Attorney Evan Brown

February 5, 2024 Contracts

Online retailer’s browsewrap agreement was not enforceable

browsewrap

Plaintiff sued defendant Urban Outfitters under California law over the way that the retailer routed messages sent using the company’s website. Defendant moved to compel arbitration, arguing that the terms and conditions on defendant’s website required plaintiff to submit to arbitration instead of going to court. The court denied the motion.

The key issue in the case was whether plaintiff, by completing her purchases on defendant’s website, was sufficiently notified of and thus agreed to the arbitration agreement embedded via hyperlinks on the checkout page. Defendant maintained that the language and placement of the hyperlinks on the order page were adequate to inform plaintiff of the arbitration terms, which she implicitly agreed to by finalizing her purchases. Plaintiff argued that the hyperlinks were not conspicuous enough to alert her to the arbitration terms, thus negating her consent to them.

The court looked at the nature of the online agreement and whether plaintiff had adequate notice of the arbitration agreement, thereby consenting to its terms. The court’s discussion touched upon the differences between “clickwrap” and “browsewrap” agreements, emphasizing that the latter, which defendant’s website purportedly used, often fails to meet the threshold for constructive notice due to the lack of explicit acknowledgment required from the user.

The court examined the specifics of what constitutes sufficient notice, pointing out that for a user to be on inquiry notice, the terms must be presented in a way that a reasonable person would notice and understand that their actions (such as clicking a button) indicate agreement to those terms. The court found that defendant’s method of presenting the arbitration terms – through hyperlinks in small, grey font that were not sufficiently set apart from surrounding text – did not meet this standard.

Rocha v. Urban Outfitters, 2024 WL 393486 (N.D. Cal., February 1, 2024)

See also:

February 1, 2024 Fraud/Misrepresentation

Online marketplace not liable for causing murder committed by criminal seller

The Tenth Circuit Court of Appeals in Colorado upheld the dismissal of a tort case brought against the operator of the website Letgo. The court held that the website was not negligent and did not commit fraud in facilitating the purported transaction that resulted in the murder of a married couple.

The tragic story

At 11 PM on August 14, 2020, Mr. and Mrs. Roland met an execrable miscreant named Brown at a PETCO parking lot, intending to buy a car that Brown had placed for sale on the online marketplace Letgo. Claiming to not have the right title for the car (it turns out the car was stolen), Brown led the couple to a second location under the pretense of retrieving the correct vehicle title. But Brown ambushed the Rolands with a handgun, resulting in a struggle that led to the tragic deaths of both Mr. and Mrs. Roland, who left behind five minor children. Brown was later convicted of two counts of first-degree felony murder.

The estate sued

The Rolands’ estate sued Letgo under Colorado law, alleging a number of claims, including negligence, fraud and negligent misrepresentation. The lower court dismissed the claims. So the estate sought review with the Tenth Circuit. On appeal, the court affirmed the dismissal.

To act or not to act

The court’s negligence analysis turned on whether plaintiffs’ claim was one of misfeasance (active conduct causing injury) or nonfeasance (a failure to take positive steps to protect others from harm). The plaintiffs contended that Letgo’s claims of collaboration with law enforcement, use of technology to block stolen goods, and a user verification system created a false sense of security – that the negligence was based on misfeasance. But the court was not persuaded, emphasizing that the representations, when viewed in context, did not constitute misfeasance or active misconduct.

Instead, the court determined that the plaintiffs’ allegations were more indicative of nonfeasance, or Letgo’s failure to act, which required a special relationship between the parties for a duty of care to be established – a condition the plaintiffs could not satisfy. And in the court’s mind, even if Letgo’s actions were misfeasance, the plaintiffs failed to adequately plead that these actions were a substantial factor in the Rolands’ deaths, as the decisions made by the Rolands to pursue the transaction, and the decision of the perpetrator to commit murder, were more significant factors in the tragic outcome than the provision of the online platform.

