Tag Archives: terms of service

Jury finds in favor of IMDb in case brought by actress over published age

Hoang v. IMDb.com, No. 11-1709, W.D.Wash. (Jury verdict April 11, 2013)

Actress Junie Hoang was upset that IMDb published her real age (she was born in 1971). She sued IMDb claiming it breached its Subscriber Agreement (particularly its privacy policy) by using information she provided to cross-reference public records, and thereby ascertaining her correct age.

The case went to trial on the breach of contract claim. The jury returned a verdict in favor of IMDb.

Though we don’t know the jury’s thinking (we only have a simple verdict form), IMDb had argued, among other things, that its investigations of plaintiff’s birthday were in response to requests she had made. In 2008, plaintiff had asked IMDb to remove a false (1978) birthdate plaintiff had submitted a few years earlier. When IMDb conducted its own research, it found plaintiff’s real birthdate in public records, and published that. The jury found this did not violate IMDB’s Subscriber Agreement.

GoDaddy outage reminds us why limitation of liability clauses are important

The legal team at GoDaddy today probably had more than one conversation about Section 13 of the company’s Universal Terms of Service. That Section contains pretty widely used language which limits how badly GoDaddy could get hurt by an epic failure of its system like the one that happened today.

We are conspicuously told that:

IN NO EVENT SHALL Go Daddy, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER . . .

Language like this is critical to technology service agreements. Today’s huge blackout illustrates the extent to which GoDaddy would be on the hook if such a limitation were not in place. Thousands of sites were offline for hours, losing uncountable pageviews and ecommerce sales. Holding GoDaddy responsible for those millions of lost dollars (which would be in the categories of indirect, special and consequential damages) could put a company into bankruptcy. GoDaddy would be big enough (probably) to pick up the tab in such a situation once or twice. Smaller enterprises would likely not be as lucky.

This kid is like GoDady inasmuch as he's trying to limit his liability.

To illustrate the effect of limitation of liability clauses, I have often used the example of similar language in Microsoft’s end user license agreement for Office. Because that is there, you cannot go after Microsoft for the business you lose if Word fails on your computer and you miss the deadline for submitting that big proposal. After today we have a new, perhaps more relevant example. GoDaddy would be pretty protected if you claim that you missed out on that million dollar client because your website was down.

So if you were looking for me through my site today, let me know, so I can send a bill for what you would have paid me to GoDaddy. Then again, I guess I’ve already shown why that won’t get paid.

Photo courtesy Flickr user Mikol under this Creative Commons license.

Megaupload takedown reminds us why website terms and conditions can be important

Kashmir Hill pointed out that at least one erstwhile file sharing service has changed its business model in response to the federal government’s action against Megaupload. She observes that:

FileSonic users can’t be too happy to have one of the main features of the site taken away. But the company must be less worried about its breach of contract with existing users than it is about the possibility of getting the Megaupload treatment, i.e., arrest, seizure of its property, and a criminal indictment.

This raises an important point. Any kind of online service that pushes the legal envelope may want to build in some mechanisms to pull back with impunity if it gets freaked out or loses its envelope-pushing courage. Said another way, that service should not make promises to its users that it cannot keep in the event the service wants to change what it is doing.

Some well known user generated content sites do this pretty well already in their terms of service. For example:

  • Dropbox: “We reserve the right to suspend or end the Services at any time, with or without cause, and with or without notice.”
  • YouTube reserves the right to discontinue any aspect of the Service at any time.”
  • Reddit: “We also reserve the right to discontinue the Program, or change the content or formatting of the Program, at any time without notice to you, and to require the immediate cessation of any specific use of the Program.”
  • Facebook (being kind of vague): “If you . . . create risk or possible legal exposure for us, we can stop providing all or part of Facebook to you.”

All good examples of foresight in drafting website terms and conditions that help innovative sites with damage control.

