly, despite the plaintiffs’ characterization of its claims, the court found such claims to be an attempt to treat Google as the publisher or speaker of the ISIS videos.

The court similarly rejected plaintiffs’ arguments that Section 230 immunity should not apply because, by appending advertisements to some of the ISIS videos, Google became an “information content provider” itself, and thus responsible for the videos. This argument failed primarily because the content of the advertisements (which themselves were provided by third parties) did not contribute to the unlawfulness of the content of the videos.

Gonzalez v. Google, Inc., — F.Supp.3d —, 2017 WL 4773366 (N.D. Cal., October 23, 2017)

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Posts navigation

1 2 3 4 5 81 82 83