No fraud or negligent misrepresentation either

Colorado law required plaintiffs to demonstrate a series of stringent criteria: Letgo must have made a false representation of a material fact, known to be false, with the intention that the Rolands would rely upon it, leading to damages as a result of this reliance. Negligent misrepresentation, while similar, necessitates showing that Letgo, within its professional capacity, made a careless misstatement of a crucial fact intended for the guidance of others in their business dealings, which the Rolands justifiably relied upon to their detriment.

Federal Rule of Civil Procedure 9(b) sets a higher bar for fraud claims, requiring plaintiffs to specify the circumstances of the alleged fraud with particularity, including the time, place, and content of the false representations, as well as the identity of those making them and the resultant consequences. This rule aims to provide defendants with fair notice of the claims against them and the factual basis for these claims. In certain cases, this standard may also extend to claims of negligent misrepresentation if they closely resemble allegations of fraud, highlighting the necessity for precise and detailed pleadings in such legal matters.

In this case, plaintiffs contended that Letgo’s assurances regarding safety and user verification —such as collaboration with law enforcement, technology to identify stolen goods, and “verified” user statuses — were misleading, constituting either fraud or negligent misrepresentation. However, the court found that plaintiffs failed to plausibly link the alleged misrepresentations to the tragic outcome, failing to provide sufficient factual content to demonstrate causation between Letgo’s actions and the Rolands’ deaths.

Roland v. Letgo, Inc., 2024 WL 372218 (10th Cir., February 1, 2024)

See also:

January 31, 2024 Contracts, Trade Secrets

Unauthorized press release caused drone software deal to crash

drone software

Usually back in the boilerplate section, technology contracts often contain a provision saying the parties will not issue press releases without the prior written consent of the other party. Here is a recent case where failure to strictly abide by such a requirement resulted in the breakdown of an important licensing arrangement, followed by expensive and difficult litigation.

An exciting drone software collaboration

Plaintiff entered into a software licensing agreement with defendant whereby plaintiff could use defendant’s avionics software for drones. The agreement gave plaintiff a limited exclusive license to certain functionality in the software.

The licensing agreement defined confidential information to include the terms of the agreement. The parties could not use any confidential information other than as required to exercise a right or perform an obligation under the agreement. The agreement also restricted the parties from issuing press releases without the other party’s prior written approval.

Fateful quick email exchange right before vacation

On a Sunday in August 2022, an employee of defendant wrote to defendant’s CEO, letting defendant know that plaintiff was developing a press release. The message concluded with, “Let me know if you have any objections, or if you want to send us a quote or have our PR team make a quote[.]”

Three minutes later the CEO wrote back with the following: “That sounds great. I’m on vacay all week up in the Adirondacks. You guys can make up some quote – I’m sure it will be fine or at least a great start.”

Going public with what should have stayed private

On Wednesday of that week – without further contact with defendant – plaintiff issued a press release discussing the parties’ relationship. The press release stated, in part, that under the terms of the software licensing agreement between the parties, the “software will only be made available to [plaintiff],” and that “[c]ompetitors will have to develop their own software or secure licenses from others with inferior test performance.”

On Friday (probably the last day of the CEO’s “vacay . . . up in the Adirondacks”), defendant sent a letter to plaintiff terminating the agreement. Defendant cited to a provision of the agreement enabling it to terminate immediately upon breach of the agreement’s confidentiality provision. The letter explained that plaintiff had issued the press release without defendant’s consent and that the press release included confidential information.

And then the lawsuit

Plaintiff sued, asserting breach of contract, namely, that defendant improperly declared the agreement terminated, and improperly ceased fulfilling its obligations under the agreement. Defendant moved to dismiss the claims. The court granted the motion.

Court: defendant had the right to terminate

The court found that it was “express and plain” that the definition of confidential information included the terms of the agreement. And when plaintiffs disclosed language from the agreement discussing the exclusive license, plaintiffs breached the agreement, giving defendant a right to terminate, which it exercised.