Website terms and conditions were unenforceable because of fraud

Duick v. Toyota Motor Sales, U.S.A., Inc., 2011 WL 3834740 (Cal.App. 2 Dist. August 31, 2011)

Someone signed plaintiff up through a Toyota website to take part in a “Personality Evaluation.” She got an email with a link to a website, and on the second page that she had to click through, she was presented with the well-known check box next to the words “I have read and agree to the terms and conditions.”

Later plaintiff started getting creepy emails from an unknown male calling himself “Sebastian Bowler” who indicated that he was on a cross-country road trip to come and visit plaintiff. He even listed plaintiff’s physical address. One of the emails had a link to Bowler’s MySpace page, which revealed he “enjoyed drinking alcohol to excess.” A few days later plaintiff got another email from someone purporting to be the manager of the hotel in which Bowler had trashed a room, and attempted to bill plaintiff for the damage.

As one would expect, plaintiff was disturbed by these messages. She finally got an email with a link to a video that said Bowler was a fictional character and that the emails were part of an elaborate prank, all to advertise the Toyota Matrix.

Plaintiff sued Toyota for, among other things, infliction of emotional distress. Toyota moved to dismiss the lawsuit, arguing that the online terms and conditions contained an arbitration provision, so the case did not belong in court but before an arbitrator. The court rejected this argument, finding that the terms and conditions were void, because plaintiff’s agreement to them was procured by “fraud in the inception or execution.”

The court found that the terms and conditions led plaintiff to believe that she was going to participate in a personality evaluation and nothing more. A reasonable reader in plaintiff’s position would not have known that she was signing up to be the target of a prank. For example, the terms and conditions were under the heading “Personality Evaluation Terms and Conditions” and made vague and opaque references to terms such as “interactive experience” and a “digital experience.” Simply stated, plaintiff, through no fault of her own, did not know what she was getting herself into.

For these reasons, the court held that the terms and conditions were void, and all the provisions contained in those terms and conditions, including the purported agreement to arbitrate any disputes, did not bind the parties.

What the Lori Drew acquittal should mean for service providers

You know the story of Lori Drew — the mom from Missouri who was accused of setting up a bogus MySpace profile impersonating an adolescent boy. Lori acted as this fake “Josh” to stir up romantic feelings in young Megan Meier who, after being dumped by “Josh,” took her own life.

A terrible thing of course. And someone needed blaming. So federal prosecutors chose to go after Lori Drew. The jury convicted her of violating the Computer Fraud and Abuse Act (the federal anti-hacking statute), but today the judge acquitted her. Seems like a good decision, as the theory on which the prosecution based its case — that Lori violated the site’s terms of service by saying she was someone other than she is and thereby exceeded her authority — was shaky at best. The big problem with that theory was that such a reading would make most of us criminals. I’m sure you don’t mean to tell me you’ve never signed up for an online service using something other than your real name or accurate contact information.

Most smart people can agree that the Computer Fraud and Abuse Act was not the right way to punish this “crime.” Various states have enacted legislation to handle cyberbullying and are already prosecuting people in state court. But the problem is not going to go away. People will still do foolish things on the internet.

And to the extent that foolishness is criminal, the individual should pay a criminal price. The individual.

Using the Computer Fraud and Abuse Act to go after this conduct put the contractual relationship between the end user and the provider (i.e., Lori Drew and MySpace) under the microscope where it did not belong. The court and jury had to scrutinize that contractual relationship and the resulting authority (or lack thereof). They had to do that because there was no other way the government was going to win a CFAA prosecution otherwise.

Focusing on that relationship in this context did not make sense. MySpace didn’t have anything to do with this other than being a passive intermediary. Why should the inquiry at trial have gone to those kinds of questions? Why should the intermediary have been bothered? It shouldn’t have.

The bad act was (I guess we have to again say “allegedly was” now that she’s been acquitted) between Lori Drew and Megan Meier. That’s the space where the factual focus and legal analysis belonged. Not in the legal relationship between Lori Drew and MySpace.