The court also rejected plaintiff’s argument that defendant’s CEO’s Sunday pre-vacation quick response email gave consent for the press release. The court found that rather than serving as approval of the press release that was issued, the consent the CEO provided was for the continued development of a press release and qualified permission to make up a quote for him as part of the development process. Moreover, the harms to defendant arising from plaintiff’s mischaracterization of the parties’ relationship were “precisely the effects that are avoided by requiring ‘prior written consent’ before publication of Confidential Information in a press release.”

Red Cat Holdings, Inc. v. Autonodyne LLC, 2024 WL 342515 (Del. Ch., January 30, 2024)

See also:

January 30, 2024 Artificial Intelligence, Litigation

ChatGPT providing fake case citations again – this time at the Second Circuit

Plaintiff sued defendant in federal court but the court eventually dismissed the case because plaintiff continued to fail to properly respond to defendant’s discovery requests. So plaintiff sought review with the Second Circuit Court of Appeals. On appeal, the court affirmed the dismissal, finding that plaintiff’s noncompliance in the lower court amounted to “sustained and willful intransigence in the face of repeated and explicit warnings from the court that the refusal to comply with court orders … would result in the dismissal of [the] action.”

But that was not the most intriguing or provocative part of the court’s opinion. The court also addressed the conduct of plaintiff’s lawyer, who admitted to using ChatGPT to help her write a brief before the appellate court. The AI assistance betrayed itself when the court noticed that the brief contained a non-existent case. Here’s the mythical citation: Matter of Bourguignon v. Coordinated Behavioral Health Servs., Inc., 114 A.D.3d 947 (3d Dep’t 2014).

When the court called her out on the legal hallucination, plaintiff’s attorney admitted to using ChatGPT, to which she was a “suscribed and paying member” but emphasized that she “did not cite any specific reasoning or decision from [the Bourguignon] case.” Unfortunately, counsel’s assertions did not blunt the court’s wrath.

“All counsel that appear before this Court are bound to exercise professional judgment and responsibility, and to comply with the Federal Rules of Civil Procedure,” read the court’s opinion as it began its rebuke. It reminded counsel that the rules of procedure impose a duty on attorneys to certify that they have conducted a reasonable inquiry and have determined that any papers filed with the court are legally tenable. “At the very least,” the court continued, attorneys must “read, and thereby confirm the existence and validity of, the legal authorities on which they rely.” Citing to a recent case involving a similar controversy, the court observed that “[a] fake opinion is not ‘existing law’ and citation to a fake opinion does not provide a non-frivolous ground for extending, modifying, or reversing existing law, or for establishing new law. An attempt to persuade a court or oppose an adversary by relying on fake opinions is an abuse of the adversary system.”

The court considered the matter so severe that it referred the attorney to the court’s Grievance Panel, for that panel to consider whether to refer the situation to the court’s Committee on Admissions and Grievances, which would have the power to revoke the attorney’s admission to practice before that court.

Park v. Kim, — F.4th —, 2024 WL 332478 (2d Cir. January 30, 2024)

See also:

January 29, 2024 Section 230

Zillow gets win in case alleging fraudulent online auction notices

section 230

Plaintiff sued Zillow and some other parties in federal court, claiming they engaged in a conspiracy to defraud her by illegally foreclosing on her home. She apparently claimed that Zillow “illegally” published information regarding the property at issue on its website, including listing it “for auction.”

Zillow moved to dismiss for failure to state a claim. The court granted the motion. It held that Section 230 (47 U.S.C. 230) immunized Zillow from liability. This statute immunizes providers of interactive computer services against liability arising from content created by third parties.

The court found that Zillow was an “interactive computer service,” demonstrated by how its website stated that it is “reimagining the traditional rules of real estate to make it easier than ever to move from one home to the next.”

It also found that plaintiff’s claims sought to hold Zillow liable for posting “auction notices”. But since the court did not believe plaintiff could demonstrate that Zillow developed or created this content, it found that plaintiff’s claims fell squarely within the purview of Section 230.

Choudhuri v. Specialised Loan Servicing, 2024 WL 308258 (N.D. Cal., January 26, 2024)

See also:

January 27, 2024 Computer Crime

Can one be liable for hacking by depositing fake checks into an ATM?

ATM fraud

If a person uses an ATM to deposit fraudulent checks, is the person liable for computer fraud? A recent criminal case answers that question, at least as far as Virginia state law would address the situation.

Depositing checks

Defendant deposited four checks at an ATM. These checks were later identified as forgeries or linked to a closed account, leading to the bank losing around $937. Security footage confirmed defendant’s involvement. During subsequent police interrogation, defendant acknowledged depositing the checks but denied knowing the man on whose account they were drawn, or the checks’ origins. At trial, she claimed her stepfather had given them to her, and that she believed he had earned them from construction work. Her mother supported this claim. The man on whose account the checks were drawn denied writing the checks, suspecting they were stolen from his truck.

Convicted for computer fraud, but…

At trial, defendant was convicted of multiple offenses, including uttering forged checks, obtaining money by false pretenses, computer fraud (under Virginia Code § 18.2-152.3), and failure to appear, resulting in a lengthy prison sentence. On appeal, a three-judge panel reversed her conviction for computer fraud, finding the evidence insufficient to show that the she acted “without authority” in using the ATM do deposit the checks.

The appellate court saw it differently

The government asked the court to reconsider the question en banc (i.e., with the full court, not just the three judge panel). The full court likewise determined the conviction for computer fraud should be reversed.

The court held that the term “without authority” in the statute specifically pertained to the use of a computer or network, not necessarily the intent or outcome of such use. It concluded that defendant, as a bank customer, had the right to use the ATM. Her actions, albeit for fraudulent purposes, did not equate to using the ATM without authority. Accordingly, the court reversed her conviction for computer fraud, differentiating between the unlawful purpose of an action and the unauthorized use of a computer or network as defined by the statute.

Wallace v. Commonwealth, — S.E.2d —, 2024 WL 236297 (Ct. App. Va., January 23, 2024) [Link to Opinion]

See also:

January 26, 2024 Contracts, Litigation

Click to Agree: Online clickwrap agreements steered bank lawsuit to arbitration

online terms and conditions

Plaintiffs sued their bank alleging various claims under state law. The bank moved to compel arbitration based on various online clickwrap agreements plaintiffs had entered into.

One of the clickwrap agreements required plaintiffs to scroll through the entire agreement and then click an “Acknowledge” button before continuing to the next step. Citing to the case of Meyer v. Uber, 868 F.3d 66 (2d Cir. 2017), the court observed that “[c]ourts routinely uphold clickwrap agreements for the principal reason that the user has affirmatively assented to the terms of agreement by clicking ‘I agree.'”

Similarly, for the other relevant agreements, plaintiffs were required to click a box acknowledging that they agreed to those agreements before they could obtain access to digital products. Again, citing to the Meyer case: “A reasonable user would know that by clicking the registration button, he was agreeing to the terms and conditions accessible via the hyperlink, whether he clicked on the hyperlink or not.” By affirmatively clicking the acknowledgement, plaintiffs manifested their assent to the terms of the these agreements.

Curtis v. JPMorgan Chase Bank, N.A., 2024 WL 283474 (S.D.N.Y., January 25, 2024)

See also:

January 26, 2024 Contracts, Licensing

Disclaimer in software license agreement protected vendor from liability

software license disclaimer

A recent federal court case alleging breach of contract over failure of software to perform highlights the importance of careful drafting and review of disclaimer and other language in technology contracts.

Loss of livelihood

In 2021, a federal court entered an order that permanently barred plaintiff from preparing tax returns for other people. The court’s order apparently addressed past deficiencies in plaintiff’s past tax filings. In 2017, when using TaxWise software, plaintiff did not attach certain required forms to the tax returns.

No doubt this caused extreme hardship for plaintiff, so he sought to recover by blaming the software company – the defendant in this case – for a malfunction in the software that caused the required forms to be omitted.

He sued for breach of contract. Defendant moved to dismiss. The court granted the motion.