Now that we have a sensible legal outcome in this case, hopefully prosecutors will take some more principled approaches and leave the intermediaries out of it.

Website terms of service provide basis for exercise of personal jurisdiction

CoStar Realty Information, Inc. v. Field, — F.Supp.2d —-, 2009 WL 841132 (D.Md. March 31, 2009)

Personal jurisdiction cases — even ones that involve the internet — are generally not all that interesting. But the case of CoStar Realty Information, Inc. v. Field is worth noting because of the way the personal jurisdiction analysis was tied to a provision found in online terms of service.

CoStar provides its paying customers with access to a proprietary database via the web. It claimed that certain defendants, who were residents of Texas and Florida, accessed the database using another customer’s password. So CoStar sued these defendants in federal court in Maryland.

These defendants moved to dismiss arguing, among other things, lack of personal jurisdiction. The court denied the motion.

It found that in the four or so years that the defendants accessed the database without authorization, they would have been presented with the online terms of service from time to time. Those terms of service contained a clause which provided that any litigation over use of the database would be conducted in Maryland. The court found that the defendants assented to these terms, and that the forum selection clause was valid and enforceable.

Map photo courtesy Flickr user Marxchivist under this Creative Commons license

Shame on you, Facebook, for overreaching

Facebook, I hereby grant to you an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use the following content: “Go jump in a lake.”

The past few days people have been talking about how scandalous it is that Facebook changed its terms of service to grab up a very broad license in content its users upload. I’m sure that Facebook is counting on this controversy to go wherever it is that memes go to die, to be forgotten just like most controversies-du-semaine. It probably will, but as the sentiment finds itself already on the decline, I’ll comment.

Here’s what the offending section of the Facebook terms of service now says, in relevant part:

You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You represent and warrant that you have all rights and permissions to grant the foregoing licenses.

I was pretty peeved when I learned that Facebook had modified its terms to get a broader license. But I was even more peeved when I read founder Mark Zuckerburg’s blog post from yesterday which tried to justify the changes. Of course Facebook must make sure it has the rights it needs in order to “show [users' content and information] to the other people they’ve asked [it] to share it with.” But isn’t the right to share that content inherent in the very “asking”? Why be grabby?

Facebook is being content greedy. It’s commandeering more than it needs to run the service. An example Zuckerburg uses in the post concerns the text of a messages sent between friends. If one user deactivates his or her account, a copy of each message will still exist in the other friend’s inbox. Fine. I see the point. So get a license to store and display a copy of private messages. There’s no problem with that.

The bigger rub comes with photos and video users upload. Why does Facebook need a perpetual license for that? I don’t see any reason, whether from a technological or other practical standpoint, why photos and video could not or should not be deleted — and the license to Facebook terminated — when a user deactivates his or her account. YouTube doesn’t demand a license for content after it has been taken down by a user.

Zuckerburg’s post contains the following interesting statement: “In reality, we wouldn’t share your information in a way you wouldn’t want.” Okay Mark, let’s talk about reality. I don’t want you using information about me, like my name, for commercial purposes. That’s reality. Why then do you demand to have the right to use my name and other information for commercial purposes? Are you suggesting that the terms of service as now written don’t reflect reality? I know they were written by lawyers, but surely your legal counsel can’t be that removed from the real world.

I like Facebook, and through it I have reconnected with old friends and made some new ones. But those connections are what’s important, not the intermediary. I may delete my photos off of there but I’ll probably keep using it, at least for now. But I’ll likely post less content. Shame on you, Facebook, and shame on you Mark Zuckerburg, for putting up a post just filled with platitudes, all while ignoring the fact there’s no reason for your new overreaching. That kind of stunt will invigorate those who want an alternative to Facebook, and will accellerate the process of making Facebook tomorrow’s Friendster.

Greedy photo courtesy Flickr user Gribiche under this Creative Commons license.