The lawsuit was too late

It held that plaintiff’s suit was untimely because the software license agreement contained a provision saying that any such claim had to be commenced within one year from the date such claim or cause of action first arose. The court rejected plaintiff’s argument that by bringing suit in January 2023, he was within the one year period because his first payment of a fine to the IRS was due in January 2022. Instead, the court held that the one year period for bringing suit began to run when the alleged breach occurred, i.e., in 2017 when the software allegedly malfunctioned.

Disclaimers knocked out the complaint

The court also held that certain disclaimer language in the software agreement served to defeat plaintiff’s claims as to the software’s performance. The agreement stated that plaintiff “expressly disclaim[ed] any representations or warranties that [his] use of the Products will satisfy any statutory or regulatory obligations, or will assist with, guarantee or otherwise ensure compliance with any applicable laws or regulations.” Moreover, the contract stated that plaintiff bore “THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PRODUCT(S), INCLUDING ELECTRONIC FILING” and so the court found that this eliminated plaintiff’s ability to shift that responsibility to the software provider.

Diedrich v. Wolters Kluwer, 2024 WL 291156 (S.D.N.Y., January 25, 2024)

See also:

January 24, 2024 Privacy

Website cookie banner was not enough for cruise line to sink federal wiretap lawsuit

cookie banner

Plaintiffs sued Carnival Cruise Line because they were upset about how much information carnival.com collected when they visited the site. “On carnival.com, no action goes unnoticed. Every click is counted, every keystroke is collected, and every cursor movement is catalogued.”

The claims centered around Carnival’s use of Clarity – a Microsoft session replay software that was deployed onto the user’s browser to collect a wide variety of information about the user’s system and browsing behavior. That collection was not limited to information from carnival.com. Clarity allegedly assigned each user a specific id that it used to associate and aggregate browsing behavior across all Clarity-enabled websites.

Plaintiffs asserted several claims, including one under the federal Electronic Communications Privacy Act (18 U.S.C. 2510 et seq.) (“ECPA”). They complained that Carnival intercepted Plaintiffs’ personal information, including their passport number, driver’s license number, date of birth, home address, phone number, email address and payment information, and used that information to trace users’ browsing history on other sites.

Carnival moved to dismiss for failure to state a claim under the ECPA. The court denied the motion.

No “party to the communication” exception

Carnival argued that the “party to the communication” exception of the ECPA absolved it of liability. 18 U.S.C. 2511(2)(d) provides that “[i]t shall not be unlawful … for a person … to intercept a[n] electronic communication where such person is a party to the communication.” But plaintiffs asserted that Microsoft, as the provider of the session replay code software, was a third party to the communication of the browsing information. Courts sometimes find third parties to be merely “extensions” of a website when such third parties’ services “merely function as a tape recorder.” But in this case, citing to Javier v. Assurance IQ, LLC, 649 F. Supp. 3d 891 (N.D. Cal. 2023), the court declined to find that Clarity had such limited functionality. The main problem for Carnival was that Clarity did more than just serve as a “tape recorder” – it used data to generate analytics such as heatmaps of user engagement and profiles of browsing history on other sites.

No consent for third party interception

Carnival also argued that the ECPA claim should be dismissed because plaintiffs had consented to the interception of their information. The court rejected this argument.

Carnival’s first argued that by merely sending a communication over the internet, plaintiffs expressed their consent. It cited to a 2001 Pennsylvania decision called Commonwealth v. Proetto, a criminal case in which that court found that a defendant accused of improperly soliciting a 15-year-old girl online could not claim that the girl’s decision to print out the defendant’s chat communication violated defendant’s right of privacy. In other words, the Pretto case stands for the notion that when one sends something over the internet, he or she loses control, from a privacy standpoint, over what the recipient will do with that information. The court distinguished the Proetto case, however, noting that it did not cover third-party interception, focusing instead on direct communication between two parties, and emphasizing that consent is given specifically to the receiver, not any incidental third party. This distinction was crucial in the present case, as Carnival needed to demonstrate that plaintiffs consented not just to Carnival, but also to third-party session replay providers – such as Microsoft in providing Clarity – involved in data collection.

So Carnival cited to Farst v. AutoZone, Inc., 2023 WL 7179807 (M.D. Pa. 2023) wherein the court dismissed similar claims in the context of online shopping, deeming it a public activity with no expectation of privacy in browsing habits. The court distinguished the Farst case, however, by noting that it did not focus not on the collection of sensitive information like this case did. In the current case, plaintiffs had made concrete allegations regarding the interception of sensitive information (e.g., driver’s license number, date of birth, home address).

Carnival’s second argument for plaintiffs’ consent to its recording policy hinged on a “Cookie Policy” banner on its website, suggesting that continued use of the site provided consent to the policy. Plaintiffs countered this by asserting that the website did not adequately notify users of this recording, and interaction with the site was possible without reviewing or agreeing to any privacy policy. The court observed that in assessing the validity of such “browsewrap” agreements, it should consider whether a website provides sufficient notice to a reasonably prudent user about the terms of the contract. In this case, the Cookie Policy banner was less noticeable due to its smaller text, inconspicuous color scheme, and placement away from key user interaction points, like large “SHOP NOW” or “SEARCH CRUISES” buttons. There was also no evidence that the banner appeared immediately or remained visible throughout a user’s visit. Consequently, the court found that – based on the facts alleged – a reasonably prudent user would not be adequately informed of the terms, siding with plaintiffs’ claim that they did not consent to the interception of their communications.

Rejection of Carnival’s other ECPA arguments

In denying the motion to dismiss the ECPA claims, the court rejected Carnival’s remaining arguments as well.

The court found that based on the facts alleged in the complaint, it was plausible to believe that the transmission of the information was contemporaneous, thereby qualifying as an “interception” under the statute.

It found that the information transmitted was not merely “record information” but that information such as an intent to travel, dates and locations were actual “contents” of the alleged communications.

And it rejected Carnival’s argument that the offending session replay code comprising Clarity was not a “device” prohibited by the statute. Carnival contended that it did not meet the definition of a “device” in the context of wiretapping laws, arguing that a “device” should be a physical object. The court held that that the combination of software and hardware involved in this case fell under the ambit of “device” as contemplated by the statute.

Price v. Carnival Corporation, 2024 WL 221437 (S.D. Cal., January 19, 2024)

See also:

January 23, 2024 Personal Jurisdiction

RFK Jr.’s online defamation case against Daily Kos writer tossed on jurisdictional grounds

online defamation

Presidential candidate Robert Kennedy Jr. sued Daily Kos writer David Vickery over a blog post Daily Kos published on August 29, 2020. The post described Kennedy’s participation in a Berlin protest against COVID-19 measures and included various allegations that Kennedy asserted were untrue.

Jurisdictional Challenges

Vickery moved to dismiss the case, arguing the federal court sitting in New Hampshire where plaintiff brought the suit had no personal jurisdiction over Vickery. Kennedy argued that the New Hampshire court could exercise specific personal jurisdiction over Vickrey, based on the effects of the alleged defamation in New Hampshire. But Vickery argued his connection with New Hampshire was minimal – he resided in Maine, had not worked in New Hampshire for over a decade, and did not engage in activities connecting him to the state in the context of the Daily Kos article.

Court’s Analysis and Decision

Applying the principles laid out in the well-known case of Calder v. Jones, the court evaluated the “purposeful availment” aspect of personal jurisdiction. The court observed that Kennedy needed to demonstrate that Vickrey intentionally directed his conduct towards New Hampshire, anticipating that the impact of his actions would be felt there. But the court found that Kennedy’s claims did not hold up under this scrutiny. It found that the article was published long before Kennedy’s presidential run, negating any intention to influence New Hampshire voters specifically. And the continuation of the article’s online presence did not equate to republishing, a key consideration in defamation cases.

Conclusion

So the court ruled in favor of Vickrey, granting his motion to dismiss due to the lack of personal jurisdiction. Kennedy’s motion for preliminary discovery and an evidentiary hearing on the jurisdictional issue was also denied.

Kennedy v. Vickrey, 2024 WL 232104 (D.N.H., January 22, 2024)

See also: