Book
INTERNET LAW:
CASES & MATERIALS
Professor Eric Goldman
July 2020 version
i.
Portions © Eric Goldman
Follow new developments in Internet Law at my Technology & Marketing Law blog
[http://blog.ericgoldman.org/] and my Twitter feed [https://twitter.com/ericgoldman].
To make sure you always are looking at the most current version, I have excluded the text
of most statutes and similar rulesets from the book and linked to the statutes in the table of
contents. However, Internet law is principally a statute-driven course, and there’s no
substitute for actually reading the statutes!
Editing Notes:
Textual omissions are noted with ellipses
Omitted footnotes are not indicated, but all footnote numbers are original
In-text citations are omitted without indication (including parenthetical
explanations and some parallel citations)
Although I have tried to preserve the original formatting (such as italics, bold and
blockquotes), some formatting may have changed or been lost.
I included the authoring judge’s name only when I think that may be interesting.
I’ve made minor edits to my blog posts without indicating those changes.
To improve readability, I have aggressively stripped out case citations and parenthetical
explanations (more so than in most casebooks). If you are interested in the court’s actual
words or intend to quote or cite one of these opinions, I STRONGLY recommend that you
pull the actual opinion and read the unedited version.
There are a few review questions sprinkled throughout the book. Answers are at the end of
the book, but no fair peeking until you’ve tried your best!
People disagree whether the “I” in Internet should be capitalized. See, e.g., Susan C.
Herring, Should You Be Capitalizing the Word 'Internet'?, WIRED, Oct. 19, 2015,
https://www.wired.com/2015/10/should-you-be-capitalizing-the-word-internet/. Like most
old-timers, I always capitalize “Internet”!
If you are a professor and you’re adopting this book for your course, please email me at
([email protected]). I can share my course notes and PowerPoint deck.
If you bought a hard copy of this book: I’ve done my best to make the hard copy version of
the book useful to you, but it lacks color images, clickable links, and keyword searching.
Please email me ([email protected]) your hard copy purchase receipt showing which
edition you bought, and I will happily email you a PDF at no extra cost to you.
I’m grateful to many people over the years who have provided helpful comments to improve
this book, including Venkat Balasubramani, Lydia de la Torre, James Grimmelmann,
Daphne Keller, Jeff Kosseff, Alex Levy, Jess Miers, and Nathan Walker. I welcome your
comments or corrections at [email protected].
ii.
TABLE OF CONTENTS
I. What is the Internet? Who Regulates It?
Noah v. AOL (E.D. Va.) .............................................................................................. Page 10
Determining the Geography of Internet-Connected Devices ............................................ 23
II. Jurisdiction
Evaluating Personal Jurisdiction ....................................................................................... 29
Toys ‘R’ Us v. Step Two (3d Cir.) ........................................................................................ 30
Illinois v. Hemi Group (7th Cir.) ........................................................................................ 41
III. Contracts
Meyer v. Uber (2d Cir.) ....................................................................................................... 46
Register.com v. Verio (2d Cir.) ........................................................................................... 70
Harris v. Blockbuster ......................................................................................................... 80
IV. Trespass/Computer Fraud & Abuse Act
Review: the Computer Fraud & Abuse Act, 18 U.S.C. §1030
[http://www.law.cornell.edu/uscode/text/18/1030], and California Penal Code §502
[https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=502.&lawC
ode=PEN]
Comparison of Trespass to Chattels Doctrines .................................................................. 91
Intel v. Hamidi (Cal. Sup. Ct.) ........................................................................................... 92
Register.com v. Verio (Trespass to Chattels section)........................................................ 112
Online Trespass to Chattels: a Failed Experiment ......................................................... 117
V. Copyright
Copyright Basics (Copyright Office Circular 1) ............................................................... 121
Note About Fair Use ......................................................................................................... 126
Cartoon Network v. CSC (2d Cir.) .................................................................................... 130
MGM Studios v. Grokster (Sup. Ct.) ................................................................................ 143
Secondary Liability
Review: 17 U.S.C. §512 [http://www.copyright.gov/title17/92chap5.html#512]
Section 512(c) Cheat Sheet ............................................................................................... 156
UMG v. Shelter Capital (9th Cir. revised opinion) .......................................................... 158
Recap
Ticketmaster v. RMG ....................................................................................................... 179
iii.
VI. Trademarks and Domain Names
Review: 15 U.S.C. §1114 [http://www.law.cornell.edu/uscode/text/15/1114], 15 U.S.C. §1125
[http://www.law.cornell.edu/uscode/text/15/1125], and 15 U.S.C. §8131
[http://www.law.cornell.edu/uscode/text/15/8131]
Trademark FAQs .............................................................................................................. 192
Trademark Glossary ......................................................................................................... 194
A. Domain Names and Metatags
Review: ICANN Uniform Domain Name Dispute Resolution Policy
[https://www.icann.org/resources/pages/policy-2012-02-25-en] and Rules for Uniform
Domain Name Dispute Resolution Policy [https://www.icann.org/resources/pages/udrp-
rules-2015-03-11-en]
Lamparello v. Falwell (4th Cir.) ....................................................................................... 197
Promatek v. Equitrac (7th Cir.) Original Order and Revision ........................................ 211
B. Search Engines
Review: Google’s Trademark Policy [https://support.google.com/adwordspolicy/answer/6118]
Network Automation v. Advanced Systems Concepts (9th Cir.) ..................................... 218
Tiffany v. eBay (2d Cir.) ................................................................................................... 236
VII. Pornography
Pornography Glossary ...................................................................................................... 251
Reno v. ACLU (Sup. Ct. 1997) .......................................................................................... 252
Ashcroft v. ACLU (Sup. Ct. 2004) .................................................................................... 267
VIII. Defamation and Information Torts
47 U.S.C. §230 .................................................................................................................. 282
An Introduction to Section 230 ........................................................................................ 285
A Note About FOSTA ....................................................................................................... 293
Zeran v. America Online (4th Cir.) .................................................................................. 301
Fair Housing Council v. Roommates.com (9th Cir. en banc) ........................................... 312
Top Myths of Content Moderation ................................................................................... 341
International Approaches to Liability for Information Torts .......................................... 343
IX. Privacy
Review: 16 C.F.R. Part 312 [http://www.gpo.gov/fdsys/pkg/FR-2013-01-17/pdf/2012-
31341.pdf (starting at page 38)]
Excerpts from 16 C.F.R. Part 312, the Children’s Online Privacy Protection Act’s
Regulations ....................................................................................................................... 355
Note About the E.U.’s General Data Protection Regulation (GDPR) .............................. 357
An Introduction to the California Consumer Privacy Act (CCPA) .................................. 365
iv.
In re. Pharmatrak (1st Cir.) ............................................................................................. 372
X. Spam
Review: CAN-SPAM Act of 2003 [http://www.gpo.gov/fdsys/pkg/PLAW-
108publ187/pdf/PLAW-108publ187.pdf] and 16 C.F.R. Part 316 [http://www.ecfr.gov/cgi-
bin/text-idx?c=ecfr&rgn=div5&view=text&node=16:1.0.1.3.40&idno=16]
Where’s the Beef? Dissecting Spam’s Purported Harms ................................................. 384
XI. Blogs and Social Networking Sites
The Third Wave of Internet Exceptionalism ................................................................... 393
People v. Lopez (Cal. App. Ct.) ......................................................................................... 395
Doe v. MySpace (5th Cir.) ................................................................................................. 399
Zimmerman v. Weis Markets ........................................................................................... 406
Farley v. Callais & Sons .................................................................................................... 409
In re Rolando S. (Cal. App. Ct.) ........................................................................................ 416
Moreno v. Hanford Sentinel (Cal. App. Ct.) ..................................................................... 421
REVIEW QUESTION ANSWERS ................................................................................ 428
v.
1.
I. What is the Internet? Who Regulates It?
This book is about Internet Law. But is it possible to distinguish between “the Internet”
and “not the Internet”? What defines this boundary? From a policy and regulatory
standpoint, why does this boundary matter?
Defining the Internet
The Internet is an electronic communication network. There are many other electronic
networks, including wired and wireless telephony and radio and television broadcast, all of
which have historical roots that differ greatly from the Internet. We generally consider
those networks as distinct from the Internet, even though those networks can carry
Internet traffic, and even though the Internet makes it possible to replicate telephony,
radio, and television functions.
So what distinguishes the Internet from other electronic communications networks? There
is no single well-accepted answer to this question.
Perhaps most distinctively, the Internet uses “packet switching.” To understand packet
switching, it helps to understand a bit about Internet history. The following explanation
comes from American Civil Liberties Union v. Reno, 929 F. Supp. 824 (E.D. Pa. 1996):
5. The Internet had its origins in 1969 as an experimental project of the
Advanced Research Project Agency (“ARPA”), and was called ARPANET.
This network linked computers and computer networks owned by the
military, defense contractors, and university laboratories conducting defense-
related research. The network later allowed researchers across the country to
access directly and to use extremely powerful supercomputers located at a
few key universities and laboratories. As it evolved far beyond its research
origins in the United States to encompass universities, corporations, and
people around the world, the ARPANET came to be called the “DARPA
Internet,” and finally just the “Internet.”
6. From its inception, the network was designed to be a decentralized, self-
maintaining series of redundant links between computers and computer
networks, capable of rapidly transmitting communications without direct
human involvement or control, and with the automatic ability to re-route
communications if one or more individual links were damaged or otherwise
unavailable. Among other goals, this redundant system of linked computers
was designed to allow vital research and communications to continue even if
portions of the network were damaged, say, in a war.
7. To achieve this resilient nationwide (and ultimately global)
communications medium, the ARPANET encouraged the creation of multiple
links to and from each computer (or computer network) on the network. Thus,
a computer located in Washington, D.C., might be linked (usually using
dedicated telephone lines) to other computers in neighboring states or on the
Eastern seaboard. Each of those computers could in turn be linked to other
computers, which themselves would be linked to other computers.
2.
8. A communication sent over this redundant series of linked computers could
travel any of a number of routes to its destination. Thus, a message sent from
a computer in Washington, D.C., to a computer in Palo Alto, California,
might first be sent to a computer in Philadelphia, and then be forwarded to a
computer in Pittsburgh, and then to Chicago, Denver, and Salt Lake City,
before finally reaching Palo Alto. If the message could not travel along that
path (because of military attack, simple technical malfunction, or other
reason), the message would automatically (without human intervention or
even knowledge) be re-routed, perhaps, from Washington, D.C. to Richmond,
and then to Atlanta, New Orleans, Dallas, Albuquerque, Los Angeles, and
finally to Palo Alto. This type of transmission, and re-routing, would likely
occur in a matter of seconds.
9. Messages between computers on the Internet do not necessarily travel
entirely along the same path. The Internet uses “packet switching”
communication protocols that allow individual messages to be subdivided into
smaller “packets” that are then sent independently to the destination, and
are then automatically reassembled by the receiving computer. While all
packets of a given message often travel along the same path to the
destination, if computers along the route become overloaded, then packets
can be re-routed to less loaded computers.
Statutory definitions of the “Internet” often reference packet switching or its enabling
protocol called Transmission Control Protocol/Internet Protocol (TCP/IP). For example, in
the United States Code, you’ll find two alternative definitions of “Internet”:
“the international computer network of interoperable packet switched data
networks” (e.g., 31 U.SC. § 5362; 47 U.S.C. § 230).
“collectively the myriad of computer and telecommunications facilities, including
equipment and operating software, which comprise the interconnected world-wide
network of networks that employ the Transmission Control Protocol/Internet
Protocol, or any predecessor [or] successor protocols to such protocol, to communicate
information of all kinds by wire or radio” (e.g., the Children’s Online Privacy
Protection Act, 15 U.S.C. § 6555; the now-defunct Internet Tax Freedom Act, 47
U.S.C. § 151 note).
Historically, the Internet has been perceived as a virtual space. However, the emergence of
the “Internet-of-Things” has further blurred the boundaries between “the Internet” and “not
the Internet.” Physical items are now routinely Internet-enabled, including cars,
thermostats, juicers (the Juicero), and adult toys (the “We-Vibe”). As the Internet pervades
physical items in the “offline” world, is there a coherent border between “the Internet” and
“not the Internet”?
Accessing the Internet
Internet access providers (IAP) are the service providers that get users and services online.
IAPs are sometimes called “Internet Service Providers” or “ISPs,” but that term is also
3.
sometimes confusingly used to describe websites as well. To reduce semantic ambiguity,
never use the term “ISP;” use the term “IAP” when referring to Internet access.
Some of the primary ways that we access the Internet:
At home, most people obtain Internet access from their telephony or cable provider,
such as AT&T or Comcast.
Most people also access the Internet on their smartphones through their cellular
service provider or third-party wi-fi services.
Employers and schools routinely provide Internet access to their
employees/students.
Businesses routinely provide wi-fi Internet access to their customers.
What Can We Do on the Internet?
There are many communication modalities on the Internet, including email, chat, message
boards, social media, web publishing and more. The Internet enables individuals to create
their own personal website or blog. More typically, people use third-party publishing tools,
such as social media, which expedite the content distribution process and provide exposure
to an existing audience.
Many of these content publication options are free; others are relatively low cost. The ACLU
v. Reno court said in 1996, “the Internet provides an easy and inexpensive way for a
speaker to reach a large audience, potentially of millions. The start-up and operating costs
entailed by communication on the Internet are significantly lower than those associated
with use of other forms of mass communication, such as television, radio, newspapers, and
magazines.” This low cost has led to an explosion of content unprecedented in human
history, with a virtually infinite diversity of content (for better and for worse). As the ACLU
v. Reno court wrote in 1996, “It is no exaggeration to conclude that the content on the
Internet is as diverse as human thought.”
There are two other distinctive aspects of the Internet as a content publication platform.
First, the Internet makes it seamless to browse content from diverse sources due to
abundant and easy-to-use links. As the ACLU v. Reno court wrote in 1996, “[Hyper]links
from one computer to another, from one document to another across the Internet, are what
unify the Web into a single body of knowledge, and what makes the Web unique…The
power of the Web stems from the ability of a link to point to any document, regardless of its
status or physical location.”
Second, we routinely flip between being consumers and producers of online content, often
without thinking about that transition. As the ACLU v. Reno court wrote in 1996:
79. Because of the different forms of Internet communication, a user of the
Internet may speak or listen interchangeably, blurring the distinction
between “speakers” and “listeners” on the Internet. Chat rooms, e-mail, and
newsgroups are interactive forms of communication, providing the user with
the opportunity both to speak and to listen.
4.
80. It follows that unlike traditional media, the barriers to entry as a speaker
on the Internet do not differ significantly from the barriers to entry as a
listener. Once one has entered cyberspace, one may engage in the dialogue
that occurs there. In the argot of the medium, the receiver can and does
become the content provider, and vice-versa.
81. The Internet is therefore a unique and wholly new medium of worldwide
human communication.
Mobile Devices as Computers. As further evidence of the degradation of the boundaries
between the Internet and not-the-Internet, most people carry a mobile computer—with
Internet access—around with them at virtually all times. From Riley v. California, 573 U.S.
373 (2014):
The term “cell phone” is itself misleading shorthand; many of these devices
are in fact minicomputers that also happen to have the capacity to be used as
a telephone. They could just as easily be called cameras, video players,
rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions,
maps, or newspapers.
One of the most notable distinguishing features of modern cell phones is their
immense storage capacity. Before cell phones, a search of a person was
limited by physical realities and tended as a general matter to constitute only
a narrow intrusion on privacy. Most people cannot lug around every piece of
mail they have received for the past several months, every picture they have
taken, or every book or article they have read—nor would they have any
reason to attempt to do so. And if they did, they would have to drag behind
them a trunk of the sort held to require a search warrant in Chadwick rather
than a container the size of the cigarette package in Robinson.
But the possible intrusion on privacy is not physically limited in the same
way when it comes to cell phones. The current top-selling smart phone has a
standard capacity of 16 gigabytes (and is available with up to 64 gigabytes).
Sixteen gigabytes translates to millions of pages of text, thousands of
pictures, or hundreds of videos. Cell phones couple that capacity with the
ability to store many different types of information: Even the most basic
phones that sell for less than $20 might hold photographs, picture messages,
text messages, Internet browsing history, a calendar, a thousand-entry phone
book, and so on. We expect that the gulf between physical practicability and
digital capacity will only continue to widen in the future.
The storage capacity of cell phones has several interrelated consequences for
privacy. First, a cell phone collects in one place many distinct types of
information—an address, a note, a prescription, a bank statement, a video—
that reveal much more in combination than any isolated record. Second, a cell
phone’s capacity allows even just one type of information to convey far more
than previously possible. The sum of an individual’s private life can be
reconstructed through a thousand photographs labeled with dates, locations,
and descriptions; the same cannot be said of a photograph or two of loved
5.
ones tucked into a wallet. Third, the data on a phone can date back to the
purchase of the phone, or even earlier. A person might carry in his pocket a
slip of paper reminding him to call Mr. Jones; he would not carry a record of
all his communications with Mr. Jones for the past several months, as would
routinely be kept on a phone.
Finally, there is an element of pervasiveness that characterizes cell phones
but not physical records. Prior to the digital age, people did not typically
carry a cache of sensitive personal information with them as they went about
their day. Now it is the person who is not carrying a cell phone, with all that
it contains, who is the exception. According to one poll, nearly three-quarters
of smart phone users report being within five feet of their phones most of the
time, with 12% admitting that they even use their phones in the shower. A
decade ago police officers searching an arrestee might have occasionally
stumbled across a highly personal item such as a diary. But those discoveries
were likely to be few and far between. Today, by contrast, it is no
exaggeration to say that many of the more than 90% of American adults who
own a cell phone keep on their person a digital record of nearly every aspect
of their lives—from the mundane to the intimate. Allowing the police to
scrutinize such records on a routine basis is quite different from allowing
them to search a personal item or two in the occasional case.
Although the data stored on a cell phone is distinguished from physical
records by quantity alone, certain types of data are also qualitatively
different. An Internet search and browsing history, for example, can be found
on an Internet-enabled phone and could reveal an individual’s private
interests or concerns—perhaps a search for certain symptoms of disease,
coupled with frequent visits to WebMD. Data on a cell phone can also reveal
where a person has been. Historic location information is a standard feature
on many smart phones and can reconstruct someone’s specific movements
down to the minute, not only around town but also within a particular
building.
Mobile application software on a cell phone, or “apps,” offer a range of tools
for managing detailed information about all aspects of a person’s life. There
are apps for Democratic Party news and Republican Party news; apps for
alcohol, drug, and gambling addictions; apps for sharing prayer requests;
apps for tracking pregnancy symptoms; apps for planning your budget; apps
for every conceivable hobby or pastime; apps for improving your romantic life.
There are popular apps for buying or selling just about anything, and the
records of such transactions may be accessible on the phone indefinitely.
There are over a million apps available in each of the two major app stores;
the phrase “there’s an app for that” is now part of the popular lexicon. The
average smart phone user has installed 33 apps, which together can form a
revealing montage of the user’s life.
In 1926, Learned Hand observed that it is “a totally different thing to search
a man’s pockets and use against him what they contain, from ransacking his
house for everything which may incriminate him.” If his pockets contain a
6.
cell phone, however, that is no longer true. Indeed, a cell phone search would
typically expose to the government far more than the most exhaustive search
of a house: A phone not only contains in digital form many sensitive records
previously found in the home; it also contains a broad array of private
information never found in a home in any form—unless the phone is.
Who Controls the Internet? In the 1990s, many people referred to the Internet as the
ultimate disintermediator; some technologists even thought it would make centralized
control of the communication network impossible. From the 1996 ACLU v. Reno opinion:
11. No single entity—academic, corporate, governmental, or non-profit—
administers the Internet. It exists and functions as a result of the fact that
hundreds of thousands of separate operators of computers and computer
networks independently decided to use common data transfer protocols to
exchange communications and information with other computers (which in
turn exchange communications and information with still other computers).
There is no centralized storage location, control point, or communications
channel for the Internet, and it would not be technically feasible for a single
entity to control all of the information conveyed on the Internet….
46. A distributed system with no centralized control. Running on tens of
thousands of individual computers on the Internet, the Web is what is known
as a distributed system. The Web was designed so that organizations with
computers containing information can become part of the Web simply by
attaching their computers to the Internet and running appropriate World
Wide Web software. No single organization controls any membership in the
Web, nor is there any single centralized point from which individual Web
sites or services can be blocked from the Web. From a user’s perspective, it
may appear to be a single, integrated system, but in reality it has no
centralized control point.
This might still be true in a literal sense. However, as technology has developed new
communication innovations, governments have counter-innovated ways of controlling those
communications. Some “chokepoints” that governments have targeted:
Internet access providers determine what their users can do on the Internet. In
many countries, there are a small number of IAPs; and the government licenses
IAPs or otherwise exercises substantial control over their businesses. In extreme
cases, a government can require all of a country’s IAPs to shut down and take the
country off the Internet entirely.
The domain name system and IP address systems are targetable chokepoints. For
example, turning off a domain name makes the associated service functionally
invisible. Website blocking orders, which block domain names of illegal activity,
have become increasingly routine in Europe. Alternatively, blocking an IP address
makes the associated computer(s) invisible to other parts of the Internet. In extreme
cases, a government can force all of the country’s IAPs to block a domain name or IP
address. For example, Turkey regularly blocks YouTube. To get around these blocks,
people in the country might use “VPNs.” VPN services allow users to “rent” an IP
7.
address from them. Using such services can allow a user to appear to third party
websites as if they are coming from a different country than the user’s actual
country. For example, if the BBC tries to restrict its online content only to viewers in
the United Kingdom, people in other countries can rent an IP address from a UK-
based VPN service and gain access BBC’s content by appearing to be located in the
UK. This creates a cat-and-mouse game, as governments then seek to block or
restrict access to VPNs.
Search engines are often a key chokepoint because they affect what people see. For
example, governments can mandate that search engines do not “auto-complete”
certain queries, implicitly obscuring the search results associated with those
queries.
Browser software manufacturers are a chokepoint because their settings and
functionality often dictate what users can do online.
The major social media services can become a chokepoint when they control a large
portion of the desired audience.
Governments have other techniques to assert control over Internet actors. First, they can
require that any service available in their country have a physical presence there. Some
geographic-specific domain names, such as “.eu,” require a local physical presence. That
physical presence makes it easier for governments to target any associated physical assets
or employees, including the threat of jailing the personnel.
Second, many countries have gone further and required that Internet services must store
all personal information from the country’s residents in the country (called “data
localization” requirements). In addition to giving the government more assets to target, the
requirement facilitates the government’s censorship of that data because it can forcibly
suppress the data stored in its territory.
At its most extreme, Russia has developed its own country-specific Internet (the “Runet”)
that can be disconnected from the rest of the Internet for purposes of “Internet sovereignty”
or “national security.” Jane Wakefield, Russia 'Successfully Tests' Its Unplugged Internet,
BBC, Dec. 24, 2019, https://www.bbc.com/news/technology-50902496. Such a system has
unlimited potential for censorship by ensuring that the only content available to Russian
citizens on the “Internet” comes from publishers and services that the Russian government
can control.
We will revisit ways that governments can subject Internet actors to legal consequences in
the jurisdiction module.
Authenticating User Attributes on the Internet
You may be familiar with this iconic 1993 New Yorker cartoon:
8.
In the optimistic period of the 1990s, this cartoon stood for the proposition that people could
be someone different on the Internet. In particular, on the Internet, people could interact
with other people without displaying—and, in theory, without being judged based on—their
visible physical characteristics such as age, gender, or race. It also meant people could
engage in role-playing and experience what life is like for people with different attributes.
Later, the New Yorker cartoon took on an unexpectedly ironic meaning. Extensive data
gathering by Internet companies that they knew virtually everything about Internet
users—perhaps more than the users know about themselves. Some folks on the Internet
may not know you’re a dog, but Google and Facebook do.
Authenticating users’ ages has been a perennial authentication challenge. In 1995, a cyber-
panic swept through Congress because minors could find pornography online. However, the
First Amendment protects the availability of pornography to adults, so Congress could not
categorically ban pornography online. Nevertheless, Congress passed the Communications
Decency Act, which led to a legal battle covered in the Reno v. ACLU opinion later in this
book.
In the mid-1990s, it was not feasible to distinguish minors from adults online. To work
around that technological limitation, the Communications Decency Act created a safe
harbor for treating users as adults if they presented a valid credit card number. There are a
number of problems with this approach, including the now-dubious assumption that minors
don’t have access to a valid credit card number.
Remarkably, age authentication technologies have not materially improved in the past
quarter-century. Some social media services “age-gate” by blocking minors’ access to some
material on their services, but the efficacy of such age-gating depends on whether the user
self-reported his/her age accurately in the first place. Otherwise, most forms of online
communication—ranging from web publishers to email correspondents—still lack an
effective way of reliably and accurately distinguishing minors from adults. Nowadays, the
privacy-invasive implications of age authentication seemingly conflict with consumers’
increasing desire for privacy online.
Have We Fallen Out of Love With the Internet? The Internet is a major advance in human
technology, and it enables functionality that truly would have seemed like science fiction to
people before the Internet. That’s why most people still love the Internet. Yet, over time,
the Internet’s brand has been degrading:
9.
Americans have grown somewhat more ambivalent about the impact of
digital connectivity on society as a whole. A sizable majority of online adults
(70%) continue to believe the internet has been a good thing for society. Yet
the share of online adults saying this has declined by a modest but still
significant 6 percentage points since early 2014, when the Center first asked
the question….
Those who think the internet has had a good impact on society tended to
focus on two key issues, according to follow-up items which allowed
respondents to explain their views in their own words. Most (62% of those
with a positive view) mentioned how the internet makes information much
easier and faster to access. Meanwhile, 23% of this group mentioned the
ability to connect with other people, or the ways in which the internet helps
them keep more closely in touch with friends and family.
By contrast, those who think the internet is a bad thing for society gave a
wider range of reasons for their opinions, with no single issue standing out.
The most common theme (mentioned by 25% of these respondents) was that
the internet isolates people from each other or encourages them to spend too
much time with their devices. These responses also included references to the
spread and prevalence of fake news or other types of false information: 16%
mentioned this issue. Some 14% of those who think the internet’s impact is
negative cited specific concerns about its effect on children, while 13% argued
that it encourages illegal activity. A small share (5%) expressed privacy
concerns or worries about sensitive personal information being available
online.
Declining Majority of Online Adults Say the Internet Has Been Good for Society, Pew
Research Center, Apr. 30, 2018, http://www.pewinternet.org/2018/04/30/declining-
majority-of-online-adults-say-the-internet-has-been-good-for-society/. Government
regulators routinely take a much dimmer view of the Internet than the average
consumer.
10.
In the next case, the court legally distinguishes an online chatroom from an offline
restaurant. Do you agree?
Noah v. AOL Time Warner Inc., 261 F. Supp. 2d 532 (E.D. Va. 2003)
Plaintiff, on behalf of himself and a class of those similarly situated, sues his Internet
service provider (ISP)* for damages and injunctive relief, claiming that the ISP wrongfully
refused to prevent participants in an online chat room from posting or submitting harassing
comments that blasphemed and defamed plaintiff’s Islamic religion and his co-religionists.
Specifically, plaintiff claims his ISP’s failure to prevent chat room participants from using
the ISP’s chat room to publish the harassing and defamatory comments constitutes a
breach of the ISP’s customer agreement with plaintiff and a violation of Title II of the Civil
Rights Act of 1964, 42 U.S.C. § 2000a et seq.
At issue on a threshold dismissal motion are
(i) the now familiar and well-litigated question whether a claim, like
plaintiff’s, which seeks to hold an ISP civilly liable as a publisher of third
party statements is barred by the immunity granted ISP’s by the
Communications Decency Act of 1996, 47 U.S.C. § 230,
(ii) the less familiar, indeed novel question whether an online chat room is a
“place of public accommodation” under Title II, and
(iii) the rather prosaic question whether plaintiff’s breach of contract claim is
barred by the very contract on which he relies, namely the Member
Agreement contract.
For the reasons that follow, plaintiff’s claims do not survive threshold inspection and must
therefore be dismissed.
I.
Plaintiff Saad Noah, a Muslim, is a resident of Illinois and was a subscriber of defendant
America Online, Inc. (“AOL”)’s Internet service until he cancelled the service in July of
2000. AOL, which is located in the Eastern District of Virginia, is, according to the
complaint, the world’s largest Internet service provider, with more than 30 million
subscribers, or “members,” worldwide. Defendant AOL Time Warner Inc. is the parent
company of AOL.
Among the many services AOL provides its members are what are popularly known as
“chat rooms.” These occur where, as AOL does here, an ISP allows its participants to use its
facilities to engage in real-time electronic conversations. Chat room participants type in
their comments or observations, which are then read by other chat room participants, who
may then type in their responses. Conversations in a chat room unfold in real time; the
submitted comments appear transiently on participants’ screens and then scroll off the
screen as the conversation progresses. AOL chat rooms are typically set up for the
* [Editor’s note: even though this court did, please don’t use the term ISP.]
11.
discussion of a particular topic or area of interest, and any AOL member who wishes to join
a conversation in a public chat room may do so.
Two AOL chat rooms are the focus of plaintiff’s claims: the “Beliefs Islam” chat room and
the “Koran” chat room. It is in these chat rooms that plaintiff alleges that he and other
Muslims have been harassed, insulted, threatened, ridiculed and slandered by other AOL
members due to their religious beliefs. The complaint lists dozens of harassing statements
made by other AOL members in these chat rooms on specified dates, all of which plaintiff
alleges he brought to AOL’s attention together with requests that AOL take action to
enforce its member guidelines and halt promulgation of the harassing statements. The
statements span a period of two and one-half years, from January 10, 1998 to July 1, 2000,
and are attributable to various AOL chat room participants only by virtue of a screen name.
A representative sample of the reported offensive comments follows:
(i) On January 10, 1998 the AOL Member with the screen name “Aristotlee”
wrote “islam is meaniglessssss thought,” “allahsdick cut offfffffff,” “dumballah
bastard,” “allah assssshole,” “allajs dick is in holy dick place hey.” “FUCK
ALLAH,” etc.
(ii) On April 26, 1998, “Twotoneleg” wrote “I HATE MUSLIMS,” “THE
KORAN SUCKS,” etc., and “BOSS30269” wrote “I LIKE SHOOTING
MUSLIMS,” “I WILL BOMB THE MIDDLE EAST,” and “FUCK ISLAM.”
(iii) On November 4, 1998, “Hefedehefe” wrote “SMELLY TOWEL HEADS”
and “MUSLIM TOWEL HEADS.”
(iv) On July 11, 1999, “Jzingher” wrote “The Koran and Islam are creations of
Satan to distract people from the true faith which is Judaism. Mohammed
was merely a huckster who found a simple people he could manipulate.”
(v) On July 18, 1999 “SARGON I” wrote “Qura’n lies about everything—a
Satan made verses of darkness and destruction!”, “Mohammed was no shit,
only a killer, thief, a liar and a adulterer!”, and “BYE STUPID
MUSLIMS....ALL GO TO HELL.”
(vi) On July 1, 2000, “DXfina3000 wrote “muslims suck,” “they suck ass,”
“korans is use to wipe ass,” “fuckin muslins,” and “well allah can suck my
dick you peice of ass.”
Plaintiff understandably complained about these offensive, obnoxious, and indecent
statements, initially through the channels provided by AOL for such complaints and
eventually through emails sent directly to AOL’s CEO Steve Case. Plaintiff alleges that
although he reported every one of the alleged violations to AOL, AOL refused to exercise its
power to eliminate the harassment in the “Beliefs Islam” and “Koran” chat rooms.
Moreover, plaintiff contends that AOL gave a “green light” to the harassment of Muslims in
these forums, claiming that such harassment was not tolerated in chat rooms dealing with
other subjects and faiths. In protest, plaintiff cancelled his AOL account in July 2000.
Plaintiff further alleges that other Muslim members of AOL have also complained to AOL
about similar harassing statements.
12.
The relationship between AOL and each of its subscribing members is governed by the
Terms of Service (“TOS”), which include a Member Agreement and the Community
Guidelines. The Member Agreement is a “legal document that details [a member’s] rights
and obligations as an AOL member,” and it requires, inter alia, that AOL members adhere
to AOL’s standards for online speech, as set forth in the Community Guidelines. These
Guidelines state, in pertinent part, that
... You will be considered in violation of the Terms of Service if you (or others
using your account) do any of the following: ....
* Harass, threaten, embarrass, or do anything else to another member that is
unwanted. This means: ... don’t attack their race, heritage, etc....
* Transmit or facilitate distribution of content that is harmful, abusive,
racially or ethnically offensive, vulgar, sexually explicit, or in a reasonable
person’s view, objectionable. Community standards may vary, but there is no
place on the service where hate speech is tolerated.
* Disrupt the flow of chat in chat rooms with vulgar language, abusiveness, ...
The Member Agreement states that AOL has the right to enforce these Community
Guidelines “in its sole discretion.” In response to a violation, “AOL may take action against
your account,” ranging from “issuance of a warning about a violation to termination of your
account.” AOL’s Community Action Team is responsible for enforcing the content and
conduct standards and members are encouraged to notify AOL of violations they observe
online. Importantly, however, the Member Agreement states that AOL members “... also
understand and agree that the AOL Community Guidelines and the AOL Privacy Policy,
including AOL’s enforcement of those policies, are not intended to confer, and do not confer,
any rights or remedies upon any person.”…
IV.
Plaintiff’s Title II claim fails for two alternate and independent reasons. First, plaintiff’s
claim against AOL is barred because of the immunity granted AOL, as an interactive
computer service provider, by the Communications Decency Act of 1996, 47 U.S.C. § 230.
Second, plaintiff’s claim fails because a chat room is not a “place of public accommodation”
as defined by Title II, 42 U.S.C. § 2000a(b). Each dismissal ground is separately
addressed….
[Editor’s note: after studying Section 230, you might revisit this case to think about why
Section 230 applied to Noah’s claims.]
B.
Even assuming, arguendo, that plaintiff’s Title II claim is not barred by § 230, it must
nonetheless be dismissed for failure to state a claim because AOL’s chat rooms and other
online services do not constitute a “place of public accommodation” under Title II.
13.
Title II provides that “[a]ll persons shall be entitled to full and equal enjoyment of the
goods, services, facilities, privileges, advantages, and accommodations of any place of public
accommodation, as defined in this section, without discrimination or segregation on the
ground of race, color, religion, or national origin.” 42 U.S.C. § 2000a(a). Title II defines a
“place of public accommodation” as follows:
Each of the following establishments which serves the public is a place of
public accommodation within the meaning of this subchapter ...
(1) any inn, hotel, motel, or other establishment which provides lodging to
transient guests, other than an establishment located within a building
which contains not more than five rooms for rent or hire and which is
actually occupied by the proprietor of such establishment as his residence;
(2) any restaurant, cafeteria, lunchroom, lunch counter, soda fountain, or
other facility principally engaged in selling food for consumption on the
premises, including, but not limited to, any such facility located on the
premises of any retail establishment; or any gas station;
(3) any motion picture house, theater, concert hall, sports arena, stadium or
other place of exhibition or entertainment; and
(4) any establishment (A)(i) which is physically located within the premises of
any establishment otherwise covered by this subsection, or (ii) within the
premises of which is physically located any such covered establishment, and
(B) which holds itself out as serving patrons of such covered establishment.
42 U.S.C. § 2000a(b).
The theory of plaintiff’s Title II claim is that he was denied the right of equal enjoyment of
AOL’s chat rooms because of AOL’s alleged failure to take steps to stop the harassing
comments and because of AOL’s warnings to plaintiff and brief termination of plaintiff’s
service. In this regard, plaintiff contends that the chat rooms are “place[s] of ...
entertainment” and thus within the public accommodation definition. Yet, as the relevant
case law and an examination the statute’s exhaustive definition make clear, “places of
public accommodation” are limited to actual, physical places and structures, and thus
cannot include chat rooms, which are not actual physical facilities but instead are virtual
forums for communication provided by AOL to its members.
Title II’s definition of “places of public accommodation” provides a list of “establishments”
that qualify as such places. This list, without exception, consists of actual physical
structures; namely any “inn, hotel, motel, ... restaurant, cafeteria, lunchroom, lunch
counter, soda fountain, ... gasoline station ... motion picture house, theater, concert hall,
sports arena [or] stadium.” In addition, § 2000a(b)(4) emphasizes the importance of physical
presence by referring to any “establishment ... which is physically located within” an
establishment otherwise covered, or “within ... which” an otherwise covered establishment
“is physically located.” (emphasis added) Thus, in interpreting the catchall phrase “other
place of exhibition or entertainment” on which plaintiff relies, the statute’s consistent
14.
reference to actual physical structures points convincingly to the conclusion that the phrase
does not include forums for entertainment that are not physical structures or locations.
As the Supreme Court has held, § 2000a(b)(3) should be read broadly to give effect to the
statute’s purpose, namely to eliminate the “daily affront and humiliation” caused by
“discriminatory denials of access to facilities ostensibly open to the general public.”
(emphasis added). This broad coverage stems from a “natural reading of [the statute’s]
language,” which should be “given full effect according to its generally accepted meaning.”
As such, it is clear that the reach of Title II, however broad, cannot extend beyond actual
physical facilities. Given Title II’s sharp focus on actual physical facilities, such as inns,
motels, restaurants, gas stations, theaters, and stadiums, it is clear that Congress intended
the statute to reach only the listed facilities and other similar physical structures, not to
“regulate a wide spectrum of consensual human relationships.”
This emphasis on actual physical facilities is reinforced by the cases rejecting Title II claims
against membership organizations. In Welsh, the plaintiffs, who were atheists, claimed that
the Boy Scouts of America violated Title II in denying them membership, arguing that the
Boy Scouts were a “place of ... entertainment.” The majority of the Seventh Circuit panel in
Welsh concluded that the Boy Scouts of America is not a “place of public accommodation”
under Title II because it is not “closely connected to a particular facility.” In doing so, the
Welsh majority distinguished the Boy Scouts from membership organizations in which
membership “functions as a ‘ticket’ to admission to a facility or location,” that have been
consistently held to be places of public accommodation under Title II. Similarly, the Ninth
Circuit in Clegg held that the Cult Awareness Network, a nonprofit organization that
provides information to the public concerning cults and supports former cult members, was
not a “place of public accommodation” because it had “no affiliation with any public facility.”
In short, it is clear from the cases considering membership organizations that status as a
place of public accommodation under Title II requires some connection to some specific
physical facility or structure. As noted in Welsh and Clegg, to ignore this requirement is to
ignore the plain language of the statute and to render the list of example facilities provided
by the statute superfluous.
In arguing that places of public accommodation are not limited to actual physical facilities
under Title II, plaintiff turns to the case law interpreting the analogous “place of public
accommodation” provision under Title III of the Americans With Disability Act (ADA).
While the case law concerning places of public accommodation under the ADA is more
abundant than that under Title II, it is not entirely uniform. Yet, a detour into the parallel
ADA cases is instructive and ultimately supports the conclusion that “places of public
accommodation” must consist of, or have a clear connection to, actual physical facilities or
structures.
The circuits are split regarding the essential question whether a place of public
accommodation under the ADA must be an actual concrete physical structure. On the one
hand, as plaintiff notes, the First Circuit has held that “places of public accommodation”
under Title III of the ADA are not limited to actual physical facilities. See Carparts
Distribution Center, Inc. v. Automotive Wholesaler’s Assoc. of New England, Inc., 37 F.3d
12, 18-20 (1st Cir. 1994) (holding that a trade association which administers a health
insurance program, without any connection to a physical facility, can be a “place of public
15.
accommodation”).9 On the other hand, the Third, Sixth and Ninth Circuits, in similar cases
involving health insurance programs, followed the logic of Welsh and Clegg in holding that
places of public accommodation under Title III of the ADA must be physical places. Thus, it
appears that the weight of authority endorses the “actual physical structure” requirement
in the ADA context as well.
Most significantly, two more recent ADA cases involving fact situations much closer to
those at bar reaffirm the principle that a “places of public accommodation,” even under the
ADA’s broader definition, must be actual, physical facilities. In one case, the plaintiffs
claimed that Southwest Airlines was in violation of the ADA because its “southwest.com”
web site was incompatible with “screen reader” programs and thus inaccessible to blind
persons. See Access Now, Inc. v. Southwest Airlines, Co., 227 F. Supp. 2d 1312, 1316 (S.D.
Fla. 2002). Thus, the question presented was whether the airline’s web site, which serves as
an online ticket counter, constitutes a “place of public accommodation” under the ADA. The
Access Now court held that places of public accommodation under the ADA are limited to
“physical concrete structures,” and that the web site was not an actual physical structure.
Rejecting the invitation to endorse the Carparts approach and apply the ADA to Internet
web sites despite their lack of physical presence, the Access Now court concluded that “[t]o
expand the ADA to cover ‘virtual’ spaces would create new rights without well-defined
standards.”11 Similarly, in another case, plaintiff contended that the defendant’s digital
cable system was in violation of the ADA because its on-screen channel guide was not
accessible to the visually impaired. Here too, the district court rejected the notion that the
digital cable system was a “place of public accommodation,” because “in no way does
viewing the system’s images require the plaintiff to gain access to any actual physical
public place,” Furthermore, the Torres court sensibly concluded that the mere fact that the
digital cable system relied on physical facilities to support and transmit its services did not
convert the cable service into a “physical public place.”
In sum, whether one relies on the Title II case law or looks to the broader ADA definition of
public place of accommodation, it is clear that the logic of the statute and the weight of
authority indicate that “places of entertainment” must be actual physical facilities. With
this principle firmly established, it is clear that AOL’s online chat rooms cannot be
construed as “places of public accommodation” under Title II. An online chat room may
arguably be a “place of entertainment,” but it is not a physical structure to which a member
of the public may be granted or denied access, and as such is fundamentally different from
a “motion picture house, theater, concert hall, sports arena, [or] stadium.” Although a chat
9 In reaching this conclusion, the First Circuit in Carparts relied on the ADA’s more expansive definition of
“place of public accommodation,” in particular its inclusion of a “travel service,” “insurance office,” and “other
service establishments” as places of public accommodation. Focusing on these terms, the First Circuit concluded
that “Congress clearly contemplated that ‘service establishments’ include providers of services which do not
require a person to physically enter an actual physical structure,” and thus that the Title III of the ADA is not
limited to “physical structures which person must enter to obtain goods and services.” Simply put, the Carparts
court found it irrational to conclude that Title III of the ADA reaches those who enter an office to purchase
insurance services, but not those who purchase them over the mail or by telephone. Notably, Title II of the Civil
Rights Act does not include a “travel service,” “insurance office,” or “other service establishments” in its
definition, making the relevance of Carparts and its progeny to Title II questionable, at best. 11 But see Doe v. Mutual of Omaha Ins. Co., 179 F.3d 557, 559 (7th Cir. 1999) (citing Carparts approvingly and
stating, in dicta, that Title III of the ADA reaches “the owner or operator of a store, hotel, restaurant, dentist’s
office, travel agency, theater, Web site, or other facility (whether in physical space or in electronic space)”)
(emphasis added) (citation omitted).
16.
room may serve as a virtual forum through which AOL members can meet and converse in
cyberspace, it is not an “establishment,” under the plain meaning of that term as defined by
the statute. Unlike a theater, concert hall, arena, or any of the other “places of
entertainment” specifically listed in § 2000a(b), a chat room does not exist in a particular
physical location, indeed it can be accessed almost anywhere, including from homes,
schools, cybercafes and libraries. In sum, although a chat room or other online forum might
be referred to metaphorically as a “location” or “place,” it lacks the physical presence
necessary to constitute a place of public accommodation under Title II. Accordingly, even if
plaintiff’s Title II claim were not barred by § 230’s grant of immunity to service providers, it
would be fail [sic] on the independent ground that AOL’s chat rooms are not places of public
accommodation….
[The court rejected Noah’s breach of contract claim based on various limitations in the
contract terms. The court also rejected Noah’s First Amendment claims because AOL is not
a state actor.]
NOTES AND QUESTIONS
For a more recent case involving very similar issues, see Ebeid v. Facebook, Inc., 2019 WL
2059662 (N.D. Cal. 2019) (reaching the same outcome).
The Race and Religious Dimensions of this Case. How do you think Noah’s race and religion
affected AOL’s dealings with him? Why do you think AOL didn’t enforce its TOS more
aggressively? Do you think Noah’s race and religion played a role in the court’s opinion?
If civil rights laws protect against online services’ discrimination based on a person’s
characteristics, they may equally protect the interests of people with majority
characteristics. If Noah won this case against AOL, would a Christian user be able to force
AOL to remove any Muslim-advocacy chatrooms because any criticisms of Christianity in
the chatrooms discriminate against him? Cf. Wilson v. Twitter, 2020 WL 3410349 (S.D.W.V.
2020) (a Christian heterosexual unsuccessfully sued Twitter for discrimination because it
removed his pro-Christian and pro-heterosexual content); Lewis v. Google LLC, 2020 WL
2745253 (N.D. Cal. 2020) (the plaintiff claimed national origin discrimination by YouTube
because he “is a patriotic American citizen who promotes Constitutional rights of
Americans, Christian beliefs and American laws and culture”); Domen v. Vimeo, Inc., 433
F. Supp. 3d 592 (SDNY 2020) (the plaintiff claimed Vimeo discriminated against him based
on his sexual orientation because it removed his videos lauding conversion therapy).
Questioning AOL’s Choices. What do you think should AOL do differently? Some options:
AOL could remove posts that users complain about. In other words, Noah could send
takedown notices for posts that offend him. That solution would be after-the-fact, so
offending posts would still cause some harm before removal. Further, do you agree
that all of the posts highlighted by Noah should be removed? Some posts are
unquestionably offensive and stupid, but they are likely First Amendment-protected
speech (which doesn’t apply to AOL, but it does indicate their “legality”), and other
comments might be bona fide, if misguided, contributions to an actual debate.
Because everyone in their chatroom will have idiosyncratic standards for they think
17.
is acceptable content, how can an intermediary like AOL successfully navigate its
chatroom users’ different and possibly constantly shifting standards?
To avoid acting after-the-fact, AOL could prescreen all chatroom submissions. Even
if AOL could do a perfect job of prescreening, the time-delay would turn the
chatroom into an asynchronous message board.
If the prescreening costs or liability risks are too great, AOL could decide chatrooms
aren’t worth it and shut them down entirely.
Do you prefer any of these options over the approach AOL actually deployed? Can you think
of any options not mentioned above that will make some people better off without making
anyone worse off? Or can you think of other options that will benefit some people and
disadvantage others? In the latter case, who should decide which groups to privilege and
which to disadvantage?
We will revisit the balancing act faced by intermediaries when we talk about intermediary
liability later in the book, especially with respect to Section 512 and Section 230.
Internet Exceptionalism. “Internet exceptionalism” means regulating the Internet
differently than other media. In some cases, the Internet is sufficiently different from other
media that we can justify Internet exceptionalist regulation. In other cases, the differences
between the Internet and other media are exaggerated, making the different legal
treatment impossible to justify.
Internet exceptionalism can cut both ways—we could give legal preferences to Internet
actors (like 47 U.S.C. §230, discussed later in the book), or we could burden Internet actors
more than other media actors. More commonly, as part of a “techno-panic,” regulators
overreact to emerging Internet technologies and seek to burden the new development
because it’s new and scary, not because the legal distinctions are analytically justifiable.
Is Internet exceptionalism justified? In 2017, Justice Kennedy wrote:
While we now may be coming to the realization that the Cyber Age is a
revolution of historic proportions, we cannot appreciate yet its full
dimensions and vast potential to alter how we think, express ourselves, and
define who we want to be. The forces and directions of the Internet are so
new, so protean, and so far reaching that courts must be conscious that what
they say today might be obsolete tomorrow.
Packingham v. North Carolina, 137 S. Ct. 1730 (2017). In a concurrence, Justice Alito
added: “Cyberspace is different from the physical world.”
A November 2017 online survey asked: “Should the federal government regulate large
social media platforms (eg Facebook/Twitter) that display, but don't produce, content in the
way the government regulates media companies?” Respondents answered yes 34% and no
62%. (see https://drive.google.com/file/d/0B-OW6-tDrcdMN0h4THpwUnJadFE/view). But
did respondents favor more, or less, regulation of social media platforms compared to offline
media?
18.
In support of Internet exceptionalism, consider some categories of activity that do not exist
in the offline world:
Consumer review websites like Yelp, where consumers can share their opinions
about businesses with strangers.
Consumer-to-consumer marketplaces like eBay
Peer-posted free-to-access “how-to” videos on YouTube. (And cat videos).
Wikipedia
Can you think of other examples of content and services that exist only online? Also, recall
the ACLU v. Reno discussion about some of the ways that the Internet differs from other
media.
Social Media Exceptionalism. In exploring social media exceptionalism (we’ll define and
discuss “social media” later) as a subset of Internet exceptionalism, researcher danah boyd
identified four key attributes of social media:
• persistence: the durability of online expressions and content;
• visibility: the potential audience who can bear witness;
• spreadability: the ease with which content can be shared;
• and searchability: the ability to find content.
DANAH BOYD, IT’S COMPLICATED: THE SOCIAL LIVES OF NETWORKED TEENS (2014). She adds
that these attributes “are not in and of themselves new….What is new is the way in which
social media alters and amplifies social situations by offering technical features that people
can use to engage in these well-established practices.” What do you think of this?
Cyber-Bullying. Was Noah “cyber-bullied” or “cyber-harassed” (based on whatever those
terms mean to you)? Have you ever experienced similar online remarks directed towards
you? If you’re not Muslim, do you think your first-hand experiences might differ from
Noah’s? Do the Trump-era anti-Muslim actions by the U.S. government highlight why
Muslim-Americans might feel threatened or vulnerable?
Cyberspace and “Places of Public Accommodation.” What policy rationales did the court
provide in rejecting Noah’s argument that AOL was a place of public accommodation?
Because of the court’s ruling, AOL has more favorable legal treatment than certain
categories of offline retail establishments. Can you think of persuasive reasons to treat
online venues like AOL differently than physical venues like restaurants?
As the Noah case indicates, courts will look past the online nomenclature and metaphors
that invoke familiar offline concepts. See, e.g., Young v. Facebook, Inc., 790 F. Supp. 2d
1110 (N.D. Cal. 2011):
Despite its frequent use of terms such as “posts” and “walls,” Facebook
operates only in cyberspace, and is thus is not a “place of public
accommodation” as construed by the Ninth Circuit. While Facebook’s physical
headquarters obviously is a physical space, it is not a place where the online
19.
services to which Young claims she was denied access are offered to the
public.
Nevertheless, the caselaw is split about the Internet’s physicality. Compare Freedom
Watch, Inc. v. Google, Inc., 368 F. Supp. 3d 30 (D.D.C. 2019) (D.C. Human Rights Act only
applies to physical places, not Facebook or Twitter speech forums) with Harrington v.
Airbnb, Inc., 348 F. Supp. 3d 1085 (D. Ore. 2018) (Airbnb is a “place of public
accommodation” because it offers a “service of searching for, finding, and booking an
accommodation using its online platform”).
In particular, in Americans with Disabilities Act claims (Title III, compared with the Noah
court’s analysis of Title II), courts increasingly classify Internet services as places of public
accommodation. This has become routine in cases where the defendant has offline retail
stores and the website/app relates to those stores, such as the ability to place orders. See,
e.g., Robles v. Domino’s Pizza, LLC, 913 F.3d 898 (9th Cir. 2019) (“the ADA mandates that
places of public accommodation, like Domino’s, provide auxiliary aids and services to make
visual materials available to individuals who are blind. This requirement applies to
Domino’s website and app, even though customers predominantly access them away from
the physical restaurant”).
Some courts have gone further and imposed ADA requirements on online-only defendants.
See, e.g., National Association of the Deaf v. Netflix, Inc., 869 F. Supp. 2d 196 (D. Mass.
2012) (Netflix is a place of public accommodation for purposes of the Americans with
Disabilities Act); compare National Association of the Deaf v. Harvard University, 377 F.
Supp. 3d 49 (D. Mass. 2019) (Section 230—discussed more later in the book—may apply to
the ADA claims when applied to third-party videos hosted on Harvard’s network).
For a recap of the various majority/minority legal standards in applying the ADA to online
services, see Martinez v. San Diego County Credit Union, 2020 WL 3396649 (Cal. App. Ct.
June 19, 2020).
The “Company Town” Analogy. In traditional government-operated public forums, such as
streets and sidewalks, the First Amendment robustly protects citizens’ speech. For this
reason, the First Amendment limits the ability of privately owned “company towns” to
restrict speech on their streets and sidewalks. Online, some commentators have claimed
that the Internet giants own the “virtual streets and sidewalks” and should be similarly
required to comply with First Amendment restrictions. These arguments have not fared
well in court. See, e.g., Prager University v. Google LLC, 951 F.3d 991 (9th Cir. 2020):
YouTube does not perform a public function by inviting public discourse on
its property….Unlike the company town in Marsh, YouTube merely operates
a platform for user-generated video content; it does not “perform[] all the
necessary municipal functions,” nor does it operate a digital business district
that has ‘all the characteristics of any other American town.’
In contrast, when the government (including elected officials) runs an online speech forum,
such as social media accounts, any restrictions on constituent speech can trigger First
Amendment scrutiny. See Knight First Amendment Institute at Columbia University v.
20.
Trump, 928 F.3d 226 (2d Cir. 2019) (Pres. Trump’s Twitter account, which he admitted he
used for official government purposes, was a public forum, so his blocking of citizens from
responding to his Twitter account violated the First Amendment).
What Does Physical Presence Mean? In Minnesota, it’s a crime to “engage in masturbation
or lewd exhibition of the genitals in the presence of a minor under the age of 16, knowing or
having reason to know the minor is present.” Does the statute refer to physical presence,
virtual presence (whatever that means), or both? In other words, does texting a dick pic to a
minor violate this statute? Compare State v. Decker, 916 N.W.2d 385 (Minn. 2018) with
State v. Legassie, 171 A.3d 589 (Me. 2017) (no conviction for Maine’s “indecency” crime).
Another scenario: Journalist Kurt Eichenwald has epilepsy, something he’s publicly
discussed many times. A Twitter troll knew of Eichenwald’s epilepsy, and the troll tweet-
replied to Eichenwald’s Twitter account a strobing animated GIF with the goal—and
effect—of triggering an epileptic seizure.
Eichenwald brought a civil lawsuit against the troll, including a claim for battery. The legal
standard for civil battery: “intentionally, knowingly, or recklessly caus[ing] bodily injury
[or] intentionally or knowingly caus[ing] physical contact with another when the person
knows or should reasonably believe that the other will regard the contact as offensive or
provocative.” Did sending the GIF constitute a “battery”?
The court rejected a motion to dismiss. “Plaintiff has alleged that light waves emitted from
the GIF touched Plaintiff’s retina, generated an electric signal, and caused a seizure.
Taking, as the Court must, Plaintiff’s allegations as true, including his characterization of
the science and Plaintiff’s physical condition, there was physical contact.” Eichenwald v.
Rivello, 318 F. Supp. 3d 766 (D. Md. 2018).
The court explained:
Defendant here allegedly chose to use the electronic capabilities of a
computer as a weapon—as a means of causing physical harm. Defendant’s
tweet, activating certain harmful capabilities of the transmitting computer,
converted the computer into a weapon to inflict physical injury. The computer
and the tweet were no longer merely a mode of communication. Something
more, and separate, from mere communication occurred...an offensive
touching.
If light waves touching a human eyeball constitutes physicality, does that collapse any
distinction between the online and offline worlds?
CHAPTER 1 REVIEW QUESTION #1
Which of the following regulations reflect Internet exceptionalism?
a) A court opinion holding that Uber must treat its drivers as employees instead of
independent contractors
b) A city regulation imposing a “bed tax” on hotel stays, and defining the word “hotel” to
include Airbnb rentals
21.
c) A federal law banning states from imposing sales tax collection obligations on e-
commerce transactions
d) A state law excluding e-books from sales tax, even if the same material published in hard
copy form would be subject to sales tax
e) A state law requiring online dating websites to check the criminal backgrounds of all
paying members
22.
Determining the Geographic Location of Internet-Connected Devices
The “geography question” is one of the most crucial issues in Internet law. How do
geographically structured laws and enforcement overlay an electronic network that crosses
geographic borders? The answer may partially depend on technological facts: how easy it is
to know the geographic location of an Internet user, and how easy is it to restrict/limit
interactions with users in “unwanted” locations? Technology continues to evolve, but the
legal answers remain unresolved.
In 1996, the ACLU v. Reno court wrote: “Once a provider posts its content on the Internet,
it cannot prevent that content from entering any community. Unlike the newspaper,
broadcast station, or cable system, Internet technology necessarily gives a speaker a
potential worldwide audience.”
The situation today is more complicated. Every device connected to the Internet has a
unique identifier, called an “IP address,” that functions as the address for sending packets
to it. An IP address serves the same purpose as a postal mailing address or a telephone
number, which similarly help identify the destination for incoming communications by mail
and telephony, respectively.
IP addresses can reveal information about the user’s geography, whether the user intends
to or not. (A VPN reduces this risk by masking the user’s actual IP address from the desired
service; but the VPN operator in the middle may be able to deduce the user’s geography).
First, IP addresses ranges are allocated to IP address registries that operate on a trans-
national regional basis. It’s easy to look up an IP address and determine which registry it
belongs to. That provides a clue about the user’s geographic region.
Second, each regional registry can further provide chunks of IP addresses to licensees, such
as businesses or universities. It is easy to look up an IP address and determine its licensee.
That information supports an inference that the user and the licensee are in the same
geography. For example, when I use my work computer with an IP addressed licensed to
my university employer, it’s possible to deduce that I am in the same geography as my
employer. In my case, that should narrow down my geography to just a few city blocks.
Inferring the user’s geography based on the location of the IP address’ licensee is an
imperfect science. For example, many major Internet access providers might have a single
geographic location for all of the IP addresses they provide to users nationwide. For
example, I use Comcast as my home Internet access provider. If an Internet service tried to
infer my geography by knowing I used a Comcast-licensed IP address, they might get my
country right but probably would be wrong (by a lot!) about my state or city.
There are many ways to determine the actual geography of an IP address more precisely.
The following excerpt comes from Ben Kneen, Geotargeting Explained: How Ad Servers
Understand Physical Locations (May 7, 2012), http://www.adopsinsider.com/ad-
serving/geotargeting-explained-how-ad-servers-understand-physical-locations/:
23.
Pings, Traceroutes, Reverse DNS, and Other Technical Methods of Geolocation
…the heavy lifting is usually done through a combination of three technical
processes known as pings, traceroutes, and reverse DNS lookups. Let’s run through
a high level explanation of all three processes, and then explain how they work in
concert to geographically locate a single IP address.
A ping is just a small piece of information sent from one computer to another, with a
request to call the originating computer back. Pings can also record the round trip
time of the journey, and are used for a variety of administrative network processes.
Think of it like a submarine’s sonar technology, applied to the internet.
Tracerouting is basically a way to record the network routing process of the ping
service, or the detail behind how the ping got from one machine to its destination.
Tracerouting records how a ping is routed, who it is routed through, and the time it
takes at each step. When information travels across the internet, be it a ping or just
regular surfing, it moves through a series of very high speed fiber optic networks
owned by various public and private entities. Now, when the information gets
physically close to a user, it passes down to an Internet Service Provider (ISP),*
which sells internet access to consumers. The ISP eventually moves the packet of
information to a nearby network router to the user, which connects directly to the
user. By using the traceroute utility, the geolocation service can know every system
the information was passed through in order to get to its final destination. The
important piece of information the service gets from a traceroute is the IP address of
that final network router, geographically nearest to the user….
With the network router’s IP address in hand, the geolocation service can finally use
a technique known as a reverse DNS lookup to identify who owns that network
router, which it can use to lock in on the physical location of the user. Reverse DNS
is simply a service to identify the hostname of an IP address, that is, who owns an IP
address. For many home computers, the host ends up being the ISP. For businesses,
the host ends up being the company’s domain….
Geolocation in Action
Now that you understand the basic approach, here’s how it all works together at a
high level.
When a geolocation service wants to triangulate an IP, it starts by pinging that IP
address from a central server it owns, and then looking at the traceroute. From the
traceroute, the service can identify the nearest network router to the user by IP,
labeled point A on the diagram below. Then, using a reverse DNS lookup, the service
can find out which ISP owns that router, and then query the location from public
data, the ISP itself if the service has a business relationship in place, or failing that,
triangulate the location with the process below.
* [Editor’s note: yet another reminder to use IAP instead of ISP.]
24.
In all likelihood, the geolocation service already knows the location of this network
router, either by working with an ISP directly, or through previous triangulation
efforts. With that location in hand, the geolocation service hands off the
triangulation process to servers closest to that network router, of which it also
knows the exact geographic location. Now, the service sends a ping from at least
three of its own separate servers (1, 2, 3), and records the time it takes to reach the
user. Only time can be recorded from a ping, not distance, but using time as a
radius, the geolocation service can draw a circle around each server, and know that
the target location must exist at some point on the arc.
With three separate locations, the target location should exist at the one point where
all the arcs meet, which also gives the service the exact vector to the target from
each server. And, since information runs through fiber optic cable at a known,
constant speed (about 2/3 the speed of light), the service can now translate that time
into a distance, and with the vector and a known server location, calculate the exact
location of the target, within a certain margin of error, depending on the exact
method used, and how many points of triangulation are employed. Currently, the
most advanced geolocation triangulation methods employ as many as 36 points to
eliminate problem data and increase accuracy, and can accurately map an IP
address within 700m….
25.
Network Maps & WHOIS Lookups
Using either piece of information, the ISP or the business domain, the geolocation
service can further refine the geographic values of a given IP. Geolocation services
may also work directly with ISPs to get the general physical location, when available
of a given IP, since the ISP will know the exact address of the customer using that
connection at any given time. It’s important to note that no PII [personally
identifiable information] is exchanged in that process, a zip code is just mapped to
the IP address, and not all ISPs participate, or may simply provide the location of
the final network router instead of the end-user’s zip.
Some of the more sophisticated geolocation services may be able to deduce the
physical location of an ISPs network routers, also known as the ISP’s network map,
by pinging those routers from various servers with known geographic locations,
measuring the time it takes to get a response, and using that information to
triangulate the router.
Businesses may also have a specific address, available through a WHOIS lookup,
which allows country, state, city, and zip to be assigned. The WHOIS directory is a
public registry of who owns what domain, along with their name, and importantly,
address. Through this information, geolocation services can get a better idea of the
physical location of each machine….
IP address mapping techniques aren’t infallible. For example, they might reveal the
location of the IAP’s server in a nearby zip code, rather than the user’s actual computer.
Also, users using a VPN cannot be accurately located.
Please try this yourself: go to http://www.maxmind.com/app/locate_my_ip. There, you will
get your computer’s IP address and an estimate of your geographic location. How accurate
is the estimate? MaxMind, like most IP address location vendors, has its own limitations.
See Kashmir Hill, How Cartographers for the U.S. Military Inadvertently Created a House
of Horrors in South Africa, GIZMODO, Jan. 9, 2019, https://gizmodo.com/how-cartographers-
for-the-u-s-military-inadvertently-c-1830758394 (MaxMind sometimes assigns a default—
and thus incorrect—location for IP addresses that it can’t otherwise identify). For more fun,
try playing around with the tools at http://www.dnsstuff.com/tools.
Historically, IP address analysis is the preeminent method of geolocating users, but other
techniques are available.
First, users might voluntarily self-report their location. For example, users routinely self-
report their mailing addresses to e-commerce retailers.
Second, cellphones constantly pings local cell towers. This geolocates the cellphone with
some specificity; and if combined with triangulation among multiple cellphone towers, it
can be extremely precise.
Third, cellphones constantly ping wi-fi hotspots. This, too, provides a very specific location
for your cellphone and, with triangulation of wi-fi hotspots, can produce location accuracy
down to a few feet. Retail stores use this information to track the movements of in-store
26.
customers. Stephanie Clifford & Quentin Hardy, Attention, Shoppers: Store Is Tracking
Your Cell, N.Y. TIMES, July 14, 2013.
Fourth, cellphones capture GPS location. If it reports that GPS information to a third-party
service—something apps do if the phone user permits the app to access geolocation
information—it can also locate the cellphone within a few dozen feet. This is why ride-
sharing services like Uber and Lyft and map services like Google Maps are so accurate.
To get a sense of how much people’s lives can be reversed-engineered by tracking their
phone’s location and combining it with publicly available information about their activities,
see this visual representation of the life of German politician Malte Spitz:
http://www.zeit.de/datenschutz/malte-spitz-data-retention; see also Stuart A. Thompson and
Charlie Warzel, Twelve Million Phones, One Dataset, Zero Privacy, N.Y. TIMES, Dec. 19,
2019, https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-
phone.html.
All told, Internet services may be able to determine the geography of their users with
varying levels of precision. If a service has access to GPS data or wi-fi pinging, it probably
knows its users’ geography by country, state, county, city, and even city block. If it’s using
IP address analysis, it probably knows its users’ country and state and possibly city.
An example of how law enforcement can use online databases to determine the location,
and ultimately the identity, of criminal suspects:
On November 10, 2014, Detective William Arnold, Jr. of the Junction City
Police Department received a tip from the Wichita Police Department.
Tumblr—a website typically used to post image blogs—reported to the
Wichita Police Department that an account titled “dadydaughtertimes”
uploaded an image suspected to be child pornography. Tumblr disabled the
account and reported the IP address— i.e., the internet service provider's
address, or the location to which the internet sends information—and the
associated email address from which the image was uploaded.
Detective Arnold confirmed the image appeared to be child pornography. He
researched the IP address and determined it was located in Junction City,
Geary County, Kansas and was registered to Cox Communications. By
researching the email address provided by Tumblr, Arnold discovered an
associated account with Google Picasa—a cloud-based photo archive
website—which displayed the name “Jimmy Henning.” Believing the name
“Jimmy” to be a nickname for “James,” Arnold searched the Junction City
Police Department internal database records and identified James Henning
living at a residence on 12th Street in Junction City.
Detective Arnold also searched the IP address in the Child Protective System
(CPS) database. He found the IP address was associated with a Globally
Unique Identifier (GUID)—an internet-capable machine, such as a
computer—for a period of time including October 11, 2014, which was the
date of the last login to the Tumblr account. Therefore, he concluded that the
IP address and GUID were connected on the same date as the last login of
27.
the Tumblr account that uploaded the child pornography image. Arnold
identified two images of suspected child pornography associated with the
GUID and IP address together. In addition, CPS records indicated the GUID
had been in possession of 1,612 images of known or suspected child
pornography and was associated with several other network or proxy IP
addresses, which could indicate an attempt to hide online activity.
Detective Arnold drafted a probable cause affidavit, upon which the district
court issued a search warrant to Cox Communications seeking account
information—name, address, date of birth, and social security number—for
the account assigned to the IP address on October 11, 2014. Cox
Communication’s response revealed the account in question was registered to
Mary Henning, who resided at the same address Arnold had previously
identified as James Henning's residence. Arnold added the information
received from Cox Communications to his probable cause affidavit in support
of a search warrant for his residence on 12th Street, which was issued by the
district court.
State v. Henning, 401 P.3d 185 (Kan. Ct. App. 2017). Why did Tumblr believe the IP
address was located in the Wichita, Kansas area? This is not especially accurate; Wichita is
over 110 miles from Junction City. What is the Child Protective System database, who has
access to it, and how reliable is its information? Notice how law enforcement used the
Tumblr email address to find a seemingly related account in Google Picasa that revealed
the suspect’s real name. Do you find it encouraging, or disturbing, that law enforcement can
gather clues to the suspect’s identity that easily? (To state the obvious, many criminals,
especially those in the child pornography community, use email addresses that are not
linked to any other accounts).
Does the increasing availability and accuracy of geolocation technology make it more likely
that regulators will compel its usage? See Marketa Trimble, To Geoblock, or Not To
Geoblock – Is That Still a Question?, TECH. & MKTG. L. BLOG, May 9, 2017,
http://blog.ericgoldman.org/archives/2017/05/to-geoblock-or-not-to-geoblock-is-that-still-a-
question-guest-blog-post.htm.
From AF Holdings v. Does 1-1058, 752 F.3d 990 (D.C. Cir. 2014):
AF Holdings’s discovery demands were overbroad because it made no attempt
to limit its inquiry to those subscribers who might actually be located in the
District. It could have easily done so using what are known as geolocation
services, which enable anyone to estimate the location of Internet users based
on their IP addresses. Such services cost very little or are even free. See
Amicus Br. of Electronic Frontier Foundation, et al. 24 (observing that
“Neustar IP Intelligence . . . provides on-demand geolocation services for $8
per 1,000 addresses); see also http://freegeoip.net (last visited May 22, 2014)
(providing this service for free). While perhaps not precise enough to identify
an Internet user’s street address, these services “can be accurate”—certainly
sufficiently accurate to provide at least some basis for determining whether a
particular subscriber might live in the District of Columbia rather than, say,
Oregon.
28.
CHAPTER 1 REVIEW QUESTION #2
Which of the following identifiers indicate some geographic information about the
associated person?
a) mailing address
b) telephone number
c) IP address
d) credit card number
e) Social Security number
29.
II. Jurisdiction
Evaluating Personal Jurisdiction
The following five-step methodology helps determines if the defendant can be sued in the
plaintiff’s preferred forum:
Step 1: Even if personal jurisdiction is proper, can a judgment be enforced against the
defendant (or parties related to the defendant)? If the answer is no, then how can the
lawsuit accomplish the plaintiff’s goals—even if the plaintiff wins in court?
Step 2: Does the forum have general jurisdiction over the defendant? General jurisdiction
applies when the defendant has a physical presence in the forum or has “systematic and
continuous contacts” that are the functional equivalent of physical presence.
Step 3: If the forum does not have general jurisdiction, did the defendant nevertheless
consent to jurisdiction in the forum? If not, the plaintiff needs to establish specific
jurisdiction or the lawsuit fails.
Step 4: Does the state long-arm statute confer jurisdiction? If not, the lawsuit fails.
Step 5: If yes, does the exercise of jurisdiction satisfy Constitutional Due Process? Three
alternative ways to evaluate Due Process:
a) Minimum contacts test
Did the defendant have minimum contacts with the forum…
Such that it made “purposeful availment” of the state’s laws
…and would jurisdiction comport with traditional notions of fair play and
substantial justice?
Could the defendant “reasonably anticipate” being haled into court?
b) “Effects Test”: Defendant expressly aims intentional tortious actions at state and causes
foreseeable harm.
c) In rem actions against domain names (15 U.S.C. §1125(d)(2)).
30.
The next case deals with the less common situation where a U.S. plaintiff is suing an
international defendant. More commonly, a U.S. plaintiff sues a U.S. defendant. The case
provides a useful summary of the law for both situations. To extrapolate to the more
common U.S.-only situation, consider what evidence would be convincing if a U.S. plaintiff
claimed that the U.S. defendant had sufficient ties to the plaintiff’s home court. The Hemi
case, following the Toys ‘R’ Us case, provides additional insight to that question.
Toys ‘R’ Us, Inc. v. Step Two, S.A., 318 F.3d 446 (3d Cir. 2003)
Toys ‘R’ Us, Inc. and Geoffrey, Inc. (“Toys”) brought this action against Step Two, S.A. and
Imaginarium Net, S.L. (“Step Two”), alleging that Step Two used its Internet web sites to
engage in trademark infringement, unfair competition, misuse of the trademark notice
symbol, and unlawful “cybersquatting,” in violation of the Lanham Act, 15 U.S.C. § 1501* et
seq., and New Jersey state law. The District Court denied Toys’ request for jurisdictional
discovery and, simultaneously, granted Step Two’s motion to dismiss for lack of personal
jurisdiction. We hold that the District Court should not have denied Toys’ request for
jurisdictional discovery. We therefore reverse and remand for limited jurisdictional
discovery, relating to Step Two’s business activities in the United States, and for
reconsideration of personal jurisdiction with the benefit of the product of that discovery,
with a view to its renewing administration of the case, in the event the District Court finds
that it does have jurisdiction.
I.
Toys, a Delaware corporation with its headquarters in New Jersey, owns retail stores
worldwide where it sells toys, games, and numerous other products. In August 1999, Toys
acquired Imaginarium Toy Centers, Inc., which owned and operated a network of
“Imaginarium” stores for the sale of educational toys and games. As part of this acquisition,
Toys acquired several Imaginarium trademarks, and subsequently filed applications for the
registration of additional Imaginarium marks. Prior to Toys’ acquisition, the owners of the
Imaginarium mark had been marketing a line of educational toys and games since 1985
and had first registered the Imaginarium mark with the United States Patent and
Trademark Office in 1989. Toys currently owns thirty-seven freestanding Imaginarium
stores in the U.S., of which seven are located in New Jersey. In addition, there are
Imaginarium shops within 175 of the Toys “R” Us stores in the U.S., including five New
Jersey stores.
Step Two is a Spanish corporation that owns or has franchised toy stores operating under
the name “Imaginarium” in Spain and nine other countries. It first registered the
Imaginarium mark in Spain in 1991, and opened its first Imaginarium store in the Spanish
city of Zaragoza in November 1992. Step Two began expanding its chain of Imaginarium
stores by means of a franchise system in 1994. It has registered the Imaginarium mark in
several other countries where its stores are located. There are now 165 Step Two
Imaginarium stores. The stores have the same unique facade and logo as those owned by
Toys, and sell the same types of merchandise as Toys sells in its Imaginarium stores.
However, Step Two does not operate any stores, maintain any offices or bank accounts, or
have any employees anywhere in the United States. Nor does it pay taxes to the U.S. or to
* [Editor’s note: this appears to be a typo in the original court opinion. It should be 15 U.S.C. 1051 et seq.]
31.
any U.S. state. Step Two maintains that it has not directed any advertising or marketing
efforts towards the United States. The record does, however, indicate some contacts
between Step Two and the United States: for example, a portion of the merchandise sold at
Step Two’s Imaginarium stores is purchased from vendors in the United States.
Additionally, Felix Tena, President of Step Two, attends the New York Toy Fair once each
year.
[Imaginarium Store in Leon, Spain, 2013.
Photo courtesy of Lydia de la Torre]
In the mid-1990s, both parties turned to the Internet to boost their sales. In 1995,
Imaginarium Toy Centers, Inc. (which Toys later acquired) registered the domain name
<imaginarium.com> and launched a web site featuring merchandise sold at Imaginarium
stores. In 1996, Step Two registered the domain name <imaginarium.es>, and began
advertising merchandise that was available at its Imaginarium stores. In April 1999,
Imaginarium Toy Centers registered the domain name <imaginarium.net>, and launched
another web site where it offered Imaginarium merchandise for sale. In June 1999, Step
Two registered two additional “Imaginarium” domain names, <imaginariumworld.com>
and <imaginarium-world.com>. In May 2000, Step Two registered three more domain
names: <imaginariumnet.com>, <imaginariumnet.net>, and <imaginariumnet.org>. Step
Two’s web sites are maintained by Imaginarium Net, S.L., a subsidiary of Step Two, S.A.
formed in 2000.
At the time this lawsuit was filed, four of the aforementioned sites operated by Step Two
were interactive, allowing users to purchase merchandise online. When buying
merchandise via Step Two’s web sites, purchasers are asked to input their name and email
address, as well as a credit card number, delivery address, and phone number. At no point
during the online purchase process are users asked to input their billing or mailing address.
The web sites provide a contact phone number within Spain that lacks the country code
that a user overseas would need to dial. Moreover, the prices are in Spanish pesetas and
32.
Euros, and goods ordered from those sites can be shipped only within Spain. Step Two’s
Imaginarium web sites are entirely in Spanish.
Visitors to the four sales-oriented Step Two web sites may elect to receive an electronic
newsletter, or sign up for membership in “Club Imaginarium,” a promotional club with
games and information for children. Each registrant for Club Imaginarium is required to
provide a name and an email address. At the time this suit was filed, there was a section
for “voluntary information,” including the registrant’s home address, on the Club
Imaginarium registration page. This optional portion of the page required users to choose
from a pull-down list of Spanish provinces, and did not accommodate mailing addresses in
the United States. After joining Club Imaginarium via the web site, registrants receive an
automatic email response.
Mr. Tena submitted an affidavit stating that Step Two had not made any sales via its web
sites to U.S. residents. Toys, however, adduced evidence of two sales to residents of New
Jersey conducted via Step Two’s Imaginarium web sites. These purchases were initiated by
Toys. Lydia Leon, a legal assistant in the Legal Department of Geoffrey, Inc., made the first
purchase. Ms. Leon, a resident of New Jersey, purchased a toy via
<www.imaginariumworld.com> on January 23, 2001. The second purchase was made in
February 2001 by Luis M. Lopez, an employee of Darby & Darby P.C., attorneys for Toys.
Mr. Lopez is also a resident of New Jersey, and accessed <www.imaginarium.es> to make
his purchase.
For both of these sales, the items were shipped to Angeles Benavides Davila, a Toys
employee in Madrid, Spain; Ms. Benavides Davila then forwarded the items to the offices of
Geoffrey, Inc. in New Jersey. Both purchases were made with credit cards issued by U.S.
banks. Additionally, both purchasers received in New Jersey an email confirming their
purchases, and a subsequent email with a login and password to access Club Imaginarium.
One of the two purchasers also separately registered for Club Imaginarium, exchanged
emails with a Step Two employee about his purchase, and received a copy of an email
newsletter from Step Two. Aside from these two sales, there is no evidence in the record of
a sale to anyone in the United States. After learning of these two sales, Mr. Tena submitted
a second affidavit stating that his company does not know where its purchasers reside, as
that information is not apparent from a purchaser’s email address, and Step Two keeps
records only of shipping addresses….
II.
In the following discussion, we first consider the standard for personal jurisdiction based
upon a defendant’s operation of a commercially interactive web site, as articulated by courts
within this circuit and other Courts of Appeals. In light of that standard and the arguments
presented in the proceeding below, we then assess the propriety of the District Court’s
denial of jurisdictional discovery.
A. Personal Jurisdiction Based on the Operation of a Web Site
The advent of the Internet has required courts to fashion guidelines for when personal
jurisdiction can be based on a defendant’s operation of a web site. Courts have sought to
articulate a standard that both embodies traditional rules and accounts for new factual
33.
scenarios created by the Internet. Under traditional jurisdictional analysis, the exercise of
specific personal jurisdiction requires that the “plaintiff’s cause of action is related to or
arises out of the defendant’s contacts with the forum.” Beyond this basic nexus, for a
finding of specific personal jurisdiction, the Due Process Clause of the Fifth Amendment
requires (1) that the “defendant ha[ve] constitutionally sufficient ‘minimum contacts’ with
the forum,” id. (quoting Burger King Corp. v. Rudzewicz, 471 U.S. 462, 474 (1985)), and (2)
that “subjecting the defendant to the court’s jurisdiction comports with ‘traditional notions
of fair play and substantial justice,’” id. (quoting Int’l Shoe Co. v. Washington, 326 U.S. 310,
316 (1945)). The first requirement, “minimum contacts,” has been defined as “‘some act by
which the defendant purposefully avails itself of the privilege of conducting activities
within the forum State, thus invoking the benefits and protections of its laws.’” Asahi Metal
Indus. Co., Ltd. v. Superior Court of California, 480 U.S. 102, 109 (1987) (quoting Burger
King Corp., 471 U.S. at 475). Second, jurisdiction exists only if its exercise “comports with
traditional notions of fair play and substantial justice,” i.e., the defendant “should
reasonably anticipate being haled into court” in that forum. World-Wide Volkswagen Corp.
v. Woodson, 444 U.S. 286, 297 (1980).
The precise question raised by this case is whether the operation of a commercially
interactive web site accessible in the forum state is sufficient to support specific personal
jurisdiction, or whether there must be additional evidence that the defendant has
“purposefully availed” itself of the privilege of engaging in activity in that state. Prior
decisions indicate that such evidence is necessary, and that it should reflect intentional
interaction with the forum state. If a defendant web site operator intentionally targets the
site to the forum state, and/or knowingly conducts business with forum state residents via
the site, then the “purposeful availment” requirement is satisfied. Below, we first review
cases from this and other circuits that articulate this requirement. Next, we consider the
role of related non-Internet contacts in demonstrating purposeful availment. We then
assess whether the “purposeful availment” requirement has been satisfied in the present
case.
1. The “Purposeful Availment” Requirement in Internet Cases
a. Third Circuit Cases
The opinion in Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997)
has become a seminal authority regarding personal jurisdiction based upon the operation of
an Internet web site. The court in Zippo stressed that the propriety of exercising
jurisdiction depends on where on a sliding scale of commercial interactivity the web site
falls. In cases where the defendant is clearly doing business through its web site in the
forum state, and where the claim relates to or arises out of use of the web site, the Zippo
court held that personal jurisdiction exists. In reaching this conclusion, the Zippo court
relied on CompuServe, Inc. v. Patterson, 89 F.3d 1257 (6th Cir. 1996), which found the
exercise of personal jurisdiction to be proper where the commercial web site’s interactivity
reflected specifically intended interaction with residents of the forum state.
Analyzing the case before it, the Zippo court similarly underscored the intentional nature of
the defendant’s conduct vis-a-vis the forum state. In Zippo, the defendant had purposefully
availed itself of doing business in Pennsylvania when it “repeatedly and consciously chose
to process Pennsylvania residents’ applications and to assign them passwords,” knowing
34.
that the contacts would result in business relationships with Pennsylvania customers. The
court summarized the pivotal importance of intentionality as follows:
When a defendant makes a conscious choice to conduct business with the
residents of a forum state, ‘it has clear notice that it is subject to suit there.’
... If [the defendant] had not wanted to be amenable to jurisdiction in
Pennsylvania, ... it could have chosen not to sell its services to Pennsylvania
residents.
Since Zippo, several district court decisions from this Circuit have made explicit the
requirement that the defendant intentionally interact with the forum state via the web site
in order to show purposeful availment and, in turn, justify the exercise of specific personal
jurisdiction. As another district court in this Circuit put it, “[c]ourts have repeatedly
recognized that there must be ‘something more’ ... to demonstrate that the defendant
directed its activity towards the forum state.”
b. Case Law from Other Circuits
Several Courts of Appeals decisions have adopted “purposeful availment” requirements that
are consistent with the principles articulated in the Zippo line of cases. The Fourth Circuit,
in ALS Scan v. Digital Service Consultants, Inc., 293 F.3d 707 (4th Cir. 2002), expressly
incorporated an “intentionality” requirement when fashioning a test for personal
jurisdiction in the context of the Internet:
a State may, consistent with due process, exercise judicial power over a
person outside of the State when that person (1) directs electronic activity
into the State, (2) with the manifested intent of engaging in business or other
interactions within the State, and (3) that activity creates, in a person within
the State, a potential cause of action cognizable in the State’s courts.
In Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414 (9th Cir. 1997), the Ninth Circuit
considered an infringement action brought against a Florida web site operator whose
allegedly infringing site was accessible in Arizona, the state where the plaintiff had its
principal place of business. In declining to exercise specific personal jurisdiction, the
Cybersell court found there must be “‘something more’ [beyond the mere posting of a
passive web site] to indicate that the defendant purposefully (albeit electronically) directed
his activity in a substantial way to the forum state.” Decisions from other circuits have
articulated similar standards. See, e.g., Neogen Corp. v. Neo Gen Screening, Inc., 282 F.3d
883, 890 (6th Cir. 2002) (holding that the purposeful availment requirement is satisfied “if
the web site is interactive to a degree that reveals specifically intended interaction with
residents of the state”) (citation omitted) (emphasis added).
2. Non-Internet Contacts
In deciding whether to exercise jurisdiction over a cause of action arising from a defendant’s
operation of a web site, a court may consider the defendant’s related non-Internet activities
as part of the “purposeful availment” calculus. One case that relies on non-Internet contacts
for the exercise of jurisdiction—a case Toys repeatedly cites—is Euromarket Designs, Inc. v.
Crate and Barrel Ltd., 96 F. Supp. 2d 824 (N.D. Ill. 2000). In Euromarket, the court
35.
exercised jurisdiction over an Irish manufacturer based on its commercially interactive web
site, even though the products purchased through the web site could not be shipped to
Illinois. The court identified a number of non-Internet contacts between the defendant and
Illinois, including the fact that the defendant’s vendors included Illinois suppliers, its
attendance at trade shows in Illinois, and its advertisement in publications that circulate in
the United States (albeit originating outside). The Euromarket court also relied on the fact
that the defendant billed Illinois customers, collected revenues from Illinois customers, and
recorded sales from goods ordered from Illinois, and that the web site was designed to
accommodate addresses in the United States.
Thus far, Toys has not shown that Step Two maintained the type of contacts that supported
jurisdiction in Euromarket—i.e., that the defendant intentionally and knowingly transacted
business with residents of the forum state, and had significant other contacts with the
forum besides those generated by its web site. This limited record does not provide an
occasion for us to spell out the exact mix of Internet and non-Internet contacts required to
support an exercise of personal jurisdiction. That determination should be made on a case-
by-case basis by assessing the “nature and quality” of the contacts. However, non-internet
contacts such as serial business trips to the forum state, telephone and fax communications
directed to the forum state, purchase contracts with forum state residents, contracts that
apply the law of the forum state, and advertisements in local newspapers, may form part of
the “something more” needed to establish personal jurisdiction. It is noteworthy that the
Supreme Court in Burger King Corp., when expounding on the “minimum contacts”
requirement, referred generally to a defendant’s “activities” in the forum state—a term that
includes the aforementioned non-Internet contacts.
3. Personal Jurisdiction over Step Two
As Zippo and the Courts of Appeals decisions indicate, the mere operation of a
commercially interactive web site should not subject the operator to jurisdiction anywhere
in the world. Rather, there must be evidence that the defendant “purposefully availed”
itself of conducting activity in the forum state, by directly targeting its web site to the state,
knowingly interacting with residents of the forum state via its web site, or through
sufficient other related contacts.
Based on the facts established in this case thus far, Toys has failed to satisfy the purposeful
availment requirement. Step Two’s web sites, while commercial and interactive, do not
appear to have been designed or intended to reach customers in New Jersey. Step Two’s
web sites are entirely in Spanish; prices for its merchandise are in pesetas or Euros, and
merchandise can be shipped only to addresses within Spain. Most important, none of the
portions of Step Two’s web sites are designed to accommodate addresses within the United
States. While it is possible to join Club Imaginarium and receive newsletters with only an
email address, Step Two asks registrants to indicate their residence using fields that are
not designed for addresses in the United States.
Moreover, the record may not now support a finding that Step Two knowingly conducted
business with residents of New Jersey. The only documented sales to persons in the United
36.
States are the two contacts orchestrated by Toys, and it appears that Step Two scarcely
recognized that sales with U.S. residents had been consummated.5
At best, Toys has presented only inconclusive circumstantial evidence to suggest that Step
Two targeted its web site to New Jersey residents, or that it purposefully availed itself of
any effort to conduct activity in New Jersey. Many of the grounds for jurisdiction that Toys
advanced below have been deemed insufficient by the courts. First, the two documented
sales appear to be the kind of “fortuitous,” “random,” and “attenuated” contacts that the
Supreme Court has held insufficient to warrant the exercise of jurisdiction. As for the
electronic newsletters and other email correspondence, “telephone communication or mail
sent by a defendant [do] not trigger personal jurisdiction if they ‘do not show purposeful
availment.’” The court in Barrett found that the exchange of three emails between the
plaintiff and defendant regarding the contents of the defendant’s web site, without more,
did not “amount to the level of purposeful targeting required under the minimum contacts
analysis.” Non-Internet contacts, such as Mr. Tena’s visits to New York and the
relationships with U.S. vendors, have not been explored sufficiently to determine whether
they are related to Toys’ cause of action, or whether they reflect “purposeful availment.”
Absent further evidence showing purposeful availment, Toys cannot establish specific
jurisdiction over Step Two.6 However, any information regarding Step Two’s intent vis-a-vis
its Internet business and regarding other related contacts is known by Step Two, and can
be learned by Toys only through discovery. The District Court’s denial of jurisdictional
discovery is thus a critical issue, insofar as it may have prevented Toys from obtaining the
information needed to establish personal jurisdiction. We next turn to whether the District
Court properly denied Toys’ request for jurisdictional discovery.
B. Jurisdictional Discovery…
Toys requested jurisdictional discovery for the purpose of establishing either specific
personal jurisdiction, or jurisdiction under the federal long-arm statute, Fed. R. Civ. P.
5 Toys argues that Step Two was aware that it was conducting business with New Jersey residents. In
particular, Toys points to the email correspondence between Mr. Luis M. Lopez and a representative of Step
Two regarding Mr. Lopez’s overpayment. Mr. Lopez requested that the difference be mailed to his home address
in “South Orange, NJ 07079,” but did not spell out “New Jersey” or specify that he resided in the United States.
The Step Two representative, apparently uncertain about the address, sent a reply stating “I have received your
address and as far as I can see, it is pretty far from here (we are in Zaragoza). I would appreciate your giving me
more information on the address so that I can be sure that it will arrive.” Mr. Lopez’s response to this
message—if he sent one—is not included in the record. Although Step Two ultimately learned that Mr. Lopez is
a United States resident, a trier of fact could reasonably find from the correspondence that the company did not
contemplate that sales would occur with U.S.-based purchasers. 6 As an alternative to the “minimum contacts” analysis for specific jurisdiction, Toys argues that jurisdiction
over Step Two may be based on the “effects” test. Following the lead of the Supreme Court in Calder v. Jones,
465 U.S. 783, 788-89 (1984), the Third Circuit has held that personal jurisdiction may, under certain
circumstances, be based on the effects in the forum state of a defendant’s tortious actions elsewhere. One of the
Third Circuit’s requirements is that the “defendant expressly aimed his tortious conduct at the forum....”
Even assuming that Step Two’s registration of the Imaginarium domain names and its operation of web
sites under that name bring about an injury to Toys in New Jersey (its corporate headquarters), Toys has failed
to establish that Step Two engaged in intentionally tortious conduct expressly aimed at New Jersey. In the
present case, this intentionality requirement is the key missing component for jurisdiction under either the
“minimum contacts” analysis or the “effects” test.
37.
4(k)(2).7 The District Court denied Toys’ request, explaining that “the clear focus of the
Court is directed, as it should be, to the web site[,] [a]nd to the activity of the defendants
related to that web site, which is making sales here, ...” The court added that “the apparent
contradictions, if such there will be in the Tena affidavit, [and] what else Mr. Tena might
have been doing here, just have no relationship to where the eye is directed and should stay
and that is, the web site activities of this defendant.”
We are persuaded that the District Court erred when it denied Toys’ request for
jurisdictional discovery. The court’s unwavering focus on the web site precluded
consideration of other Internet and non-Internet contacts—indicated in various parts of the
record—which, if explored, might provide the “something more” needed to bring Step Two
within our jurisdiction. Although the plaintiff bears the burden of demonstrating facts that
support personal jurisdiction, courts are to assist the plaintiff by allowing jurisdictional
discovery unless the plaintiff’s claim is “clearly frivolous.” If a plaintiff presents factual
allegations that suggest “with reasonable particularity” the possible existence of the
requisite “contacts between [the party] and the forum state,” the plaintiff’s right to conduct
jurisdictional discovery should be sustained.
Where the plaintiff has made this required threshold showing, courts within this Circuit
have sustained the right to conduct discovery before the district court dismisses for lack of
personal jurisdiction. Here, instead of adopting a deferential approach to Toys’ request for
discovery, the District Court appears to have focused entirely on the web site, thereby
preventing further inquiry into non-Internet contacts.
The record before the District Court contained sufficient non-frivolous allegations (and
admissions) to support the request for jurisdictional discovery. First, Toys’ complaint
alleges that Step Two has “completely copied the IMAGINARIUM concept” from Toys. For
example, Toys alleges that “the mix of toys sold by Step Two is identical to the mix of toys
sold by Toys under the IMAGINARIUM mark,” and that “Step Two continues to copy Toys’
marketing developments and Intellectual property.” Underlying Toys’ complaint is its
concern that Step Two is “attempt[ing] to expand [its] business throughout the world
including the United States by operating international web sites that offer goods similar to
the goods offered in Toy’s [sic] IMAGINARIUM stores.” Step Two’s intent, according to
Toys, is to “capitalize for [its] own pecuniary gain on the goodwill and excellent reputation
of Toys....”
It is well established that in deciding a motion to dismiss for lack of jurisdiction, a court is
required to accept the plaintiff’s allegations as true, and is to construe disputed facts in
favor of the plaintiff. Given the allegations as to Step Two’s mimicry of Toys’ ventures on
the Internet and its copy-cat marketing efforts, it would be reasonable to allow more
detailed discovery into Step Two’s business plans for purchases, sales, and marketing.
Limited discovery relating to these matters would shed light on the extent, if any, Step
Two’s business activity—including, but not limited to, its web site—were aimed towards the
7 The federal long-arm statute sanctions personal jurisdiction over foreign defendants for claims arising under
federal law when the defendant has sufficient contacts with the nation as a whole to justify the imposition of
U.S. law, but without sufficient contacts to satisfy the due process concerns of the long-arm statute of any
particular state.
38.
United States. This information, known only to Step Two, would speak to an essential
element of the personal jurisdiction calculus.
Other aspects of the record should have also alerted the District Court to the possible
existence of the “something else” needed to exercise personal jurisdiction. For example, Step
Two concedes that a portion of the merchandise sold through its Imaginarium stores and
web sites are purchased from U.S. vendors, and that Mr. Tena attends the New York Toy
Fair each year. Further discovery into the vendor relationships and Mr. Tena’s activities
here, if any, may shed light on Step Two’s intentions with respect to the U.S. market, or the
extent of its business contacts in the United States. Discovery might also reveal whether
these non-Internet contacts directly facilitate Step Two’s alleged exploitation of Toys’
marketing techniques by providing it with a supply of items identical to Toys’ inventory to
sell on its web sites.
The two documented sales to residents of New Jersey—and the subsequent emails sent
from Step Two to the two purchasers—also speak “with reasonable particularity” to the
possible existence of contacts needed to support jurisdiction. Although affiliates of Toys
orchestrated the two sales, Mr. Tena’s conflicting affidavits raise the possibility that
additional sales to U.S. residents may have been conducted via the web sites. The need for
additional discovery regarding sales is further underscored by the parties’ uncertainty as to
whether the residence of purchasers can be determined from their credit card number or
through some other electronic means.8
Counsel for Toys mentioned some of these contacts when it explained to the District Court
why it should be allowed jurisdictional discovery:
Mr. Tena states in his affidavit that he has substantial regular and
systematic contacts with the United States, [and] he attends trade shows. He
purchases from vendors in the United States. I think at the very least, Your
Honor, we should be able to inquire into what these substantial and
continuing contacts are. Because apparently he buys a lot of the toys that he
resells from U.S. vendors, because the ones that we have got were in English
that we would be permitted to take discovery on that aspect. To determine
whether or not ... he has made more sales within the State of New Jersey and
in the United States as a whole, as far as accepting orders from United States
residents. And/or whether there’s a basis for general jurisdiction under Rule
4(k)(2), because of his regular and systematic contacts with the United
States. Apparently a lot of his toys are obtained through United States
vendors.
Toys’ request for jurisdictional discovery was specific, non-frivolous, and a logical follow-up
based on the information known to Toys. The District Court erred by denying this
8 In its brief on appeal, Step Two contends that Toys should not be allowed discovery because there is simply no
basis for believing that there are any other contacts to find and, moreover, seeking discovery about other web
site-generated contacts would be futile as Step Two does not keep track of billing addresses or the physical
location of its email correspondents. At oral argument, however, counsel for Toys suggested there are means by
which an individual’s residence can be determined from a credit card number. Toys also suggests, in its brief on
appeal, that the residence of on-line purchasers may be determined from the phone number that purchasers are
required to input. These possibilities can be explored through discovery.
39.
reasonable request. Toys should be allowed jurisdictional discovery, on the limited issue of
Step Two’s business activities in the United States, including business plans, marketing
strategies, sales, and other commercial interactions. Although Step Two does not appear to
have widespread contacts with the United States, this limited discovery will also help
determine whether jurisdiction exists under the federal long-arm statute. Accordingly, on
remand, the District Court should consider whether any newly discovered facts will support
jurisdiction under traditional jurisdictional analysis, or under Rule 4(k)(2)….
NOTES AND QUESTIONS
Enforceability. If Toys ‘R’ Us won the lawsuit and the court awarded Toys ‘R’ Us every
remedy it requested, how would Toys ‘R’ Us enforce that judgment?
The Effects Test. Calder v. Jones, 465 U.S. 783 (1984), held that a California celebrity
(Shirley Jones, the Partridge Family’s mom) could sue a Florida publication in California
because its allegedly defamatory article harmed her in California, where a lot of the
entertainment industry is located. This ruling gave rise to what’s called the “Effects Test,”
which suggests personal jurisdiction is appropriate when a defendant expressly aims
intentional tortious actions at the forum state.
Although plaintiffs frequently invoke the Effects Test when suing over intentional torts
online, a plaintiff still must show that the defendant was trying to communicate with the
forum state. As Burdick v. Superior Court, 233 Cal. App. 4th 8 (Cal. App. Ct. 2015)
explains:
We hold that posting defamatory statements about a person on a Facebook
page, while knowing that person resides in the forum state, is insufficient in
itself to create the minimum contacts necessary to support specific personal
jurisdiction in a lawsuit arising out of that posting. Instead, it is necessary
that the nonresident defendant not only intentionally post the statements on
the Facebook page, but that the defendant expressly aim or specifically direct
his or her intentional conduct at the forum, rather than at a plaintiff who
lives there. We emphasize the exercise of personal jurisdiction must be based
upon forum-related acts that were personally committed by the nonresident
defendant, not upon the plaintiff’s contacts with the forum or acts committed
by codefendants or third parties.
Supreme Court jurisprudence over the past decade has made it harder to establish personal
jurisdiction over non-resident defendants, especially via the Effects Test.
Denouement. After the Third Circuit’s ruling, the case settled without a further substantive
ruling. Shortly thereafter, Toys ‘R’ Us shut down its standalone Imaginarium stores,
integrated the brand into Toys ‘R’ Us stores, and progressively wound down the retail
brand. In 2018, Toys ‘R’ Us shut down entirely.
Meanwhile, the European Imaginarium chain has expanded substantially. It generates
over €100M/year in revenues and has retail stores throughout Europe and beyond. See
http://www.imaginarium.info/:
40.
[screenshot from 2017]
41.
Illinois v. Hemi Group LLC, 622 F.3d 754 (7th Cir. 2010)
The state of Illinois sued Hemi Group LLC for selling cigarettes to Illinois residents in
violation of state laws and for failing to report those sales in violation of federal law. The
district court denied Hemi’s motion to dismiss for lack of personal jurisdiction, finding that
the Internet transactions sufficed to establish personal jurisdiction over Hemi in Illinois.
We affirm….
[Screenshot from 2011]
1. Minimum Contacts
We find that Hemi’s contacts with Illinois were sufficient to satisfy due process. Hemi
maintained commercial websites through which customers could purchase cigarettes,
calculate their shipping charges using their zip codes, and create accounts. Hemi stated
that it would ship to any state in the country except New York. This statement is important
for two reasons. First, Hemi expressly elected to do business with the residents of forty-nine
states. Although listing all forty-nine states by name would have made a stronger case for
jurisdiction in this case, inasmuch as it would have expressly stated that Hemi wanted to
do business with Illinois residents, the net result is the same—Hemi stood ready and
willing to do business with Illinois residents. And Hemi, in fact, knowingly did do business
with Illinois residents. In light of this, Hemi’s argument that it did not purposefully avail
itself of doing business in Illinois rings particularly hollow.
Second, the fact that Hemi excluded New York residents from its customer pool shows both
that Hemi knew that conducting business with residents of a particular state could subject
42.
it to jurisdiction there and also that it knew how to protect itself from being haled into court
in any particular state….
Hemi argues that its sales to customers, specifically the sales to the special agent of the
Illinois Department of Revenue, cannot constitute the required minimum contacts because
the purchases were unilateral actions by the customers. Characterizing the sales as
unilateral is misleading, however, because it ignores several of Hemi’s own actions that led
up to and followed the sales. Hemi created several commercial, interactive websites through
which customers could purchase cigarettes from Hemi. Hemi held itself out as open to do
business with every state (including Illinois) except New York. After the customers made
their purchases online, Hemi shipped the cigarettes to their various destinations. It is Hemi
reaching out to residents of Illinois, and not the residents reaching back, that creates the
sufficient minimum contacts with Illinois that justify exercising personal jurisdiction over
Hemi in Illinois.
We wish to point out that we have done the entire minimum contacts analysis without
resorting to the sliding scale approach first developed in Zippo Mfg. Co. v. Zippo Dot Com,
Inc., 952 F. Supp. 1119, 1124 (W.D. Pa. 1997). This was not by mistake. Although several
other circuits have explicitly adopted the sliding scale approach, our court has expressly
declined to do so.… Long before the Internet became a medium for defamation, the
Supreme Court in Calder v. Jones, 465 U.S. 783 (1984), had decided the relevant
jurisdictional standard for intentional torts that cross state lines. We concluded that “the
principles articulated [in Calder] can be applied to cases involving tortious conduct
committed over the Internet.”
We reach the same conclusion here. Zippo’s sliding scale was always just short-hand for
determining whether a defendant had established sufficient minimum contacts with a
forum to justify exercising personal jurisdiction over him in the forum state. But we think
that the traditional due process inquiry described earlier is not so difficult to apply to cases
involving Internet contacts that courts need some sort of easier-to-apply categorical test….
3. Fairness…
We conclude that exercising jurisdiction over Hemi in Illinois is fair. Hemi set up an
expansive, sophisticated commercial venture online. It held itself out to conduct business
nationwide and was apparently successful in reaching customers across the country. It was
savvy enough to at least try to limit its exposure to lawsuits in states in which it felt that
the upside of doing business was outweighed by the risk of litigation. Hemi wants to have
its cake and eat it, too: it wants the benefit of a nationwide business model with none of the
exposure. There is nothing constitutionally unfair about allowing Illinois, a state with
which Hemi has had sufficient minimum contacts, to exercise personal jurisdiction over
Hemi.
To be sure, defending against a lawsuit in Illinois may prove to be a burden on Hemi, whose
physical business operations are located entirely in New Mexico. However, Illinois courts
have a strong interest in providing a forum to resolve a dispute involving the state itself,
and it would be most convenient to the state of Illinois (and likely New Mexico) to
adjudicate a dispute based on Illinois law in Illinois courts. None of the other relevant
factors weighs conclusively in Hemi’s favor….
43.
We note the legitimate concern that “[p]remising personal jurisdiction on the maintenance
of a website, without requiring some level of ‘interactivity’ between the defendant and
consumers in the forum state, would create almost universal personal jurisdiction because
of the virtually unlimited accessibility of websites across the country.” Courts should be
careful in resolving questions about personal jurisdiction involving online contacts to
ensure that a defendant is not haled into court simply because the defendant owns or
operates a website that is accessible in the forum state, even if that site is “interactive.”
Here, we affirm the district court’s conclusion that Hemi is subject to personal jurisdiction
in Illinois, not merely because it operated several “interactive” websites, but because Hemi
had sufficient voluntary contacts with the state of Illinois. We make no comment on
whether Hemi may be subject to personal jurisdiction in any other state….
NOTES AND QUESTIONS
Denouement. In 2011, the parties entered into a stipulated judgment. Hemi confirmed it
stopped selling cigarettes to Illinois consumers in 2008 and won’t reenter the Illinois
market without permission. Hemi also turned over the names and addresses of all of its
Illinois buyers, presumably so the state could collect the applicable taxes directly from
them.
The Demise of the Zippo Test. Despite its ubiquity, the Zippo test has not aged well. See,
e.g., Kindig It Design, Inc. v. Creative Controls, Inc., 157 F. Supp. 3d 1167 (D. Utah. 2016):
Given the exponential growth in the number of interactive websites, the
Zippo approach—which would remove personal jurisdiction’s geographical
limitations based on the mere existence of those websites—is particularly
troubling. And the problem would grow more acute every year as more
individuals and businesses create interactive websites.
This court is not alone in its criticism of the Zippo sliding scale as a
replacement for traditional personal jurisdiction analysis. The Second Circuit
has cautioned that the Zippo sliding scale “does not amount to a separate
framework for analyzing internet-based jurisdiction.” Rather, “traditional
statutory and constitutional principles remain the touchstone of the inquiry.”
The traditional tests are readily adaptable to the digital age, just as they
were to technological advances like the telegraph, radio, television, and
telephone. Indeed, the telephone provides an apt analogy. Although a
company may have a public telephone number that can be dialed from every
state, it is not necessarily subject to personal jurisdiction in every state.
Rather, personal jurisdiction rising from telephonic contacts can only be
based on actual phone calls. Similarly, personal jurisdiction arising from an
interactive website should only be based on actual use of the site by forum
residents.
In summary, this court finds Zippo to be unpersuasive. The traditional tests
for personal jurisdiction are readily applicable to internet-based conduct and
are therefore controlling under Federal Circuit law.
44.
Zippo is still highly cited, but it is dubious precedent. In addition to courts that have
expressly rejected it, like the Hemi and Kindig cases, many other courts have rejected it sub
silento. You should favorably cite the Zippo precedent with extreme caution.
Geotargeting Ads. Advertisers may be willing to pay a premium to deliver ads that are
targeted based on the consumer’s location. If a website or app offers this option—directly or
through a third-party ad network—it’s probable that courts will count this functionality
against it in any personal jurisdiction analysis. See UMG Recordings v. Kurbanov, 2020 WL
3476993 (4th Cir. June 26, 2020); see also Ligue Contre le Racisme et L'Antisémitisme v.
Yahoo! Inc. (LICRA c. Yahoo!), No RG:00/0538 (Tribunal de Grande Instance de Paris Nov.
22, 2000).
CHAPTER 2 REVIEW QUESTION #1
Accessing the Internet from his home, Joe Consumer books a cruise via the cruise line’s
website. The cruise line is headquartered in a different state and has no physical operations
in Joe’s home state. In order to book the cruise, Joe must provide his home address. During
the cruise, Joe suffers a personal injury from a slip-and-fall. Joe wants to sue the cruise line
for negligence in his home court. Based solely on these facts, which legal principle supports
personal jurisdiction over the cruise line in Joe’s home court?
a) General jurisdiction
b) Specific jurisdiction due to “minimum contacts”
c) Specific jurisdiction due to the “Effects Test”
d) In rem jurisdiction
e) There’s no personal jurisdiction
45.
III. Contracts
How many online contracts have you agreed to? The number is probably in the thousands.
Yet, do you know what you agreed to in these thousands of contracts?
(used with permission of the Doghouse Diaries, http://www.thedoghousediaries.com/)
Most users—including probably you—never read online contracts, wouldn’t understand
them even if they read them, and would likely object to at least some of the terms if they
understood them. The fact that people have no idea of the terms has spurred a range of
Easter Egg provisions, such as: provisions for the consequences of zombie attack (Amazon
AWS; Mailchimp); a chocolate cake recipe (Peacock TV); cash rewards to the first person to
notice the Easter Egg provision (Squaremouth--$10,000; PC Pitstop--$1,000); a commitment
to perform 1,000 hours of community service (Purple Wi-Fi); a provision to assign the user’s
first born child “for the duration of eternity” (F-Secure Wi-Fi); and a remedy for breach that
“a leather-winged demon of the night will tear itself, shrieking blood and fury, from the
endless caverns of the nether world, hurl itself into the darkness with a thirst for blood on
its slavering fangs and search the very threads of time for the throbbing of your heartbeat”
(Alchemy Mindworks).
Yet, despite the manifest problems with knowledge and consent, users routinely are legally
bound to online contracts if the formation process satisfies certain formalities. Hundreds of
cases have upheld online contract formation.
46.
In the next case, the court upholds Uber’s contract formation. This is good news for Uber.
Still, would you have done anything differently if you were Uber’s counsel? The court bases
its ruling on consumer expectations in mobile environments. What evidence does the court
cite to support its characterizations of consumer expectations?
Meyer v. Uber Technologies, Inc., 868 F.3d 66 (2d Cir. 2017).
Chin, Circuit Judge.
…BACKGROUND
A. The Facts
The facts are undisputed and are summarized as follows:
Uber offers a software application for smartphones (the “Uber App”) that allows riders to
request rides from third‐party drivers. On October 18, 2014, Meyer registered for an Uber account with the Uber App on a Samsung Galaxy S5 phone running an Android operating
system. After registering, Meyer took ten rides with Uber drivers in New York,
Connecticut, Washington, D.C., and Paris.
In support of its motion to compel arbitration, Uber submitted a declaration from Senior
Software Engineer Vincent Mi, in which Mi represented that Uber maintained records of
when and how its users registered for the service and that, from his review of those records,
Mi was able to identify the dates and methods by which Meyer registered for a user
account. Attached to the declaration were screenshots of the two screens that a user
registering in October 2014 with an Android‐operated smartphone would have seen during the registration process.
The first screen, at which the user arrives after downloading the application and clicking a
button marked “Register,” is labeled “Register” and includes fields for the user to enter his
or her name, email address, phone number, and a password (the “Registration Screen”).
The Registration Screen also offers the user the option to register via a Google+* or
Facebook account. According to Uber’s records, Meyer did not sign up using either Google+
or Facebook and would have had to enter manually his personal information.
* [Editor’s note: Google+ was Google’s social networking system, with features similar to Facebook or LinkedIn.
Google shut down Google+ in 2019.]
47.
After completing the information on the Registration Screen and clicking “Next,” the user
advances to a second screen labeled “Payment” (the “Payment Screen”), on which the user
can enter credit card details or elect to make payments using PayPal or Google Wallet,
third‐party payment services. According to Uberʹs records, Meyer entered his credit card information to pay for rides. To complete the process, the prospective user must click the
button marked “REGISTER” in the middle of the Payment Screen.
Below the input fields and buttons on the Payment Screen is black text advising users
that “[b]y creating an Uber account, you agree to the TERMS OF SERVICE & PRIVACY
POLICY.” The capitalized phrase, which is bright blue and underlined, was a hyperlink
that, when clicked, took the user to a third screen containing a button that, in turn, when
clicked, would then display the current version of both Uber’s Terms of Service and Privacy
Policy.
Meyer recalls entering his contact information and credit card details before registering,
but does not recall seeing or following the hyperlink to the Terms and Conditions. He
declares that he did not read the Terms and Conditions, including the arbitration provision.
48.
When Meyer registered for an account, the Terms of Service contained the following
mandatory arbitration clause:
Dispute Resolution
You and Company agree that any dispute, claim or controversy arising out of
or relating to this Agreement or the breach, termination, enforcement,
interpretation or validity thereof or the use of the Service or Application
(collectively, “Disputes”) will be settled by binding arbitration, except that
each party retains the right to bring an individual action in small claims
court and the right to seek injunctive or other equitable relief in a court of
competent jurisdiction to prevent the actual or threatened infringement,
misappropriation or violation of a party’s copyrights, trademarks, trade
secrets, patents or other intellectual property rights. You acknowledge and
agree that you and Company are each waiving the right to a trial by
jury or to participate as a plaintiff or class User in any purported
class action or representative proceeding. Further, unless both you and
Company otherwise agree in writing, the arbitrator may not consolidate more
than one person’s claims, and may not otherwise preside over any form of
any class or representative proceeding. If this specific paragraph is held
unenforceable, then the entirety of this “Dispute Resolution” section will be
deemed void. Except as provided in the preceding sentence, this “Dispute
Resolution” section will survive any termination of this Agreement.
The Terms of Service further provided that the American Arbitration Association (“AAA”)
would hear any dispute, and that the AAA Commercial Arbitration Rules would govern any
arbitration proceeding….
2. State Contract Law…
To form a contract, there must be “[m]utual manifestation of assent, whether by written or
spoken word or by conduct.” California law is clear, however, that ”an offeree, regardless of
apparent manifestation of his consent, is not bound by inconspicuous contractual provisions
of which he is unaware, contained in a document whose contractual nature is not obvious.”
“Thus, California contract law measures assent by an objective standard that takes into
account both what the offeree said, wrote, or did and the transactional context in which the
offeree verbalized or acted.”
Where there is no evidence that the offeree had actual notice of the terms of the agreement,
the offeree will still be bound by the agreement if a reasonably prudent user would be on
inquiry notice of the terms. Whether a reasonably prudent user would be on inquiry notice
turns on the “[c]larity and conspicuousness of arbitration terms”; in the context of web‐ based contracts, as discussed further below, clarity and conspicuousness are a function of
the design and content of the relevant interface.
Thus, only if the undisputed facts establish that there is “[r]easonably conspicuous notice of
the existence of contract terms and unambiguous manifestation of assent to those
terms” will we find that a contract has been formed.
49.
3. Web‐based Contracts “While new commerce on the Internet has exposed courts to many new situations, it has not
fundamentally changed the principles of contract.” Register.com, Inc. v. Verio, Inc., 356
F.3d 393, 403 (2d Cir. 2004). “Courts around the country have recognized that [an]
electronic ‘click’ can suffice to signify the acceptance of a contract,” and that “[t]here is
nothing automatically offensive about such agreements, as long as the layout and language
of the site give the user reasonable notice that a click will manifest assent to an
agreement.” Sgouros v. TransUnion Corp., 817 F.3d 1029, 1033‐34 (7th Cir. 2016).
With these principles in mind, one way in which we have previously distinguished web‐ based contracts is the manner in which the user manifests assent ‐ namely, “clickwrap” (or “click‐through”) agreements, which require users to click an “I agree” box after being presented with a list of terms and conditions of use, or “browsewrap” agreements, which
generally post terms and conditions on a website via a hyperlink at the bottom of the
screen.7 Courts routinely uphold clickwrap agreements for the principal reason that the
user has affirmatively assented to the terms of agreement by clicking “I agree.”
Browsewrap agreements, on the other hand, do not require the user to expressly assent.
“Because no affirmative action is required by the website user to agree to the terms of a
contract other than his or her use of the website, the determination of the validity of the
browsewrap contract depends on whether the user has actual or constructive knowledge of
a website’s terms and conditions.”
Of course, there are infinite ways to design a website or smartphone application, and not all
interfaces fit neatly into the clickwrap or browsewrap categories. Some online agreements
require the user to scroll through the terms before the user can indicate his or her assent by
clicking “I agree.” See Berkson v. Gogo LLC, 97 F. Supp. 3d 359, 386, 398 (E.D.N.Y. 2015)
(terming such agreements “scrollwraps”). Other agreements notify the user of the existence
of the website’s terms of use and, instead of providing an “I agree” button, advise the user
that he or she is agreeing to the terms of service when registering or signing up. Id. at
399 (describing such agreements as “sign‐in‐wraps”).
In the interface at issue in this case, a putative user is not required to assent explicitly to
the contract terms; instead, the user must click a button marked ”Register,” underneath
which the screen states ”By creating an Uber account, you agree to the TERMS OF
SERVICE & PRIVACY POLICY,” with hyperlinks to the Terms of Service and Privacy
Policy. We were first presented with a similar agreement in Schnabel, but the plaintiffs had
not preserved the issue of whether they were on inquiry notice of the arbitration provision
by a “terms and conditions” hyperlink on an enrollment form available before enrollment.
Most recently in Nicosia, we held that reasonable minds could disagree regarding the
sufficiency of notice provided to Amazon.com customers when placing an order through the
website.8…
7 This nomenclature derives from so‐called “shrinkwrap” licenses, in which a software consumer arguably assents to the license terms contained inside after breaking the shrinkwrap seal and using the enclosed
software. 8 In Nicosia, the Amazon website stated on the left side of the page: “By placing your order, you agree to
Amazon.com’s privacy notice and conditions of use,” with the latter phrases hyperlinked to the terms and
conditions. The user placed an order by clicking on a “Place your order” button on a different part of the page.
50.
Classification of web‐based contracts alone, however, does not resolve the notice inquiry. Insofar as it turns on the reasonableness of notice, the enforceability of a web‐based agreement is clearly a fact‐intensive inquiry. Nonetheless, on a motion to compel arbitration, we may determine that an agreement to arbitrate exists where the notice of the
arbitration provision was reasonably conspicuous and manifestation of assent unambiguous
as a matter of law.
B. Application
Meyer attests that he was not on actual notice of the hyperlink to the Terms of Service or
the arbitration provision itself, and defendants do not point to evidence from which a jury
could infer otherwise. Accordingly, we must consider whether Meyer was on inquiry notice
of the arbitration provision by virtue of the hyperlink to the Terms of Service on the
Payment Screen and, thus, manifested his assent to the agreement by clicking ”Register.”…
1. Reasonably conspicuous notice
In considering the question of reasonable conspicuousness, precedent and basic principles of
contract law instruct that we consider the perspective of a reasonably prudent smartphone
user. See Schnabel, 697 F.3d at 124 (“[T]he touchstone of the analysis is whether
reasonable people in the position of the parties would have known about the terms and the
conduct that would be required to assent to them.”). “[M]odern cell phones . . . are now such
a pervasive and insistent part of daily life that the proverbial visitor from Mars might
conclude they were an important feature of human anatomy.” Riley v. California, 134 S. Ct.
2473, 2484 (2014). As of 2015, nearly two‐thirds of American adults owned a smartphone, a figure that has almost doubled since 2011. Consumers use their smartphones for, among
other things, following the news, shopping, social networking, online banking, researching
health conditions, and taking classes. In a 2015 study, approximately 89 percent of
smartphone users surveyed reported using the internet on their smartphones over the
course of the week‐long study period. A purchaser of a new smartphone has his or her choice of features, including operating systems, storage capacity, and screen size.
Smartphone users engage in these activities through mobile applications, or “apps,” like the
Uber App. To begin using an app, the consumers need to locate and download the app, often
from an application store. Many apps then require potential users to sign up for an account
to access the app’s services. Accordingly, when considering the perspective of a reasonable
smartphone user, we need not presume that the user has never before encountered an app
or entered into a contract using a smartphone. Moreover, a reasonably prudent smartphone
user knows that text that is highlighted in blue and underlined is hyperlinked to another
webpage where additional information will be found.
Turning to the interface at issue in this case, we conclude that the design of the screen and
language used render the notice provided reasonable as a matter of California law. The
Payment Screen is uncluttered, with only fields for the user to enter his or her credit card
details, buttons to register for a user account or to connect the user’s pre‐existing PayPal account or Google Wallet to the Uber account, and the warning that “By creating an Uber
account, you agree to the TERMS OF SERVICE & PRIVACY POLICY.” The text, including
the hyperlinks to the Terms and Conditions and Privacy Policy, appears directly below the
buttons for registration. The entire screen is visible at once, and the user does not need to
scroll beyond what is immediately visible to find notice of the Terms of Service. Although
the sentence is in a small font, the dark print contrasts with the bright white background,
51.
and the hyperlinks are in blue and underlined. This presentation differs sharply from the
screen we considered in Nicosia, which contained, among other things, summaries of the
user’s purchase and delivery information, “between fifteen and twenty‐five links,” ”text . . . in at least four font sizes and six colors,” and several buttons and advertisements.
Furthermore, the notice of the terms and conditions in Nicosia was “not directly
adjacent” to the button intended to manifest assent to the terms, unlike the text and button
at issue here.
In addition to being spatially coupled with the mechanism for manifesting assent -- i.e., the
register button ‐‐ the notice is temporally coupled. As we observed in Schnabel, inasmuch as consumers are regularly and frequently confronted with non‐negotiable contract terms, particularly when entering into transactions using the Internet, the presentation of these
terms at a place and time that the consumer will associate with the initial purchase or
enrollment, or the use of, the goods or services from which the recipient benefits at least
indicates to the consumer that he or she is taking such goods or employing such services
subject to additional terms and conditions that may one day affect him or her. Here, notice
of the Terms of Service is provided simultaneously to enrollment, thereby connecting the
contractual terms to the services to which they apply. We think that a reasonably prudent
smartphone user would understand that the terms were connected to the creation of a user
account.
That the Terms of Service were available only by hyperlink does not preclude a
determination of reasonable notice. See Fteja, 841 F. Supp. 2d at 839 (“[C]licking [a]
hyperlinked phrase is the twenty‐first century equivalent of turning over the cruise ticket. In both cases, the consumer is prompted to examine terms of sale that are located
somewhere else.”). Moreover, the language “[b]y creating an Uber account, you agree” is a
clear prompt directing users to read the Terms and Conditions and signaling that their
acceptance of the benefit of registration would be subject to contractual terms. As long as
the hyperlinked text was itself reasonably conspicuous ‐‐ and we conclude that it was ‐‐ a reasonably prudent smartphone user would have constructive notice of the terms. While it
may be the case that many users will not bother reading the additional terms, that is the
choice the user makes; the user is still on inquiry notice.
Finally, we disagree with the district court’s determination that the location of the
arbitration clause within the Terms and Conditions was itself a “barrier to reasonable
notice.” In Sgouros, the Seventh Circuit determined that the defendant’s website actively
misled users by ”explicitly stating that a click on the button constituted assent for
TransUnion to obtain access to the purchaser’s personal information,” without saying
anything about ”contractual terms,” and without any indication that ”the same click
constituted acceptance of the Service Agreement.” The website did not contain a hyperlink
to the relevant agreement; instead, it had a scroll box that contained the entirety of the
agreement, only the first three lines of which were visible without scrolling, and it had no
prompt for the reader to scroll for additional terms. Here, there is nothing misleading.
Although the contract terms are lengthy and must be reached by a hyperlink, the
instructions are clear and reasonably conspicuous. Once a user clicks through to the Terms
of Service, the section heading (“Dispute Resolution”) and the sentence waiving the user’s
right to a jury trial on relevant claims are both bolded.
52.
Accordingly, we conclude that the Uber App provided reasonably conspicuous notice of the
Terms of Service as a matter of California law and turn to the question of whether Meyer
unambiguously manifested his assent to those terms.
2. Manifestation of assent
Although Meyer’s assent to arbitration was not express, we are convinced that it was
unambiguous in light of the objectively reasonable notice of the terms, as discussed in detail
above. See Register.com, 356 F.3d at 403 (“[R]egardless whether [a user] did or did not
say, ‘I agree’ . . . [the user’s] choice was either to accept the offer of contract, taking the
information subject to the terms of the offer, or, if the terms were not acceptable, to decline
to take the benefits.”); see also Schnabel, 697 F.3d at 128 (“[A]cceptance need not be
express, but where it is not, there must be evidence that the offeree knew or should have
known of the terms and understood that acceptance of the benefit would be construed by
the offeror as an agreement to be bound.”). As we described above, there is ample evidence
that a reasonable user would be on inquiry notice of the terms, and the spatial and
temporal coupling of the terms with the registration button ”indicate[d] to the consumer
that he or she is . . . employing such services subject to additional terms and conditions that
may one day affect him or her.” A reasonable user would know that by clicking the
registration button, he was agreeing to the terms and conditions accessible via the
hyperlink, whether he clicked on the hyperlink or not.
The fact that clicking the register button had two functions ‐‐ creation of a user account and assent to the Terms of Service ‐‐ does not render Meyer’s assent ambiguous. The registration process allowed Meyer to review the Terms of Service prior to registration,
unlike web platforms that provide notice of contract terms only after the user manifested
his or her assent. Furthermore, the text on the Payment Screen not only included a
hyperlink to the Terms of Service, but expressly warned the user that by creating an Uber
account, the user was agreeing to be bound by the linked terms. Although the warning text
used the term ”creat[e]” instead of ”register,” as the button was marked, the physical
proximity of the notice to the register button and the placement of the language in the
registration flow make clear to the user that the linked terms pertain to the action the user
is about to take.
The transactional context of the partiesʹ dealings reinforces our conclusion. Meyer located
and downloaded the Uber App, signed up for an account, and entered his credit card
information with the intention of entering into a forward‐looking relationship with Uber. The registration process clearly contemplated some sort of continuing relationship between
the putative user and Uber, one that would require some terms and conditions, and the
Payment Screen provided clear notice that there were terms that governed that
relationship.
Accordingly, we conclude on the undisputed facts of this case that Meyer unambiguously
manifested his assent to Uberʹs Terms of Service as a matter of California law….
53.
NOTES AND QUESTIONS
Nomenclature Note #1: The following terms are synonyms: user agreement, member
agreement, subscriber agreement, terms of use (TOU), terms of service (TOS), and EULA
(end user license agreement). The book uses these terms interchangeably. You’ll encounter
many other synonyms in the field.
Nomenclature Note #2: The “-Wrap” Taxonomy. The court describes five types of contract
formation processes:
Term Second Circuit’s Definition
“Shrinkwrap” “a software consumer arguably assents to the license terms contained
inside after breaking the shrinkwrap seal and using the enclosed
software”
“Browsewrap” “generally post terms and conditions on a website via a hyperlink at the
bottom of the screen”
“Clickwrap”/
“Clickthrough”
“require users to click an ‘I agree’ box after being presented with a list
of terms and conditions of use”
“Scrollwrap” “require the user to scroll through the terms before the user can
indicate his or her assent by clicking ‘I agree.’”
“Sign‐in‐ wraps”
“notify the user of the existence of the website’s terms of use and,
instead of providing an ‘I agree’ button, advise the user that he or she is
agreeing to the terms of service when registering or signing up”
In Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014), the Ninth Circuit adopted
virtually identical definitions of “clickwrap” and “browsewrap,” but it did not define the
other three terms.
The –wrap terminology dates back to the days when software was sold in retail stores on
physical disks. Manufacturers shipped the disks in individual cardboard boxes and
shrinkwrapped the boxes with plastic. Often, the box would say something like “by
removing the plastic, you are agreeing to software license terms located inside the box.”
(For now, ignore the logic puzzle created by the plastic removal purportedly binding buyers
when they could not actually see the terms until they removed the plastic. Sometimes the
manufacturer avoided this conundrum by printing the terms on the box itself). Referring to
the plastic wrapping, these software license agreements became known as “shrinkwrap”
license terms.
As online contracts emerged, lawyers and judges analogized the user’s movement around a
website to the “unwrapping” of shrinkwrap contracts. This led to the development of the
terms “clickwrap” and “browsewrap.” The “scrollwrap” and “sign-in-wrap” terms came from
the Berkson case in 2015. Courts have adopted other –wrap terms as well. For example,
several courts have used the term “modified clickwrap,” and one court referred to a
“telephone-wrap.”
Unfortunately, the –wrap terminology, though ubiquitous, has numerous deficiencies.
54.
First, as is typically the case, the offline-to-online analogy does not work well. There is a
much greater intentionality and formality to the physical act of removing shrinkwrap
plastic compared to clicking around websites.
Second, because of the ill-fitting analogy and constant technological innovations, courts’
definitions of the “wrap” terms have been imprecise. The resulting gaps cause courts to
proliferate –wrap terms to characterize new facts that don’t clearly fit within prior defined
terms.
Third, and perhaps most importantly, the wrap taxonomy is not a good substitute for the
traditional contract analysis of determining whether each party has sufficiently manifested
assent. Thus, opinions often discuss the –wrap taxonomy in dicta and then proceed to
ignore the taxonomy and instead rely on a contract assent analysis using standard contract
analysis principles. The net result is that the –wrap nomenclature doesn’t help the court’s
analysis at all. See, e.g., Cullinane v. Uber Technologies, Inc., 893 F.3d 53 (1st Cir. 2018)
(“our analysis regarding the existence of an arbitration agreement is not affected by how we
categorize the online contract at issue here.”).
Look back at the Meyer opinion and see how the court taxonomized Uber’s contract using
the –wrap definitions it articulates. Why did the opinion discuss –wrap terminology in such
detail, only to not use it?
The nomenclature issue might sound academic, but it has had real-world effects. Before the
proliferation of –wrap terminology, clickthrough agreements generally were upheld. Now,
the Second Circuit’s taxonomy distinguishes “clickwraps” from “sign-in-wrap.” As a result,
online services are encouraged to require two clicks from users (first on a checkbox
indicating assent to the contract, then on another button to proceed to the next screen/page)
where one click used to suffice. Although the Meyer case only required one click, best
practices now probably require two clicks. See Scotti v. Tough Mudder Inc., 63 Misc.3d 843
(N.Y. Sup. Ct. 2019) (apparently requiring two clicks AND mandatory scrolling through the
terms).
NOTE: I advise students to skip the –wrap terminology altogether and use only the
following two terms: “clickthrough” and “not a contract.” My students may use “clickwrap”
or “browsewrap” on their exams only if it’s coupled with immediate mocking of the terms.
Mobile Devices May Be Different. Mobile devices create extra challenges for contract
formation. For example, because the device has a smaller screen size, the agreement text
may be smaller and harder for users to read. Also, lengthy agreements could unreasonably
require users to scroll through innumerable screens to read the whole agreement.
The “Reasonably Prudent Smartphone User.” The Meyer court says:
“a reasonably prudent smartphone user knows that text that is highlighted in blue
and underlined is hyperlinked to another webpage where additional information will
be found”
“a reasonably prudent smartphone user would understand that the terms were
connected to the creation of a user account”
55.
“As long as the hyperlinked text was itself reasonably conspicuous ‐- and we conclude that it was ‐‐ a reasonably prudent smartphone user would have constructive notice of the terms”
“A reasonable user would know that by clicking the registration button, he was
agreeing to the terms and conditions accessible via the hyperlink, whether he clicked
on the hyperlink or not.”
Based on your own personal experience, do you agree with this? What empirical evidence
would confirm (or refute) your intuition? Does the fact you’ve encountered similar online
contract processes dozens or hundreds of times before reinforce your intuition, or is it an
indicator of an industry-wide pathology in contract formation (or both)?
User Actions With Multiple Consequences. Design experts consider it suboptimal to design
an interface so that a single user action has multiple consequences. Doing so can surprise
the user with unexpected consequences or force them to accept an unwanted consequence
along with the desired outcome.
Nevertheless, the court says it’s immaterial that Uber’s “register” button had two
consequences, i.e., creating the account and assenting to the terms. This might explain the
increased judicial preference for two clicks, where the first click signifies assent to the
terms of service and the second click signifies assent to the desired outcome (such as
creating the online account).
Differences Between Online and Paper Contracts. Do consumers read or understand online
contracts differently that paper contracts, even if the contracts have the same substantive
content?
Research has repeatedly indicated that readers often retain information better if they read
it on paper than if they read the same content electronically. See Maia Szalavitz, Do E-
Books Make It Harder to Remember What You Just Read?, TIME, Mar. 14, 2012; Geoff
Kaufman & Mary Flanagan, High-Low Split: Divergent Cognitive Construal Levels
Triggered by Digital and Non-digital Platforms, Proceedings of the 2016 CHI Conference on
Human Factors in Computing Systems 2773-77 (2016) (“individuals who completed the
same information processing task on a digital mobile device (a tablet or laptop computer)
versus a non-digital platform (a physical print-out) exhibited a lower level of construal, one
prioritizing immediate, concrete details over abstract, decontextualized interpretations”);
Patricia A. Alexander and Lauren M. Singer, The Enduring Power of Print for Learning in
a Digital World, THE CONVERSATION, Oct. 17, 2017, https://theconversation.com/the-
enduring-power-of-print-for-learning-in-a-digital-world-84352 (online reading led to poorer
comprehension of specific details in documents over 1 page).
See also Ferris Jabr, The Reading Brain in the Digital Age: The Science of Paper Versus
Screens, SCI. AM., Apr. 11, 2013:
In most cases, paper books have more obvious topography than onscreen text.
An open paperback presents a reader with two clearly defined domains—the
left and right pages—and a total of eight corners with which to orient oneself.
A reader can focus on a single page of a paper book without losing sight of the
56.
whole text: one can see where the book begins and ends and where one page
is in relation to those borders. One can even feel the thickness of the pages
read in one hand and pages to be read in the other. Turning the pages of a
paper book is like leaving one footprint after another on the trail—there’s a
rhythm to it and a visible record of how far one has traveled. All these
features not only make text in a paper book easily navigable, they also make
it easier to form a coherent mental map of the text.
In contrast, most screens, e-readers, smartphones and tablets interfere with
intuitive navigation of a text and inhibit people from mapping the journey in
their minds. A reader of digital text might scroll through a seamless stream
of words, tap forward one page at a time or use the search function to
immediately locate a particular phrase—but it is difficult to see any one
passage in the context of the entire text….Although e-readers like the Kindle
and tablets like the iPad re-create pagination—sometimes complete with
page numbers, headers and illustrations—the screen only displays a single
virtual page: it is there and then it is gone.….
Other researchers have suggested that people comprehend less when they
read on a screen because screen-based reading is more physically and
mentally taxing than reading on paper. E-ink is easy on the eyes because it
reflects ambient light just like a paper book, but computer screens,
smartphones and tablets like the iPad shine light directly into people's faces.
Depending on the model of the device, glare, pixilation and flickers can also
tire the eyes. LCDs are certainly gentler on eyes than their predecessor,
cathode-ray tubes (CRT), but prolonged reading on glossy self-illuminated
screens can cause eyestrain, headaches and blurred vision….
An emerging collection of studies emphasizes that in addition to screens
possibly taxing people's attention more than paper, people do not always
bring as much mental effort to screens in the first place. Subconsciously,
many people may think of reading on a computer or tablet as a less serious
affair than reading on paper….
When reading on screens, people seem less inclined to engage in what
psychologists call metacognitive learning regulation—strategies such as
setting specific goals, rereading difficult sections and checking how much one
has understood along the way.
Do these data points provide justify Internet exceptionalism for online contracts? If so,
which direction—more or less favorable than the offline standards?
Does It Matter That Users Don’t Read the Contracts? Assume for a moment that less than
1% of any service’s users read the applicable terms of service. The Meyer court says: “While
it may be the case that many users will not bother reading the additional terms, that is the
choice the user makes; the user is still on inquiry notice.” Does that seem right? If a
“reasonably prudent smartphone user” won’t read the contract, does it make sense to
embrace the legal fiction that they “chose” not to do so? Does your answer change if one or
more of the following are true?
57.
consumers would have to scroll through dozens of device screens to review the terms
of service
it would take many minutes for a person to read the terms of service on a mobile
device
most terms of service are written in sophisticated legalese that is above the reading
comprehension level of a “reasonably prudent smartphone user”
consumers have no power to negotiate any changes to the terms of service
most industry players offer similar anti-consumer terms, so an objecting consumer
isn’t likely to find better terms from a competitor.
Contracts With Children. If an online contract formation process is properly implemented
as a mandatory clickthrough, the online service doesn’t need to prove the identity of any
individual user that purportedly agreed to it. Every user had to go through the same
sequence of pages, and that sequence included a page where contract formation was
handled properly, so logic dictates that every user who completed that process has assented
to the contract regardless of their identity.
This logic breaks down if the user has a legally recognized limit to their capacity, like being
intoxicated or a minor. Even though the formation process operated properly from a
technical standpoint, the lack of capacity should prevent the formation of a valid and
binding contract.
C.M.D. v. Facebook, 2014 WL 1266291 (N.D. Cal. 2014), dealt with Facebook’s use of
minors’ names and faces in its on-site advertising called Sponsored Stories. Facebook
claimed the minors agreed to Facebook’s advertising practices via its user agreement (what
Facebook calls its “Statement of Rights and Responsibilities”). The court held that,
according to the applicable California statute, the agreement was voidable, not void ab
initio. Minors could choose to void the contract at any time, but only by terminating their
Facebook accounts. Until the minors made this election, the contract was legally valid.
Thus, Facebook wasn’t liable for its advertising practices prior to voiding.
In B.F. v. Amazon, 19-910-RAJ-MLP (W.D. Wash. Oct. 21, 2019), the court held that the
terms of service for Amazon’s Alexa did not bind children, even if their parents had
consented to it. However, Amazon could have easily fixed this by adding a provision to its
terms saying that parents were consenting on behalf of their children as well.
Importance of a Good Call-to-Action. Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th
Cir. 2014) held:
where a website makes its terms of use available via a conspicuous hyperlink
on every page of the website but otherwise provides no notice to users nor
prompts them to take any affirmative action to demonstrate assent, even
close proximity of the hyperlink to relevant buttons users must click on—
without more—is insufficient to give rise to constructive notice
Barnes & Noble presented a link to its “Terms of Use” near its purchase button, but
the court implicitly rejected that the phrase “Terms of Use” signaled that purchasing
58.
meant assent to those terms. Had Barnes & Noble used a stronger call-to-action, its
presentation should have worked. See also the Zappos.com example below.
If the call-to-action asks users to agree to a “terms of use” and links to the associated
document, but the linked document is titled a “license agreement,” is there a contract? See
Resorb Networks, Inc. v. YouNow.com, 30 N.Y.S.3d 506 (N.Y. Sup. Ct. 2016) (no).
Visibility of Call-to-Action. Courts are not sympathetic to services that don’t make the call-
to-action prominent. See Wilson v. Huuuge, Inc., 944 F.3d 1212 (9th Cir. 2019):
Wilson was not required to assent to Huuuge’s Terms before downloading or
using the app—or at any point at all. Huuuge did not notify users that the
app had terms and conditions, let alone put them in a place the user would
necessarily see. Instead, a user would need to seek out or stumble upon
Huuuge’s Terms, either by scrolling through multiple screens of text before
downloading the app or clicking the settings menu within the app during
gameplay.
When downloading the app, the Terms are not just submerged—they are
buried twenty thousand leagues under the sea. Nowhere in the opening
profile page is there a reference to the Terms. To find a reference, a user
would need to click on an ambiguous button to see the app's full profile page
and scroll through multiple screen-lengths of similar-looking paragraphs.
Once the user unearths the paragraph referencing the Terms, the page does
not even inform the user that he will be bound by those terms. There is no
box for the user to click to assent to the Terms. Instead, the user is urged to
read the Terms—a plea undercut by Huuuge's failure to hyperlink the Terms.
This is the equivalent to admonishing a child to “please eat your peas” only to
then hide the peas. A reasonably prudent user cannot be expected to
scrutinize the app's profile page with a fine-tooth comb for the Terms.
Accessing the terms during gameplay is similarly a hide-the-ball exercise. A
user can view the Terms through the “Terms & Policy” tab of the settings
menu. Again, the user is required to take multiple steps. He must first find
and click on the three white dots representing the settings menu, tucked
away in the corner and obscured amongst the brightly colored casino games.
The “Terms & Policy” tab within the settings is buried among many other
links, like FAQs, notifications, and sound and volume. The tab is not bolded,
highlighted, or otherwise set apart.
….Only curiosity or dumb luck might bring a user to discover the Terms.
Test yourself #1: Do you think the following call-to-action succeeds?
59.
See DeVries v. Experian Information Solutions, Inc., 2017 WL 733096 (N.D. Cal. 2017)
(looks good!).
Test yourself #2: The next screenshot depicts the footer on Zappos.com’s web pages. Notice
the obscure link entitled “Terms of Use” on the far left bottom under “Zappos.com Policies.”*
If you printed out the home page of Zappos.com, this snippet probably would be on page 3 of
a 4 page printout.
If you clicked on the “Terms of Use” link, the terms started out with:
* [Editor’s note: the “Don’t Ever Click Here” link goes to a Rickroll video featuring the Muppets.]
60.
Can Zappos.com enforce these terms in court? See In re Zappos.com Inc., Customer Data
Security Breach Litigation, 893 F. Supp. 2d 1058 (D. Nev. 2012) (no).
Test yourself #3: Does the “reference” link (inside the red box, which I added, at the very
bottom of this screen shot) act as a sufficient call-to-action to form a contract using the
terms at the terminus of that link?
See Zajac, LLC v. Walker Industrial, 2016 WL 3962830 (D. Maine 2016) (no, and it’s not
even close).
Test Yourself #4: Is the “Sign Up” button a sufficient call-to-action to bind users to the
terms and conditions?
61.
See TopstepTrader, LLC, V. OneUp Trader, LLC, 2018 WL 1859040 (N.D. Ill. 2018) (no,
because “the ‘Sign Up’ button signaled that the user wanted to sign up for an account; it did
not signal acceptance to additional Terms”). How hard is it to fix this problem?
62.
Uber’s Contract Formation Redux. Uber won the Meyer ruling, but not all of its cases have
gone as well. As depicted in the Meyer opinion, to register with Uber, prospective customers
had to navigate the following process. First, they completed this screen:
63.
After clicking “next,” registrants saw the following screen:
64.
So far so good—the Meyer court blessed this process. However, when registrants attempted
to fill in the credit card data (which they had to do to finish the registration process), the
above screen changed to look like this:
Notice how once the user starts to enter the credit card number, the keypad covers up the
language “By creating an Uber account, you agree to the Terms of Service and Privacy
Policy,” but the “Register” button remained visible. As a result, registrants who filled in the
65.
credit card information and immediately selected the “Register” button would not see the
“By creating an Uber account…” language again.
Does this implementation jeopardize Uber’s contract formation? Metter v. Uber Techs., Inc.,
2017 WL 1374579 (N.D. Cal. 2017), contains this ominous statement: “Although the terms
of service alert seems designed to put a registrant on inquiry notice of Uber’s terms of
service and to alert the registrant that registration will amount to affirmative assent to
those terms, the keypad obstruction is a fatal defect to the alert’s functioning.”
Imagine you are counsel for Uber when it rolled out the implementation described above.
Would you have structured Uber’s online contract formation process differently? If so, ask
yourself how you would have spotted this issue. If mobile device apps function differently,
sometimes substantially, based on their operating system platform (i.e., Apple v. Android),
what steps would you take to properly review Uber’s contract formation in its apps?
Best Practices for Online Contract Formation. Though it’s possible to form an online
contract in a variety of ways, some recommended or “best” practices to increase the
likelihood of contract formation:
Clear Call-to-Action: users should be presented with a statement that says “if you do
X, you agree to Y.” Numerous contracts have failed because of weak or ambiguous
calls-to-action, and that’s a trivially easy problem to avoid.
Call-to-Action Prominence: the call-to-action should be “above the fold,” i.e., visible
on the page/screen without the user scrolling down, and the font should be a larger
font size and more prominent color than the surrounding text. As the First Circuit
observed, “If everything on the screen is written with conspicuous features, then
nothing is conspicuous.” Cullinane v. Uber Technologies, Inc., 893 F.3d 53 (1st Cir.
2018).
Mandatory Checkbox: preferably, the call-to-action should say “by clicking this
checkbox, you agree to the [name of the legal terms],” with an associated checkbox
that users must check to proceed. The extra checkbox is not legally required (see,
e.g., Scherillo v. Dun & Bradstreet, Inc., 684 F. Supp. 2d 313 (E.D.N.Y. 2010)) but it
helps courts avoid distinctions between “clickwraps” and “sign-in-wraps.” See, e.g.,
Cullinane v. Uber Technologies, Inc., 893 F.3d 53 (1st Cir. 2018) (“Uber chose not to
use a common method of conspicuously informing users of the existence and location
of terms and conditions: requiring users to click a box stating that they agree to a set
of terms, often provided by hyperlink, before continuing to the next screen”); Small
Justice v. Xcentric Ventures, 99 F. Supp. 3d 190 (D. Mass. 2015).
Contract Visibility. Courts still accept making the legal terms available as a
hyperlink from the call-to-action. However, preferably the user terms are presented
on the same page as the call-to-action. Because of their length, many services
present the legal terms as “scrollboxes” where the first few lines of the legal terms
are visible and users can scroll down in the box (without leaving the page) to read
more. You can also provide options for users to “pop out” the terms into a new
window and, as a nice touch, print the legal terms if they choose. A very strong
contract formation process would require users to scroll through the terms before
they are allowed to click the “agree to” checkbox (this is the “scrollwrap” term), but
this step is not legally required.
66.
Second Click to Proceed: though not required, it would be advisable to have a second
click that lets the user advance from the page/screen, such as a “register” or “buy
now” button.
“Non-leaky” Formation Process: it should be impossible for users to reach their
desired outcome (such as creating the account or buying the item) without going
through the contract formation process. This means there should be no workarounds
or alternative user flows that reach that outcome. Recall, for example, that the
Meyer court says Meyer did not take advantage of Uber’s option to allow logins
through Google+ or Facebook. That raises the question: if he had used those
alternative logins, would he have followed the same contract formation process, and
would the same call-to-action have applied?
Because of the importance of the contract formation process, the lawyer isn’t done when
he/she drafts and delivers the actual substantive legal terms. The lawyer must then check
the contract formation implementation to ensure it’s airtight. This includes asking about
workarounds and—MOST IMPORTANTLY—checking the formation on multiple devices
and operating systems. Almost every service has to build an account creation flow for
mobile apps that differs from their web flow, and if either flow fails to form the contract, the
service is in deep trouble. Often, app flows must differ between iOS, Android and other
mobile device operating systems (and the flows may differ between different generations of
each operating system). IT ABSOLUTELY IS THE LAWYER’S JOB TO CONFIRM THE
CONTRACT FORMATION PROCESS WORKS ACROSS ALL OF THE DIFFERENT
TECHNOLOGICAL CHANNELS. NO LAWYER SHOULD ASSUME THE CLIENT WILL
DO IT RIGHT WITHOUT INSTRUCTIONS AND REVIEW.
Evidentiary Issues. Assume an online service has a well-drafted and well-formed
clickthrough agreement. How can the online service credibly prove its contract formation
process and applicable terms in court…preferably at the motion to dismiss or summary
judgment stages?
In Moretti v. Hertz Corporation, 2014 WL 1410432 (N.D. Cal. 2014), Hotwire invoked its
clickthrough agreement against a plaintiff who claimed he hadn’t checked the box to assent
to the agreement. To support a motion to transfer, Hotwire introduced the following
evidence:
Defendants have produced two declarations from employees at Hotwire: (1)
Sarah Bernard who at the operative time was the Vice President of Product
Management for Hotwire; and (2) Jacob Aaron Joachin Hadary who was the
Lead Product Manager for Hotwire during that time. Bernard and Hadary
affirmatively state that the Terms of Use in operation during the December
2012 time frame included a forum-selection clause. Hadary declares, and
corroborates Bernard’s declaration, that an individual using the Hotwire
website cannot complete a booking without checking the “Acceptance Box”
acknowledging the acceptance of “Hotwire’s terms and conditions and other
applicable rules.” Hadary confirms that this requirement has been in place
since 2005.
67.
Based on those declarations, and without any conflicting evidence from the plaintiff
other than his unsubstantiated assertion, the court upheld Hotwire’s venue-selection
clause and granted its motion to transfer.
A similar result occurred in Zaltz v. JDate, 952 F. Supp. 2d 439 (E.D.N.Y. 2013). JDate has
a two-click process for registration. First, users must check-the-box to confirm reading the
terms, then click on a button to confirm registration. Nevertheless, the plaintiff claimed: “I
don’t believe these are the same terms I signed up with. I don’t believe that I agreed to any
terms stating that I have to sue within California if an issue arises.” JDate rebutted her
unsupported assertion with screenshots of its registration page plus:
a sworn statement from its North American Director of Customer Support
that the “Terms of Service were applicable to all subscribers of Spark
Networks’ website at JDate.com and no material changes were made thereto
during all four periods where Ms. Zaltz was a subscriber of Spark’s website at
JDate.com” and the forum selection clause at issue was part of those Terms of
Service and “remained unchanged during Ms. Zaltz’s subscription to
JDate.com.”
On this basis, JDate successfully transferred the case to its home court without a mini-trial
to resolve what contract terms governed the case.
To achieve similar results, it’s essential to maintain a chain of evidence that can
convincingly show (1) the agreement’s terms on any specific date, and (2) what user
interactions were technologically required to manifest assent on that date (preferably
including screenshots in color). You should also consider how to introduce this evidence
even if all of the relevant employees have left the company by the time the matter reaches
litigation.
What Contract Law Applies to Online Contracts? It’s an overgeneralization, but broadly
stated, there are two major bodies of contract law: “common law” and the “Uniform
Commercial Code” (UCC). UCC Article 2 applies to the sale of physical goods, and common
law (which states may have codified into statutes) applies to many other types of contracts,
including the performance of services. Your 1L Contracts class probably focused on the
common law and spent little time talking about UCC Article 2. 1L Contracts professors
often defer discussion of UCC Article 2 to an upper-division elective, such as “Sales.”
As noted earlier, in the 1980s and 1990s, most software was sold in shrinkwrap packaging,
and UCC Article 2 governed the sale of the physical goods. In turn, most early software
contracts cases applied UCC Article 2 both to the tangible storage disks and the software
stored on those disks—even though Article 2 didn’t contemplate the unique aspects of
intangible software. Article 2’s applicability to software became even more dubious when
software was distributed as an Internet download, without any associated sale of a physical
item.
In the 1990s, the American Law Institute (ALI) and National Conference of Commissioners
on Uniform State Laws (NCCUSL) jointly developed a proposed UCC Article 2B that would
apply to intangible items like software and electronic content. That partnership dissolved
when ALI rejected the proposal.
68.
Undeterred, NCCUSL rebranded the proposal as the Uniform Computer Information
Transactions Act (UCITA) and offered it to state legislatures as a model state law. Only two
states, Maryland and Virginia, adopted UCITA. No other states have done so (or will do so).
Indeed, about a half-dozen states adopted “bomb shelter” statutes saying that UCITA would
not apply to those states’ residents.
Thus, UCITA failed as a model law, though it continues to apply in Maryland and Virginia.
Few lawyers have expertise in UCITA; it’s quite lengthy and detailed, and it does not
reflect modern technology. As a result, Internet companies based in Maryland and Virginia
sometimes expressly opt-out of UCITA in their contracts’ choice-of-law provisions.
The failure of UCC Article 2B and UCITA still leaves a hole in contract law for intangible
items online, such as software and content. Should UCC Article 2 apply, as historically it
did to software, or should the common law apply, as it would normally apply to services?
Courts often sidestep this issue, so whether UCC Article 2 or common law applies to online
contracts remains unresolved.
The failure of UCC Article 2B has not deterred ALI from revisiting this issue. After the
failure of UCC Article 2B, in 2009, ALI adopted a document called the “Principles of the
Law of Software Contracts” that addressed online contracts. That document was largely
ignored.
Now, ALI is developing a new “Restatement of the Law of Consumer Contracts” that
purports to address many online contracts. At a very high level, the Restatement of
Consumer Contracts’ terms are biased towards forming more contracts, coupled with an
expectation that courts will rigorously police those contract terms using unconscionability
and other consumer-protective doctrines. However, courts are reluctant to use the
unconscionability doctrine too aggressively, so the Restatement of Consumer Contracts’
structure will either require judges to change their historical approaches or will lead to too
many binding consumer contracts with problematic terms. Even if ALI adopts the new
restatements, it remains uncertain how judges will respond to it.
The Swinging Pendulum of Arbitration Enforceability. This book primarily focuses on the
procedure of online contract formation, not the substantive terms of the contract. If the
formation process is botched, the substantive contract terms don’t matter. But if contract
formation is handled properly, then the substantive terms of that contract absolutely
matter—especially when subjected to unconscionability challenges.
In particular, arbitration clauses have been the subject of substantial litigation. The
Federal Arbitration Act says that agreements to arbitrate generally shall be “valid,
irrevocable, and enforceable.” 9 U.S.C. §2. Accordingly, courts often go to great lengths to
honor arbitration agreements. Some of this reflects courts’ workloads—every case sent to
arbitration means one less case on the judge’s docket. More importantly, historically
arbitration has been perceived as cheaper and faster than litigation, so getting cases into
arbitration should benefit everyone.
This pro-arbitration view has degraded in the last couple decades. First, arbitration often
isn’t faster or cheaper than litigation. Second, businesses select arbitration services where
69.
they are likely to win consistently. If a business loses arbitrations too often, it will switch
arbitration services. Third, arbitration bypass jury trials (and the associated risk of high
damages that can result from those trials) and inhibit class actions, effectively allowing
businesses to short-circuit some of the due process features of the judicial system.
As courts recognized the potential abuses of arbitration clauses, they became more
circumspect about sending cases to arbitration, relying on doctrines like formation and
unconscionability to block the applicability of an arbitration clause in an online contract.
For example, in Comb v. PayPal, 218 F. Supp. 2d 1165 (2002), a federal court deemed
PayPal’s arbitration clause unconscionable. Following the Comb decision, many online
businesses removed arbitration clauses from their online contracts.
The pendulum swung again after AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), which
invalidated states’ efforts to restrict arbitration, even when arbitration blocked class action
lawsuits. Following Concepcion, many online businesses added arbitration clauses back into
their online contracts. However, most businesses now do a number of things to reduce the
risk of the clause being unconscionable, such as excluding low-value cases (letting those go
to small claims court), allowing class formation in arbitration, covering the out-of-pocket
costs to the arbitration service, allowing consumers to arbitrate without making a costly
appearance in person, and letting consumers opt-out of arbitration when forming the
contract (usually through an onerous opt-out mechanism, such as sending a postal letter
within 30 days of agreeing to the terms).
If you’re advising a business about online contract formation that includes an arbitration
clause, make sure to keep up with the caselaw and the state-of-the-art arbitration terms
that reduce the risk of unconscionability. The law in this area keeps changing rapidly.
70.
The Meyer case discusses the most common methods of forming contracts via the web or
mobile apps. The next case represents perhaps the most prominent alternative to Meyer’s
approach. In the next case, a website operator successfully forms an online contract without
a mandatory clickthrough agreement. Because this exception has the potential to swallow
up the rule, courts apply it sparingly.
Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004).
Leval, Circuit Judge.*
Defendant, Verio, Inc. (“Verio”) appeals from an order of the United States District Court
for the Southern District of New York (Barbara S. Jones, J.) granting the motion of plaintiff
Register.com, Inc. (“Register”) for a preliminary injunction. The court’s order enjoined Verio
from (1) using Register’s trademarks; (2) representing or otherwise suggesting to third
parties that Verio’s services have the sponsorship, endorsement, or approval of Register; (3)
accessing Register’s computers by use of automated software programs performing multiple
successive queries; and (4) using data obtained from Register’s database of contact
information of registrants of Internet domain names to solicit the registrants for the sale of
web site development services by electronic mail, telephone calls, or direct mail. We
affirm.1…
BACKGROUND
This plaintiff Register is one of over fifty companies serving as registrars for the issuance of
domain names on the world wide web. As a registrar, Register issues domain names to
persons and entities preparing to establish web sites on the Internet. Web sites are
identified and accessed by reference to their domain names.
Register was appointed a registrar of domain names by the Internet Corporation for
Assigned Names and Numbers, known by the acronym “ICANN.” ICANN is a private, non-
profit public benefit corporation which was established by agencies of the U.S. government
to administer the Internet domain name system. To become a registrar of domain names,
Register was required to enter into a standard form agreement with ICANN, designated as
the ICANN Registrar Accreditation Agreement, November 1999 version (referred to herein
as the “ICANN Agreement”).
Applicants to register a domain name submit to the registrar contact information, including
at a minimum, the applicant’s name, postal address, telephone number, and electronic mail
address. The ICANN Agreement, referring to this registrant contact information under the
* The Honorable Fred I. Parker was a member of the panel but died on August 12, 2003. Judge Parker would
have voted to reverse the district court’s order. This appeal is being decided by the two remaining members of
the panel, who are in agreement. 1 Judge Parker was not in agreement with this disposition. Deliberations have followed an unusual course.
Judge Parker initially was assigned to prepare a draft opinion affirming the district court. In the course of
preparing the draft, Judge Parker changed his mind and proposed to rule in favor of the defendant, overturning
the injunction in most respects. Judge Parker’s draft opinion, however, failed to convince the other members of
the panel, who adhered to the view that the injunction should be affirmed. Judge Parker died shortly thereafter,
prior to the circulation of a draft opinion affirming the injunction, from which Judge Parker presumably would
have dissented. [Editor’s note: The court attached Judge Parker’s draft opinion as an Appendix. It’s a scholarly
and thoughtful opinion that will reward interested readers.]
71.
rubric “WHOIS information,” requires the registrar, under terms discussed in greater detail
below, to preserve it, update it daily, and provide for free public access to it through the
Internet as well as through an independent access port, called port 43.
Section II.F.5 of the ICANN Agreement (which furnishes a major basis for the appellant
Verio’s contentions on this appeal) requires that the registrar “not impose terms and
conditions” on the use made by others of its WHOIS data “except as permitted by ICANN-
adopted policy.” In specifying what restrictions may be imposed, the ICANN Agreement
requires the registrar to permit use of its WHOIS data “for any lawful purposes except to: ...
support the transmission of mass unsolicited, commercial advertising or solicitations via
email (spam); [and other listed purposes not relevant to this appeal].” (emphasis added).
Another section of the ICANN Agreement (upon which appellee Register relies) provides as
follows,
No Third-Party Beneficiaries: This Agreement shall not be construed to
create any obligation by either ICANN or Registrar to any non-party to this
Agreement....
Third parties could nonetheless seek enforcement of a registrar’s obligations set forth in the
ICANN Agreement by resort to a grievance process under ICANN’s auspices.
In compliance with § II.F.1 of the ICANN Agreement, Register updated the WHOIS
information on a daily basis and established Internet and port 43 service, which allowed
free public query of its WHOIS information.* An entity making a WHOIS query through
Register’s Internet site or port 43 would receive a reply furnishing the requested WHOIS
information, captioned by a legend devised by Register, which stated,
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that under no circumstances will you use this data to ...
support the transmission of mass unsolicited, commercial advertising or
solicitation via email.
The terms of that legend tracked § II.F.5 of the ICANN Agreement in specifying the
restrictions Register imposed on the use of its WHOIS data. Subsequently, as explained
below, Register amended the terms of this legend to impose more stringent restrictions on
the use of the information gathered through such queries.
* [Editor’s note: IETF RFC 3912 (https://tools.ietf.org/html/rfc3912) from Sept. 2014 describes Port 43 and the
WHOIS protocol:
A WHOIS server listens on TCP port 43 for requests from WHOIS clients. The WHOIS client
makes a text request to the WHOIS server, then the WHOIS server replies with text content.
All requests are terminated with ASCII CR and then ASCII LF. The response might contain
more than one line of text, so the presence of ASCII CR or ASCII LF characters does not
indicate the end of the response. The WHOIS server closes its connection as soon as the output
is finished. The closed TCP connection is the indication to the client that the response has been
received….
WHOIS lacks mechanisms for access control, integrity, and confidentiality. Accordingly,
WHOIS-based services should only be used for information which is non-sensitive and
intended to be accessible to everyone.]
72.
In addition to performing the function of a registrar of domain names, Register also
engages in the business of selling web-related services to entities that maintain web sites.
These services cover various aspects of web site development. In order to solicit business for
the services it offers, Register sends out marketing communications. Among the entities it
solicits for the sale of such services are entities whose domain names it registered.
However, during the registration process, Register offers registrants the opportunity to
elect whether or not they will receive marketing communications from it.
The defendant Verio, against whom the preliminary injunction was issued, is engaged in
the business of selling a variety of web site design, development and operation services. In
the sale of such services, Verio competes with Register’s web site development business. To
facilitate its pursuit of customers, Verio undertook to obtain daily updates of the WHOIS
information relating to newly registered domain names. To achieve this, Verio devised an
automated software program, or robot, which each day would submit multiple successive
WHOIS queries through the port 43 accesses of various registrars. Upon acquiring the
WHOIS information of new registrants, Verio would send them marketing solicitations by
email, telemarketing and direct mail. To the extent that Verio’s solicitations were sent by
email, the practice was inconsistent with the terms of the restrictive legend Register
attached to its responses to Verio’s queries.
At first, Verio’s solicitations addressed to Register’s registrants made explicit reference to
their recent registration through Register. This led some of the recipients of Verio’s
solicitations to believe the solicitation was initiated by Register (or an affiliate), and was
sent in violation of the registrant’s election not to receive solicitations from Register.
Register began to receive complaints from registrants. Register in turn complained to Verio
and demanded that Verio cease and desist from this form of marketing. Register asserted
that Verio was harming Register’s goodwill, and that by soliciting via email, was violating
the terms to which it had agreed on submitting its queries for WHOIS information. Verio
responded to the effect that it had stopped mentioning Register in its solicitation message.
In the meantime, Register changed the restrictive legend it attached to its responses to
WHOIS queries. While previously the legend conformed to the terms of § II F.5, which
authorized Register to prohibit use of the WHOIS information for mass solicitations “via
email,” its new legend undertook to bar mass solicitation “via direct mail, electronic mail, or
by telephone.”2 Section II.F.5 of Register’s ICANN Agreement, as noted above, required
Register to permit use of the WHOIS data “for any lawful purpose except to ... support the
transmission of mass unsolicited solicitations via email (spam).” Thus, by undertaking to
prohibit Verio from using the WHOIS information for solicitations “via direct mail ... or by
telephone,” Register was acting in apparent violation of this term of its ICANN Agreement.
Register wrote to Verio demanding that it cease using WHOIS information derived from
Register not only for email marketing, but also for marketing by direct mail and telephone.
Verio ceased using the information in email marketing, but refused to stop marketing by
direct mail and telephone. [Register sued Verio in August 2000]….
2 The new legend stated:
By submitting a WHOIS query, you agree that ... under no circumstances will you use this
data to ... support the transmission of mass unsolicited ... advertising or solicitations via direct
mail, electronic mail, or by telephone.
73.
[Editor’s note: the following diagram may help you understand the relationships visually]
DISCUSSION…
(a) Verio’s enforcement of the restrictions placed on Register by the ICANN Agreement
Verio conceded that it knew of the restrictions Register placed on the use of the WHOIS
data and knew that, by using Register’s WHOIS data for direct mail and telemarketing
solicitations, it was violating Register’s restrictions. Verio’s principal argument is that
Register was not authorized to forbid Verio from using the data for direct mail and
telemarketing solicitation because the ICANN Agreement prohibited Register from
imposing any “terms and conditions” on use of WHOIS data, “except as permitted by
ICANN-adopted policy,” which specified that Register was required to permit “any lawful
purpose, except ... mass solicitation[] via email.”
Register does not deny that the restrictions it imposed contravened this requirement of the
ICANN Agreement. Register contends, however, that the question whether it violated §
II.F.5 of its Agreement with ICANN is a matter between itself and ICANN, and that Verio
cannot enforce the obligations placed on Register by the ICANN Agreement. Register points
to § II.S.2 of the ICANN Agreement, captioned “No Third-Party Beneficiaries,” which, as
74.
noted, states that the agreement is not to be construed “to create any obligation by either
ICANN or Registrar to any non-party.” Register asserts that Verio, a non-party, is asking
the court to construe § II.F.5 as creating an obligation owed by Register to Verio, and that
the Agreement expressly forbids such a construction.
ICANN intervened in the district court as an amicus curiae and strongly supports
Register’s position, opposing Verio’s right to invoke Register’s contractual promises to
ICANN. ICANN explained that ICANN has established a remedial process for the
resolution of such disputes through which Verio might have sought satisfaction. “If Verio
had concerns regarding Register.com’s conditions for access to WHOIS data, it should have
raised them within the ICANN process rather [than] simply taking Register.com’s data,
violating the conditions [imposed by Register], and then seeking to justify its violation in
this Court .... [Verio’s claim was] intended to be addressed only within the ICANN process.”
ICANN asserted that the No Third-Party Beneficiary provision, barring third parties from
seeking to enforce promises made by a registrar to ICANN through court proceedings, was
“vital to the overall scheme of [its] various agreements.”
This is because proper expression of the letter and spirit of ICANN policies is
most appropriately achieved through the ICANN process itself, and not
through forums that lack the every day familiarity with the intricate
technical and policy issues that the ICANN process was designed to address.
ICANN’s brief went on to state:
[E]nforcement of agreements with ICANN [was to] be informed by the
judgment of the various segments of the internet community as expressed
through ICANN. In the fast-paced environment of the Internet, new issues
and situations arise quickly, and sometimes the language of contractual
provisions does not perfectly match the underlying policies. For this and
other reasons, hard-and-fast enforcement [by courts] of the letter of every
term of every agreement is not always appropriate. An integral part of the
agreements that the registrars ... entered with ICANN is the understanding
that these situations would be handled through consultation and
consideration within the ICANN process.... Allowing issues under the
agreements registrars make with ICANN to be diverted from [ICANN’s]
carefully crafted remedial scheme to the courts, at the behest of third
parties..., would seriously threaten the Internet community’s ability, under
the auspices of ICANN, to achieve a proper balance of the competing policy
values that are so frequently involved.
We are persuaded by the arguments Register and ICANN advance. It is true Register
incurred a contractual obligation to ICANN not to prevent the use of its WHOIS data for
direct mail and telemarketing solicitation. But ICANN deliberately included in the same
contract that persons aggrieved by Register’s violation of such a term should seek
satisfaction within the framework of ICANN’s grievance policy, and should not be heard in
courts of law to plead entitlement to enforce Register’s promise to ICANN. As experience
develops in the fast changing world of the Internet, ICANN, informed by the various
constituencies in the Internet community, might well no longer consider it salutary to
75.
enforce a policy which it earlier expressed in the ICANN Agreement. For courts to
undertake to enforce promises made by registrars to ICANN at the instance of third parties
might therefore be harmful to ICANN’s efforts to develop well-informed and sound Internet
policy.
Verio’s invocation of the ICANN Agreement necessarily depends on its entitlement to
enforce Register’s promises to ICANN in the role of third party beneficiary. The ICANN
Agreement specified that it should be deemed to have been made in California, where
ICANN is located. Under § 1559 of the California Civil Code, a “contract, made expressly
for the benefit of a third person, may be enforced by him.” For Verio to seek to enforce
Register’s promises it made to ICANN in the ICANN Agreement, Verio must show that the
Agreement was made for its benefit. Verio did not meet this burden. To the contrary, the
Agreement expressly and intentionally excluded non-parties from claiming rights under it
in court proceedings.
We are not persuaded by the arguments Judge Parker advanced in his draft. Although
acknowledging that Verio could not claim third party beneficiary rights to enforce
Register’s promises to ICANN, Judge Parker nonetheless found three reasons for enforcing
Verio’s claim: (i) “public policy interests at stake,” (ii) Register’s “indisputable obligations to
ICANN as a registrar,” and (iii) the equities, involving Register’s “unclean hands” in
imposing a restriction it was contractually bound not to impose. We respectfully disagree.
As for the first argument, that Register’s restriction violated public policy, it is far from
clear that this is so. It is true that the ICANN Agreement at the time ICANN presented it
to Register permitted mass solicitation by means other than email. But it is not clear that
at the time of this dispute, ICANN intended to adhere to that policy. As ICANN’s amicus
brief suggested, the world of the Internet changes rapidly, and public policy as to how that
world should be governed may change rapidly as well. ICANN in fact has since changed the
terms of its standard agreement for the accreditation of registrars to broaden the uses of
WHOIS information that registrars may prohibit to include not only mass email
solicitations but also mass telephone and fax solicitations. It is far from clear that ICANN
continues to view public policy the way it did at the time it crafted Register’s agreement. In
any event, if Verio wished to have the dispute resolved in accordance with public policy, it
was free to bring its grievance to ICANN. Verio declined to do so. ICANN included the “No
Third-Party Beneficiary” provision precisely so that it would retain control of enforcement
of policy, rather than yielding it to courts.
As for Judge Parker’s second argument, Register’s “indisputable obligation to ICANN as a
registrar” to permit Verio to use the WHOIS information for mass solicitation by mail and
telephone, we do not see how this argument differs from Verio’s claim of entitlement as a
third party beneficiary, which § II.S.2 explicitly negates. The fact that Register owed a
contractual obligation to ICANN not to impose certain restrictions on use of WHOIS
information does not mean that it owed an obligation to Verio not to impose such
restrictions. As ICANN’s brief in the district court indicates, ICANN was well aware of
Register’s deviation from the restrictions imposed by the ICANN Agreement, but ICANN
chose not to take steps to compel Register to adhere to its contract.
Nor are we convinced by Judge Parker’s third argument of Register’s “unclean hands.”
Judge Parker characterizes Register’s failure to honor its contractual obligation to ICANN
as unethical conduct, making Register ineligible for equitable relief. But Register owed no
76.
duty in that regard to anyone but ICANN, and ICANN has expressed no dissatisfaction
with Register’s failure to adhere to that term of the contract. Verio was free to seek
ICANN’s intervention on its behalf, but declined to do so, perhaps because it knew or
suspected that ICANN would decline to compel Register to adhere to the contract term.
Under the circumstances, we see no reason to assume on appeal that Register’s conduct
should be considered unethical, especially where the district court made no such finding.
(b) Verio’s assent to Register’s contract terms
Verio’s next contention assumes that Register was legally authorized to demand that takers
of WHOIS data from its systems refrain from using it for mass solicitation by mail and
telephone, as well as by email. Verio contends that it nonetheless never became
contractually bound to the conditions imposed by Register’s restrictive legend because, in
the case of each query Verio made, the legend did not appear until after Verio had
submitted the query and received the WHOIS data. Accordingly, Verio contends that in no
instance did it receive legally enforceable notice of the conditions Register intended to
impose. Verio therefore argues it should not be deemed to have taken WHOIS data from
Register’s systems subject to Register’s conditions.
Verio’s argument might well be persuasive if its queries addressed to Register’s computers
had been sporadic and infrequent. If Verio had submitted only one query, or even if it had
submitted only a few sporadic queries, that would give considerable force to its contention
that it obtained the WHOIS data without being conscious that Register intended to impose
conditions, and without being deemed to have accepted Register’s conditions. But Verio was
daily submitting numerous queries, each of which resulted in its receiving notice of the
terms Register exacted. Furthermore, Verio admits that it knew perfectly well what terms
Register demanded. Verio’s argument fails.
The situation might be compared to one in which plaintiff P maintains a roadside fruit
stand displaying bins of apples. A visitor, defendant D, takes an apple and bites into it. As
D turns to leave, D sees a sign, visible only as one turns to exit, which says “Apples—50
cents apiece.” D does not pay for the apple. D believes he has no obligation to pay because
he had no notice when he bit into the apple that 50 cents was expected in return. D’s view is
that he never agreed to pay for the apple. Thereafter, each day, several times a day, D
revisits the stand, takes an apple, and eats it. D never leaves money.
P sues D in contract for the price of the apples taken. D defends on the ground that on no
occasion did he see P’s price notice until after he had bitten into the apples. D may well
prevail as to the first apple taken. D had no reason to understand upon taking it that P was
demanding the payment. In our view, however, D cannot continue on a daily basis to take
apples for free, knowing full well that P is offering them only in exchange for 50 cents in
compensation, merely because the sign demanding payment is so placed that on each
occasion D does not see it until he has bitten into the apple.
Verio’s circumstance is effectively the same. Each day Verio repeatedly enters Register’s
computers and takes that day’s new WHOIS data. Each day upon receiving the requested
data, Verio receives Register’s notice of the terms on which it makes the data available—
that the data not be used for mass solicitation via direct mail, email, or telephone. Verio
acknowledges that it continued drawing the data from Register’s computers with full
77.
knowledge that Register offered access subject to these restrictions. Verio is no more free to
take Register’s data without being bound by the terms on which Register offers it, than D
was free, in the example, once he became aware of the terms of P’s offer, to take P’s apples
without obligation to pay the 50 cent price at which P offered them.
Verio seeks support for its position from cases that have dealt with the formation of
contracts on the Internet. An excellent example, although decided subsequent to the
submission of this case, is Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir.
2002). The dispute was whether users of Netscape’s software, who downloaded it from
Netscape’s web site, were bound by an agreement to arbitrate disputes with Netscape,
where Netscape had posted the terms of its offer of the software (including the obligation to
arbitrate disputes) on the web site from which they downloaded the software. We ruled
against Netscape and in favor of the users of its software because the users would not have
seen the terms Netscape exacted without scrolling down their computer screens, and there
was no reason for them to do so. The evidence did not demonstrate that one who had
downloaded Netscape’s software had necessarily seen the terms of its offer.
Verio, however, cannot avail itself of the reasoning of Specht. In Specht, the users in whose
favor we decided visited Netscape’s web site one time to download its software. Netscape’s
posting of its terms did not compel the conclusion that its downloaders took the software
subject to those terms because there was no way to determine that any downloader had
seen the terms of the offer. There was no basis for imputing to the downloaders of
Netscape’s software knowledge of the terms on which the software was offered. This case is
crucially different. Verio visited Register’s computers daily to access WHOIS data and each
day saw the terms of Register’s offer; Verio admitted that, in entering Register’s computers
to get the data, it was fully aware of the terms on which Register offered the access.
Verio’s next argument is that it was not bound by Register’s terms because it rejected them.
Even assuming Register is entitled to demand compliance with its terms in exchange for
Verio’s entry into its systems to take WHOIS data, and even acknowledging that Verio was
fully aware of Register’s terms, Verio contends that it still is not bound by Register’s terms
because it did not agree to be bound. In support of its claim, Verio cites a district court case
from the Central District of California, Ticketmaster Corp. v. Tickets.com, Inc., 2000 WL
1887522 (C.D. Cal. Aug. 10, 2000), in which the court rejected Ticketmaster’s application
for a preliminary injunction to enforce posted terms of use of data available on its website
against a regular user. Noting that the user of Ticketmaster’s web site is not required to
check an “I agree” box before proceeding, the court concluded that there was insufficient
proof of agreement to support a preliminary injunction.
We acknowledge that the Ticketmaster decision gives Verio some support, but not enough.
In the first place, the Ticketmaster court was not making a definitive ruling rejecting
Ticketmaster’s contract claim. It was rather exercising a district court’s discretion to deny a
preliminary injunction because of a doubt whether the movant had adequately shown
likelihood of success on the merits.
But more importantly, we are not inclined to agree with the Ticketmaster court’s analysis.
There is a crucial difference between the circumstances of Specht, where we declined to
enforce Netscape’s specified terms against a user of its software because of inadequate
evidence that the user had seen the terms when downloading the software, and those of
78.
Ticketmaster, where the taker of information from Ticketmaster’s site knew full well the
terms on which the information was offered but was not offered an icon marked, “I agree,”
on which to click. Under the circumstances of Ticketmaster, we see no reason why the
enforceability of the offeror’s terms should depend on whether the taker states (or clicks), “I
agree.”
We recognize that contract offers on the Internet often require the offeree to click on an “I
agree” icon. And no doubt, in many circumstances, such a statement of agreement by the
offeree is essential to the formation of a contract. But not in all circumstances. While new
commerce on the Internet has exposed courts to many new situations, it has not
fundamentally changed the principles of contract. It is standard contract doctrine that
when a benefit is offered subject to stated conditions, and the offeree makes a decision to
take the benefit with knowledge of the terms of the offer, the taking constitutes an
acceptance of the terms, which accordingly become binding on the offeree. See, e.g.,
Restatement (Second) of Contracts § 69(1)(a) (1981) (“[S]ilence and inaction operate as an
acceptance ... [w]here an offeree takes the benefit of offered services with reasonable
opportunity to reject them and reason to know that they were offered with the expectation
of compensation.”); 2 Richard A. Lord, Williston on Contracts § 6:9 (4th ed. 1991) (“[T]he
acceptance of the benefit of services may well be held to imply a promise to pay for them if
at the time of acceptance the offeree has a reasonable opportunity to reject the service and
knows or has reason to know that compensation is expected.”); Arthur Linton Corbin,
Corbin on Contracts § 71 (West 1 vol. ed. 1952) (“The acceptance of the benefit of the
services is a promise to pay for them, if at the time of accepting the benefit the offeree has a
reasonable opportunity to reject it and knows that compensation is expected.”); Jones v.
Brisbin, 41 Wash. 2d 167, 172 (1952) (“Where a person, with reasonable opportunity to
reject offered services, takes the benefit of them under circumstances which would indicate,
to a reasonable man, that they were offered with the expectation of compensation, a
contract, complete with mutual assent, results.”); Markstein Bros. Millinery Co. v. J.A.
White & Co., 151 Ark. 1 (1921) (buyer of hats was bound to pay for hats when buyer failed
to return them to seller within five days of inspection as seller requested in clear and
obvious notice statement).
Returning to the apple stand, the visitor, who sees apples offered for 50 cents apiece and
takes an apple, owes 50 cents, regardless whether he did or did not say, “I agree.” The
choice offered in such circumstances is to take the apple on the known terms of the offer or
not to take the apple. As we see it, the defendant in Ticketmaster and Verio in this case had
a similar choice. Each was offered access to information subject to terms of which they were
well aware. Their choice was either to accept the offer of contract, taking the information
subject to the terms of the offer, or, if the terms were not acceptable, to decline to take the
benefits.
We find that the district court was within its discretion in concluding that Register showed
likelihood of success on the merits of its contract claim….
NOTES AND QUESTIONS
Publishing Customer Information. Historically, ICANN has required registrars to publish
the names of their customers and how to reach them (e.g., the registrant’s name, address,
79.
email address, phone number and more) in WHOIS databases. Normally, businesses
consider this kind of customer information highly proprietary because it’s a goldmine for
competitors and other vendors prospecting for new customers. Why does ICANN require
registrars to publish this information? Can you think of other situations where businesses
are required to publish the name and contact information of their customers? ICANN’s
publication requirement appears to conflict with the EU’s GDPR (discussed later), so the
WHOIS era may be waning.
Who’s More Sympathetic? Verio was telemarketing and spamming domain name
registrants, it raided Register.com’s servers for commercially valuable information, and it
misled its potential customers into thinking it had a relationship with Register.com. On the
other hand, Register.com broke its ICANN agreement by expanding the restrictive legend,
and Register.com’s core motivation was to squelch competition in an ancillary business
(web hosting services). Between Register.com and Verio, who do you find more
sympathetic? Did Verio act ethically? Did Register.com?
Seeing how the case turned out, if you represented Verio, what would you do differently?
Even though it won in court, should Register.com have done anything differently?
Post-Transaction Emails. Trilegiant sent emails containing the legal terms after users
enrolled in its subscription services. The Second Circuit said the post-enrollment emails
didn’t create inquiry notice:
the plaintiffs were presented with the arbitration provision in an email
delivered to each of them after they had enrolled in Great Fun. Trilegiant
asserts that the fact that we can assume that the email was received by the
plaintiffs is enough to support the conclusion that they were on inquiry notice
of its terms. But that someone has received an email does not without more
establish that he or she should know that the terms disclosed in the email
relate to a service in which he or she had previously enrolled and that a
failure affirmatively to opt out of the service amounts to assent to those
terms....
the arbitration provision here was both temporally and spatially decoupled
from the plaintiffs’ enrollment in and use of Great Fun; the term was
delivered after initial enrollment and Great Fun members such as the
plaintiffs would not be forced to confront the terms while enrolling in or using
the service or maintaining their memberships....
a reasonable person would not be expected to connect an email that the
recipient may not actually see until long after enrolling in a service (if ever)
with the contractual relationship he or she may have with the service
provider, especially where the enrollment required as little effort as it did for
the plaintiffs here.
Schnabel v. Trilegiant, 697 F.3d 110 (2d Cir. 2012); see also Starke v. SquareTrade, Inc.,
913 F.3d 279 (2d Cir. 2019).
80.
Assume that a service successfully forms its online contract initially. How can the
service amend that contract in the future? Industry-standard practice is to declare
(in the contract terms) that the service may unilaterally amend the contract at any
time without notice to users. Do courts agree with that approach?
Harris v. Blockbuster Inc., 622 F. Supp. 2d 396 (N.D. Tex. 2009).
Background
This case arises out of alleged violations of the Video Privacy Protection Act by Defendant
Blockbuster Inc. (“Blockbuster”). Blockbuster operates a service called Blockbuster Online,
which allows customers to rent movies through the internet. Blockbuster entered into an
agreement with Facebook (“the Blockbuster contract”) which caused Blockbuster’s
customers’ movie rental choices to be disseminated on the customers’ Facebook accounts
through Facebook’s “Beacon” program. In short, when a customer rented a video from
Blockbuster Online, the Beacon program would transmit the customer’s choice to Facebook,
which would then broadcast the choice to the customer’s Facebook friends.
Plaintiff claims that this arrangement violated the Video Privacy Protection Act, 18 U.S.C.
§ 2710, which prohibits a videotape service provider from disclosing personally identifiable
information about a customer unless given informed, written consent at the time the
disclosure is sought. The Act provides for liquidated damages of $2,500 for each violation.
Blockbuster attempted to invoke an arbitration provision in its “Terms and Conditions,”
which includes a paragraph governing “Dispute Resolution” that states, in pertinent part:
“[a]ll claims, disputes or controversies ... will be referred to and determined by binding
arbitration.” It further purportedly waives the right of its users to commence any class
action. As a precondition to joining Blockbuster Online, customers were required to click on
a box certifying that they had read and agreed to the Terms and Conditions.
On August 30, 2008, before the case was transferred to this Court, the Defendant moved to
enforce the arbitration provision. The Plaintiffs argued that the arbitration provision is
unenforceable, principally for two reasons: (1) it is illusory; and (2) it is unconscionable.
Because the Court concludes that the arbitration provision is illusory, the Court does not
reach the unconscionability issue.
Legal Standard
In Texas, a contract must be supported by consideration, and if it is not, it is illusory and
cannot be enforced. In Morrison v. Amway Corp., the Fifth Circuit analyzed a very similar
arbitration provision to that in the subject Terms and Conditions and held it to be illusory.
In Morrison, defendant, a seller of household products marketed through a chain of
distributors, was sued by its distributors for a variety of torts, including racketeering and
defamation. The defendant sought to enforce an arbitration provision in which each
distributor agreed:
[T]o conduct [his or her] business according to the Amway Code of Ethics and
Rules of Conduct, as they are amended and published from time to time in
official Amway literature.... I agree I will give notice in writing of any claim
81.
or dispute arising out of or relating to my Amway distributorship, or the
Amway Sales and Marketing Plan or Rules of Conduct to the other party or
parties.... I agree to submit any remaining claim or dispute arising out of or
relating to any Amway distributorship, the Amway Sales and Marketing
Plan, or the Amway Rules of Conduct... to binding arbitration in accordance
with the Amway Arbitration rules, which are set forth in the Amway
Business Compendium.
The Morrison court held that the provision was illusory because “[t]here is no express
exemption of the arbitration provisions from Amway’s ability to unilaterally modify all
rules, and the only express limitation on that unilateral right is published notice. While it
is inferable that an amendment thus unilaterally made by Amway to the arbitration
provision would not become effective until published, there is nothing to suggest that once
published the amendment would be inapplicable to disputes arising, or arising out of events
occurring, before such publication.”
The Morrison court distinguished In re Halliburton Co., in which the Texas Supreme Court
rejected an argument that an arbitration clause was illusory. The provision in Halliburton
specifically limited the defendant’s ability to apply changes to the agreement as follows:
[N]o amendment shall apply to a Dispute of which the Sponsor [Halliburton]
had actual notice on the date of amendment.... termination [of the arbitration
agreement] shall not be effective until 10 days after reasonable notice of
termination is given to Employees or as to Disputes which arose prior to the
date of termination.
In Morrison, the Fifth Circuit held that the limitation on the ability to unilaterally modify
or terminate the agreement in Halliburton is what caused the Texas Supreme Court to rule
that it was enforceable. Because the Morrison agreement contained no “Halliburton type
savings clauses,” which would “preclude application of such amendments to disputes which
arose (or of which Amway had notice) before the amendment,” the agreement in Morrison
was illusory.
Analysis
The basis for the Plaintiffs’ claim that the arbitration provision is illusory is that
Blockbuster reserves the right to modify the Terms and Conditions, including the section
that contains the arbitration provision, “at its sole discretion” and “at any time,” and such
modifications will be effective immediately upon being posted on the site. Under the
heading “Changes to Terms and Conditions,” the contract states:
Blockbuster may at any time, and at its sole discretion, modify these Terms
and Conditions of Use, including without limitation the Privacy Policy, with
or without notice. Such modifications will be effective immediately upon
posting. You agree to review these Terms and Conditions of Use periodically
and your continued use of this Site following such modifications will indicate
your acceptance of these modified Terms and Conditions of Use. If you do not
82.
agree to any modification of these Terms and Conditions of Use, you must
immediately stop using this Site.
The Court concludes that the Blockbuster arbitration provision is illusory for the same
reasons as that in Morrison. Here, as in Morrison, there is nothing in the Terms and
Conditions that prevents Blockbuster from unilaterally changing any part of the contract
other than providing that such changes will not take effect until posted on the website.
There are likewise no “Halliburton type savings clauses,” as there is “nothing to suggest
that once published the amendment would be inapplicable to disputes arising, or arising
out of events occurring, before such publication.” The Fifth Circuit in Morrison noted the
lack of an “express exemption” of the ability to unilaterally modify all rules, which the
Blockbuster agreement also does not contain. The Blockbuster contract only states that
modifications “will be effective immediately upon posting,” and the natural reading of that
clause does not limit application of the modifications to earlier disputes.
The Court addresses two differences between the Blockbuster contract and that in
Morrison. Under Texas law, where, as here, an arbitration provision is incorporated within
a larger contract, the benefits of the underlying contract can serve as consideration. The
Morrison contract was a stand-alone agreement, and as such required independent
consideration. Second, in Morrison, the defendant was actually attempting to retroactively
apply the arbitration agreement to events that had happened before it was in effect, and
there is no such suggestion here.
Neither distinction affects this Court’s determination that the Blockbuster contract is
illusory. First, the Supreme Court has broadly held that challenges to a contract as a whole,
and not specifically to the arbitration clause, must go to the arbitrator. Defendant argues
that because Plaintiffs challenge a provision that applies to the contract as a whole, the
challenge must be heard by the arbitrator. The Court disagrees. Plaintiffs’ challenge is to
the arbitration provision, and therefore the challenge is properly before the Court.
Second, the rule in Morrison applies to cases where there was no attempt to apply a
contract modification to prior events. In Simmons v. Quixtar, Inc., the court stated that “a
close reading of the Fifth Circuit’s opinion [in Morrison] is not predicated on that sole
ground [of applying modification to earlier actions]. The Court’s reasoning applies to the
Rules of Conduct and Amway’s (Quixtar’s) ability to unilaterally change the rules of the
game.” The court continued: “[t]he language of the Circuit’s [Morrison] opinion ... decided
the issue on the basis that the ability to change the rules at any time made the contract
merely illusory.” The Court agrees with that analysis and finds that the Morrison rule
applies even when no retroactive modification has been attempted.
Conclusion
For these reasons, the Court concludes that the arbitration provision of the Blockbuster
contract is illusory and unenforceable, and accordingly, Defendant’s Motion to Compel
Individual Arbitration is denied.
83.
NOTES AND QUESTIONS
Rodman v. Safeway Inc., 2015 WL 604985 (N.D. Cal. 2015) also involved a clause that
Safeway purportedly could amend the contract unilaterally by posting new terms on its
website:
The Safeway.com agreement did not give Safeway the power to bind its
customers to unknown future contract terms, because consumers cannot
assent to terms that do not yet exist. A user confronting a contract in which
she purports to agree to terms in whatever form they may appear in the
future cannot know to what she is are agreeing. At most, this term in the
Safeway.com agreement could be read to indicate that a customer agrees to
read the terms and conditions every time she makes a purchase on the
website in the future. But the Court also concludes that, even in light of their
agreement to the Special Terms at the time of registration, customers’ assent
to the revised Terms cannot be inferred from their continued use of
Safeway.com when they were never given notice that the Special Terms had
been altered….
[B]eyond the impracticality of expecting consumers to spend time inspecting
a contract they have no reason to believe has been changed, the imposition of
such an onerous requirement on consumers would be particularly lopsided, as
Safeway is aware that it has—or has not—made changes to the Terms and is
the party to the contract that wishes for the new terms to govern. “[T]he onus
must be on website owners to put users on notice of the terms to which they
wish to bind consumers.” Safeway is best positioned to make sure customers
are aware of changes that Safeway has made to its contract with Class
Members. After making a change, Safeway can take any number of actions to
alert users that the Special Terms they agreed to at registration have been
altered. For instance, Safeway could ask customers to click to indicate that
they agree to the new Special Terms or send all existing Safeway.com
customers an email in order to ensure that every consumer is aware of a
change in the Special Terms prior to making a purchase. When Safeway
changed the Special Terms on November 15, 2011, it opted to do neither.
Do unilateral modification clauses fail because consumers lack notice of the changes,
because of a lack of consideration for the changes, or both?
What happens if a purported contract modification/amendment legally fails?
Consideration for Amendments. In Tompkins v. 23andMe, Inc., 2014 WL 2903752 (N.D. Cal.
2014), 23andMe sold genetic testing kits. Buyers could purchase the kits without agreeing
to an arbitration clause. The site had a footer link to “terms of service,” which contained an
arbitration clause. However, the court declared that an unenforceable “browsewrap.”
After consumers got their kits and sent the materials back to 23andMe, they could access
their personalized test results by creating an account. During the account registration
process, 23andMe properly presented a clickthrough agreement containing an arbitration
84.
clause. If any consumers objected to the terms of that clickthrough agreement, they would
not have been entitled to a refund of their money.
The plaintiffs argued that the consumers formed a contract with 23andMe when they
initially bought the kits, so the clickthrough agreement presented at account registration
constituted an amendment without consideration. The court responded:
The Ninth Circuit has held, in the employment context and under California
law, that a “promise to be bound by the arbitration process itself serves as
adequate consideration.” Under this precedent, 23andMe’s agreement to
accept arbitration provided acceptable consideration to its customers. The
TOS also provided certain rights to customers, such as a “limited license” to
use 23andMe’s “Services” as defined in the agreement. Furthermore, in
exchange for clicking “I ACCEPT,” customers received the health and
ancestry results from their DNA samples. Accordingly, Plaintiffs received
sufficient consideration for agreeing to the TOS.
On appeal, the Ninth Circuit affirmed the lower court’s ruling that the contract wasn’t
unconscionable. Tompkins v. 23andMe, Inc., 840 F.3d 1016 (9th Cir. 2016). The Ninth
Circuit opinion did not address the formation/amendment issues.
Read literally, the 23andMe case suggests that amending a contract to add an arbitration
clause always will be supported by mutual consideration.
Could the implied covenant of good faith and fair dealing (which is implied into every
contract) provide the consideration needed to support a unilateral amendment clause? See Loewen v. Lyft, 129 F. Supp. 3d 945 (N.D. Cal. 2015) (maybe, but don’t count on it).
If a buyer purchased a 23andMe kit and gave it (unopened) as a gift to someone else, would
any legal claims by the buyer (as opposed to the gift recipient) be governed by the
arbitration clause?
Steps to Amend. In light of these legal principles, what steps should an online service take
to amend its user agreement? Consider the suggestions from Juliet Moringiello & John
Ottaviani, Online Contracts: We May Modify These Terms at Any Time, Right?, BUSINESS
LAW TODAY, May 2016,
https://www.americanbar.org/groups/business_law/publications/blt/2016/05/07_moringiello/:
“If you are preparing initial terms and conditions, avoid using ‘we can
modify these terms at any time’ language. You do not know in advance in
which court the plaintiff will attempt to attack the language and whether
that court will uphold the clause or strike the clause or the entire contract
as illusory. Even if you successfully uphold the language in court, you
have needlessly spent time and money in a dispute that could have been
avoided.
If the initial terms and conditions provide a procedure for modifying the
terms, at a minimum, one should follow those procedures.
85.
Use language similar to ‘we can modify these terms at any time, after
providing notice to you.’ This is more analogous to the traditional credit
card cases. The problem then becomes how to provide notice. One option
is to send an e-mail to all subscribers at the e-mail address provided with
their registration. However, this does not work for websites with no
registration mechanism. Here, a prominent notice on the website, coupled
with a right to reject the terms (e.g., ‘If you disagree with the terms, do
not continue to use the service/website’) may be successful. Alternatively,
require a click-wrap type of mechanism where the users cannot continue
to use the website unless they affirmatively click on a box or button
assenting to the modified terms.
Provide a means for the subscriber to reject the modification by quitting
the service or discontinuing use of the website without penalty.”
Serial E-Commerce Transactions. Amazon added an arbitration clause to its
“conditions of use” in 2013. With each customer purchase thereafter, Amazon said
“By placing your order, you agree to Amazon.com’s privacy notice and conditions of
use” (where the documents are linked). You can see the implementation below
(under “Review your order”). Does this implementation bind to arbitration any
customers who signed up to the conditions of use before 2013?
86.
See Nicosia v. Amazon, 834 F.3d 220 (2d Cir. 2016) (casting doubt on the
enforceability of this implementation). Can you change Amazon’s implementation to
increase the odds of enforceability? For a denouement on the Nicosia case, see
Nicosia v. Amazon.com, Inc., 384 F. Supp. 3d 254 (E.D.N.Y. 2019), aff’d on other
grounds 2020 WL 2988855 (2d Cir. 2020).
CHAPTER 3 REVIEW QUESTION #1
Does the following exchange of instant messages between advertiser Smoking Everywhere
and publisher CX constitute a valid contract for additional leads?
[CX] (2:50:08 PM): We can do 2000 orders/day by Friday if I have your
blessing
87.
[CX] (2:52:13 PM): those 2000 leads are going to be generated by our best
affiliate and he’s legit
[Smoking Everywhere]: is available (3:42:42): I am away from my computer
right now
[CX] (4:07:57 PM): And I want the AOR when we make your offer #1 on the
network
[Smoking Everywhere] (4:43:09 PM): NO LIMIT
[CX] (4:43:21 PM): awesome!
CHAPTER 3 REVIEW QUESTION #2
(a) Does this service properly form its user agreement?
88.
(b) Does this service properly form its user agreement and privacy policy?
89.
(c) Does this service properly form its membership terms and conditions?
90.
(d) Does this service properly form its terms of use?
91.
IV. Trespass/Computer Fraud & Abuse Act
Comparison of Trespass to Chattels Legal Doctrines
Chattel Interference Damage
Restatements
(Common law)
intentional use or physical contact • dispossess
• impair condition/quality/value
• lost use for substantial time period
• bodily harm or harm to legally protected interest
18 USC 1030
(a)(5)(A)
knowingly transmit
program/info/code/command
intentionally impair integrity/availability of data, program, system
or information without authorization which causes
• loss of $5k/yr (includes remediation costs and costs/lost revenues from service interruption)
• [medical harm] or physical injury
• threat to public health/safety
• damage to government computer
• damage to 10+ computers/yr
18 USC 1030
(a)(5)(B) & (C)
intentional access without
authorization
impair integrity/availability of data, program, system or
information which causes
• loss of $5k/yr (includes remediation costs and costs/lost revenues from service interruption)
• [medical harm] or physical injury
• threat to public health/safety
• damage to government computer
• damage to 10+ computers/yr
Note: (B) requires reckless impairment; (C) requires “loss”
CA Penal
502(c)
Knowingly without permission
(2) access and take/copy/use data
from computer system/network
(3) use computer services
(7) access computer
system/network
any damage or loss (including verification expenses)
92.
The next case is an Internet Law classic. It is the seminal ruling on the scope of “property”
boundaries for the Internet and the personal property used to transmit data. While the
common law doctrines discussed in the case are rarely litigated nowadays (mostly because
of this ruling’s legal standards), the underlying questions about who can use an Internet-
connected device, and what terms govern such usage, affect a wide range of Internet
activities, such as spam, data scraping, the placement of advertising cookies, Net
Neutrality, and employees downloading company data to flash drives.
Intel Corp. v. Hamidi, 30 Cal. 4th 1342 (Cal. 2003).
Werdegar, Justice.
Intel Corporation (Intel) maintains an electronic mail system, connected to the Internet,
through which messages between employees and those outside the company can be sent
and received, and permits its employees to make reasonable nonbusiness use of this system.
On six occasions over almost two years, Kourosh Kenneth Hamidi, a former Intel employee,
sent e-mails criticizing Intel’s employment practices to numerous current employees on
Intel’s electronic mail system. Hamidi breached no computer security barriers in order to
communicate with Intel employees. He offered to, and did, remove from his mailing list any
recipient who so wished. Hamidi’s communications to individual Intel employees caused
neither physical damage nor functional disruption to the company’s computers, nor did they
at any time deprive Intel of the use of its computers. The contents of the messages,
however, caused discussion among employees and managers.
On these facts, Intel brought suit, claiming that by communicating with its employees over
the company’s e-mail system Hamidi committed the tort of trespass to chattels. The trial
court granted Intel’s motion for summary judgment and enjoined Hamidi from any further
mailings. A divided Court of Appeal affirmed.
After reviewing the decisions analyzing unauthorized electronic contact with computer
systems as potential trespasses to chattels, we conclude that under California law the tort
does not encompass, and should not be extended to encompass, an electronic
communication that neither damages the recipient computer system nor impairs its
functioning. Such an electronic communication does not constitute an actionable trespass to
personal property, i.e., the computer system, because it does not interfere with the
possessor’s use or possession of, or any other legally protected interest in, the personal
property itself. The consequential economic damage Intel claims to have suffered, i.e., loss
of productivity caused by employees reading and reacting to Hamidi’s messages and
company efforts to block the messages, is not an injury to the company’s interest in its
computers—which worked as intended and were unharmed by the communications—any
more than the personal distress caused by reading an unpleasant letter would be an injury
to the recipient’s mailbox, or the loss of privacy caused by an intrusive telephone call would
be an injury to the recipient’s telephone equipment.
Our conclusion does not rest on any special immunity for communications by electronic
mail; we do not hold that messages transmitted through the Internet are exempt from the
ordinary rules of tort liability. To the contrary, e-mail, like other forms of communication,
may in some circumstances cause legally cognizable injury to the recipient or to third
parties and may be actionable under various common law or statutory theories. Indeed, on
facts somewhat similar to those here, a company or its employees might be able to plead
93.
causes of action for interference with prospective economic relations, interference with
contract or intentional infliction of emotional distress. And, of course, as with any other
means of publication, third party subjects of e-mail communications may under appropriate
facts make claims for defamation, publication of private facts, or other speech-based torts.
Intel’s claim fails not because e-mail transmitted through the Internet enjoys unique
immunity, but because the trespass to chattels tort—unlike the causes of action just
mentioned—may not, in California, be proved without evidence of an injury to the plaintiff’s
personal property or legal interest therein.
Nor does our holding affect the legal remedies of Internet service providers (ISP’s) against
senders of unsolicited commercial bulk e-mail (UCE), also known as “spam.” A series of
federal district court decisions, beginning with CompuServe, Inc. v. Cyber Promotions, Inc.
(S.D. Ohio 1997) 962 F. Supp. 1015, has approved the use of trespass to chattels as a theory
of spammers’ liability to ISP’s, based upon evidence that the vast quantities of mail sent by
spammers both overburdened the ISP’s own computers and made the entire computer
system harder to use for recipients, the ISP’s customers. In those cases, discussed in
greater detail below, the underlying complaint was that the extraordinary quantity of UCE
impaired the computer system’s functioning. In the present case, the claimed injury is
located in the disruption or distraction caused to recipients by the contents of the e-mail
messages, an injury entirely separate from, and not directly affecting, the possession or
value of personal property.
FACTUAL AND PROCEDURAL BACKGROUND…
Hamidi, a former Intel engineer, together with others, formed an organization named
Former and Current Employees of Intel (FACE-Intel) to disseminate information and views
critical of Intel’s employment and personnel policies and practices. FACE-Intel maintained
a Web site (which identified Hamidi as Webmaster and as the organization’s spokesperson)
containing such material. In addition, over a 21-month period Hamidi, on behalf of FACE-
Intel, sent six mass e-mails to employee addresses on Intel’s electronic mail system. The
messages criticized Intel’s employment practices, warned employees of the dangers those
practices posed to their careers, suggested employees consider moving to other companies,
solicited employees’ participation in FACE-Intel, and urged employees to inform themselves
further by visiting FACE-Intel’s Web site. The messages stated that recipients could, by
notifying the sender of their wishes, be removed from FACE-Intel’s mailing list; Hamidi did
not subsequently send messages to anyone who requested removal.
Each message was sent to thousands of addresses (as many as 35,000 according to FACE-
Intel’s Web site), though some messages were blocked by Intel before reaching employees.
Intel’s attempt to block internal transmission of the messages succeeded only in part;
Hamidi later admitted he evaded blocking efforts by using different sending computers.
When Intel, in March 1998, demanded in writing that Hamidi and FACE-Intel stop sending
e-mails to Intel’s computer system, Hamidi asserted the organization had a right to
communicate with willing Intel employees; he sent a new mass mailing in September 1998.
The summary judgment record contains no evidence Hamidi breached Intel’s computer
security in order to obtain the recipient addresses for his messages; indeed, internal Intel
94.
memoranda show the company’s management concluded no security breach had occurred.1
Hamidi stated he created the recipient address list using an Intel directory on a floppy disk
anonymously sent to him. Nor is there any evidence that the receipt or internal distribution
of Hamidi’s electronic messages damaged Intel’s computer system or slowed or impaired its
functioning. Intel did present uncontradicted evidence, however, that many employee
recipients asked a company official to stop the messages and that staff time was consumed
in attempts to block further messages from FACE-Intel. According to the FACE-Intel Web
site, moreover, the messages had prompted discussions between “[e]xcited and nervous
managers” and the company’s human resources department.
[Editor’s note: here is a screenshot of the FACE-Intel website from 1999, after Hamidi had
already been sued by Intel]
Intel sued Hamidi and FACE-Intel, pleading causes of action for trespass to chattels and
nuisance, and seeking both actual damages and an injunction against further e-mail
1 To the extent, therefore, that Justice Mosk suggests Hamidi breached the security of Intel’s internal computer
network by “circumvent[ing]” Intel’s “security measures” and entering the company’s “intranet”, the evidence
does not support such an implication. An “intranet” is “a network based on TCP/IP protocols (an internet)
belonging to an organization, usually a corporation, accessible only by the organization’s members, employees,
or others with authorization.” Hamidi used only a part of Intel’s computer network accessible to outsiders.
95.
messages. Intel later voluntarily dismissed its nuisance claim and waived its demand for
damages. The trial court entered default against FACE-Intel upon that organization’s
failure to answer. The court then granted Intel’s motion for summary judgment,
permanently enjoining Hamidi, FACE-Intel, and their agents “from sending unsolicited e-
mail to addresses on Intel’s computer systems.” Hamidi appealed; FACE-Intel did not.
The Court of Appeal, with one justice dissenting, affirmed the grant of injunctive relief. The
majority took the view that the use of or intermeddling with another’s personal property is
actionable as a trespass to chattels without proof of any actual injury to the personal
property; even if Intel could not show any damages resulting from Hamidi’s sending of
messages, “it showed he was disrupting its business by using its property and therefore is
entitled to injunctive relief based on a theory of trespass to chattels.” The dissenting justice
warned that the majority’s application of the trespass to chattels tort to “unsolicited
electronic mail that causes no harm to the private computer system that receives it” would
“expand the tort of trespass to chattel in untold ways and to unanticipated
circumstances.”…
DISCUSSION
I. Current California Tort Law
Dubbed by Prosser the “little brother of conversion,” the tort of trespass to chattels allows
recovery for interferences with possession of personal property “not sufficiently important
to be classed as conversion, and so to compel the defendant to pay the full value of the thing
with which he has interfered.”
Though not amounting to conversion, the defendant’s interference must, to be actionable,
have caused some injury to the chattel or to the plaintiff’s rights in it. Under California law,
trespass to chattels “lies where an intentional interference with the possession of personal
property has proximately caused injury.” (Thrifty-Tel, Inc. v. Bezenek (1996) 46 Cal. App.
4th 1559, 1566, italics added.) In cases of interference with possession of personal property
not amounting to conversion, “the owner has a cause of action for trespass or case, and may
recover only the actual damages suffered by reason of the impairment of the property or the
loss of its use.” In modern American law generally, “[t]respass remains as an occasional
remedy for minor interferences, resulting in some damage, but not sufficiently serious or
sufficiently important to amount to the greater tort” of conversion. (Prosser & Keeton,
Torts, supra, § 15, p. 90, italics added.)
The Restatement, too, makes clear that some actual injury must have occurred in order for
a trespass to chattels to be actionable. Under section 218 of the Restatement Second of
Torts, dispossession alone, without further damages, is actionable, but other forms of
interference require some additional harm to the personal property or the possessor’s
interests in it. “The interest of a possessor of a chattel in its inviolability, unlike the similar
interest of a possessor of land, is not given legal protection by an action for nominal
damages for harmless intermeddlings with the chattel. In order that an actor who
interferes with another’s chattel may be liable, his conduct must affect some other and
more important interest of the possessor. Therefore, one who intentionally intermeddles
with another’s chattel is subject to liability only if his intermeddling is harmful to the
possessor’s materially valuable interest in the physical condition, quality, or value of the
96.
chattel, or if the possessor is deprived of the use of the chattel for a substantial time, or some
other legally protected interest of the possessor is affected as stated in Clause (c). Sufficient
legal protection of the possessor’s interest in the mere inviolability of his chattel is afforded
by his privilege to use reasonable force to protect his possession against even harmless
interference.”
The Court of Appeal (quoting 7 Speiser et al., American Law of Torts (1990) Trespass, §
23:23, p. 667) referred to “‘a number of very early cases [showing that] any unlawful
interference, however slight, with the enjoyment by another of his personal property, is a
trespass.’” But while a harmless use or touching of personal property may be a technical
trespass, an interference (not amounting to dispossession) is not actionable, under modern
California and broader American law, without a showing of harm. As already discussed,
this is the rule embodied in the Restatement (Rest.2d Torts, § 218) and adopted by
California law (Zaslow v. Kroenert, supra, 29 Cal.2d at p. 551; Thrifty-Tel, Inc. v. Bezenek,
supra, 46 Cal. App. 4th at p. 1566).
In this respect, as Prosser explains, modern day trespass to chattels differs both from the
original English writ and from the action for trespass to land: “Another departure from the
original rule of the old writ of trespass concerns the necessity of some actual damage to the
chattel before the action can be maintained. Where the defendant merely interferes without
doing any harm—as where, for example, he merely lays hands upon the plaintiff’s horse, or
sits in his car—there has been a division of opinion among the writers, and a surprising
dearth of authority. By analogy to trespass to land there might be a technical tort in such a
case.... Such scanty authority as there is, however, has considered that the dignitary interest
in the inviolability of chattels, unlike that as to land, is not sufficiently important to require
any greater defense than the privilege of using reasonable force when necessary to protect
them. Accordingly it has been held that nominal damages will not be awarded, and that in
the absence of any actual damage the action will not lie.”
Intel suggests that the requirement of actual harm does not apply here because it sought
only injunctive relief, as protection from future injuries. But as Justice Kolkey, dissenting
below, observed, “[t]he fact the relief sought is injunctive does not excuse a showing of
injury, whether actual or threatened.” Indeed, in order to obtain injunctive relief the
plaintiff must ordinarily show that the defendant’s wrongful acts threaten to cause
irreparable injuries, ones that cannot be adequately compensated in damages. Even in an
action for trespass to real property, in which damage to the property is not an element of
the cause of action, “the extraordinary remedy of injunction” cannot be invoked without
showing the likelihood of irreparable harm. A fortiori, to issue an injunction without a
showing of likely irreparable injury in an action for trespass to chattels, in which injury to
the personal property or the possessor’s interest in it is an element of the action, would
make little legal sense.
The dispositive issue in this case, therefore, is whether the undisputed facts demonstrate
Hamidi’s actions caused or threatened to cause damage to Intel’s computer system, or
injury to its rights in that personal property, such as to entitle Intel to judgment as a
matter of law. To review, the undisputed evidence revealed no actual or threatened damage
to Intel’s computer hardware or software and no interference with its ordinary and
intended operation. Intel was not dispossessed of its computers, nor did Hamidi’s messages
prevent Intel from using its computers for any measurable length of time. Intel presented
97.
no evidence its system was slowed or otherwise impaired by the burden of delivering
Hamidi’s electronic messages. Nor was there any evidence transmission of the messages
imposed any marginal cost on the operation of Intel’s computers. In sum, no evidence
suggested that in sending messages through Intel’s Internet connections and internal
computer system Hamidi used the system in any manner in which it was not intended to
function or impaired the system in any way. Nor does the evidence show the request of any
employee to be removed from FACE-Intel’s mailing list was not honored. The evidence did
show, however, that some employees who found the messages unwelcome asked
management to stop them and that Intel technical staff spent time and effort attempting to
block the messages. A statement on the FACE-Intel Web site, moreover, could be taken as
an admission that the messages had caused “[e]xcited and nervous managers” to discuss
the matter with Intel’s human resources department.
Relying on a line of decisions, most from federal district courts, applying the tort of trespass
to chattels to various types of unwanted electronic contact between computers, Intel
contends that, while its computers were not damaged by receiving Hamidi’s messages, its
interest in the “physical condition, quality or value” of the computers was harmed. We
disagree. The cited line of decisions does not persuade us that the mere sending of
electronic communications that assertedly cause injury only because of their contents
constitutes an actionable trespass to a computer system through which the messages are
transmitted. Rather, the decisions finding electronic contact to be a trespass to computer
systems have generally involved some actual or threatened interference with the
computers’ functioning.
In Thrifty-Tel, Inc. v. Bezenek, supra, 46 Cal. App. 4th at pages 1566-1567 (Thrifty-Tel), the
California Court of Appeal held that evidence of automated searching of a telephone
carrier’s system for authorization codes supported a cause of action for trespass to chattels.
The defendant’s automated dialing program “overburdened the [plaintiff’s] system, denying
some subscribers access to phone lines”, showing the requisite injury.
Following Thrifty-Tel, a series of federal district court decisions held that sending UCE
through an ISP’s equipment may constitute trespass to the ISP’s computer system. The
lead case, CompuServe, Inc. v. Cyber Promotions, Inc., supra, 962 F. Supp. 1015, 1021-1023
(CompuServe), was followed by Hotmail Corp. v. Van$ Money Pie, Inc. (N.D. Cal., Apr. 16,
1998) 1998 WL 388389, page *7, America Online, Inc. v. IMS (E.D. Va. 1998) 24 F. Supp. 2d
548, 550-551, and America Online, Inc. v. LCGM, Inc. (E.D. Va. 1998) 46 F. Supp. 2d 444,
451-452.
In each of these spamming cases, the plaintiff showed, or was prepared to show, some
interference with the efficient functioning of its computer system. In CompuServe, the
plaintiff ISP’s mail equipment monitor stated that mass UCE mailings, especially from
nonexistent addresses such as those used by the defendant, placed “a tremendous burden”
on the ISP’s equipment, using “disk space and drain[ing] the processing power,” making
those resources unavailable to serve subscribers. Similarly, in Hotmail Corp. v. Van$
Money Pie, Inc., the court found the evidence supported a finding that the defendant’s
mailings “fill[ed] up Hotmail’s computer storage space and threaten[ed] to damage
Hotmail’s ability to service its legitimate customers.” America Online, Inc. v. IMS, decided
on summary judgment, was deemed factually indistinguishable from CompuServe; the
court observed that in both cases the plaintiffs “alleged that processing the bulk e-mail cost
98.
them time and money and burdened their equipment.” The same court, in America Online,
Inc. v. LCGM, Inc., simply followed CompuServe and its earlier America Online decision,
quoting the former’s explanation that UCE burdened the computer’s processing power and
memory.
Building on the spamming cases, in particular CompuServe, three even more recent district
court decisions addressed whether unauthorized robotic data collection4 from a company’s
publicly accessible Web site is a trespass on the company’s computer system. (eBay, Inc. v.
Bidder’s Edge, Inc., supra, 100 F. Supp. 2d at pp. 1069-1072 (eBay); Register.com, Inc. v.
Verio, Inc. (S.D.N.Y. 2000) 126 F. Supp. 2d 238, 248-251; Ticketmaster Corp. v.
Tickets.com, Inc., supra, 2000 WL 1887522 at p. *4.) The two district courts that found such
automated data collection to constitute a trespass relied, in part, on the deleterious impact
this activity could have, especially if replicated by other searchers, on the functioning of a
Web site’s computer equipment.
In the leading case, eBay, the defendant Bidder’s Edge (BE), operating an auction
aggregation site, accessed the eBay Web site about 100,000 times per day, accounting for
between 1 and 2 percent of the information requests received by eBay and a slightly smaller
percentage of the data transferred by eBay. The district court rejected eBay’s claim that it
was entitled to injunctive relief because of the defendant’s unauthorized presence alone, or
because of the incremental cost the defendant had imposed on operation of the eBay site,
but found sufficient proof of threatened harm in the potential for others to imitate the
defendant’s activity: “If BE’s activity is allowed to continue unchecked, it would encourage
other auction aggregators to engage in similar recursive searching of the eBay system such
that eBay would suffer irreparable harm from reduced system performance, system
unavailability, or data losses.” Again, in addressing the likelihood of eBay’s success on its
trespass to chattels cause of action, the court held the evidence of injury to eBay’s computer
system sufficient to support a preliminary injunction: “If the court were to hold otherwise, it
would likely encourage other auction aggregators to crawl the eBay site, potentially to the
point of denying effective access to eBay’s customers. If preliminary injunctive relief were
denied, and other aggregators began to crawl the eBay site, there appears to be little doubt
that the load on eBay’s computer system would qualify as a substantial impairment of
condition or value.”
Another district court followed eBay on similar facts—a domain name registrar’s claim
against a Web hosting and development site that robotically searched the registrar’s
database of newly registered domain names in search of business leads—in Register.com,
Inc. v. Verio, Inc. Although the plaintiff was unable to measure the burden the defendant’s
searching had placed on its system, the district court, quoting the declaration of one of the
plaintiff’s officers, found sufficient evidence of threatened harm to the system in the
possibility the defendant’s activities would be copied by others: “‘I believe that if Verio’s
searching of Register.com’s WHOIS database were determined to be lawful, then every
purveyor of Internet-based services would engage in similar conduct.’” Like eBay, the court
observed, Register.com had a legitimate fear “that its servers will be flooded by search
robots.”
4 Data search and collection robots, also known as “Web bots” or “spiders,” are programs designed to rapidly
search numerous Web pages or sites, collecting, retrieving, and indexing information from these pages. Their
uses include creation of searchable databases, Web catalogues and comparison shopping services.
99.
In the third decision discussing robotic data collection as a trespass, Ticketmaster Corp. v.
Tickets.com, Inc. (Ticketmaster), the court, distinguishing eBay, found insufficient evidence
of harm to the chattel to constitute an actionable trespass: “A basic element of trespass to
chattels must be physical harm to the chattel (not present here) or some obstruction of its
basic function (in the court’s opinion not sufficiently shown here).... The comparative use
[by the defendant of the plaintiff’s computer system] appears very small and there is no
showing that the use interferes to any extent with the regular business of [the plaintiff]....
Nor here is the specter of dozens or more parasites joining the fray, the cumulative total of
which could affect the operation of [the plaintiff’s] business.”
In the decisions so far reviewed, the defendant’s use of the plaintiff’s computer system was
held sufficient to support an action for trespass when it actually did, or threatened to,
interfere with the intended functioning of the system, as by significantly reducing its
available memory and processing power. In Ticketmaster, the one case where no such effect,
actual or threatened, had been demonstrated, the court found insufficient evidence of harm
to support a trespass action. These decisions do not persuade us to Intel’s position here, for
Intel has demonstrated neither any appreciable effect on the operation of its computer
system from Hamidi’s messages, nor any likelihood that Hamidi’s actions will be replicated
by others if found not to constitute a trespass.
That Intel does not claim the type of functional impact that spammers and robots have been
alleged to cause is not surprising in light of the differences between Hamidi’s activities and
those of a commercial enterprise that uses sheer quantity of messages as its
communications strategy. Though Hamidi sent thousands of copies of the same message on
six occasions over 21 months, that number is minuscule compared to the amounts of mail
sent by commercial operations. The individual advertisers sued in America Online, Inc. v.
IMS, and America Online, Inc. v. LCGM, Inc., were alleged to have sent more than 60
million messages over 10 months and more than 92 million messages over seven months,
respectively. Collectively, UCE has reportedly come to constitute about 45 percent of all e-
mail. The functional burden on Intel’s computers, or the cost in time to individual
recipients, of receiving Hamidi’s occasional advocacy messages cannot be compared to the
burdens and costs caused ISP’s and their customers by the ever-rising deluge of commercial
e-mail.
Intel relies on language in the eBay decision suggesting that unauthorized use of another’s
chattel is actionable even without any showing of injury: “Even if, as [defendant] BE
argues, its searches use only a small amount of eBay’s computer system capacity, BE has
nonetheless deprived eBay of the ability to use that portion of its personal property for its
own purposes. The law recognizes no such right to use another’s personal property.” But as
the eBay court went on immediately to find that the defendant’s conduct, if widely
replicated, would likely impair the functioning of the plaintiff’s system, we do not read the
quoted remarks as expressing the court’s complete view of the issue. In isolation, moreover,
they would not be a correct statement of California or general American law on this point.
While one may have no right temporarily to use another’s personal property, such use is
actionable as a trespass only if it “has proximately caused injury.” (Thrifty-Tel, supra, 46
Cal. App. 4th at p. 1566.) “[I]n the absence of any actual damage the action will not lie.”
(Prosser & Keeton, Torts, supra, § 14, p. 87.) Short of dispossession, personal injury, or
physical damage (not present here), intermeddling is actionable only if “the chattel is
100.
impaired as to its condition, quality, or value, or [¶] ... the possessor is deprived of the use of
the chattel for a substantial time.” (Rest.2d Torts, § 218, pars. (b), (c).) In particular, an
actionable deprivation of use “must be for a time so substantial that it is possible to
estimate the loss caused thereby. A mere momentary or theoretical deprivation of use is not
sufficient unless there is a dispossession....” That Hamidi’s messages temporarily used some
portion of the Intel computers’ processors or storage is, therefore, not enough; Intel must,
but does not, demonstrate some measurable loss from the use of its computer system.5
In addition to impairment of system functionality, CompuServe and its progeny also refer to
the ISP’s loss of business reputation and customer goodwill, resulting from the
inconvenience and cost that spam causes to its members, as harm to the ISP’s legally
protected interests in its personal property. Intel argues that its own interest in employee
productivity, assertedly disrupted by Hamidi’s messages, is a comparable protected interest
in its computer system. We disagree.
Whether the economic injuries identified in CompuServe were properly considered injuries
to the ISP’s possessory interest in its personal property, the type of property interest the
tort is primarily intended to protect, has been questioned.6 “[T]he court broke the chain
between the trespass and the harm, allowing indirect harms to CompuServe’s business
interests—reputation, customer goodwill, and employee time—to count as harms to the
chattel (the server).” (Quilter, The Continuing Expansion of Cyberspace Trespass to
Chattels, 17 Berkeley Tech. L.J. at pp. 429-430.) “[T]his move cuts trespass to chattels free
from its moorings of dispossession or the equivalent, allowing the court free reign [sic] to
hunt for ‘impairment.’” (Burk, The Trouble with Trespass (2000) 4 J. Small & Emerging
Bus. L. 27, 35.) But even if the loss of goodwill identified in CompuServe were the type of
injury that would give rise to a trespass to chattels claim under California law, Intel’s
position would not follow, for Intel’s claimed injury has even less connection to its personal
property than did CompuServe’s.
CompuServe’s customers were annoyed because the system was inundated with unsolicited
commercial messages, making its use for personal communication more difficult and costly.
Their complaint, which allegedly led some to cancel their CompuServe service, was about
the functioning of CompuServe’s electronic mail service. Intel’s workers, in contrast, were
5 In the most recent decision relied upon by Intel, Oyster Software, Inc. v. Forms Processing, Inc. (N.D. Cal.,
Dec. 6, 2001) 2001 WL 1736382, pages *12-*13, a federal magistrate judge incorrectly read eBay as establishing,
under California law, that mere unauthorized use of another’s computer system constitutes an actionable
trespass. The plaintiff accused the defendant, a business competitor, of copying the metatags (code describing
the contents of a Web site to a search engine) from the plaintiff’s Web site, resulting in diversion of potential
customers for the plaintiff’s services. With regard to the plaintiff’s trespass claim (the plaintiff also pleaded
causes of action for, inter alia, misappropriation, copyright and trademark infringement), the magistrate judge
concluded that eBay imposed no requirement of actual damage and that the defendant’s conduct was sufficient
to establish a trespass “simply because [it] amounted to ‘use’ of Plaintiff’s computer.” But as just explained, we
do not read eBay as holding that the actual injury requirement may be dispensed with, and such a suggestion
would, in any event, be erroneous as a statement of California law. 6 In support of its reasoning, the CompuServe court cited paragraph (d) of section 218 of the Restatement Second
of Torts, which refers to harm “to some person or thing in which the possessor has a legally protected interest.”
As the comment to this paragraph explains, however, it is intended to cover personal injury to the possessor or
another person in whom the possessor has a legal interest, or injury to “other chattel or land” in which the
possessor of the chattel subject to the trespass has a legal interest. No personal injury was claimed either in
CompuServe or in the case at bar, and neither the lost goodwill in CompuServe nor the loss of employee
efficiency claimed in the present case is chattel or land.
101.
allegedly distracted from their work not because of the frequency or quantity of Hamidi’s
messages, but because of assertions and opinions the messages conveyed. Intel’s complaint
is thus about the contents of the messages rather than the functioning of the company’s e-
mail system. Even accepting CompuServe’s economic injury rationale, therefore, Intel’s
position represents a further extension of the trespass to chattels tort, fictionally
recharacterizing the allegedly injurious effect of a communication’s contents on recipients
as an impairment to the device which transmitted the message.
This theory of “impairment by content” (Burk, The Trouble with Trespass, 4 J. Small &
Emerging Bus. L. at p. 37) threatens to stretch trespass law to cover injuries far afield from
the harms to possession the tort evolved to protect. Intel’s theory would expand the tort of
trespass to chattels to cover virtually any unconsented-to communication that, solely
because of its content, is unwelcome to the recipient or intermediate transmitter. As the
dissenting justice below explained, “‘Damage’ of this nature—the distraction of reading or
listening to an unsolicited communication—is not within the scope of the injury against
which the trespass-to-chattel tort protects, and indeed trivializes it. After all, ‘[t]he property
interest protected by the old action of trespass was that of possession; and this has
continued to affect the character of the action.’ Reading an e-mail transmitted to equipment
designed to receive it, in and of itself, does not affect the possessory interest in the
equipment. [¶] Indeed, if a chattel’s receipt of an electronic communication constitutes a
trespass to that chattel, then not only are unsolicited telephone calls and faxes trespasses
to chattel, but unwelcome radio waves and television signals also constitute a trespass to
chattel every time the viewer inadvertently sees or hears the unwanted program.” We
agree. While unwelcome communications, electronic or otherwise, can cause a variety of
injuries to economic relations, reputation and emotions, those interests are protected by
other branches of tort law; in order to address them, we need not create a fiction of injury to
the communication system.
Nor may Intel appropriately assert a property interest in its employees’ time. “The
Restatement test clearly speaks in the first instance to the impairment of the chattel.... But
employees are not chattels (at least not in the legal sense of the term).” (Burk, The Trouble
with Trespass, 4 J. Small & Emerging Bus. L. at p. 36.) Whatever interest Intel may have
in preventing its employees from receiving disruptive communications, it is not an interest
in personal property, and trespass to chattels is therefore not an action that will lie to
protect it. Nor, finally, can the fact Intel staff spent time attempting to block Hamidi’s
messages be bootstrapped into an injury to Intel’s possessory interest in its computers. To
quote, again, from the dissenting opinion in the Court of Appeal: “[I]t is circular to premise
the damage element of a tort solely upon the steps taken to prevent the damage. Injury can
only be established by the completed tort’s consequences, not by the cost of the steps taken
to avoid the injury and prevent the tort; otherwise, we can create injury for every supposed
tort.”
Intel connected its e-mail system to the Internet and permitted its employees to make use
of this connection both for business and, to a reasonable extent, for their own purposes. In
doing so, the company necessarily contemplated the employees’ receipt of unsolicited as
well as solicited communications from other companies and individuals. That some
communications would, because of their contents, be unwelcome to Intel management was
virtually inevitable. Hamidi did nothing but use the e-mail system for its intended
purpose—to communicate with employees. The system worked as designed, delivering the
102.
messages without any physical or functional harm or disruption. These occasional
transmissions cannot reasonably be viewed as impairing the quality or value of Intel’s
computer system. We conclude, therefore, that Intel has not presented undisputed facts
demonstrating an injury to its personal property, or to its legal interest in that property,
that support, under California tort law, an action for trespass to chattels.
II. Proposed Extension of California Tort Law
We next consider whether California common law should be extended to cover, as a
trespass to chattels, an otherwise harmless electronic communication whose contents are
objectionable. We decline to so expand California law. Intel, of course, was not the recipient
of Hamidi’s messages, but rather the owner and possessor of computer servers used to relay
the messages, and it bases this tort action on that ownership and possession. The property
rule proposed is a rigid one, under which the sender of an electronic message would be
strictly liable to the owner of equipment through which the communication passes—here,
Intel—for any consequential injury flowing from the contents of the communication….
…Creating an absolute property right to exclude undesired communications from one’s e-
mail and Web servers might help force spammers to internalize the costs they impose on
ISP’s and their customers. But such a property rule might also create substantial new costs,
to e-mail and e-commerce users and to society generally, in lost ease and openness of
communication and in lost network benefits. In light of the unresolved controversy, we
would be acting rashly to adopt a rule treating computer servers as real property for
purposes of trespass law.
The Legislature has already adopted detailed regulations governing UCE. (Bus. & Prof.
Code, §§ 17538.4, 17538.45) It may see fit in the future also to regulate noncommercial e-
mail, such as that sent by Hamidi, or other kinds of unwanted contact between computers
on the Internet, such as that alleged in eBay. But we are not persuaded that these
perceived problems call at present for judicial creation of a rigid property rule of computer
server inviolability. We therefore decline to create an exception, covering Hamidi’s
unwanted electronic messages to Intel employees, to the general rule that a trespass to
chattels is not actionable if it does not involve actual or threatened injury to the personal
property or to the possessor’s legally protected interest in the personal property. No such
injury having been shown on the undisputed facts, Intel was not entitled to summary
judgment in its favor.
III. Constitutional Considerations
Because we conclude no trespass to chattels was shown on the summary judgment record,
making the injunction improper on common law grounds, we need not address at length the
dissenters’ constitutional arguments. A few clarifications are nonetheless in order.
Justice Mosk asserts that this case involves only “a private entity seeking to enforce private
trespass rights.” But the injunction here was issued by a state court. While a private
refusal to transmit another’s electronic speech generally does not implicate the First
Amendment, because no governmental action is involved (see Cyber Promotions, Inc. v.
American Online, Inc. (E.D. Penn. 1996) 948 F. Supp. 436, 441-445 [spammer could not
force private ISP to carry its messages]), the use of government power, whether in
103.
enforcement of a statute or ordinance or by an award of damages or an injunction in a
private lawsuit, is state action that must comply with First Amendment limits. Nor does
the nonexistence of a “constitutional right to trespass” make an injunction in this case per
se valid. Unlike, for example, the trespasser-to-land defendant in Church of Christ in
Hollywood v. Superior Court (2002) 99 Cal. App. 4th 1244, Hamidi himself had no tangible
presence on Intel property, instead speaking from his own home through his computer. He
no more invaded Intel’s property than does a protester holding a sign or shouting through a
bullhorn outside corporate headquarters, posting a letter through the mail, or telephoning
to complain of a corporate practice.
Justice Brown relies upon a constitutional “right not to listen,” rooted in the listener’s
“personal autonomy”, as compelling a remedy against Hamidi’s messages, which she asserts
were sent to “unwilling” listeners. Even assuming a corporate entity could under some
circumstances claim such a personal right, here the intended and actual recipients of
Hamidi’s messages were individual Intel employees, rather than Intel itself. The record
contains no evidence Hamidi sent messages to any employee who notified him such
messages were unwelcome. In any event, such evidence would, under the dissent’s rationale
of a right not to listen, support only a narrow injunction aimed at protecting individual
recipients who gave notice of their rejection. (See Bolger v. Youngs Drug Products Corp.
(1983) 463 U.S. 60, 72 [government may not act on behalf of all addressees by generally
prohibiting mailing of materials related to contraception, where those recipients who may
be offended can simply ignore and discard the materials]; Martin v. City of Struthers (1943)
319 U.S. 141, 144 [anti-canvassing ordinance improperly “substitutes the judgment of the
community for the judgment of the individual householder”]; cf. Rowan v. U.S. Post Office
Dept. (1970) 397 U.S. 728, 736 [“householder” may exercise “individual autonomy” by
refusing delivery of offensive mail].) The principle of a right not to listen, founded in
personal autonomy, cannot justify the sweeping injunction issued here against all
communication to Intel addresses, for such a right, logically, can be exercised only by, or at
the behest of, the recipient himself or herself.
DISPOSITION
The judgment of the Court of Appeal is reversed.
WE CONCUR: KENNARD, MORENO and PERREN*, JJ.
[Concurring opinion by Justice Kennard and dissenting opinion by Justice Brown are
omitted.]
Dissenting Opinion by MOSK, J.**
The majority hold that the California tort of trespass to chattels does not encompass the
use of expressly unwanted electronic mail that causes no physical damage or impairment to
the recipient’s computer system. They also conclude that because a computer system is not
* Associate Justice of the Court of Appeal, Second Appellate District, Division Six, assigned by the Chief Justice
pursuant to article VI, section 6 of the California Constitution. ** Associate Justice, Court of Appeal, Second Appellate District, Division Five, assigned by the Chief Justice
pursuant to article VI, section 6 of the California Constitution.
104.
like real property, the rules of trespass to real property are also inapplicable to the
circumstances in this case. Finally, they suggest that an injunction to preclude mass,
noncommercial, unwelcome e-mails may offend the interests of free communication.
I respectfully disagree and would affirm the trial court’s decision. In my view, the repeated
transmission of bulk e-mails by appellant Kourosh Kenneth Hamidi (Hamidi) to the
employees of Intel Corporation (Intel) on its proprietary confidential e-mail lists, despite
Intel’s demand that he cease such activities, constituted an actionable trespass to chattels.
The majority fail to distinguish open communication in the public “commons” of the
Internet from unauthorized intermeddling on a private, proprietary intranet. Hamidi is not
communicating in the equivalent of a town square or of an unsolicited “junk” mailing
through the United States Postal Service. His action, in crossing from the public Internet
into a private intranet, is more like intruding into a private office mailroom,
commandeering the mail cart, and dropping off unwanted broadsides on 30,000 desks.
Because Intel’s security measures have been circumvented by Hamidi, the majority leave
Intel, which has exercised all reasonable self-help efforts, with no recourse unless he causes
a malfunction or systems “crash.” Hamidi’s repeated intrusions did more than merely
“prompt[] discussions between ‘[e]xcited and nervous managers’ and the company’s human
resource department”; they also constituted a misappropriation of Intel’s private computer
system contrary to its intended use and against Intel’s wishes.
The law of trespass to chattels has not universally been limited to physical damage. I
believe it is entirely consistent to apply that legal theory to these circumstances—that is,
when a proprietary computer system is being used contrary to its owner’s purposes and
expressed desires, and self-help has been ineffective. Intel correctly expects protection from
an intruder who misuses its proprietary system, its nonpublic directories, and its
supposedly controlled connection to the Internet to achieve his bulk mailing objectives—
incidentally, without even having to pay postage.
I
Intel maintains an intranet—a proprietary computer network—as a tool for transacting
and managing its business, both internally and for external business communications.1 The
network and its servers constitute a tangible entity that has value in terms of the costs of
its components and its function in enabling and enhancing the productivity and efficiency of
Intel’s business operations. Intel has established costly security measures to protect the
integrity of its system, including policies about use, proprietary internal e-mail addresses
that it does not release to the public for use outside of company business, and a gateway for
blocking unwanted electronic mail—a so-called firewall.
1 The Oxford English Dictionary defines an intranet as “A local or restricted computer network; spec. a private
or corporate network that uses Internet protocols. An intranet may (but need not) be connected to the Internet
and be accessible externally to authorized users.” (OED Online, new ed., draft entry, Mar. 2003,
<http://dictionary.oed.com/> [as of June 30, 2003]; see also Kokka, Property Rights on an Intranet, 3 Spring 1998
J. Tech.L. & Policy 3, WL 3 UFLJTLP 3 at *3, *6 [defining an intranet as “an internal network of computers,
servers, routers and browser software designed to organize, secure, distribute and collect information within an
organization,” which in large organizations generally includes a wide range of services, including e-mail].)
Contrary to the majority’s assertion, there is nothing incorrect about characterizing Hamidi’s unauthorized bulk
e-mails as intrusions onto Intel’s intranet.
105.
The Intel computer usage guidelines, which are promulgated for its employees, state that
the computer system is to be “used as a resource in conducting business. Reasonable
personal use is permitted, but employees are reminded that these resources are the
property of Intel and all information on these resources is also the property of Intel.”
Examples of personal use that would not be considered reasonable expressly include “use
that adversely affects productivity.” Employee e-mail communications are neither private
nor confidential.
Hamidi, a former Intel employee who had sued Intel and created an organization to
disseminate negative information about its employment practices, sent bulk electronic mail
on six occasions to as many as 35,000 Intel employees on its proprietary computer system,
using Intel’s confidential employee e-mail lists and adopting a series of different origination
addresses and encoding strategies to elude Intel’s blocking efforts. He refused to stop when
requested by Intel to do so, asserting that he would ignore its demands: “I don’t care. I have
grown deaf.” Intel sought injunctive relief, alleging that the disruptive effect of the bulk
electronic mail, including expenses from administrative and management personnel,
damaged its interest in the proprietary nature of its network.
The trial court, in its order granting summary judgment and a permanent injunction, made
the following pertinent findings regarding Hamidi’s transmission of bulk electronic mail:
“Intel has requested that Hamidi stop sending the messages, but Hamidi has refused, and
has employed surreptitious means to circumvent Intel’s efforts to block entry of his
messages into Intel’s system.... [¶] ... The e-mail system is dedicated for use in conducting
business, including communications between Intel employees and its customers and
vendors. Employee e-mail addresses are not published for use outside company business....
[¶] The intrusion by Hamidi into the Intel e-mail system has resulted in the expenditure of
company resources to seek to block his mailings and to address employee concerns about
the mailings. Given Hamidi’s evasive techniques to avoid blocking, the self help remedy
available to Intel is ineffective.” The trial court concluded that “the evidence establishes
(without dispute) that Intel has been injured by diminished employee productivity and in
devoting company resources to blocking efforts and to addressing employees about Hamidi’s
e-mails.” The trial court further found that the “massive” intrusions “impaired the value to
Intel of its e-mail system.”
The majority agree that an impairment of Intel’s system would result in an action for
trespass to chattels, but find that Intel suffered no injury. As did the trial court, I conclude
that the undisputed evidence establishes that Intel was substantially harmed by the costs
of efforts to block the messages and diminished employee productivity. Additionally, the
injunction did not affect Hamidi’s ability to communicate with Intel employees by other
means; he apparently continues to maintain a Web site to publicize his messages
concerning the company. Furthermore, I believe that the trial court and the Court of Appeal
correctly determined that the tort of trespass to chattels applies in these circumstances.
The Restatement Second of Torts explains that a trespass to a chattel occurs if “the chattel
is impaired as to its condition, quality, or value” or if “harm is caused to some ... thing in
which the possessor has a legally protected interest.” (Rest.2d Torts, § 218, subds. (b) & (d),
p. 420, italics added.) As to this tort, a current prominent treatise on the law of torts
explains that “[t]he defendant may interfere with the chattel by interfering with the
plaintiff’s access or use” and observes that the tort has been applied so as “to protect
106.
computer systems from electronic invasions by way of unsolicited email or the like.” (1
Dobbs, The Law of Torts (2001) § 60, pp. 122-123.) Moreover, “[t]he harm necessary to
trigger liability for trespass to chattels can be ... harm to something other than the chattel
itself.” (Id., pp. 124-125; see also 1 Harper et al., The Law of Torts (3d ed. 1996 & 2003
supp.) § 2.3, pp. 2:14-2:18.) The Restatement points out that, unlike a possessor of land, a
possessor of a chattel is not given legal protection from harmless invasion, but “the actor”
may be liable if the conduct affects “some other and more important interest of the
possessor.” (Rest.2d Torts, § 218, com. (e), p. 421, italics added.)
The Restatement explains that the rationale for requiring harm for trespass to a chattel but
not for trespass to land is the availability and effectiveness of self-help in the case of
trespass to a chattel. “Sufficient legal protection of the possessor’s interest in the mere
inviolability of his chattel is afforded by his privilege to use reasonable force to protect his
possession against even harmless interference.” (Rest.2d Torts, § 218, com. (e), p. 422.)
Obviously, “force” is not available to prevent electronic trespasses. As shown by Intel’s
inability to prevent Hamidi’s intrusions, self-help is not an adequate alternative to
injunctive relief.
The common law tort of trespass to chattels does not require physical disruption to the
chattel. It also may apply when there is impairment to the “quality” or “value” of the
chattel. (Rest.2d Torts, § 218, subd. (b), p. 420; see also id., com. (e), pp. 421-422 [liability if
“intermeddling is harmful to the possessor’s materially valuable interest in the physical
condition, quality, or value of the chattel”].) Moreover, as we held in Zaslow v. Kroenert
(1946) 29 Cal.2d 541, 551, it also applies “[w]here the conduct complained of does not
amount to a substantial interference with possession or the right thereto, but consists of
intermeddling with or use of or damages to the personal property.”2
Here, Hamidi’s deliberate and continued intermeddling, and threatened intermeddling,
with Intel’s proprietary computer system for his own purposes that were hostile to Intel,
certainly impaired the quality and value of the system as an internal business device for
Intel and forced Intel to incur costs to try to maintain the security and integrity of its
server—efforts that proved ineffective. These included costs incurred to mitigate injuries
that had already occurred. It is not a matter of “bootstrapp[ing]” to consider those costs a
damage to Intel. Indeed, part of the value of the proprietary computer system is the ability
to exclude intermeddlers from entering it for significant uses that are disruptive to its
owner’s business operations.
If Intel, a large business with thousands of former employees, is unable to prevent Hamidi
from continued intermeddling, it is not unlikely that other outsiders who obtain access to
its proprietary electronic mail addresses would engage in similar conduct, further reducing
the value of, and perhaps debilitating, the computer system as a business productivity
mechanism. Employees understand that a firewall is in place and expect that the messages
they receive are from senders permitted by the corporation. Violation of this expectation
increases the internal disruption caused by messages that circumvent the company’s
2 In Zaslow, we observed that when the trespass involves “intermeddling with or use of” another’s property, the
owner “may recover only the actual damages suffered by reason of the impairment of the property or the loss of
its use.” We did not state that such damages were a requirement for a cause of action; nor did we address the
availability of injunctive relief.
107.
attempt to exclude them. The time that each employee must spend to evaluate, delete or
respond to the message, when added up, constitutes an amount of compensated time that
translates to quantifiable financial damage.3
All of these costs to protect the integrity of the computer system and to deal with the
disruptive effects of the transmissions and the expenditures attributable to employee time,
constitute damages sufficient to establish the existence of a trespass to chattels, even if the
computer system was not overburdened to the point of a “crash” by the bulk electronic mail.
The several courts that have applied the tort of trespass to chattels to deliberate
intermeddling with proprietary computer systems have, for the most part, used a similar
analysis. Thus, the court in CompuServe Inc. v. Cyber Promotions, Inc. (S.D. Ohio 1997)
962 F. Supp. 1015, 1022, applied the Restatement to conclude that mass mailings and
evasion of the server’s filters diminished the value of the mail processing computer
equipment to CompuServe “even though it is not physically damaged by defendant’s
conduct.” The inconvenience to users of the system as a result of the mass messages
“decrease[d] the utility of CompuServe’s e-mail service” and was actionable as a trespass to
chattels. (Id. at p. 1023.)
The court in America Online, Inc. v. IMS (E.D. Va. 1998) 24 F. Supp. 2d 548, on facts
similar to those in the present case, also applied the Restatement in a trespass to chattels
claim. There, defendant sent unauthorized e-mails to America Online’s computer system,
persisting after receiving notice to desist and causing the company “to spend technical
resources and staff time to ‘defend’ its computer system and its membership” against the
unwanted messages. The company was not required to show that its computer system was
overwhelmed or suffered a diminution in performance; mere use of the system by the
defendant was sufficient to allow the plaintiff to prevail on the trespass to chattels claim.
Similarly, the court in eBay, Inc. v. Bidder’s Edge, Inc. (N.D. Cal. 2000) 100 F. Supp. 2d
1058 determined that there was a trespass to chattels when the quality or value of a
computer system was diminished by unauthorized “web crawlers,”4 despite the fact that
eBay had not alleged any “particular service disruption” or “specific incremental damages”
to the computer system. Intermeddling with eBay’s private property was sufficient to
establish a cause of action: “A trespasser is liable when the trespass diminishes the
3 As the recent spate of articles on “spam”—unsolicited bulk e-mail—suggests, the effects on business of such
unwanted intrusions are not trivial. “Spam is not just a nuisance. It absorbs bandwidth and overwhelms
Internet service providers. Corporate tech staffs labor to deploy filtering technology to protect their networks.
The cost is now widely estimated (though all such estimates are largely guesswork) at billions of dollars a year.
The social costs are immeasurable.... [¶] ‘Spam has become the organized crime of the Internet.’ ... ‘[M]ore and
more it’s becoming a systems and engineering and networking problem.’” (Gleick, Tangled Up in Spam, N.Y.
Times (Feb. 9, 2003) magazine p. 1 [as of June 30, 2003]; see also Cooper & Shogren, U.S., States Turn Focus to
Curbing Spam, L.A. Times (May 1, 2003) p. A21, col. 2 [“Businesses are losing money with every moment that
employees spend deleting”]; Turley, Congress Must Send Spammers a Message, L.A. Times (Apr. 21, 2003) p.
B13, col. 5 [“Spam now costs American businesses about $9 billion a year in lost productivity and screening”];
Taylor, Spam’s Big Bang! (June 16, 2003) Time, p. 51 [“The time we spend deleting or defeating spam costs an
estimated $8.9 billion a year in lost productivity”].) But the occasional spam addressed to particular employees
does not pose nearly the same threat of impaired value as the concerted bulk mailings into one e-mail system at
issue here, which mailings were sent to thousands of employees with the express purpose of disrupting business
as usual. 4 A “web crawler” is a computer program that operates across the Internet to obtain information from the
websites of others.
108.
condition, quality or value of personal property”; “[e]ven if [defendant’s intrusions] use only
a small amount of eBay’s computer ... capacity, [defendant] has nonetheless deprived eBay
of the ability to use that portion of its personal property for its own purposes. The law
recognizes no such right to use another’s personal property.” ([S]ee also, e.g., Oyster
Software, Inc. v. Forms Processing, Inc. (N.D. Cal., Dec. 6, 2001) 2001 WL 1736382 at *12-
*13 [trespass to chattels claim did not require company to demonstrate physical damage];
accord, Register.com, Inc. v. Verio, Inc. (S.D.N.Y. 2000) 126 F. Supp. 2d 238, 250; cf.
Thrifty-Tel, Inc. v. Bezenek (1996) 46 Cal. App. 4th 1559, 1566-1567 [unconsented
electronic access to a computer system constituted a trespass to chattels].)
These cases stand for the simple proposition that owners of computer systems, like owners
of other private property, have a right to prevent others from using their property against
their interests. That principle applies equally in this case. By his repeated intermeddling,
Hamidi converted Intel’s private employee e-mail system into a tool for harming
productivity and disrupting Intel’s workplace. Intel attempted to put a stop to Hamidi’s
intrusions by increasing its electronic screening measures and by requesting that he desist.
Only when self-help proved futile, devolving into a potentially endless joust between
attempted prevention and circumvention, did Intel request and obtain equitable relief in
the form of an injunction to prevent further threatened injury.
The majority suggest that Intel is not entitled to injunctive relief because it chose to allow
its employees access to e-mail through the Internet and because Hamidi has apparently
told employees that he will remove them from his mailing list if they so request. They
overlook the proprietary nature of Intel’s intranet system; Intel’s system is not merely a
conduit for messages to its employees. As the owner of the computer system, it is Intel’s
request that Hamidi stop that must be respected. The fact that, like most large businesses,
Intel’s intranet includes external e-mail access for essential business purposes does not
logically mean, as the majority suggest, that Intel has forfeited the right to determine who
has access to its system. Its intranet is not the equivalent of a common carrier or public
communications licensee that would be subject to requirements to provide service and
access. Just as Intel can, and does, regulate the use of its computer system by its
employees, it should be entitled to control its use by outsiders and to seek injunctive relief
when self-help fails.
The majority also propose that Intel has sufficient avenues for legal relief outside of
trespass to chattels, such as interference with prospective economic relations, interference
with contract, intentional infliction of emotional distress, and defamation; Hamidi urges
that an action for nuisance is more appropriate. Although other causes of action may under
certain circumstances also apply to Hamidi’s conduct, the remedy based on trespass to
chattels is the most efficient and appropriate. It simply requires Hamidi to stop the
unauthorized use of property without regard to the content of the transmissions. Unlike
trespass to chattels, the other potential causes of action suggested by the majority and
Hamidi would require an evaluation of the transmissions’ content and, in the case of a
nuisance action, for example, would involve questions of degree and value judgments based
on competing interests.
II
109.
As discussed above, I believe that existing legal principles are adequate to support Intel’s
request for injunctive relief. But even if the injunction in this case amounts to an extension
of the traditional tort of trespass to chattels, this is one of those cases in which, as Justice
Cardozo suggested, “[t]he creative element in the judicial process finds its opportunity and
power” in the development of the law.
The law has evolved to meet economic, social, and scientific changes in society. The
industrial revolution, mass production, and new transportation and communication
systems all required the adaptation and evolution of legal doctrines.
The age of computer technology and cyberspace poses new challenges to legal principles. As
this court has said, “the so-called Internet revolution has spawned a host of new legal
issues as courts have struggled to apply traditional legal frameworks to this new
communication medium.” The court must now grapple with proprietary interests, privacy,
and expression arising out of computer-related disputes. Thus, in this case the court is
faced with “that balancing of judgment, that testing and sorting of considerations of
analogy and logic and utility and fairness” that Justice Cardozo said he had “been trying to
describe.” Additionally, this is a case in which equitable relief is sought. As Bernard Witkin
has written, “equitable relief is flexible and expanding, and the theory that ‘for every wrong
there is a remedy’ [Civ. Code, § 3523] may be invoked by equity courts to justify the
invention of new methods of relief for new types of wrongs.” That the Legislature has dealt
with some aspects of commercial unsolicited bulk e-mail (Bus. & Prof. Code, §§ 17538.4,
17538.45) should not inhibit the application of common law tort principles to deal with e-
mail transgressions not covered by the legislation.
Before the computer, a person could not easily cause significant disruption to another’s
business or personal affairs through methods of communication without significant cost.
With the computer, by a mass mailing, one person can at no cost disrupt, damage, and
interfere with another’s property, business, and personal interests. Here, the law should
allow Intel to protect its computer-related property from the unauthorized, harmful, free
use by intruders.
III
As the Court of Appeal observed, connecting one’s driveway to the general system of roads
does not invite demonstrators to use the property as a public forum. Not mindful of this
precept, the majority blur the distinction between public and private computer networks in
the interest of “ease and openness of communication.” By upholding Intel’s right to exercise
self-help to restrict Hamidi’s bulk e-mails, they concede that he did not have a right to send
them through Intel’s proprietary system. Yet they conclude that injunctive relief is
unavailable to Intel because it connected its e-mail system to the Internet and thus,
“necessarily contemplated” unsolicited communications to its employees. Their exposition
promotes unpredictability in a manner that could be as harmful to open communication as
it is to property rights. It permits Intel to block Hamidi’s e-mails entirely, but offers no
recourse if he succeeds in breaking through its security barriers, unless he physically or
functionally degrades the system.
By making more concrete damages a requirement for a remedy, the majority has rendered
speech interests dependent on the impact of the e-mails. The sender will never know when
110.
or if the mass e-mails sent by him (and perhaps others) will use up too much space or cause
a crash in the recipient system, so as to fulfill the majority’s requirement of damages. Thus,
the sender is exposed to the risk of liability because of the possibility of damages. If, as the
majority suggest, such a risk will deter “ease and openness of communication”, the
majority’s formulation does not eliminate such deterrence. Under the majority’s position,
the lost freedom of communication still exists. In addition, a business could never reliably
invest in a private network that can only be kept private by constant vigilance and
inventiveness, or by simply shutting off the Internet, thus limiting rather than expanding
the flow of information.6 Moreover, Intel would have less incentive to allow employees
reasonable use of its equipment to send and receive personal e-mails if such allowance is
justification for preventing restrictions on unwanted intrusions into its computer system. I
believe the best approach is to clearly delineate private from public networks and identify
as a trespass to chattels the kind of intermeddling involved here.
The views of the amici curiae group of intellectual property professors that a ruling in favor
of Intel will interfere with communication are similarly misplaced because here, Intel,
contrary to most users, expressly informed Hamidi that it did not want him sending
messages through its system. Moreover, as noted above, all of the problems referred to will
exist under the apparently accepted law that there is a cause of action if there is some
actionable damage.
Hamidi and other amici curiae raise, for the first time on appeal, certain labor law issues,
including the matter of protected labor-related communications. Even assuming that these
issues are properly before this court, to the extent the laws allow what would otherwise be
trespasses for some labor-related communications, my position does not exclude that here
too. But there has been no showing that the communications are labor-law protected.7
Finally, with regard to alleged constitutional free speech concerns raised by Hamidi and
others, this case involves a private entity seeking to enforce private rights against trespass.
Unlike the majority, I have concluded that Hamidi did invade Intel’s property. His actions
constituted a trespass—in this case a trespass to chattels. There is no federal or state
constitutional right to trespass. (Adderley v. Florida (1966) 385 U.S. 39, 47 [“Nothing in the
Constitution of the United States prevents Florida from even-handed enforcement of its
general trespass statute....”]; Church of Christ in Hollywood v. Superior Court (2002) 99
Cal. App. 4th 1244, 1253-1254 [affirming a restraining order preventing former church
member from entering church property: “[the United States Supreme Court] has never held
that a trespasser or an uninvited guest may exercise general rights of free speech on
property privately owned”]; see also CompuServe Inc. v. Cyber Promotions, Inc., 962 F.
Supp. at p. 1026 [“the mere judicial enforcement of neutral trespass laws by the private
owner of property does not alone render it a state actor”]; Cyber Promotions, Inc. v.
American Online, Inc. (E.D. Pa. 1996) 948 F. Supp. 436, 456 [“a private company such as
Cyber simply does not have the unfettered right under the First Amendment to invade
AOL’s private property....”].) Accordingly, the cases cited by the majority regarding
6 Thus, the majority’s approach creates the perverse incentive for companies to invest less in computer capacity
in order to protect its property. In the view of the majority, Hamidi’s massive e-mails would be actionable only if
Intel had insufficient server or storage capacity to manage them. 7 The bulk e-mail messages from Hamidi, a nonemployee, did not purport to spur employees into any collective
action; he has conceded that “[t]his is not a drive to unionize.” Nor was his disruptive conduct part of any bona
fide labor dispute.
111.
restrictions on speech, not trespass, are not applicable. Nor does the connection of Intel’s e-
mail system to the Internet transform it into a public forum any more than any connection
between private and public properties. Moreover, as noted above, Hamidi had adequate
alternative means for communicating with Intel employees so that an injunction would not,
under any theory, constitute a free speech violation.
IV
The trial court granted an injunction to prevent threatened injury to Intel. That is the
purpose of an injunction. Intel should not be helpless in the face of repeated and threatened
abuse and contamination of its private computer system. The undisputed facts, in my view,
rendered Hamidi’s conduct legally actionable. Thus, the trial court’s decision to grant a
permanent injunction was not “a clear abuse of discretion” that may be “disturbed on
appeal.”
The injunction issued by the trial court simply required Hamidi to refrain from further
trespassory conduct, drawing no distinction based on the content of his e-mails. Hamidi
remains free to communicate with Intel employees and others outside the walls—both
physical and electronic—of the company.
For these reasons, I respectfully dissent.
I CONCUR: GEORGE, C.J.
NOTES AND QUESTIONS
Are you more sympathetic towards Hamidi or Intel?
The dissent said “[t]he trial court further found that the ‘massive’ intrusions ‘impaired the
value to Intel of its e-mail system.’” Why didn’t that finding of fact satisfy the majority’s
legal standard?
Intel brought, and subsequently dropped, a nuisance claim against Hamidi. How was
Hamidi’s activity like a “nuisance”?
If Hamidi sends another batch of unwanted emails to Intel employees after this ruling,
what, if anything, can Intel do about it?
The dissent says “the majority’s approach creates the perverse incentive for companies to
invest less in computer capacity in order to protect its property.” How has that prediction
fared over time?
What do you think of the dissent’s analogy that Hamidi’s email campaign is “like intruding
into a private office mailroom, commandeering the mail cart, and dropping off unwanted
broadsides on 30,000 desks”?
112.
Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004).
Leval, Circuit Judge.
…Verio also attacks the grant of the preliminary injunction against its accessing Register’s
computers by automated software programs performing multiple successive queries. This
prong of the injunction was premised on Register’s claim of trespass to chattels. Verio
contends the ruling was in error because Register failed to establish that Verio’s conduct
resulted in harm to Register’s servers and because Verio’s robot access to the WHOIS
database through Register was “not unauthorized.” We believe the district court’s findings
were within the range of its permissible discretion.
“A trespass to a chattel may be committed by intentionally ... using or intermeddling with a
chattel in the possession of another,” Restatement (Second) of Torts § 217(b) (1965), where
“the chattel is impaired as to its condition, quality, or value.”
The district court found that Verio’s use of search robots, consisting of software programs
performing multiple automated successive queries, consumed a significant portion of the
capacity of Register’s computer systems. While Verio’s robots alone would not incapacitate
Register’s systems, the court found that if Verio were permitted to continue to access
Register’s computers through such robots, it was “highly probable” that other Internet
service providers would devise similar programs to access Register’s data, and that the
system would be overtaxed and would crash. We cannot say these findings were
unreasonable.
Nor is there merit to Verio’s contention that it cannot be engaged in trespass when Register
had never instructed it not to use its robot programs. As the district court noted, Register’s
complaint sufficiently advised Verio that its use of robots was not authorized and, according
to Register’s contentions, would cause harm to Register’s systems….
NOTES AND QUESTIONS
Are the Hamidi and Register.com rulings consistent with each other?
Civil plaintiffs routinely assert common law trespass to chattels, CFAA, and state computer
crimes violations in the same complaint. Defendants must successfully navigate all three
claims to win the case.
Because the CFAA and state computer crimes laws have both civil and criminal provisions,
defendants (and their lawyers) need to consider the risks of criminal prosecution, not just
civil exposure.
CFAA in the Employment Context. Departing employees routinely take company files with
them electronically. They may email the files to their personal email accounts, upload the
files to cloud storage, or download the files to a flash drive. Often, such activities constitute
trade secret misappropriation, but put that aside for a moment. Assume the employee did
not hack the system to obtain files that the employee wasn’t meant to access. Does the
emailing/downloading of company files for non-company purposes constitute a misuse of the
company’s equipment such that it becomes a CFAA violation?
113.
This issue has vexed the courts. Several appellate courts, including United States v. Nosal,
676 F.3d 854 (9th Cir. 2012) (en banc) (“Nosal I”) and WEC Carolina Energy Solutions LLC
v. Miller, 687 F.3d 199 (4th Cir. 2012), held that an employee who initially had
authorization to access the company’s computers did not “exceed authorized access” by
downloading files for improper purposes. Courts do not uniformly follow this view, however.
The Nosal case shows the courts’ struggles with applying the CFAA in employment
contexts. The Ninth Circuit explained:
Nosal worked at the executive search firm Korn/Ferry International when he
decided to launch a competitor along with a group of co-workers. Before
leaving Korn/Ferry, Nosal’s colleagues began downloading confidential
information from a Korn/Ferry database to use at their new enterprise.
Although they were authorized to access the database as current Korn/Ferry
employees, their downloads on behalf of Nosal violated Korn/Ferry’s
confidentiality and computer use policies....When Nosal left Korn/Ferry, the
company revoked his computer access credentials, even though he remained
for a time as a contractor. The company took the same precaution upon the
departure of his accomplices, Becky Christian and Mark Jacobson.
Nonetheless, they continued to access the database using the credentials of
Nosal’s former executive assistant, Jacqueline Froehlich-L’Heureaux (“FH”),
who remained at Korn/Ferry at Nosal’s request.
In 2012, the court held that that § 1030(a)(4)’s “exceeds authorized access” language “does
not extend to violations of [a company’s] use restrictions.” United States v. Nosal, 676 F.3d
854 (9th Cir. 2012) (en banc).
Nosal’s win was short-lived. Prosecutors pursued Nosal on other CFAA grounds, and the
case went back to the Ninth Circuit. In Nosal II, the court said “we are asked to decide
whether the ‘without authorization’ prohibition of the CFAA extends to a former employee
whose computer access credentials have been rescinded but who, disregarding the
revocation, accesses the computer by other means.” United States v. Nosal, 844 F.3d 1024
(9th Cir. 2016) (“Nosal II,” as amended December 2016). The court held that, by instructing
Jacqueline to act as his proxy, Nosal disregarded the former employer’s revocation of his
access rights—even though Jacqueline (as a current employee) still had authorized access
to the system.
Perhaps Nosal II is sufficiently fact-specific that it doesn’t undermine the broader
principles articulated in Nosal I. Arguably, the case turned on Jacqueline’s provision of her
passwords to departed employees whose system access had been expressly revoked. Still,
the courts’ statutory construction remains highly confused and confusing. We may get more
clarity from a pending U.S. Supreme Court case, Van Buren v. United States, raising this
exact issue.
In addition to the CFAA conviction, Nosal was convicted of criminal trade secret
misappropriation. If trade secret law already protected Nosal’s former employer, why did
the government spend so much time prosecuting the mostly-duplicative CFAA crime?
114.
Cease-and-Desist Letters Revoking Authorization. Power Ventures operated a service
designed to aggregate a user’s social networking content from multiple social networking
sites, including Facebook. At users’ request, and using login credentials supplied by users,
Power Ventures used automated scripts to log into the users’ Facebook accounts and
download/upload their content. Facebook allowed third party services to perform such
functions using a tool called “Facebook Connect,”* but Power Ventures did not use that tool.
As a result, Facebook sent cease-and-desist letters to Power Ventures and blocked Power
Ventures’ IP addresses. Neither effort stopped Power Ventures. Facebook’s lawsuit led to a
Ninth Circuit opinion, Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058 (9th Cir.
2016).
The Ninth Circuit recaps the general principles:
First, a defendant can run afoul of the CFAA when he or she has no
permission to access a computer or when such permission has been revoked
explicitly. Once permission has been revoked, technological gamesmanship or
the enlisting of a third party to aid in access will not excuse liability. Second,
a violation of the terms of use of a website—without more—cannot establish
liability under the CFAA.
The court said that Power Ventures might have had implied authorization to access
Facebook’s service, especially given the users’ requests for it to do so. However, “Facebook
expressly rescinded that permission when Facebook issued its written cease and desist
letter to Power on December 1, 2008....The consent that Power had received from Facebook
users was not sufficient to grant continuing authorization to access Facebook's computers
after Facebook's express revocation of permission.” The Ninth Circuit also confirmed that
Power Ventures violated the applicable state computer crime law, Cal. Penal Code § 502.
Cease-and-desist letters often demand remedies that no court would actually grant. In
other words, they are often the sender’s wish list, maybe only loosely tethered to the
sender’s actual legal rights. If so, does it make sense for the Ninth Circuit to treat cease-
and-desist letters as dispositive on the CFAA “authorization” question? Recall that CFAA
violations can be criminal, so the Ninth Circuit seems to be saying that a company’s private
cease-and-desist letter can define what constitutes criminal behavior.
Interestingly, the court says (in a footnote) that cease-and-desist letters are more
consequential than a service’s technological self-help via IP address blocks:
Simply bypassing an IP address, without more, would not constitute
unauthorized use. Because a blocked user does not receive notice that he has
been blocked, he may never realize that the block was imposed and that
authorization was revoked. Or, even if he does discover the block, he could
conclude that it was triggered by misconduct by someone else who shares the
same IP address, such as the user's roommate or co-worker.
* [Editor’s note: Facebook Connect was an API that let third-party services automatically access and download
large quantities of information about Facebook users. It gained notoriety as the mechanism that enabled the
well-publicized Cambridge Analytica data leakage.]
115.
What do you think of this distinction between IP address blocks and cease-and-desist
letters?
On remand, the district court awarded about $80,000 of damages ($5k of remediation
efforts after the C&D letter plus $75k of legal costs negotiating with Power Ventures) and
issued a permanent injunction. Facebook, Inc. v. Power Ventures, Inc., 252 F. Supp. 3d 765
(N.D. Cal. 2017).
The hiQ Ruling. Are you confused yet? If not, hiQ Labs, Inc. v. LinkedIn Corp., 938 F.3d
985 (9th Cir. 2019), will get you there.
hiQ builds databases about employees and then sells data to employers about ways to
retain their employees or fill gaps in the company’s overall workforce skills. It scraped
LinkedIn to gather the treasure trove of employee information on the site. Although
LinkedIn apparently initially acquiesced to hiQ’s scraping, LinkedIn eventually took a
number of steps to prevent hiQ’s scraping, including technical efforts to block its scrapers
and a cease-and-desist letter. Based on prior precedent, LinkedIn adequately notified hiQ
that it didn’t want its scrapers on the LinkedIn site.
In response, hiQ sued LinkedIn for a declaratory judgment that hiQ had a legally protected
right to gather data from LinkedIn. This might be analogous to Hamidi suing Intel to
prevent it from blocking his email as spam; or Verio suing Register.com to ensure that
Verio had the legally protected right to grab Register.com’s Whois data.
Perhaps surprisingly, hiQ’s legal tactic has worked, at least so far. “The district court
granted hiQ’s motion. It ordered LinkedIn to withdraw its cease-and-desist letter, to
remove any existing technical barriers to hiQ’s access to public profiles, and to refrain from
putting in place any legal or technical measures with the effect of blocking hiQ’s access to
public profiles.” The Ninth Circuit affirmed the preliminary injunction against LinkedIn.
The court, citing Nosal I, says the CFAA was “enacted to prevent intentional intrusion onto
someone else’s computer—specifically, computer hacking.... We therefore look to whether the conduct at issue is analogous to ‘breaking and entering.’” This supports the “idea that
authorization is only required for password-protected sites or sites that otherwise prevent
the general public from viewing the information.”
This sets up a theoretical distinction between Facebook (and the Power Ventures case) and
LinkedIn: in theory, Facebook users do not permit the general public to see their
information while LinkedIn users do. This actually doesn’t fit the facts; Facebook users can,
and sometimes do, make their information freely available to the public, and LinkedIn
users can, and sometimes do, restrict some or all of their profile from public view.
Nevertheless, the court thinks it threads this needle: “While Power Ventures was gathering
user data that was protected by Facebook’s username and password authentication system,
the data hiQ was scraping was available to anyone with a web browser.”
The court summarized:
it appears that the CFAA’s prohibition on accessing a computer “without
authorization” is violated when a person circumvents a computer’s generally
116.
applicable rules regarding access permissions, such as username and
password requirements, to gain access to a computer. It is likely that when a
computer network generally permits public access to its data, a user’s
accessing that publicly available data will not constitute access without
authorization under the CFAA. The data hiQ seeks to access is not owned by
LinkedIn and has not been demarcated by LinkedIn as private using such an
authorization system.
There are many reasons why hiQ may not ultimately succeed. In particular, the Ninth
Circuit principally addressed the CFAA issues. LinkedIn has a variety of other legal bases
to thwart scraping that it can pursue when the case returns to the district court. As the
Ninth Circuit noted, “the companies have invoked additional claims and defenses in the
district court, and we express no opinion as to whether any of those claims or defenses
might ultimately prove meritorious.... even if the CFAA does not apply: state law trespass to chattels claims may still be available. And other causes of action, such as copyright
infringement, misappropriation, unjust enrichment, conversion, breach of contract, or
breach of privacy, may also lie.” As a result, it remains possible that LinkedIn had every
legal right to shut down hiQ’s scraping, in which case the intermediate rulings only offer
false hope to hiQ and other scrapers.
In the interim, other courts have interpreted the hiQ ruling as a free pass for third parties
to access publicly available websites regardless of the website operator’s efforts. See, e.g.,
Sandvig v. Barr, 2020 WL 1494065 (D.D.C. 2020) (CFAA cannot stop researchers from
accessing websites for research purposes, even if the TOS contains provisions restricting
such activity); Miller v. 4Internet LLC, 2:18-cv-02097-JAD-VCF (D. Nev. July 10, 2020)
(search engine can’t stop copyright owner’s robots looking for infringing activity).
117.
Online Trespass to Chattels: a Failed Experiment
By Eric Goldman
Posted March 28, 2013 to http://www.forbes.com/sites/ericgoldman/2013/03/28/the-
computer-fraud-and-abuse-act-is-a-failed-experiment/.
...Initially, the CFAA banned hacking, but over the years, it has morphed into a general
restriction against online trespass to chattels. I’ll explain why–and how–the concept of
online trespass to chattels should be eliminated from the CFAA and analogous state law
doctrines.
The Current Law of Online Trespass to Chattels
Trespass to Chattels Offline. “Chattel” means tangible personal property, as opposed to real
property like real estate or intangible assets like intellectual property. Colloquially, we
often refer to chattel as our “stuff.”
In the offline world, a chattel owner has the exclusive right to possess the chattel. If
someone permanently takes someone else’s chattel, we call this “theft” or “conversion,” and
we punish it both civilly and criminally.
Chattel interferences less significant than theft/conversion, such as temporarily depriving
the chattel owner of possession (e.g., taking someone else’s car for a “joyride”), may be
actionable as “trespass to chattel.” Trespass to chattels is a venerable doctrine, but it does
not apply to all interactions with someone else’s offline chattel. The owner must show some
damage from the interference. Petting someone’s dog or touching someone’s car with your
finger may technically interfere with the chattel, but typically it’s not actionable as a
trespass because the chattel owner hasn’t suffered any harm. The requirement that the
chattel owner show some harm differs from trespass to real property, which in contrast can
occur merely by a person’s unauthorized presence even if the owner has experienced no
other damage.
Trespass to Chattels Online. The Internet operates by passing bits of data over computer
equipment, such as servers, routers and cables. All of that equipment is owned by someone.
In other words, Internet data moves over a network of privately owned chattel.
Over the years, legislatures and the courts progressively have treated the unauthorized
movement of data bits over someone else’s chattel into a “trespass” of that chattel–an
activity I’ll call “online trespass to chattels.” For example, many states have enacted
computer crime laws that restrict unauthorized use of Internet and telecommunications
equipment. In 1997, CompuServe v. Cyber Promotions, a federal district court held that
sending spam to an third party’s email router constituted trespass to chattels under the
common law (common law is judge-made law, not enacted by a legislature). Many
subsequent courts have embraced that precedent. And over the years, Congress has
progressively expanded the Computer Fraud & Abuse Act so that it has become, in effect, a
federal prohibition on trespassing someone else’s Internet equipment by sending data to it
or taking data from it. With respect to the CFAA and some state computer crime laws, we
punish violations both civilly and criminally.
118.
All of these legal doctrines (the CFAA, state computer crimes, common law trespass to
chattels) require that the online chattel owner show that the defendant’s activity was
unauthorized and that the owner suffered some damage from the defendant’s use of the
chattel, but the legal standards differ somewhat between the doctrines. In practice, the
required damages showing is often trivial. For example, both the CFAA and California’s
computer crime law count the chattel owner’s efforts to prevent the defendant’s usage as
actionable damage–and in California’s case, no further showing of harm to the chattel
owner is required. Effectively, simply making unauthorized use of a third party’s Internet-
connected chattel violates the state computer crime law. Some parts of the CFAA requires a
higher quantitative showing of damages, but many cases easily clear that threshold.
Rethinking Online Trespass to Chattels
Stretching the ancient doctrine of trespass to chattels to apply to Internet activities has
been an experiment in law-making. Unfortunately, I think the experiment has failed
completely. The CFAA and state computer crime laws initially were designed to restrict
hackers from breaching computer security—a sensible objective that, as I discuss below,
should be preserved. The expansion of these laws to cover all sending or receiving of data
from an Internet-connected server hasn’t worked for at least three reasons.
Connecting to the Internet. When a chattel owner affirmatively connects its chattel to the
Internet, we might presume that the owner wants to exchange data via the Internet. Of
course, not all Internet data exchanges will be welcome; the chattel owner may have
security restrictions on who can access some or all of the chattel, and no website wants to
be overwhelmed with bogus exchange requests (i.e., denial-of-service attacks).
Acknowledging those caveats, we ought to legally presume that Internet-connected chattel
is intended to exchange data with other Internet users. If we start with this presumption,
the chattel owner can “bargain” with other Internet users to restrict their usage through a
contract specifying permitted and unpermitted uses. Current online trespass to chattels
doctrines contemplate this bargaining process, but the laws often let websites communicate
their usage restrictions on obscure web pages that most people won’t see.
Chattel owners also can use technological controls, such as security measures, to restrict
unwanted chattel usage. For example, websites often use “rate limits” to throttle the
amount of data that can be gathered from the website during a specified time period and
“IP address blocks” to restrict website access by specified computers.
Given that chattel owners can easily restrict how their Internet-connected chattel is used,
they should bear the onus to take the contractual or technological steps to do so. Otherwise,
society incurs significant transaction costs for individual users trying to determine their
rights to interact with Internet-connected chattel, and overly protective legal doctrines
create border cases where users engaged in socially beneficially conduct nevertheless
unintentionally commit legal violations.
(Side note for economics buffs: the Coase Theorem says it doesn’t matter where we set the
property entitlement so long as there are no transaction costs. I favor giving the
entitlement to Internet users because (a) the chattel owner chose to connect to the Internet,
and (b) it’s cheaper for the chattel owner to bargain back for the rights).
119.
Unintended Consequences. Online trespass to chattels now reaches scenarios far beyond the
hacking scenarios, sometimes in farcical ways. Three examples of troubling applications of
online trespass to chattels:
because virtually every employee uses computers at work and some employees
download company data onto their personal devices, employers now routinely assert
CFAA violations against ex-employees. This illustrates the CFAA’s scope creep; the
CFAA wasn’t designed to apply to ordinary employee activities, but sloppy and
expansive drafting enables that possibility. Fortunately, courts have balked at this
trend (see, e.g., Nosal and WEC). I still favor punishing rogue employees, but online
trespass to chattels is not the way to do it.
websites may assert online trespass to chattels when a third party’s automated
script gather information from their website (a process sometimes called “scraping”
or “spidering”). Technically, search engine spiders commit online trespass to chattels
when they access a website without permission, although we don’t often see cases
asserting that. Instead, more typically we see anti-competition lawsuits, including
efforts to thwart price competition or shut down third party developers who enhance
a website’s functionality.
Lori Drew’s CFAA prosecution over Megan Maier’s suicide due to Drew’s use of a
fake MySpace profile. To establish the CFAA violation, the government
(unsuccessfully) argued that MySpace was the victim of Drew’s ruse because she lied
to them when she created her online account. The government’s theory threatened to
make virtually every Internet user a criminal because Internet users routinely fib
during online account registration processes.
Doctrinal Overlap. In many situations currently covered by online trespass to chattels, at
least one–and often numerous–other legal doctrines already apply. For example, trade
secret law already applies to employees who walk out the door with a company’s
confidential information, whether the confidential information is analog or digital.
Copyright law already applies to search engines republishing copyrighted material they
scrape. MySpace could have brought a breach of contract claim against Drew for violating
its user agreement (if it cared).
Indeed, because legal doctrines already overlap so extensively, we almost never see an
online trespass to chattels claim asserted on a standalone basis. Instead, an online trespass
to chattels claim is usually just one of numerous legal violations asserted against the
defendant. These doctrinal overlaps mean we usually don’t need online trespass to chattels
either to supplement the more squarely applicable claims or to act as a “gap-filler” to plug
the rare and narrow holes left by the other legal doctrines.
Reforming Online Trespass to Chattels
Lawmakers aren’t very good at acknowledging when their legal experiments fail. But if
lawmakers honestly judge the results of their online trespass to chattels experiment, they
should:
120.
1) Repeal most provisions of the CFAA (that don’t relate to government-run computers) and
preempt all analogous state laws, including state computer crime laws and common law
trespass to chattels as applied online. Note: reforming the CFAA, without dealing with
analogous state laws, is an incomplete solution.
2) Retain only the (A) restrictions on criminal hacking, which I would define as the defeat of
electronic security measures for the goal of fraud or data destruction (and some of these
efforts are already covered by other laws like the Electronic Communications Privacy Act),
and (B) restrictions on denial-of-service attacks, which I would define as the sending of data
or requests to a server with the intent of overloading its capacity.
3) Eliminate all civil claims for this conduct, so that only the federal government can
enforce violations.
4) Specify that any textual attempts to restrict server usage fail unless the terms are
presented in a properly formed contract (usually, a mandatory click-through agreement).
Obviously, these proposals are dramatic, but they are in keeping with my goal of
eliminating the legal concept of online trespass to chattels. Even if we do that, chattel
owners are hardly defenseless. They can still take advantage of a panoply of other legal
doctrines, they can still use (properly formed) contracts to bargain back the rights from
users, and they can still use technological controls. As a result, these proposed changes will
end the adverse consequences from the online trespass to chattels experiment while letting
chattel owners prevent socially disadvantageous online usage of their chattels.
CHAPTER 4 REVIEW QUESTION #1
Shamazon is an online retailer. Its terms of use (not presented as a clickthrough
agreement) contains the following clause: “You may not use our site to gather pricing
information.” Bet, a retailing rival of Shamazon, retains independent contractors to visit
the Shamazon site and gather its prices for the items in Bet’s store so that Bet can confirm
that it is matching or beating Shamazon’s prices. Does Shamazon have a common law
trespass to chattels, CFAA or California Penal Code § 502 claim against Bet or its
independent contractors?
CHAPTER 4 REVIEW QUESTION #2
Karen creates an online bank account for herself and agrees to the bank’s Terms of Service,
which include a provision saying that customers may not provide their online login
credentials to the bank account to anyone. Despite this, Karen shares her credentials with
her live-in boyfriend, Joe. Scenario (a): Joe logs into the bank account to engage in ordinary
banking activities at Karen’s request. Scenario (b): Joe logs into the bank account and loots
it, sending all of the money to his personal bank account. Does the bank have a CFAA claim
against either Joe or Karen?
121.
V. Copyright
Copyright Basics, Copyright Office Circular 1 (from
https://www.copyright.gov/circs/circ01.pdf) (revised Sept. 2017)
Copyright is a form of protection provided by the laws of the United States to the authors of
“original works of authorship” that are fixed in a tangible form of expression. An original
work of authorship is a work that is independently created by a human author and
possesses at least some minimal degree of creativity. A work is “fixed” when it is captured
(either by or under the authority of an author) in a sufficiently permanent medium such
that the work can be perceived, reproduced, or communicated for more than a short time.
Copyright protection in the United States exists automatically from the moment the
original work of authorship is fixed.
What Works Are Protected?
Examples of copyrightable works include
• Literary works
• Musical works, including any accompanying words
• Dramatic works, including any accompanying music
• Pantomimes and choreographic works
• Pictorial, graphic, and sculptural works
• Motion pictures and other audiovisual works
• Sound recordings, which are works that result from the fixation of a series of musical,
spoken, or other sounds
• Architectural works
These categories should be viewed broadly for the purpose of registering your work. For
example, computer programs and certain “compilations” can be registered as “literary
works”; maps and technical drawings can be registered as “pictorial, graphic, and
sculptural works.”
Note: Before 1978, federal copyright was generally secured by publishing a work with an
appropriate copyright notice. U.S. works that were in the public domain on January 1,
1978, when the 1976 Copyright Act took effect, remain in the public domain under the 1976
Act.
What Are the Rights of a Copyright Owner?
Copyright provides the owner of copyright with the exclusive right to
• Reproduce the work in copies or phonorecords
• Prepare derivative works based upon the work
• Distribute copies or phonorecords of the work to the public by sale or other transfer of
ownership or by rental, lease, or lending
• Perform the work publicly if it is a literary, musical, dramatic, or choreographic work; a
pantomime; or a motion picture or other audiovisual work
• Display the work publicly if it is a literary, musical, dramatic, or choreographic work; a
pantomime; or a pictorial, graphic, or sculptural work. This right also applies to the
individual images of a motion picture or other audiovisual work.
122.
• Perform the work publicly by means of a digital audio transmission if the work is a sound
recording
Copyright also provides the owner of copyright the right to authorize others to exercise
these exclusive rights, subject to certain statutory limitations.
What Is Not Protected by Copyright?
Copyright does not protect
• Ideas, procedures, methods, systems, processes, concepts, principles, or discoveries
• Works that are not fixed in a tangible form (such as a choreographic work that has not
been notated or recorded or an improvisational speech that has not been written down)
• Titles, names, short phrases, and slogans
• Familiar symbols or designs
• Mere variations of typographic ornamentation, lettering, or coloring
• Mere listings of ingredients or contents…
Who Can Claim Copyright?
The copyright in a work initially belongs to the author(s) who created that work. When two
or more authors create a single work with the intent of merging their contributions into
inseparable or interdependent parts of a unitary whole, the authors are considered joint
authors and have an indivisible interest in the work as a whole. By contrast, if multiple
authors contribute to a collective work, each author’s individual contribution is separate
and distinct from the copyright ownership in the collective work as a whole.
“Works made for hire” are an important exception to the general rule for claiming
copyright. When a work is made for hire, the author is not the individual who actually
created the work. Instead, the party that hired the individual is considered the author and
the copyright owner of the work. Whether a work is made for hire is determined by the facts
that exist at the time the work is created. There are two situations in which a work may be
made for hire:
1. When the work is created by an employee as part of the employee’s regular duties, or
2. When an individual and the hiring party enter into an express written agreement that
the work is to be considered a “work made for hire” and the work is specially ordered or
commissioned for use as:
• A compilation
• A contribution to a collective work
• A part of a motion picture or other audiovisual work
• A translation
• A supplementary work
• An instructional text
• A test
• Answer material for a test
• An atlas
123.
The concept of work made for hire can be complicated and has serious consequences for
both the individual who creates the work and the hiring party who is considered to be the
author and copyright owner of the work.…
Note: Mere ownership of a copy or phonorecord that embodies a work does not give the
owner of that copy or phonorecord the ownership of the copyright in the work.
Transfer of Copyright Ownership
Any or all of the copyright owner’s exclusive rights, or parts of those rights, can be
transferred. The transfer, however, generally must be made in writing and signed by the
owner of the rights conveyed or the owner’s authorized agent. Transferring a right on a
nonexclusive basis does not require a written agreement….
How Long Does Copyright Last?
In general, for works created on or after January 1, 1978, the term of copyright is the life of
the author plus seventy years after the author’s death. If the work is a joint work with
multiple authors, the term lasts for seventy years after the last surviving author’s death.
For works made for hire and anonymous or pseudonymous works, the duration of copyright
is 95 years from publication or 120 years from creation, whichever is shorter….
How Can I Protect My Work?
Copyright exists automatically in an original work of authorship once it is fixed in a
tangible medium, but a copyright owner can take steps to enhance the protections of
copyright, the most important of which is registering the work. Although registering a work
is not mandatory, for works of U.S. origin, registration (or refusal) is necessary to enforce
the exclusive rights of copyright through litigation….
Using a copyright notice is optional for unpublished works, foreign works, and works
published on or after March 1, 1989….Notice was required for works published in the
United States before March 1, 1989. Works published without notice before that date may
have entered the public domain in this country….
How Can I Use a Copyrighted Work?
When deciding to use a work protected by copyright, the general rule is to seek permission
from the copyright owner. Under the copyright law, a copyright owner may authorize
activities that fall under the exclusive rights of copyright…
Sections 107 to 122 of the copyright law contain provisions that establish limitations on the
exclusive rights of the copyright owner. The provisions make certain uses of copyrighted
works permissible without first obtaining permission of the copyright owner. One of the
most discussed of these statutory provisions is known as fair use, a legal doctrine that
promotes freedom of expression by permitting the unlicensed use of copyright-protected
works in certain circumstances….
124.
How Do I Protect My Work in Other Countries?
There is no such thing as an “international copyright” that automatically protects an
author’s works throughout the entire world. Protection against unauthorized use in a
particular country depends on the national laws of that country. Most countries offer
protection to foreign works under certain conditions, and these conditions have been greatly
simplified by international copyright treaties and conventions. Generally, a U.S. work may
be protected in a foreign country if that country has entered into an international
agreement with the United States….
NOTES AND QUESTIONS
“Access” to Online Materials. If a copyrighted work is freely available online, can we infer
that every potential defendant had “access” to the work for purposes of the copying-in-fact
inquiry? (i.e., whether the resulting work was the product of copying or independent
creation). See Design Basics, LLC v. Lexington Homes, Inc., 858 F.3d 1093 (7th Cir. 2017):
the existence of the plaintiff’s copyrighted materials on the Internet, even on
a public and “user‐friendly” site, cannot by itself justify an inference that the defendant accessed those materials. It follows that a plaintiff who cannot
show striking similarity and whose evidence of access reduces to the mere
existence of a website cannot survive summary judgment on a copyright
infringement claim.
See also Gray v. Perry, 2018 WL 3954008 (C.D. Cal. 2018):
the mere existence of copyrighted materials on YouTube and Myspace would not
justify an inference of access….But the Court is persuaded that plaintiffs have
shown more than just mere posting of ‘Joyful Noise’ on the internet. Due to the
millions of views and plays of ‘Joyful Noise’ on YouTube and Myspace, both readily
accessible websites, and the success and popularity of “Joyful Noise” in the Christian
hip-hop/rap industry, a reasonable jury could conclude that there is more than a
‘bare possibility’ that defendants—who are experienced professional songwriters—
had the opportunity to hear ‘Joyful Noise.’
Statute of Limitations. Copyright has a 3 year statute of limitations. However, the time
period does not start on initial publication to the web; instead, it apparently resets with
every view/download. Thus, works posted to the Internet decades ago may be the basis of
copyright infringement claims if the works are still online. See APL Microscopic, LLC v.
U.S., 144 Fed. Cl. 489 (Ct. Fed. Claims 2019).
CHAPTER 5 REVIEW QUESTION #1
Which of the following could qualify for copyright protection?
a) an email
b) a tweet
c) a text message
125.
d) a banner ad
e) a keyword ad at Google
f) a star rating at Yelp
g) an individual emoji
h) a selfie photo
126.
Note About Fair Use
Fair use is a statutory limitation on copyright owners’ exclusive rights. 17 U.S.C. § 107
says:
Notwithstanding the provisions of sections 106 and 106A, the fair use of a
copyrighted work, including such use by reproduction in copies or
phonorecords or by any other means specified by that section, for purposes
such as criticism, comment, news reporting, teaching (including multiple
copies for classroom use), scholarship, or research, is not an infringement of
copyright. In determining whether the use made of a work in any particular
case is a fair use the factors to be considered shall include—
(1) the purpose and character of the use, including whether such use is of a
commercial nature or is for nonprofit educational purposes;
(2) the nature of the copyrighted work;
(3) the amount and substantiality of the portion used in relation to the
copyrighted work as a whole; and
(4) the effect of the use upon the potential market for or value of the
copyrighted work.
The fact that a work is unpublished shall not itself bar a finding of fair use if
such finding is made upon consideration of all the above factors.
Fair use is a multi-factor equitable test. As a result, (1) every fact matters to a fair use
analysis, and (2) the results can change based on different judges’ norms or minor
variations in the facts. The following “color commentary” might help you apply the factors.
First Factor (Nature of Use)
The statute contemplates a spectrum of uses from commercial to non-profit educational,
where commercial uses are less likely to be fair and non-profit educational uses are more
likely to be fair. Courts sometimes treat commercial uses as presumptively unfair, but the
Supreme Court in Campbell rejected this presumption.
Note that courts struggle with defining what constitutes a “commercial” use (a common
problem with all doctrines that purport to distinguish commercial from non-commercial
activity). Publishers (even non-profit) routinely make money from advertising or content
sales (subscriptions, single items, etc.). Should this first factor categorically weigh against
them?
In this first factor, courts will also consider if the secondary use is transformative or just
redistributive. Transformative uses “add something new, with a further purpose or
different character, altering the first with new expression, meaning or message”
(Campbell). Occasionally, courts will not require the secondary use to add anything new if
the use serves a different purpose (e.g., Authors Guild v. Google). If a use is
“transformative,” that should weigh heavily towards a fair use finding (Campbell).
127.
Second Factor (Nature of Work).
The statute contemplates a spectrum from fact to fiction, where taking factual works is
more likely to be fair and taking fiction is less likely to be fair.
Some courts deem taking unpublished works presumptively unfair (Harper & Row), but
§107 was amended to negate any presumption.
Some courts treat fact/fiction and published/unpublished as two separate sub-factors.
Third Factor (Amount/Substantiality of Portion Taken).
Some courts say that taking the entire work is presumptively unfair. Taking the “heart of
the work,” even if it’s a small amount, usually isn’t fair.
Fourth Factor (Market Effect).
The fourth factor is routinely characterized as the most important factor (Harper & Row).
The factor evaluates (1) whether unrestricted and widespread conduct like the defendant’s
would substantively and adversely impact the market, and (2) the harm to the market for
derivative works when these derivative markets are “traditional, reasonable, or likely to be
developed markets” (Texaco), but some courts give the copyright owner the option not to
pursue a market (Castle Rock). Increasing demand for the underlying work doesn’t mitigate
any harm the usage causes to a derivative market (Harper & Row; Napster).
* * *
There are dozens of cases interpreting fair use on the Internet, and it would be impossible
to pick a single case to represent the entire genre. With that caveat, the Second Circuit’s
Google Books ruling (The Authors Guild v. Google, Inc., 804 F.3d 202 (2d Cir. 2015, written
by Judge Leval) deserves a closer look.
The case involved the Google Books database. Working with libraries, Google scanned tens
of millions of books, some of which had entered the public domain and others that were still
protected by copyright. Google indexed the scans in a database that enabled users to do full-
text keyword searches. Users can see previews of books that appeared in search results; the
previews allow users to see significant chunks of content but, in total, only a small fraction
of any complete book.
On behalf of the books’ copyright owners, The Authors Guild sued Google for copyright
infringement. After nearly a decade of litigation (protracted in part due to an attempted
settlement that the Second Circuit rejected), the Second Circuit ruled that Google Books
was protected by fair use:
Nature of the Use. The court says Google’s search indexing is transformative:
the purpose of Google’s copying of the original copyrighted books is to make
available significant information about those books, permitting a searcher to
128.
identify those that contain a word or term of interest, as well as those that do
not include reference to it
The display of book snippets is also transformative:
Snippet view adds important value to the basic transformative search
function, which tells only whether and how often the searched term appears
in the book. Merely knowing that a term of interest appears in a book does
not necessarily tell the searcher whether she needs to obtain the book,
because it does not reveal whether the term is discussed in a manner or
context falling within the scope of the searcher’s interest.
Google didn’t derive any revenues directly from Google Books, but it is still a profit-seeking
company. In the face of its transformative activities, the court says that’s immaterial. As
the court notes:
Many of the most universally accepted forms of fair use, such as news
reporting and commentary, quotation in historical or analytic books, reviews
of books, and performances, as well as parody, are all normally done
commercially for profit.
Nature of the Work. The court says this factor is not helpful in this case.
Amount/Substantiality of Portion Taken. With respect to the complete scans of books, the
court says:
not only is the copying of the totality of the original reasonably appropriate to
Google’s transformative purpose, it is literally necessary to achieve that
purpose. If Google copied less than the totality of the originals, its search
function could not advise searchers reliably whether their searched term
appears in a book (or how many times)
The court also blesses the display of snippets because of
the small size of the snippets (normally one eighth of a page), the blacklisting
of one snippet per page and of one page in every ten, the fact that no more
than three snippets are shown—and no more than one per page—for each
term searched, and the fact that the same snippets are shown for a searched
term no matter how many times, or from how many different computers, the
term is searched. In addition, Google does not provide snippet view for types
of books, such as dictionaries and cookbooks, for which viewing a small
segment is likely to satisfy the searcher’s need.
Even though repeated searches could expose multiple parts of a book, it appeared difficult
for a determined searcher to see more than 16% of any book, and even then those snippets
collectively may not be easily assembled into an organized sequence.
Market Effect. The court says the snippets might reduce book sales, but the snippets are not
effective competitive substitutes for the books; and lost sales might be due to the snippets
129.
answering the searchers’ factual questions, and copyright doesn’t protect that factual
information.
The court summarizes its fair use analysis:
Google’s unauthorized digitizing of copyright-protected works, creation of a
search functionality, and display of snippets from those works are non-
infringing fair uses. The purpose of the copying is highly transformative, the
public display of text is limited, and the revelations do not provide a
significant market substitute for the protected aspects of the originals.
Google’s commercial nature and profit motivation do not justify denial of fair
use.
Derivative Markets. The court explains:
Plaintiffs’ contention that Google has usurped their opportunity to access
paid and unpaid licensing markets for substantially the same functions that
Google provides fails, in part because the licensing markets in fact involve
very different functions than those that Google provides, and in part because
an author’s derivative rights do not include an exclusive right to supply
information (of the sort provided by Google) about her works.
Notice how closely Google’s lawyers worked with its engineers to develop a set of product
specifications that balanced users’ needs with the fair use factors—an impressive task
given that fair use isn’t readily quantifiable. If you were on the project team, how would you
have converted an equitable doctrine like fair use into concrete product specifications? Or
would you have been tempted to say “it’s not possible to quantify fair use, so we should kill
the project”?
Cautionary Note #1: every fair use case turns on its specific facts and the normative
instincts of what the deciding judge considers equitable, so don’t assume other cases will
follow the Google Books ruling.
Indeed, despite the obvious parallels to its own Google Books ruling from three years
earlier, the Second Circuit mostly rejected fair use for TVEyes’ database of video clips from
local TV news programs that let brand owners track discussions about their brands across
the country. Fox News Network LLC v. TVEyes, Inc., 883 F.3d 169 (2d Cir. 2018). Much of
the court’s decision turned on TVEyes’ configuration choices about letting its customers
watch and share video clips, which the court viewed as too generous.
Cautionary Note #2: Google’s fair use win was a Pyrrhic victory for Google Books. Over the
decade of litigation, Google progressively lost enthusiasm for the Google Books project and
stopped investing it in, effectively orphaning the entire project. See, e.g., James Somers,
Torching the Modern-Day Library of Alexandria, THE ATLANTIC, April 20, 2017,
https://www.theatlantic.com/technology/archive/2017/04/the-tragedy-of-google-
books/523320/; Scott Rosenberg, How Google Book Search Got Lost, WIRED, April 11, 2017,
https://www.wired.com/2017/04/how-google-book-search-got-lost/.
130.
The next case isn’t an Internet case (it involves the cable TV network), but it addresses an
essential question to online copyright law: assuming a copy is made online, who made it?
The answer to this question seems like it should be obvious. It isn’t.
The identity of who made “the copy” can affect many key aspects of an online copyright
lawsuit, including:
The prima facie case. Direct liability is strict liability, while secondary infringement
claims have more stringent elements to prove. As a result, plaintiffs much prefer to
bring direct infringement claims.
Defenses. The availability of Section 512’s safe harbor is available only if someone
else made the offending copy. Also, some fair use factors vary with the defendant’s
identity.
A lawsuit’s viability. Potential defendants may be overseas, judgment-proof, or
simply too numerous to pursue cost-effectively, in which case plaintiffs want to find
more viable defendants.
Cartoon Network LP, LLLP v. CSC Holdings, Inc., 536 F.3d 121 (2d Cir. 2008)
Defendant-Appellant Cablevision Systems Corporation (“Cablevision”) wants to market a
new “Remote Storage” Digital Video Recorder system (“RS-DVR”), using a technology akin
to both traditional, set-top digital video recorders, like TiVo (“DVRs”), and the video-on-
demand (“VOD”) services provided by many cable companies. Plaintiffs-Appellees produce
copyrighted movies and television programs that they provide to Cablevision pursuant to
numerous licensing agreements. They contend that Cablevision, through the operation of
its RS-DVR system as proposed, would directly infringe their copyrights both by making
unauthorized reproductions, and by engaging in public performances, of their copyrighted
works. The material facts are not in dispute. Because we conclude that Cablevision would
not directly infringe plaintiffs’ rights under the Copyright Act by offering its RS-DVR
system to consumers, we reverse the district court’s award of summary judgment to
plaintiffs, and we vacate its injunction against Cablevision.
BACKGROUND
Today’s television viewers increasingly use digital video recorders (“DVRs”) instead of video
cassette recorders (“VCRs”) to record television programs and play them back later at their
convenience. DVRs generally store recorded programming on an internal hard drive rather
than a cassette. But, as this case demonstrates, the generic term “DVR” actually refers to a
growing number of different devices and systems. Companies like TiVo sell a stand-alone
DVR device that is typically connected to a user’s cable box and television much like a VCR.
Many cable companies also lease to their subscribers “set-top storage DVRs,” which
combine many of the functions of a standard cable box and a stand-alone DVR in a single
device.
In March 2006, Cablevision, an operator of cable television systems, announced the advent
of its new “Remote Storage DVR System.” As designed, the RS-DVR allows Cablevision
customers who do not have a stand-alone DVR to record cable programming on central hard
drives housed and maintained by Cablevision at a “remote” location. RS-DVR customers
131.
may then receive playback of those programs through their home television sets, using only
a remote control and a standard cable box equipped with the RS-DVR software. Cablevision
notified its content providers, including plaintiffs, of its plans to offer RS-DVR, but it did
not seek any license from them to operate or sell the RS-DVR.
Plaintiffs, which hold the copyrights to numerous movies and television programs, sued
Cablevision for declaratory and injunctive relief. They alleged that Cablevision’s proposed
operation of the RS-DVR would directly infringe their exclusive rights to both reproduce
and publicly perform their copyrighted works. Critically for our analysis here, plaintiffs
alleged theories only of direct infringement, not contributory infringement, and defendants
waived any defense based on fair use.
Ultimately, the United States District Court for the Southern District of New York (Denny
Chin, Judge), awarded summary judgment to the plaintiffs and enjoined Cablevision from
operating the RS-DVR system without licenses from its content providers. At the outset, we
think it helpful to an understanding of our decision to describe, in greater detail, both the
RS-DVR and the district court’s opinion.
I. Operation of the RS-DVR System
Cable companies like Cablevision aggregate television programming from a wide variety of
“content providers”—the various broadcast and cable channels that produce or provide
individual programs—and transmit those programs into the homes of their subscribers via
coaxial cable. At the outset of the transmission process, Cablevision gathers the content of
the various television channels into a single stream of data. Generally, this stream is
processed and transmitted to Cablevision’s customers in real time. Thus, if a Cartoon
Network program is scheduled to air Monday night at 8pm, Cartoon Network transmits
that program’s data to Cablevision and other cable companies nationwide at that time, and
the cable companies immediately re-transmit the data to customers who subscribe to that
channel.
Under the new RS-DVR, this single stream of data is split into two streams. The first is
routed immediately to customers as before. The second stream flows into a device called the
Broadband Media Router (“BMR”), which buffers the data stream, reformats it, and sends it
to the “Arroyo Server,” which consists, in relevant part, of two data buffers and a number of
high-capacity hard disks. The entire stream of data moves to the first buffer (the “primary
ingest buffer”), at which point the server automatically inquires as to whether any
customers want to record any of that programming. If a customer has requested a
particular program, the data for that program move from the primary buffer into a
secondary buffer, and then onto a portion of one of the hard disks allocated to that
customer. As new data flow into the primary buffer, they overwrite a corresponding
quantity of data already on the buffer. The primary ingest buffer holds no more than 0.1
seconds of each channel’s programming at any moment. Thus, every tenth of a second, the
data residing on this buffer are automatically erased and replaced. The data buffer in the
BMR holds no more than 1.2 seconds of programming at any time. While buffering occurs at
other points in the operation of the RS-DVR, only the BMR buffer and the primary ingest
buffer are utilized absent any request from an individual subscriber.
132.
As the district court observed, “the RS-DVR is not a single piece of equipment,” but rather
“a complex system requiring numerous computers, processes, networks of cables, and
facilities staffed by personnel twenty-four hours a day and seven days a week.” To the
customer, however, the processes of recording and playback on the RS-DVR are similar to
that of a standard set-top DVR. Using a remote control, the customer can record
programming by selecting a program in advance from an on-screen guide, or by pressing
the record button while viewing a given program. A customer cannot, however, record the
earlier portion of a program once it has begun. To begin playback, the customer selects the
show from an on-screen list of previously recorded programs. The principal difference in
operation is that, instead of sending signals from the remote to an on-set box, the viewer
sends signals from the remote, through the cable, to the Arroyo Server at Cablevision’s
central facility. In this respect, RS-DVR more closely resembles a VOD service, whereby a
cable subscriber uses his remote and cable box to request transmission of content, such as a
movie, stored on computers at the cable company’s facility. But unlike a VOD service, RS-
DVR users can only play content that they previously requested to be recorded.
Cablevision has some control over the content available for recording: a customer can only
record programs on the channels offered by Cablevision (assuming he subscribes to them).
Cablevision can also modify the system to limit the number of channels available and
considered doing so during development of the RS-DVR….
[Editor’s note: the following diagram may help you visualize Cablevision’s network]
Content Broadcaster
Cablevision
Viewer
Broadband Media Router
Arroyo Personal Storage
Personal Storage
Personal Storage
1.2 sec storage 0.1 sec storage
Content Broadcaster
Cablevision
Viewer
Content Broadcaster
Cablevision
Viewer
Broadband Media Router
Arroyo Personal Storage
Personal Storage
Personal Storage
1.2 sec storage 0.1 sec storage
Broadband Media Router
Arroyo Personal Storage
Personal Storage
Personal Storage
1.2 sec storage 0.1 sec storage
133.
DISCUSSION…
“Section 106 of the Copyright Act grants copyright holders a bundle of exclusive rights....”
This case implicates two of those rights: the right “to reproduce the copyrighted work in
copies,” and the right “to perform the copyrighted work publicly.” 17 U.S.C. § 106(1), (4). As
discussed above, the district court found that Cablevision infringed the first right by 1)
buffering the data from its programming stream and 2) copying content onto the Arroyo
Server hard disks to enable playback of a program requested by an RS-DVR customer. In
addition, the district court found that Cablevision would infringe the public performance
right by transmitting a program to an RS-DVR customer in response to that customer’s
playback request. We address each of these three allegedly infringing acts in turn.
I. The Buffer Data
It is undisputed that Cablevision, not any customer or other entity, takes the content from
one stream of programming, after the split, and stores it, one small piece at a time, in the
BMR buffer and the primary ingest buffer. As a result, the information is buffered before
any customer requests a recording, and would be buffered even if no such request were
made. The question is whether, by buffering the data that make up a given work,
Cablevision “reproduce[s]” that work “in copies,” 17 U.S.C. § 106(1), and thereby infringes
the copyright holder’s reproduction right.
“Copies,” as defined in the Copyright Act, “are material objects ... in which a work is fixed
by any method ... and from which the work can be ... reproduced.” The Act also provides
that a work is “‘fixed’ in a tangible medium of expression when its embodiment ... is
sufficiently permanent or stable to permit it to be ... reproduced ... for a period of more than
transitory duration.” We believe that this language plainly imposes two distinct but related
requirements: the work must be embodied in a medium, i.e., placed in a medium such that
it can be perceived, reproduced, etc., from that medium (the “embodiment requirement”),
and it must remain thus embodied “for a period of more than transitory duration” (the
“duration requirement”). Unless both requirements are met, the work is not “fixed” in the
buffer, and, as a result, the buffer data is not a “copy” of the original work whose data is
buffered.
The district court mistakenly limited its analysis primarily to the embodiment requirement.
As a result of this error, once it determined that the buffer data was “[c]learly ... capable of
being reproduced,” i.e., that the work was embodied in the buffer, the district court
concluded that the work was therefore “fixed” in the buffer, and that a copy had thus been
made. In doing so, it relied on a line of cases beginning with MAI Systems Corp. v. Peak
Computer Inc., 991 F.2d 511 (9th Cir. 1993). It also relied on the United States Copyright
Office’s 2001 report on the Digital Millennium Copyright Act, which states, in essence, that
an embodiment is fixed “[u]nless a reproduction manifests itself so fleetingly that it cannot
be copied.” (emphasis added).
The district court’s reliance on cases like MAI Systems is misplaced. In general, those cases
conclude that an alleged copy is fixed without addressing the duration requirement; it does
not follow, however, that those cases assume, much less establish, that such a requirement
134.
does not exist. Indeed, the duration requirement, by itself, was not at issue in MAI Systems
and its progeny. As a result, they do not speak to the issues squarely before us here: If a
work is only “embodied” in a medium for a period of transitory duration, can it be “fixed” in
that medium, and thus a copy? And what constitutes a period “of more than transitory
duration”?
In MAI Systems, defendant Peak Computer, Inc., performed maintenance and repairs on
computers made and sold by MAI Systems. In order to service a customer’s computer, a
Peak employee had to operate the computer and run the computer’s copyrighted operating
system software. The issue in MAI Systems was whether, by loading the software into the
computer’s RAM,1 the repairman created a “copy” as defined in § 101. The resolution of this
issue turned on whether the software’s embodiment in the computer’s RAM was “fixed,”
within the meaning of the same section. The Ninth Circuit concluded that
by showing that Peak loads the software into the RAM and is then able to
view the system error log and diagnose the problem with the computer, MAI
has adequately shown that the representation created in the RAM is
“sufficiently permanent or stable to permit it to be perceived, reproduced, or
otherwise communicated for a period of more than transitory duration.”
The MAI Systems court referenced the “transitory duration” language but did not discuss or
analyze it. The opinion notes that the defendants “vigorously” argued that the program’s
embodiment in the RAM was not a copy, but it does not specify the arguments defendants
made. This omission suggests that the parties did not litigate the significance of the
“transitory duration” language, and the court therefore had no occasion to address it. This
is unsurprising, because it seems fair to assume that in these cases the program was
embodied in the RAM for at least several minutes.
Accordingly, we construe MAI Systems and its progeny as holding that loading a program
into a computer’s RAM can result in copying that program. We do not read MAI Systems as
holding that, as a matter of law, loading a program into a form of RAM always results in
copying. Such a holding would read the “transitory duration” language out of the definition,
and we do not believe our sister circuit would dismiss this statutory language without even
discussing it. It appears the parties in MAI Systems simply did not dispute that the
duration requirement was satisfied; this line of cases simply concludes that when a
program is loaded into RAM, the embodiment requirement is satisfied—an important
holding in itself, and one we see no reason to quibble with here.
At least one court, relying on MAI Systems in a highly similar factual setting, has made this
point explicitly. In Advanced Computer Services of Michigan, Inc. v. MAI Systems Corp.,
the district court expressly noted that the unlicensed user in that case ran copyrighted
diagnostic software “for minutes or longer,” but that the program’s embodiment in the
computer’s RAM might be too ephemeral to be fixed if the computer had been shut down
“within seconds or fractions of a second” after loading the copyrighted program. We have no
quarrel with this reasoning; it merely makes explicit the reasoning that is implicit in the
1 To run a computer program, the data representing that program must be transferred from a data storage
medium (such as a floppy disk or a hard drive) to a form of Random Access Memory (“RAM”) where the data can
be processed. The data buffers at issue here are also a form of RAM.
135.
other MAI Systems cases. Accordingly, those cases provide no support for the conclusion
that the definition of “fixed” does not include a duration requirement.
Nor does the Copyright Office’s 2001 DMCA Report, also relied on by the district court in
this case, explicitly suggest that the definition of “fixed” does not contain a duration
requirement. However, as noted above, it does suggest that an embodiment is fixed
“[u]nless a reproduction manifests itself so fleetingly that it cannot be copied, perceived or
communicated.” As we have stated, to determine whether a work is “fixed” in a given
medium, the statutory language directs us to ask not only 1) whether a work is “embodied”
in that medium, but also 2) whether it is embodied in the medium “for a period of more
than transitory duration.” According to the Copyright Office, if the work is capable of being
copied from that medium for any amount of time, the answer to both questions is “yes.” The
problem with this interpretation is that it reads the “transitory duration” language out of
the statute.
We assume, as the parties do, that the Copyright Office’s pronouncement deserves only
Skidmore deference, deference based on its “power to persuade.” And because the Office’s
interpretation does not explain why Congress would include language in a definition if it
intended courts to ignore that language, we are not persuaded.
In sum, no case law or other authority dissuades us from concluding that the definition of
“fixed” imposes both an embodiment requirement and a duration requirement. Accord
CoStar Group Inc. v. LoopNet, Inc., 373 F.3d 544, 551 (4th Cir. 2004) (while temporary
reproductions “may be made in this transmission process, they would appear not to be
‘fixed’ in the sense that they are ‘of more than transitory duration’”). We now turn to
whether, in this case, those requirements are met by the buffer data.
Cablevision does not seriously dispute that copyrighted works are “embodied” in the buffer.
Data in the BMR buffer can be reformatted and transmitted to the other components of the
RS-DVR system. Data in the primary ingest buffer can be copied onto the Arroyo hard disks
if a user has requested a recording of that data. Thus, a work’s “embodiment” in either
buffer “is sufficiently permanent or stable to permit it to be perceived, reproduced,” (as in
the case of the ingest buffer) “or otherwise communicated” (as in the BMR buffer). The
result might be different if only a single second of a much longer work was placed in the
buffer in isolation. In such a situation, it might be reasonable to conclude that only a
minuscule portion of a work, rather than “a work” was embodied in the buffer. Here,
however, where every second of an entire work is placed, one second at a time, in the buffer,
we conclude that the work is embodied in the buffer.
Does any such embodiment last “for a period of more than transitory duration”? No bit of
data remains in any buffer for more than a fleeting 1.2 seconds. And unlike the data in
cases like MAI Systems, which remained embodied in the computer’s RAM memory until
the user turned the computer off, each bit of data here is rapidly and automatically
overwritten as soon as it is processed. While our inquiry is necessarily fact-specific, and
other factors not present here may alter the duration analysis significantly, these facts
strongly suggest that the works in this case are embodied in the buffer for only a
“transitory” period, thus failing the duration requirement.
136.
Against this evidence, plaintiffs argue only that the duration is not transitory because the
data persist “long enough for Cablevision to make reproductions from them.” As we have
explained above, however, this reasoning impermissibly reads the duration language out of
the statute, and we reject it. Given that the data reside in no buffer for more than 1.2
seconds before being automatically overwritten, and in the absence of compelling
arguments to the contrary, we believe that the copyrighted works here are not “embodied”
in the buffers for a period of more than transitory duration, and are therefore not “fixed” in
the buffers. Accordingly, the acts of buffering in the operation of the RS-DVR do not create
copies, as the Copyright Act defines that term. Our resolution of this issue renders it
unnecessary for us to determine whether any copies produced by buffering data would be de
minimis, and we express no opinion on that question.
II. Direct Liability for Creating the Playback Copies
In most copyright disputes, the allegedly infringing act and the identity of the infringer are
never in doubt. These cases turn on whether the conduct in question does, in fact, infringe
the plaintiff’s copyright. In this case, however, the core of the dispute is over the authorship
of the infringing conduct. After an RS-DVR subscriber selects a program to record, and that
program airs, a copy of the program—a copyrighted work—resides on the hard disks of
Cablevision’s Arroyo Server, its creation unauthorized by the copyright holder. The
question is who made this copy. If it is Cablevision, plaintiffs’ theory of direct infringement
succeeds; if it is the customer, plaintiffs’ theory fails because Cablevision would then face,
at most, secondary liability, a theory of liability expressly disavowed by plaintiffs.
Few cases examine the line between direct and contributory liability. Both parties cite a
line of cases beginning with Religious Technology Center v. Netcom On-Line
Communication Services, 907 F. Supp. 1361 (N.D. Cal. 1995). In Netcom, a third-party
customer of the defendant Internet service provider (“ISP”) posted a copyrighted work that
was automatically reproduced by the defendant’s computer. The district court refused to
impose direct liability on the ISP, reasoning that “[a]lthough copyright is a strict liability
statute, there should still be some element of volition or causation which is lacking where a
defendant’s system is merely used to create a copy by a third party.” Recently, the Fourth
Circuit endorsed the Netcom decision, noting that
to establish direct liability under ... the Act, something more must be shown
than mere ownership of a machine used by others to make illegal copies.
There must be actual infringing conduct with a nexus sufficiently close and
causal to the illegal copying that one could conclude that the machine owner
himself trespassed on the exclusive domain of the copyright owner.”
CoStar Group, Inc. v. LoopNet, Inc., 373 F.3d 544, 550 (4th Cir. 2004).
Here, the district court pigeon-holed the conclusions reached in Netcom and its progeny as
“premised on the unique attributes of the Internet.” While the Netcom court was plainly
concerned with a theory of direct liability that would effectively “hold the entire Internet
liable” for the conduct of a single user, its reasoning and conclusions, consistent with
precedents of this court and the Supreme Court, and with the text of the Copyright Act,
transcend the Internet. Like the Fourth Circuit, we reject the contention that “the Netcom
decision was driven by expedience and that its holding is inconsistent with the established
137.
law of copyright,” and we find it “a particularly rational interpretation of § 106,” rather
than a special-purpose rule applicable only to ISPs.
When there is a dispute as to the author of an allegedly infringing instance of reproduction,
Netcom and its progeny direct our attention to the volitional conduct that causes the copy to
be made. There are only two instances of volitional conduct in this case: Cablevision’s
conduct in designing, housing, and maintaining a system that exists only to produce a copy,
and a customer’s conduct in ordering that system to produce a copy of a specific program. In
the case of a VCR, it seems clear—and we know of no case holding otherwise—that the
operator of the VCR, the person who actually presses the button to make the recording,
supplies the necessary element of volition, not the person who manufactures, maintains, or,
if distinct from the operator, owns the machine. We do not believe that an RS-DVR
customer is sufficiently distinguishable from a VCR user to impose liability as a direct
infringer on a different party for copies that are made automatically upon that customer’s
command.
The district court emphasized the fact that copying is “instrumental” rather than
“incidental” to the function of the RS-DVR system. While that may distinguish the RS-DVR
from the ISPs in Netcom and CoStar, it does not distinguish the RS-DVR from a VCR, a
photocopier, or even a typical copy shop. And the parties do not seem to contest that a
company that merely makes photocopiers available to the public on its premises, without
more, is not subject to liability for direct infringement for reproductions made by customers
using those copiers. They only dispute whether Cablevision is similarly situated to such a
proprietor.
The district court found Cablevision analogous to a copy shop that makes course packs for
college professors. In the leading case involving such a shop, for example, “[t]he professor
[gave] the copyshop the materials of which the coursepack [was] to be made up, and the
copyshop [did] the rest.” Princeton Univ. Press v. Mich. Document Servs., 99 F.3d 1381,
1384 (6th Cir. 1996) (en banc). There did not appear to be any serious dispute in that case
that the shop itself was directly liable for reproducing copyrighted works. The district court
here found that Cablevision, like this copy shop, would be “doing” the copying, albeit “at the
customer’s behest.”
But because volitional conduct is an important element of direct liability, the district court’s
analogy is flawed. In determining who actually “makes” a copy, a significant difference
exists between making a request to a human employee, who then volitionally operates the
copying system to make the copy, and issuing a command directly to a system, which
automatically obeys commands and engages in no volitional conduct. In cases like Princeton
University Press, the defendants operated a copying device and sold the product they made
using that device. See 99 F.3d at 1383 (“The corporate defendant ... is a commercial
copyshop that reproduced substantial segments of copyrighted works of scholarship, bound
the copies into ‘coursepacks,’ and sold the coursepacks to students....”). Here, by selling
access to a system that automatically produces copies on command, Cablevision more
closely resembles a store proprietor who charges customers to use a photocopier on his
premises, and it seems incorrect to say, without more, that such a proprietor “makes” any
copies when his machines are actually operated by his customers. Some courts have held to
the contrary, but they do not explicitly explain why, and we find them unpersuasive. See,
e.g., Elektra Records Co. v. Gem Elec. Distribs., Inc., 360 F. Supp. 821, 823 (E.D.N.Y. 1973)
138.
(concluding that, “regardless” of whether customers or defendants’ employees operated the
tape-copying machines at defendants’ stores, defendant had actively infringed copyrights).
The district court also emphasized Cablevision’s “unfettered discretion in selecting the
programming that it would make available for recording.” This conduct is indeed more
proximate to the creation of illegal copying than, say, operating an ISP or opening a copy
shop, where all copied content was supplied by the customers themselves or other third
parties. Nonetheless, we do not think it sufficiently proximate to the copying to displace the
customer as the person who “makes” the copies when determining liability under the
Copyright Act. Cablevision, we note, also has subscribers who use home VCRs or DVRs
(like TiVo), and has significant control over the content recorded by these customers. But
this control is limited to the channels of programming available to a customer and not to
the programs themselves. Cablevision has no control over what programs are made
available on individual channels or when those programs will air, if at all. In this respect,
Cablevision possesses far less control over recordable content than it does in the VOD
context, where it actively selects and makes available beforehand the individual programs
available for viewing. For these reasons, we are not inclined to say that Cablevision, rather
than the user, “does” the copying produced by the RS-DVR system. As a result, we find that
the district court erred in concluding that Cablevision, rather than its RS-DVR customers,
makes the copies carried out by the RS-DVR system.
Our refusal to find Cablevision directly liable on these facts is buttressed by the existence
and contours of the Supreme Court’s doctrine of contributory liability in the copyright
context. After all, the purpose of any causation-based liability doctrine is to identify the
actor (or actors) whose “conduct has been so significant and important a cause that [he or
she] should be legally responsible.” But here, to the extent that we may construe the
boundaries of direct liability more narrowly, the doctrine of contributory liability stands
ready to provide adequate protection to copyrighted works.
Most of the facts found dispositive by the district court—e.g., Cablevision’s “continuing
relationship” with its RS-DVR customers, its control over recordable content, and the
“instrumental[ity]” of copying to the RS-DVR system—seem to us more relevant to the
question of contributory liability. In Sony Corp. of America v. Universal City Studios, Inc.,
the lack of an “ongoing relationship” between Sony and its VCR customers supported the
Court’s conclusion that it should not impose contributory liability on Sony for any infringing
copying done by Sony VCR owners. The Sony Court did deem it “just” to impose liability on
a party in a “position to control” the infringing uses of another, but as a contributory, not
direct, infringer. And asking whether copying copyrighted material is only “incidental” to a
given technology is akin to asking whether that technology has “commercially significant
noninfringing uses,” another inquiry the Sony Court found relevant to whether imposing
contributory liability was just.
The Supreme Court’s desire to maintain a meaningful distinction between direct and
contributory copyright infringement is consistent with congressional intent. The Patent
Act, unlike the Copyright Act, expressly provides that someone who “actively induces
infringement of a patent” is “liable as an infringer,” just like someone who commits the
underlying infringing act by “us[ing]” a patented invention without authorization. In
contrast, someone who merely “sells ... a material or apparatus for use in practicing a
patented process” faces only liability as a “contributory infringer.” If Congress had meant to
139.
assign direct liability to both the person who actually commits a copyright-infringing act
and any person who actively induces that infringement, the Patent Act tells us that it knew
how to draft a statute that would have this effect. Because Congress did not do so, the Sony
Court concluded that “[t]he Copyright Act does not expressly render anyone liable for
infringement committed by another.” Furthermore, in cases like Sony, the Supreme Court
has strongly signaled its intent to use the doctrine of contributory infringement, not direct
infringement, to “identify[] the circumstances in which it is just to hold one individual
accountable for the actions of another.” Thus, although Sony warns us that “the lines
between direct infringement, contributory infringement, and vicarious liability are not
clearly drawn,” that decision does not absolve us of our duty to discern where that line falls
in cases, like this one, that require us to decide the question.
The district court apparently concluded that Cablevision’s operation of the RS-DVR system
would contribute in such a major way to the copying done by another that it made sense to
say that Cablevision was a direct infringer, and thus, in effect, was “doing” the relevant
copying. There are certainly other cases, not binding on us, that follow this approach. See,
e.g., Playboy Enters. v. Russ Hardenburgh, Inc., 982 F. Supp. 503, 513 (N.D. Ohio 1997)
(noting that defendant ISP’s encouragement of its users to copy protected files was “crucial”
to finding that it was a direct infringer). We need not decide today whether one’s
contribution to the creation of an infringing copy may be so great that it warrants holding
that party directly liable for the infringement, even though another party has actually
made the copy. We conclude only that on the facts of this case, copies produced by the RS-
DVR system are “made” by the RS-DVR customer, and Cablevision’s contribution to this
reproduction by providing the system does not warrant the imposition of direct liability.
Therefore, Cablevision is entitled to summary judgment on this point, and the district court
erred in awarding summary judgment to plaintiffs….
[In the third section, the Second Circuit held that Cablevision’s playback of the recording
did not constitute an infringing public performance:
Because each RS-DVR playback transmission is made to a single subscriber
using a single unique copy produced by that subscriber, we conclude that
such transmissions are not performances “to the public,” and therefore do not
infringe any exclusive right of public performance.]
NOTES AND QUESTIONS
Application to Web Browsing. Is web browsing an infringement of the browsed web
page/file? If so, who is the infringer—the browser, the website operator, a third party
licensee who provided content to the website operator, some combination of the three, or all
three? Does your answer depend on whether the browsed file is uploaded with or without
the copyright owner’s permission?
Application to Retweeting. Assume for a moment that a tweet is copyrightable. If a user
“retweets” another user’s tweet, did the retweeting user “make” a copy? Did Twitter? What
about when a Tumblr user “reblogs” another user’s post? Twitter and Tumblr may obtain
express or implied licenses on behalf of other users to authorize retweeting/reblogging, but
that won’t help if the original tweet/post infringed. See Bell v. Chicago Cubs Baseball Club
LLC, 2020 WL 550605 (N.D. Ill. 2020) (retweeting may be direct infringement); Goldman v.
140.
Breitbart News Network, LLC, 302 F. Supp. 3d 585 (S.D.N.Y. 2018) (embedding a tweet on
a web page constitutes copyright infringement).
Every Copy Counts. Like the Google Books case, the Cablevision court analyzed each and
every copy made via the defendant’s system. If any one of those copies had been infringing,
the copyright owner would have won even if the defendant had a good excuse for the other
copies. When doing your legal analysis, account for each and every copy.
What Cablevision Didn’t Address. The litigants struck a deal: the plaintiffs agreed not to
assert secondary copyright infringement if Cablevision agreed not to assert a fair use
defense. Thus, the case didn’t resolve either issue. From the plaintiff’s perspective, did it
make a good deal with a bad outcome? In light of the Google Books ruling, how strong
would Cablevision’s fair use defense have been?
Supreme Court Ruling in ABC v. Aereo. Aereo provided a subscription service for local
broadcast television that subscribers could watch via the Internet (as opposed to via cable
or a local antenna), either nearly live or on a delayed basis using an Aereo-operated DVR
set-up similar to Cablevision’s. It directly competed with cable subscription services. Aereo
had a large farm of tiny dime-sized antennae to receive broadcast signals, and it assigned
an individual antenna to each subscriber when providing services. Thus, Aereo claimed its
subscribers simply received broadcast signals via their own personal antenna, even though
that antenna was physically located in Aereo’s offices, not on the subscriber’s premises.
In a 6-3 ruling, the Supreme Court held that Aereo’s system infringed the broadcasters’
public performance right. American Broadcasting Cos. v. Aereo, Inc., 573 U.S. 431 (2014).
Specifically, the court held that Aereo performed the broadcasts (the users also might have
performed). Thus, the court emphatically rejected Aereo’s basic contentions that it was a
passive technology provider and that users made the legally significant choices by
configuring Aereo’s technology for their personal use.
The Aereo majority responded poorly to Aereo’s argument that assigning a small antenna to
each subscriber meant that it could avoid the legal regulations applicable to cable services:
141.
Viewed in terms of Congress’ regulatory objectives, why should any of these
technological differences matter? They concern the behind-the-scenes way in
which Aereo delivers television programming to its viewers’ screens. They do
not render Aereo’s commercial objective any different from that of cable
companies. Nor do they significantly alter the viewing experience of Aereo’s
subscribers. Why would a subscriber who wishes to watch a television show
care much whether images and sounds are delivered to his screen via a large
multisubscriber antenna or one small dedicated antenna, whether they arrive
instantaneously or after a few seconds’ delay, or whether they are
transmitted directly or after a personal copy is made?
Although the Aereo majority opinion was drafted narrowly to specifically resolve Aereo’s
practices, the ruling raised more questions than it answers, including:
If a new marketplace entrant uses different technology to replicate the incumbent’s
functions, will courts ignore the technical differences in determining the legal
consequences? Focusing on functional similarity, rather than the specific
technological implications, would chill new entrepreneurs who rely on technological
innovation to fit into different legal categories than incumbents.
The ruling says that Aereo was too cable-like, so Congress must have meant to
regulate it like cable services. If Congress left a gap in the Copyright Act’s wording,
was it appropriate for the court to fill in this gap, or should Congress have the sole
responsibility to fill any regulatory gaps it created?
How did the Aereo ruling impact the Cablevision ruling? Aereo tries to limit its
holding to near-real-time delivery of the broadcast signals, so the opinion didn’t
directly opine on DVR-as-a-service. But does the opinion overturn the basic premise
that Cablevision was a passive technology provider and only its users took the
legally significant actions? Also, the Supreme Court specifically held that Aereo
performed “to the public,” possibly abrogating one of the grounds for Cablevision’s
win.
The Supreme Court’s ruling was fatal to Aereo. See Sara Randazzo, TiVo, Others Buy
Scraps of Aereo at Bankruptcy Auction, WALL ST. J., Feb. 26, 2015,
https://www.wsj.com/articles/tivo-others-buy-scraps-of-aereo-at-bankruptcy-auction-
1424992904. Is Aereo’s demise something to celebrate or lament? What message does it
send to other entrepreneurs in analogous or similar fields?
What Does “Volition” Mean? The Cablevision opinion references a lack of “volitional”
activity, but what does that mean? In Perfect 10, Inc. v. Giganews, Inc., 847 F.3d 657 (9th
Cir. 2017), the Ninth Circuit equated “volition” with “proximate causation.” It was lacking
in that case because “Perfect 10 provides no evidence showing Giganews exercised control
(other than by general operation of a Usenet service); selected any material for upload,
download, transmission, or storage; or instigated any copying, storage, or distribution.”
Quoting a Fourth Circuit opinion (CoStar v. LoopNet), the court added that “automatic
copying, storage, and transmission of copyrighted materials, when instigated by others,
does not render an [Internet service provider] strictly liable for copyright infringement[.]”
Accord VHT, Inc. v. Zillow Group, 918 F.3d 723 (9th Cir. 2019); BWP Media USA, Inc. v. T
& S Software Associates, Inc., 852 F.3d 436 (5th Cir. 2017) (“T&S hosts the forum on which
142.
infringing content was posted, but its connection to the infringement ends there. The users
posted the infringing content.”); but see BWP Media USA Inc. v. Polyvore, Inc., 922 F.3d 42
(2d Cir. 2019) (where three Second Circuit judges could not agree on the definition of
“volition,” including one judge who emphatically insisted that it did not equal “proximate
causation”). Note that “lack of volition” is a defense only to direct copyright infringement; it
does not negate potential contributory or vicarious infringement claims.
Where Does Infringement Occur? A Polish service operating foreign servers streamed US-
copyrighted videos to US viewers. Citing Aereo, the District of Columbia Circuit said “a
broadcaster and a viewer can both be liable for the same performance” and held that “where
a foreign broadcaster uploads copyrighted content to its website and directs that content
onto a computer screen in the United States at a user’s request, the broadcaster commits an
actionable domestic violation of the Copyright Act.” Spanski Enterprises, Inc. v. Telewizja
Polska, S.A., 883 F.3d 904 (D.C. Cir. 2018).
143.
The following case was the Supreme Court’s first online copyright case. It involves peer-to-
peer file sharing of music, which has been eclipsed by online music streaming options like
Spotify and YouTube. In addition to the court’s legal holding, consider the jurisprudential
challenges posed by new and evolving technology that courts don’t fully understand.
Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005).
Souter, Justice.
The question is under what circumstances the distributor of a product capable of both
lawful and unlawful use is liable for acts of copyright infringement by third parties using
the product. We hold that one who distributes a device with the object of promoting its use
to infringe copyright, as shown by clear expression or other affirmative steps taken to foster
infringement, is liable for the resulting acts of infringement by third parties.
I
A
Respondents, Grokster, Ltd., and StreamCast Networks, Inc., defendants in the trial court,
distribute free software products that allow computer users to share electronic files through
peer-to-peer networks, so called because users’ computers communicate directly with each
other, not through central servers. The advantage of peer-to-peer networks over
information networks of other types shows up in their substantial and growing popularity.
Because they need no central computer server to mediate the exchange of information or
files among users, the high-bandwidth communications capacity for a server may be
dispensed with, and the need for costly server storage space is eliminated. Since copies of a
file (particularly a popular one) are available on many users’ computers, file requests and
retrievals may be faster than on other types of networks, and since file exchanges do not
travel through a server, communications can take place between any computers that
remain connected to the network without risk that a glitch in the server will disable the
network in its entirety. Given these benefits in security, cost, and efficiency, peer-to-peer
networks are employed to store and distribute electronic files by universities, government
agencies, corporations, and libraries, among others.1
Other users of peer-to-peer networks include individual recipients of Grokster’s and
StreamCast’s software, and although the networks that they enjoy through using the
software can be used to share any type of digital file, they have prominently employed those
networks in sharing copyrighted music and video files without authorization. A group of
copyright holders (MGM for short, but including motion picture studios, recording
companies, songwriters, and music publishers) sued Grokster and StreamCast for their
users’ copyright infringements, alleging that they knowingly and intentionally distributed
their software to enable users to reproduce and distribute the copyrighted works in
violation of the Copyright Act, 17 U.S.C. § 101 et seq. MGM sought damages and an
injunction.
1 Peer-to-peer networks have disadvantages as well. Searches on peer-to-peer networks may not reach and
uncover all available files because search requests may not be transmitted to every computer on the network.
There may be redundant copies of popular files. The creator of the software has no incentive to minimize storage
or bandwidth consumption, the costs of which are borne by every user of the network. Most relevant here, it is
more difficult to control the content of files available for retrieval and the behavior of users.
144.
Discovery during the litigation revealed the way the software worked, the business aims of
each defendant company, and the predilections of the users. Grokster’s eponymous software
employs what is known as FastTrack technology, a protocol developed by others and
licensed to Grokster. StreamCast distributes a very similar product except that its
software, called Morpheus, relies on what is known as Gnutella technology. A user who
downloads and installs either software possesses the protocol to send requests for files
directly to the computers of others using software compatible with FastTrack or Gnutella.
On the FastTrack network opened by the Grokster software, the user’s request goes to a
computer given an indexing capacity by the software and designated a supernode, or to
some other computer with comparable power and capacity to collect temporary indexes of
the files available on the computers of users connected to it. The supernode (or indexing
computer) searches its own index and may communicate the search request to other
supernodes. If the file is found, the supernode discloses its location to the computer
requesting it, and the requesting user can download the file directly from the computer
located. The copied file is placed in a designated sharing folder on the requesting user’s
computer, where it is available for other users to download in turn, along with any other
file in that folder.
In the Gnutella network made available by Morpheus, the process is mostly the same,
except that in some versions of the Gnutella protocol there are no supernodes. In these
versions, peer computers using the protocol communicate directly with each other. When a
user enters a search request into the Morpheus software, it sends the request to computers
connected with it, which in turn pass the request along to other connected peers. The
search results are communicated to the requesting computer, and the user can download
desired files directly from peers’ computers. As this description indicates, Grokster and
StreamCast use no servers to intercept the content of the search requests or to mediate the
file transfers conducted by users of the software, there being no central point through which
the substance of the communications passes in either direction.4
Although Grokster and StreamCast do not therefore know when particular files are copied,
a few searches using their software would show what is available on the networks the
software reaches. MGM commissioned a statistician to conduct a systematic search, and his
study showed that nearly 90% of the files available for download on the FastTrack system
were copyrighted works.5 Grokster and StreamCast dispute this figure, raising
methodological problems and arguing that free copying even of copyrighted works may be
authorized by the rightholders. They also argue that potential noninfringing uses of their
software are significant in kind, even if infrequent in practice. Some musical performers,
for example, have gained new audiences by distributing their copyrighted works for free
across peer-to-peer networks, and some distributors of unprotected content have used peer-
to-peer networks to disseminate files, Shakespeare being an example. Indeed, StreamCast
has given Morpheus users the opportunity to download the briefs in this very case, though
their popularity has not been quantified.
4 There is some evidence that both Grokster and StreamCast previously operated supernodes, which compiled
indexes of files available on all of the nodes connected to them. This evidence, pertaining to previous versions of
the defendants’ software, is not before us and would not affect our conclusions in any event. 5 By comparison, evidence introduced by the plaintiffs in A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004
(C.A.9 2001), showed that 87% of files available on the Napster file-sharing network were copyrighted.
145.
As for quantification, the parties’ anecdotal and statistical evidence entered thus far to
show the content available on the FastTrack and Gnutella networks does not say much
about which files are actually downloaded by users, and no one can say how often the
software is used to obtain copies of unprotected material. But MGM’s evidence gives reason
to think that the vast majority of users’ downloads are acts of infringement, and because
well over 100 million copies of the software in question are known to have been
downloaded, and billions of files are shared across the FastTrack and Gnutella networks
each month, the probable scope of copyright infringement is staggering.
Grokster and StreamCast concede the infringement in most downloads, and it is
uncontested that they are aware that users employ their software primarily to download
copyrighted files, even if the decentralized FastTrack and Gnutella networks fail to reveal
which files are being copied, and when. From time to time, moreover, the companies have
learned about their users’ infringement directly, as from users who have sent e-mail to each
company with questions about playing copyrighted movies they had downloaded, to whom
the companies have responded with guidance. And MGM notified the companies of 8 million
copyrighted files that could be obtained using their software.
Grokster and StreamCast are not, however, merely passive recipients of information about
infringing use. The record is replete with evidence that from the moment Grokster and
StreamCast began to distribute their free software, each one clearly voiced the objective
that recipients use it to download copyrighted works, and each took active steps to
encourage infringement.
After the notorious file-sharing service, Napster, was sued by copyright holders for
facilitation of copyright infringement, A&M Records, Inc. v. Napster, Inc., 114 F. Supp. 2d
896 (N.D. Cal. 2000), aff’d in part, rev’d in part, 239 F.3d 1004 (C.A.9 2001), StreamCast
gave away a software program of a kind known as OpenNap, designed as compatible with
the Napster program and open to Napster users for downloading files from other Napster
and OpenNap users’ computers. Evidence indicates that “[i]t was always [StreamCast’s]
intent to use [its OpenNap network] to be able to capture email addresses of [its] initial
target market so that [it] could promote [its] StreamCast Morpheus interface to them”;
indeed, the OpenNap program was engineered “‘to leverage Napster’s 50 million user base.’”
StreamCast monitored both the number of users downloading its OpenNap program and
the number of music files they downloaded. It also used the resulting OpenNap network to
distribute copies of the Morpheus software and to encourage users to adopt it. Internal
company documents indicate that StreamCast hoped to attract large numbers of former
Napster users if that company was shut down by court order or otherwise, and that
StreamCast planned to be the next Napster. A kit developed by StreamCast to be delivered
to advertisers, for example, contained press articles about StreamCast’s potential to
capture former Napster users, and it introduced itself to some potential advertisers as a
company “which is similar to what Napster was.” It broadcast banner advertisements to
users of other Napster-compatible software, urging them to adopt its OpenNap. An internal
e-mail from a company executive stated: “‘We have put this network in place so that when
Napster pulls the plug on their free service ... or if the Court orders them shut down prior to
that ... we will be positioned to capture the flood of their 32 million users that will be
actively looking for an alternative.’”
146.
Thus, StreamCast developed promotional materials to market its service as the best
Napster alternative. One proposed advertisement read: “Napster Inc. has announced that it
will soon begin charging you a fee. That’s if the courts don’t order it shut down first. What
will you do to get around it?” Another proposed ad touted StreamCast’s software as the “# 1
alternative to Napster” and asked “[w]hen the lights went off at Napster ... where did the
users go?” (ellipsis in original).7 StreamCast even planned to flaunt the illegal uses of its
software; when it launched the OpenNap network, the chief technology officer of the
company averred that “[t]he goal is to get in trouble with the law and get sued. It’s the best
way to get in the new[s].”
The evidence that Grokster sought to capture the market of former Napster users is sparser
but revealing, for Grokster launched its own OpenNap system called Swaptor and inserted
digital codes into its Web site so that computer users using Web search engines to look for
“Napster” or “[f]ree file sharing” would be directed to the Grokster Web site, where they
could download the Grokster software. And Grokster’s name is an apparent derivative of
Napster.
StreamCast’s executives monitored the number of songs by certain commercial artists
available on their networks, and an internal communication indicates they aimed to have a
larger number of copyrighted songs available on their networks than other file-sharing
networks. The point, of course, would be to attract users of a mind to infringe, just as it
would be with their promotional materials developed showing copyrighted songs as
examples of the kinds of files available through Morpheus. Morpheus in fact allowed users
to search specifically for “Top 40” songs, which were inevitably copyrighted. Similarly,
Grokster sent users a newsletter promoting its ability to provide particular, popular
copyrighted materials.
In addition to this evidence of express promotion, marketing, and intent to promote further,
the business models employed by Grokster and StreamCast confirm that their principal
object was use of their software to download copyrighted works. Grokster and StreamCast
receive no revenue from users, who obtain the software itself for nothing. Instead, both
companies generate income by selling advertising space, and they stream the advertising to
Grokster and Morpheus users while they are employing the programs. As the number of
users of each program increases, advertising opportunities become worth more. While there
is doubtless some demand for free Shakespeare, the evidence shows that substantive
volume is a function of free access to copyrighted work. Users seeking Top 40 songs, for
example, or the latest release by Modest Mouse, are certain to be far more numerous than
those seeking a free Decameron, and Grokster and StreamCast translated that demand into
dollars.
Finally, there is no evidence that either company made an effort to filter copyrighted
material from users’ downloads or otherwise impede the sharing of copyrighted files.
Although Grokster appears to have sent e-mails warning users about infringing content
when it received threatening notice from the copyright holders, it never blocked anyone
7 The record makes clear that StreamCast developed these promotional materials but not whether it released
them to the public. Even if these advertisements were not released to the public and do not show
encouragement to infringe, they illuminate StreamCast’s purposes.
147.
from continuing to use its software to share copyrighted files. StreamCast not only rejected
another company’s offer of help to monitor infringement, but blocked the Internet Protocol
addresses of entities it believed were trying to engage in such monitoring on its networks….
II
A
MGM and many of the amici fault the Court of Appeals’s holding for upsetting a sound
balance between the respective values of supporting creative pursuits through copyright
protection and promoting innovation in new communication technologies by limiting the
incidence of liability for copyright infringement. The more artistic protection is favored, the
more technological innovation may be discouraged; the administration of copyright law is
an exercise in managing the tradeoff. See Sony Corp. v. Universal City Studios, supra, at
442.
The tension between the two values is the subject of this case, with its claim that digital
distribution of copyrighted material threatens copyright holders as never before, because
every copy is identical to the original, copying is easy, and many people (especially the
young) use file-sharing software to download copyrighted works. This very breadth of the
software’s use may well draw the public directly into the debate over copyright policy, and
the indications are that the ease of copying songs or movies using software like Grokster’s
and Napster’s is fostering disdain for copyright protection. As the case has been presented
to us, these fears are said to be offset by the different concern that imposing liability, not
only on infringers but on distributors of software based on its potential for unlawful use,
could limit further development of beneficial technologies.8
The argument for imposing indirect liability in this case is, however, a powerful one, given
the number of infringing downloads that occur every day using StreamCast’s and
Grokster’s software. When a widely shared service or product is used to commit
infringement, it may be impossible to enforce rights in the protected work effectively
against all direct infringers, the only practical alternative being to go against the
distributor of the copying device for secondary liability on a theory of contributory or
vicarious infringement.
One infringes contributorily by intentionally inducing or encouraging direct infringement,
see Gershwin Pub. Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159, 1162 (C.A.2
1971), and infringes vicariously by profiting from direct infringement while declining to
exercise a right to stop or limit it, Shapiro, Bernstein & Co. v. H.L. Green Co., 316 F.2d 304,
307 (C.A.2 1963).9 Although “[t]he Copyright Act does not expressly render anyone liable for
8 The mutual exclusivity of these values should not be overstated, however. On the one hand technological
innovators, including those writing file-sharing computer programs, may wish for effective copyright protections
for their work. On the other hand the widespread distribution of creative works through improved technologies
may enable the synthesis of new works or generate audiences for emerging artists. 9 We stated in Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984), that “‘the lines
between direct infringement, contributory infringement and vicarious liability are not clearly drawn’
....[R]easoned analysis of [the Sony plaintiffs’ contributory infringement claim] necessarily entails consideration
of arguments and case law which may also be forwarded under the other labels, and indeed the parties ... rely
upon such arguments and authority in support of their respective positions on the issue of contributory
infringement.” In the present case MGM has argued a vicarious liability theory, which allows imposition of
148.
infringement committed by another,” Sony Corp. v. Universal City Studios, 464 U.S., at
434, these doctrines of secondary liability emerged from common law principles and are
well established in the law.
B
Despite the currency of these principles of secondary liability, this Court has dealt with
secondary copyright infringement in only one recent case, and because MGM has tailored
its principal claim to our opinion there, a look at our earlier holding is in order. In Sony
Corp. v. Universal City Studios, this Court addressed a claim that secondary liability for
infringement can arise from the very distribution of a commercial product. There, the
product, novel at the time, was what we know today as the videocassette recorder or VCR.
Copyright holders sued Sony as the manufacturer, claiming it was contributorily liable for
infringement that occurred when VCR owners taped copyrighted programs because it
supplied the means used to infringe, and it had constructive knowledge that infringement
would occur. At the trial on the merits, the evidence showed that the principal use of the
VCR was for “‘time-shifting,’” or taping a program for later viewing at a more convenient
time, which the Court found to be a fair, not an infringing, use. There was no evidence that
Sony had expressed an object of bringing about taping in violation of copyright or had taken
active steps to increase its profits from unlawful taping. Although Sony’s advertisements
urged consumers to buy the VCR to “‘record favorite shows’” or “‘build a library’” of recorded
programs, neither of these uses was necessarily infringing.
On those facts, with no evidence of stated or indicated intent to promote infringing uses, the
only conceivable basis for imposing liability was on a theory of contributory infringement
arising from its sale of VCRs to consumers with knowledge that some would use them to
infringe. But because the VCR was “capable of commercially significant noninfringing
uses,” we held the manufacturer could not be faulted solely on the basis of its distribution.
This analysis reflected patent law’s traditional staple article of commerce doctrine, now
codified, that distribution of a component of a patented device will not violate the patent if
it is suitable for use in other ways. 35 U.S.C. § 271(c). The doctrine was devised to identify
instances in which it may be presumed from distribution of an article in commerce that the
distributor intended the article to be used to infringe another’s patent, and so may justly be
held liable for that infringement. “One who makes and sells articles which are only adapted
to be used in a patented combination will be presumed to intend the natural consequences
of his acts; he will be presumed to intend that they shall be used in the combination of the
patent.”
In sum, where an article is “good for nothing else” but infringement, there is no legitimate
public interest in its unlicensed availability, and there is no injustice in presuming or
imputing an intent to infringe. Conversely, the doctrine absolves the equivocal conduct of
selling an item with substantial lawful as well as unlawful uses, and limits liability to
instances of more acute fault than the mere understanding that some of one’s products will
be misused. It leaves breathing room for innovation and a vigorous commerce.
liability when the defendant profits directly from the infringement and has a right and ability to supervise the
direct infringer, even if the defendant initially lacks knowledge of the infringement. Because we resolve the case
based on an inducement theory, there is no need to analyze separately MGM’s vicarious liability theory.
149.
The parties and many of the amici in this case think the key to resolving it is the Sony rule
and, in particular, what it means for a product to be “capable of commercially significant
noninfringing uses.” MGM advances the argument that granting summary judgment to
Grokster and StreamCast as to their current activities gave too much weight to the value of
innovative technology, and too little to the copyrights infringed by users of their software,
given that 90% of works available on one of the networks was shown to be copyrighted.
Assuming the remaining 10% to be its noninfringing use, MGM says this should not qualify
as “substantial,” and the Court should quantify Sony to the extent of holding that a product
used “principally” for infringement does not qualify. As mentioned before, Grokster and
StreamCast reply by citing evidence that their software can be used to reproduce public
domain works, and they point to copyright holders who actually encourage copying. Even if
infringement is the principal practice with their software today, they argue, the
noninfringing uses are significant and will grow.
We agree with MGM that the Court of Appeals misapplied Sony, which it read as limiting
secondary liability quite beyond the circumstances to which the case applied. Sony barred
secondary liability based on presuming or imputing intent to cause infringement solely
from the design or distribution of a product capable of substantial lawful use, which the
distributor knows is in fact used for infringement. The Ninth Circuit has read Sony’s
limitation to mean that whenever a product is capable of substantial lawful use, the
producer can never be held contributorily liable for third parties’ infringing use of it; it read
the rule as being this broad, even when an actual purpose to cause infringing use is shown
by evidence independent of design and distribution of the product, unless the distributors
had “specific knowledge of infringement at a time at which they contributed to the
infringement, and failed to act upon that information.” Because the Circuit found the
StreamCast and Grokster software capable of substantial lawful use, it concluded on the
basis of its reading of Sony that neither company could be held liable, since there was no
showing that their software, being without any central server, afforded them knowledge of
specific unlawful uses.
This view of Sony, however, was error, converting the case from one about liability resting
on imputed intent to one about liability on any theory. Because Sony did not displace other
theories of secondary liability, and because we find below that it was error to grant
summary judgment to the companies on MGM’s inducement claim, we do not revisit Sony
further, as MGM requests, to add a more quantified description of the point of balance
between protection and commerce when liability rests solely on distribution with knowledge
that unlawful use will occur. It is enough to note that the Ninth Circuit’s judgment rested
on an erroneous understanding of Sony and to leave further consideration of the Sony rule
for a day when that may be required.
C
Sony’s rule limits imputing culpable intent as a matter of law from the characteristics or
uses of a distributed product. But nothing in Sony requires courts to ignore evidence of
intent if there is such evidence, and the case was never meant to foreclose rules of fault-
150.
based liability derived from the common law.10 Sony Corp. v. Universal City Studios, supra,
at 439 (“If vicarious liability is to be imposed on Sony in this case, it must rest on the fact
that it has sold equipment with constructive knowledge” of the potential for infringement).
Thus, where evidence goes beyond a product’s characteristics or the knowledge that it may
be put to infringing uses, and shows statements or actions directed to promoting
infringement, Sony’s staple-article rule will not preclude liability.
The classic case of direct evidence of unlawful purpose occurs when one induces commission
of infringement by another, or “entic[es] or persuad[es] another” to infringe, as by
advertising. Thus at common law a copyright or patent defendant who “not only expected
but invoked [infringing use] by advertisement” was liable for infringement “on principles
recognized in every part of the law.”
The rule on inducement of infringement as developed in the early cases is no different
today. Evidence of “active steps ... taken to encourage direct infringement,” such as
advertising an infringing use or instructing how to engage in an infringing use, show an
affirmative intent that the product be used to infringe, and a showing that infringement
was encouraged overcomes the law’s reluctance to find liability when a defendant merely
sells a commercial product suitable for some lawful use.
For the same reasons that Sony took the staple-article doctrine of patent law as a model for
its copyright safe-harbor rule, the inducement rule, too, is a sensible one for copyright. We
adopt it here, holding that one who distributes a device with the object of promoting its use
to infringe copyright, as shown by clear expression or other affirmative steps taken to foster
infringement, is liable for the resulting acts of infringement by third parties. We are, of
course, mindful of the need to keep from trenching on regular commerce or discouraging the
development of technologies with lawful and unlawful potential. Accordingly, just as Sony
did not find intentional inducement despite the knowledge of the VCR manufacturer that
its device could be used to infringe, mere knowledge of infringing potential or of actual
infringing uses would not be enough here to subject a distributor to liability. Nor would
ordinary acts incident to product distribution, such as offering customers technical support
or product updates, support liability in themselves. The inducement rule, instead, premises
liability on purposeful, culpable expression and conduct, and thus does nothing to
compromise legitimate commerce or discourage innovation having a lawful promise.
III
A
The only apparent question about treating MGM’s evidence as sufficient to withstand
summary judgment under the theory of inducement goes to the need on MGM’s part to
adduce evidence that StreamCast and Grokster communicated an inducing message to
their software users. The classic instance of inducement is by advertisement or solicitation
that broadcasts a message designed to stimulate others to commit violations. MGM claims
that such a message is shown here. It is undisputed that StreamCast beamed onto the
computer screens of users of Napster-compatible programs ads urging the adoption of its
OpenNap program, which was designed, as its name implied, to invite the custom of
10 Nor does the Patent Act’s exemption from liability for those who distribute a staple article of commerce, 35
U.S.C. § 271(c), extend to those who induce patent infringement, § 271(b).
151.
patrons of Napster, then under attack in the courts for facilitating massive infringement.
Those who accepted StreamCast’s OpenNap program were offered software to perform the
same services, which a factfinder could conclude would readily have been understood in the
Napster market as the ability to download copyrighted music files. Grokster distributed an
electronic newsletter containing links to articles promoting its software’s ability to access
popular copyrighted music. And anyone whose Napster or free file-sharing searches turned
up a link to Grokster would have understood Grokster to be offering the same file-sharing
ability as Napster, and to the same people who probably used Napster for infringing
downloads; that would also have been the understanding of anyone offered Grokster’s
suggestively named Swaptor software, its version of OpenNap. And both companies
communicated a clear message by responding affirmatively to requests for help in locating
and playing copyrighted materials.
In StreamCast’s case, of course, the evidence just described was supplemented by other
unequivocal indications of unlawful purpose in the internal communications and
advertising designs aimed at Napster users (“When the lights went off at Napster ... where
did the users go?”). Whether the messages were communicated is not to the point on this
record. The function of the message in the theory of inducement is to prove by a defendant’s
own statements that his unlawful purpose disqualifies him from claiming protection (and
incidentally to point to actual violators likely to be found among those who hear or read the
message). Proving that a message was sent out, then, is the preeminent but not exclusive
way of showing that active steps were taken with the purpose of bringing about infringing
acts, and of showing that infringing acts took place by using the device distributed. Here,
the summary judgment record is replete with other evidence that Grokster and
StreamCast, unlike the manufacturer and distributor in Sony, acted with a purpose to
cause copyright violations by use of software suitable for illegal use.
Three features of this evidence of intent are particularly notable. First, each company
showed itself to be aiming to satisfy a known source of demand for copyright infringement,
the market comprising former Napster users. StreamCast’s internal documents made
constant reference to Napster, it initially distributed its Morpheus software through an
OpenNap program compatible with Napster, it advertised its OpenNap program to Napster
users, and its Morpheus software functions as Napster did except that it could be used to
distribute more kinds of files, including copyrighted movies and software programs.
Grokster’s name is apparently derived from Napster, it too initially offered an OpenNap
program, its software’s function is likewise comparable to Napster’s, and it attempted to
divert queries for Napster onto its own Web site. Grokster and StreamCast’s efforts to
supply services to former Napster users, deprived of a mechanism to copy and distribute
what were overwhelmingly infringing files, indicate a principal, if not exclusive, intent on
the part of each to bring about infringement.
Second, this evidence of unlawful objective is given added significance by MGM’s showing
that neither company attempted to develop filtering tools or other mechanisms to diminish
the infringing activity using their software. While the Ninth Circuit treated the defendants’
failure to develop such tools as irrelevant because they lacked an independent duty to
152.
monitor their users’ activity, we think this evidence underscores Grokster’s and
StreamCast’s intentional facilitation of their users’ infringement.12
Third, there is a further complement to the direct evidence of unlawful objective. It is useful
to recall that StreamCast and Grokster make money by selling advertising space, by
directing ads to the screens of computers employing their software. As the record shows, the
more the software is used, the more ads are sent out and the greater the advertising
revenue becomes. Since the extent of the software’s use determines the gain to the
distributors, the commercial sense of their enterprise turns on high-volume use, which the
record shows is infringing.13 This evidence alone would not justify an inference of unlawful
intent, but viewed in the context of the entire record its import is clear.
The unlawful objective is unmistakable.
B
In addition to intent to bring about infringement and distribution of a device suitable for
infringing use, the inducement theory of course requires evidence of actual infringement by
recipients of the device, the software in this case. As the account of the facts indicates, there
is evidence of infringement on a gigantic scale, and there is no serious issue of the adequacy
of MGM’s showing on this point in order to survive the companies’ summary judgment
requests. Although an exact calculation of infringing use, as a basis for a claim of damages,
is subject to dispute, there is no question that the summary judgment evidence is at least
adequate to entitle MGM to go forward with claims for damages and equitable relief.
* * *
In sum, this case is significantly different from Sony and reliance on that case to rule in
favor of StreamCast and Grokster was error. Sony dealt with a claim of liability based
solely on distributing a product with alternative lawful and unlawful uses, with knowledge
that some users would follow the unlawful course. The case struck a balance between the
interests of protection and innovation by holding that the product’s capability of substantial
lawful employment should bar the imputation of fault and consequent secondary liability
for the unlawful acts of others.
MGM’s evidence in this case most obviously addresses a different basis of liability for
distributing a product open to alternative uses. Here, evidence of the distributors’ words
12 Of course, in the absence of other evidence of intent, a court would be unable to find contributory
infringement liability merely based on a failure to take affirmative steps to prevent infringement, if the device
otherwise was capable of substantial noninfringing uses. Such a holding would tread too close to the Sony safe
harbor. 13 Grokster and StreamCast contend that any theory of liability based on their conduct is not properly before
this Court because the rulings in the trial and appellate courts dealt only with the present versions of their
software, not “past acts ... that allegedly encouraged infringement or assisted ... known acts of infringement.”
This contention misapprehends the basis for their potential liability. It is not only that encouraging a particular
consumer to infringe a copyright can give rise to secondary liability for the infringement that results.
Inducement liability goes beyond that, and the distribution of a product can itself give rise to liability where
evidence shows that the distributor intended and encouraged the product to be used to infringe. In such a case,
the culpable act is not merely the encouragement of infringement but also the distribution of the tool intended
for infringing use.
153.
and deeds going beyond distribution as such shows a purpose to cause and profit from
third-party acts of copyright infringement. If liability for inducing infringement is
ultimately found, it will not be on the basis of presuming or imputing fault, but from
inferring a patently illegal objective from statements and actions showing what that
objective was.
There is substantial evidence in MGM’s favor on all elements of inducement, and summary
judgment in favor of Grokster and StreamCast was error. On remand, reconsideration of
MGM’s motion for summary judgment will be in order….
[Justices Ginsburg and Breyer concurrences omitted].
NOTES AND QUESTIONS
Who were the direct infringers in this case? Why didn’t the plaintiffs sue them?
Could Grokster and StreamCast be liable for inducing copyright infringement—even if no
user ever engaged in any infringing conduct?
“Curing” Inducement. Assume that Grokster deliberately induced users to engage in
copyright infringement from day 1. However, before any copyright owners sued, assume it
voluntarily decided to mend its ways and stop inducing. How would it do so? Can a
company “cure” historical inducement? Or would Grokster need to wait out the statute of
limitations?
The IsoHunt case, discussed below, discussed the possibility of curing inducement in dicta:
an individual or entity’s unlawful objective at time B is not a virus that
infects all future actions. People, companies, and technologies must be
allowed to rehabilitate, so to speak, through actions actively discouraging the
infringing use of their product, lest the public be deprived of the useful good
or service they are still capable of producing.
What would constitute sufficient “actions actively discouraging the infringing use”?
Is it possible that tools with long-term social value might initially look threatening to
copyright owners? For decades, copyright owners have challenged virtually every major
technological development that enables third parties to do something new with their
copyrighted work. See Mark A. Lemley, Is the Sky Falling on the Content Industries?, 9 J.
TELECOMM. & HIGH TECH. L. 125 (2011). Could Grokster and StreamCast have evolved into
a legitimate and important social resource if the Supreme Court hadn’t effectively shut
them down?
Is Inducement Part of or Separate From Contributory Infringement? Does the Grokster
opinion create a new type of secondary liability called “inducement,” or is inducement just a
subset of the contributory infringement doctrine? Most courts have held the latter, but see
David v. CBS Interactive Inc., 2012 WL 12884914 (C.D. Cal. 2012) (rejecting the
defendant’s liability for contributory or vicarious infringement, but holding that the
defendant nevertheless could have committed inducement).
154.
The IsoHunt Case. Due to Justice Souter’s surgical definition of inducement, few
defendants lose their cases solely on inducement grounds. A notable exception is Columbia
Pictures Industries v. Fung, 710 F.3d 1020 (9th Cir. 2013). Fung ran three torrent sites,
which help users find desired files via the BitTorrent peer-to-peer protocol. The court
explains how Fung promoted use of his torrent sites to infringe copyright:
As for the necessary “clear expression or other affirmative steps” evidence
indicative of unlawful intent, the most important is Fung’s active
encouragement of the uploading of torrent files concerning copyrighted
content. For a time, for example, isoHunt prominently featured a list of “Box
Office Movies,” containing the 20 highest-grossing movies then playing in
U.S. theaters. When a user clicked on a listed title, she would be invited to
“upload [a] torrent” file for that movie. In other words, she would be asked to
upload a file that, once downloaded by other users, would lead directly to
their obtaining infringing content. Fung also posted numerous messages to
the isoHunt forum requesting that users upload torrents for specific
copyrighted films; in other posts, he provided links to torrent files for
copyrighted movies, urging users to download them.
In a footnote, the court clarified that inducement would not be shown by organizing files
into browseable categories or allowing keyword searching of the content in the site’s
database.
In addition:
The record is replete with instances of Fung responding personally to queries
for assistance in: uploading torrent files corresponding to obviously
copyrighted material, finding particular copyrighted movies and television
shows, getting pirated material to play properly, and burning the infringing
content onto DVDs for playback on televisions.
The court, echoing Grokster, also noted that Fung didn’t take any steps to filter his
database for copyright infringing material and generated revenues from advertising.
The Fung ruling indicates that a service provider could still qualify for a Section 512 safe
harbor even if it has induced inducement. In practice, it seems unlikely any defendant will
simultaneously induce infringement and qualify for the Section 512(c) defense. At
minimum, Fung lost eligibility for 512(c) because he had “red flags” of infringement,
discussed in UMG below.
Denouement to the Grokster Case. On remand, Grokster lost in court, and it subsequently
shut down operations. Its website displayed the following announcement/warning (the IP
address is redacted; screen shot taken August 3, 2011):
155.
156.
Section 512(c) Cheat Sheet
Introduction: In 1998, Congress enacted Section 512 to provide some certainty to hosts of
user-supplied content about their exposure to copyright infringement. Section 512(c) sets up
a “notice-and-takedown” system. Congress contemplated that web hosts of third party
content would not be automatically liable for copyright infringement due to their users’
content. Instead, copyright owners would have the responsibility to identify infringing
items. Copyright owners could then notify web hosts of the alleged infringements. After
getting those notices, web hosts would face liability only if they didn’t promptly remove the
allegedly infringing items; but if the web hosts did act quickly, they would avoid liability.
Prerequisites for a Successful Section 512(c) Defense
This “notice-and-takedown” concept sounds straightforward enough, but something got lost
in translating it to statutory language. To establish a Section 512(c) defense, a web host
must satisfy ALL of the following dozen (or more) elements. If the defense fails on any one
of these elements, the Section 512(c) defense is not available, and the web host must find
some other grounds to defend its actions or face potentially business-ending financial
liability. Copyright owners have vigorously contested most of these defense elements in
court, and resulting jurisprudence has undermined the basic “notice-and-takedown” scheme
and raised defense costs substantially.
To successfully assert a 512(c) prima facie defense, the defendant must show that it:
Qualifies as a “service provider”
Stores the material at a user’s direction
Adopts a policy to terminate repeat infringers
Reasonably implements that policy
Communicates that policy to users
Accommodates “standard technical measures”
Designates an agent at the Copyright Office to receive §512(c)(3) notices
Posts its agent’s contact info on its website
Does not have (i) actual knowledge of infringement or (ii) an awareness of
facts/circumstances that make infringement apparent (no “red flags”)
Does not have the right/ability to control infringement
Does not have a direct financial interest in the infringement
Expeditiously responded to the plaintiff’s §512(c)(3) notices (see below)
[Does not engage in inducement]
[Is not willfully blind to infringing conduct]
Note: I put the last two elements in brackets because the burden of proof on those two
points might be on the plaintiff, not the defendant.
It is not uncommon for a Section 512(c) opinion to run dozens of pages in length, as the
court addresses seriatim the copyright owner’s challenges to multiple defense elements.
157.
Elements of a 512(c)(3) Takedown Notice
Section 512 specifies that copyright owners properly notify services of allegedly infringing
items if their notice has the following six components.
It identifies the infringed works (or a representative sample of them)
It identifies the allegedly infringing copies precisely enough that the provider can
find the files
It contains a statement that the sender has a good faith belief that the users’
activities are unauthorized
It contains a statement that the complaint is accurate and, under penalty of perjury,
the person sending the notice is authorized to act on copyright owner’s behalf
It contains a signature of person authorized to act
It provides the sender’s contact information
In theory, Section 512(c) suggests that a web host can ignore any other copyright owner
communication about user-caused copyright infringement that fails to meet the Section
512(c)(3) elements. In practice, courts have exposed web hosts to liability in circumstances
where the copyright owner never sent a proper Section 512(c)(3) notice.
158.
In 1998, Congress enacted the Digital Millennium Copyright Act to update copyright law
for the 21st century. The DMCA included safe harbors for online intermediaries, including §
512(c) for web hosts of user-generated content (the “notice-and-takedown” provision).
Section 512(c) plays a crucial role in the user-generated content community, but it did not
anticipate the key online copyright issues for the 2000s. For example, neither of the
Supreme Court’s two online copyright cases since its passage (Grokster and Aereo)
addressed Section 512.
The next case illustrates the kind of punishing, expensive, no-settlement litigation that
copyright owners have brought with the goal of undermining Section 512(c)’s notice-and-
takedown scheme. After you read the case, ask yourself: who won this case?
UMG Recordings, Inc. v. Shelter Capital Partners LLC, 718 F.3d 1006 (9th Cir.
2013)*
…BACKGROUND
Veoh allows people to share video content over the Internet. Users can view videos
uploaded by other users as well as authorized “partner content” made available by major
copyright holders such as SonyBMG, ABC and ESPN. There are two ways to use Veoh’s
service: through a standalone software client application launched in late 2005, or through
the veoh.com website launched in early 2006 that users access via a standard web browser.
Both services are provided free of charge. Veoh generates revenue from advertising
displayed along with the videos. “As of April 2009, Veoh had well over a million videos
available for viewing, and users had uploaded more than four million videos to Veoh.”…
When a video is uploaded, various automated processes take place. Veoh’s software
automatically breaks down the video file into smaller 256-kilobyte “chunks,” which
facilitate making the video accessible to others. Veoh’s software also automatically
converts, or “transcodes,” the video file into Flash 7 format. This is done because “the vast
majority of internet users have software that can play videos” in this format. Veoh presets
the requisite settings for the Flash conversion. If the user is a “Pro” user, Veoh’s software
also converts the uploaded video into Flash 8 and MPEG-4 formats, which are playable on
some portable devices. Accordingly, when a Pro user uploads a video, Veoh automatically
creates and retains four copies: the chunked file, the Flash 7 file, the Flash 8 file and the
MPEG-4 file. None of these automated conversions affects the content of the video.
Veoh’s computers also automatically extract metadata from information users provide to
help others locate the video for viewing. Users can provide a title, as well as tags or
keywords that describe the video, and can also select pre-set categories describing the
video, such as “music,” “faith” or “politics.” The Veoh system then automatically assigns
every uploaded video a “permalink,” or web address, that uniquely identifies the video and
* [Editor’s note: the book includes the 2013 opinion, which superseded an earlier opinion the Ninth Circuit
issued in Dec. 2011. The Notes and Questions following the case will discuss how the opinion changed from 2011
to 2013.]
159.
makes it available to users. Veoh employees do not review the user-submitted video, title or
tags before the video is made available.2
Veoh’s system allows users to access shared videos in two ways. First, the video may be
“streamed” from a server, whereby the user’s web browser begins displaying the video
almost immediately, before the entire file has been transmitted to the user’s computer.
Depending on whether the user stops his web browser from streaming the full video, a
partial or full copy of the video is stored temporarily on the user's computer. Second, the
user can download a copy of the video through Veoh’s website or client software application.
Veoh transfers a “chunked” copy of the file to the user's computer, and the software
reassembles the chunks into a viewable copy. The downloaded file is stored on the user’s
computer in a Veoh directory, which gives Veoh the ability to terminate access to the files.
Veoh employs various technologies to automatically prevent copyright infringement on its
system. In 2006, Veoh adopted “hash filtering” software. Whenever Veoh disables access to
an infringing video, the hash filter also automatically disables access to any identical videos
and blocks any subsequently submitted duplicates. Veoh also began developing an
additional filtering method of its own, but in 2007 opted instead to adopt a third-party
filtering solution produced by a company called Audible Magic. Audible Magic's technology
takes audio “fingerprints” from video files and compares them to a database of copyrighted
content provided by copyright holders. If a user attempts to upload a video that matches a
fingerprint from Audible Magic’s database of forbidden material, the video never becomes
available for viewing. Approximately nine months after beginning to apply the Audible
Magic filter to all newly uploaded videos, Veoh applied the filter to its backlog of previously
uploaded videos. This resulted in the removal of more than 60,000 videos, including some
incorporating UMG’s works. Veoh has also implemented a policy for terminating users who
repeatedly upload infringing material, and has terminated thousands of user accounts.
Despite Veoh’s efforts to prevent copyright infringement on its system, both Veoh and UMG
agree that some of Veoh’s users were able to download unauthorized videos containing
songs for which UMG owns the copyright. The parties also agree that before UMG filed its
complaint, the only notices Veoh received regarding alleged infringements of UMG’s works
were sent by the Recording Industry Association of America (RIAA). The RIAA notices
listed specific videos that were allegedly infringing, and included links to those videos. The
notices did not assert rights to all works by the identified artists, and did not mention
UMG. UMG does not dispute that Veoh removed the material located at the links identified
in the RIAA notices….
DISCUSSION…
II.
“Difficult and controversial questions of copyright liability in the online world prompted
Congress to enact Title II of the DMCA, the Online Copyright Infringement Liability
Limitation Act (OCILLA).” Congress recognized that “[i]n the ordinary course of their
operations service providers must engage in all kinds of acts that expose them to potential
2 Veoh employees do monitor already accessible videos for pornography, which is removed, using a “porn tool” to
review thumbnail images of uploaded videos tagged as “sexy.”
160.
copyright infringement liability.” Although Congress was aware that the services provided
by companies like Veoh are capable of being misused to facilitate copyright infringement, it
was loath to permit the specter of liability to chill innovation that could also serve
substantial socially beneficial functions. Congress decided that “by limiting [service
providers'] liability,” it would “ensure[] that the efficiency of the Internet will continue to
improve and that the variety and quality of services on the Internet will continue to
expand.” To that end, OCILLA created four safe harbors that preclude imposing monetary
liability on service providers for copyright infringement that occurs as a result of specified
activities. The district court concluded that Veoh qualified for one such safe harbor, under
17 U.S.C. § 512(c). UMG challenges that determination and the consequent entry of
summary judgment in Veoh’s favor….
A.
We must first decide whether the functions automatically performed by Veoh’s software
when a user uploads a video fall within the meaning of “by reason of the storage at the
direction of a user.” Although UMG concedes that “[s]torage on computers involves making
a copy of the underlying data,” it argues that “nothing in the ordinary definition of ‘storage’
encompasses” the automatic processes undertaken to facilitate public access to user-
uploaded videos. Facilitation of access, UMG argues, goes beyond “storage.” Therefore the
creation of chunked and Flash files and the streaming and downloading of videos fall
outside § 512(c). UMG also contends that these automatic processes are not undertaken “at
the direction of the user.”
The district court concluded that UMG’s reading of § 512(c) was too narrow, wrongly
requiring “that the infringing conduct be storage,” rather than be “‘by reason of the
storage,’” as its terms provide. We agree that the phrase “by reason of the storage at the
direction of the user” is broader causal language than UMG contends, “clearly meant to
cover more than mere electronic storage lockers.” We hold that the language and structure
of the statute, as well as the legislative intent that motivated its enactment, clarify that §
512(c) encompasses the access-facilitating processes that automatically occur when a user
uploads a video to Veoh….
B.
Under § 512(c)(1)(A), a service provider can receive safe harbor protection only if it “(i) does
not have actual knowledge that the material or an activity using the material on the system
or network is infringing;” “(ii) in the absence of such actual knowledge, is not aware of facts
or circumstances from which infringing activity is apparent; or” “(iii) upon obtaining such
knowledge or awareness, acts expeditiously to remove, or disable access to, the material.”
UMG has never disputed that when Veoh became aware of allegedly infringing material as
a result of the RIAA’s DMCA notices, it removed the files. Rather, it argues that Veoh had
knowledge or awareness of other infringing videos that it did not remove. The district court
found that UMG failed to rebut Veoh’s showing “that when it did acquire knowledge of
allegedly infringing material—whether from DMCA notices, informal notices, or other
means—it expeditiously removed such material.” UMG argues on appeal that the district
court erred by improperly construing the knowledge requirement to unduly restrict the
circumstances in which a service provider has “actual knowledge” under subsection (i) and
setting too stringent a standard for what we have termed “red flag” awareness based on
161.
facts or circumstances from which infringing activity is apparent under subsection (ii). We
hold that the district court properly construed these requirements.
1.
It is undisputed that, until the filing of this lawsuit, UMG “had not identified to Veoh any
specific infringing video available on Veoh’s system.” UMG’s decision to forgo the DMCA
notice protocol “stripped it of the most powerful evidence of a service provider's
knowledge—actual notice of infringement from the copyright holder.” Nevertheless, UMG
contends that Veoh hosted a category of copyrightable content—music—for which it had no
license from any major music company. UMG argues Veoh thus must have known this
content was unauthorized, given its general knowledge that its services could be used to
post infringing material. UMG urges us to hold that this sufficiently demonstrates
knowledge of infringement. We cannot, for several reasons.
As an initial matter, contrary to UMG’s contentions, there are many music videos that
could in fact legally appear on Veoh. “Among the types of videos subject to copyright
protection but lawfully available on Veoh’s system were videos with music created by users
and videos that Veoh provided pursuant to arrangements it reached with major copyright
holders, such as SonyBMG.” Further, Congress’ express intention that the DMCA “facilitate
making available quickly and conveniently via the Internet ... movies, music, software, and
literary works”—precisely the service Veoh provides—makes us skeptical that UMG’s
narrow interpretation of § 512(c) is plausible. Finally, if merely hosting material that falls
within a category of content capable of copyright protection, with the general knowledge
that one's services could be used to share unauthorized copies of copyrighted material, was
sufficient to impute knowledge to service providers, the § 512(c) safe harbor would be
rendered a dead letter: § 512(c) applies only to claims of copyright infringement, yet the fact
that a service provider’s website could contain copyrightable material would remove the
service provider from § 512(c) eligibility.
Cases analyzing knowledge in the secondary copyright infringement context also counsel
against UMG’s should-have-known approach. In Sony Corp. of America v. Universal City
Studios, Inc., 464 U.S. 417 (1984), the Supreme Court held that there was “no precedent in
the law of copyright for the imposition of” liability based on the theory that the defendant
had “sold equipment with constructive knowledge of the fact that their customers may use
that equipment to make unauthorized copies of copyrighted material.” So long as the
product was “capable of substantial noninfringing uses,” the Court refused to impute
knowledge of infringement. Applying Sony to the Internet context, we held in A & M
Records, Inc. v. Napster, Inc., 239 F.3d 1004 (9th Cir. 2001), that “if a computer system
operator learns of specific infringing material available on his system and fails to purge
such material from the system, the operator knows of and contributes to direct
infringement.” But “absent any specific information which identifies infringing activity, a
computer system operator cannot be liable for contributory infringement merely because
the structure of the system allows for the exchange of copyrighted material.”
Requiring specific knowledge of particular infringing activity makes good sense in the
context of the DMCA, which Congress enacted to foster cooperation among copyright
holders and service providers in dealing with infringement on the Internet. See S. Rep. No.
105–190, at 20 (noting OCILLA was intended to provide “strong incentives for service
162.
providers and copyright owners to cooperate to detect and deal with copyright
infringements”). Copyright holders know precisely what materials they own, and are thus
better able to efficiently identify infringing copies than service providers like Veoh, who
cannot readily ascertain what material is copyrighted and what is not. See S. Rep. No. 105–
190, at 48; (“[A] [service] provider could not be expected, during the course of its brief
cataloguing visit, to determine whether [a] photograph was still protected by copyright or
was in the public domain; if the photograph was still protected by copyright, whether the
use was licensed; and if the use was not licensed, whether it was permitted under the fair
use doctrine.”).
These considerations are reflected in Congress’ decision to enact a notice and takedown
protocol encouraging copyright holders to identify specific infringing material to service
providers. They are also evidenced in the “exclusionary rule” that prohibits consideration of
substantially deficient § 512(c)(3)(A) notices for purposes of “determining whether a service
provider has actual knowledge or is aware of facts and circumstances from which infringing
activity is apparent.” Congress’ intention is further reflected in the DMCA’s direct
statement that “[n]othing in this section shall be construed to condition the applicability of
subsections (a) through (d) on ... a service provider monitoring its service or affirmatively
seeking facts indicating infringing activity.” 17 U.S.C. § 512(m). Congress made a
considered policy determination that the “DMCA notification procedures [would] place the
burden of policing copyright infringement—identifying the potentially infringing material
and adequately documenting infringement—squarely on the owners of the copyright.” In
parsing § 512(c)(3), we have “decline[d] to shift [that] substantial burden from the copyright
owner to the provider.”
UMG asks us to change course with regard to § 512(c)(1)(A) by adopting a broad conception
of the knowledge requirement. We see no principled basis for doing so. We therefore hold
that merely hosting a category of copyrightable content, such as music videos, with the
general knowledge that one’s services could be used to share infringing material, is
insufficient to meet the actual knowledge requirement under § 512(c)(1)(A)(i).
We reach the same conclusion with regard to the § 512(c)(1)(A)(ii) inquiry into whether a
service provider is “aware of facts or circumstances from which infringing activity is
apparent.” The district court's conception of this “red flag test” properly followed our
analysis in CCBill, which reiterated that the burden remains with the copyright holder
rather than the service provider. The plaintiffs in CCBill argued that there were a number
of red flags that made it apparent infringing activity was afoot, noting that the defendant
hosted sites with names such as “illegal.net” and “stolencelebritypics.com,” as well as
password hacking websites, which obviously infringe. We disagreed that these were
sufficient red flags because “[w]e do not place the burden of determining whether
[materials] are actually illegal on a service provider,” and “[w]e impose no such
investigative duties on service providers.” For the same reasons, we hold that Veoh’s
general knowledge that it hosted copyrightable material and that its services could be used
for infringement is insufficient to constitute a red flag.
Of course, a service provider cannot willfully bury its head in the sand to avoid obtaining
such specific knowledge. See Viacom Int’l v. YouTube, Inc., 676 F.3d 19, 31 (2d Cir. 2012).
Even viewing the evidence in the light most favorable to UMG as we must here, however,
we agree with the district court there is no evidence that Veoh acted in such a manner.
163.
Rather, the evidence demonstrates that Veoh promptly removed infringing material when
it became aware of specific instances of infringement. Although the parties agree, in
retrospect, that at times there was infringing material available on Veoh’s services, the
DMCA recognizes that service providers who do not locate and remove infringing materials
they do not specifically know of should not suffer the loss of safe harbor protection.
2.
We are not persuaded that UMG’s other purported evidence of Veoh’s actual or apparent
knowledge of infringement warrants trial. First, UMG points to the tagging of videos on
Veoh’s service as “music videos.” Relying on the theory rejected above, UMG contends that
this demonstrates Veoh’s knowledge that it hosted a category of infringing content.
Relatedly, UMG argues that Veoh’s purchase of certain search terms through the Google
AdWords program demonstrates knowledge of infringing activity because some of the terms
purchased, such as “50 Cent,” “Avril Lavigne” and “Britney Spears,” are the names of UMG
artists. However, artists are not always in exclusive relationships with recording
companies, so just because UMG owns the copyrights for some Britney Spears songs does
not mean it owns the copyright for all Britney Spears songs. Indeed, 50 Cent, Avril Lavigne
and Britney Spears are also affiliated with SonyBMG, which gave Veoh permission to
stream its videos by these artists. Furthermore, even if Veoh had not had such permission,
we recognize that companies sometimes purchase search terms they believe will lead
potential customers to their websites even if the terms do not describe goods or services the
company actually provides. For example, a sunglass company might buy the search terms
“sunscreen” or “vacation” because it believed that people interested in such searches would
often also be interested in sunglasses. Accordingly, Veoh’s search term purchases are
insufficient to demonstrate that it knew it hosted infringing material.
UMG also argues that Veoh’s removal of unauthorized content identified in RIAA notices
demonstrates knowledge, even if Veoh complied with § 512(c)’s notice and takedown
procedures. According to UMG, Veoh should have taken the initiative to use search and
indexing tools to locate and remove from its website any other content by the artists
identified in the notices. Relatedly, UMG argues that some of the videos on Veoh that had
been pulled from MTV or other broadcast television stations bore information about the
artist, song title and record label. UMG contends that Veoh should have used this
information to find and remove unauthorized videos. As we have explained, however, to so
require would conflict with § 512(m), § 512(c)(1)(C) and CCBill’s refusal to “impose ...
investigative duties on service providers.” It could also result in removal of noninfringing
content.
UMG also points to news articles discussing the availability of copyrighted materials on
Veoh. One article reported that “several major media companies ... say that Veoh.com has
been among the least aggressive video sharing sites in fighting copyrighted content,” and
has thus “become a haven for pirated content.” Another article reported that,
Veoh Networks CEO Dmitry Shapiro acknowledges that only a week after
the company’s official debut, Veoh.com is host to a wide range of
unauthorized and full-length copies of popular programs. But Shapiro says
it's not his upstart company’s fault: ... “We have a policy that specifically
states that when we see copyright material posted, we take it down,” Shapiro
164.
said. “This problem is the democratization of publishing. Anyone can now
post a video to the Internet. Sometimes the material belongs to someone else.
We take this very seriously.”
UMG elicited deposition testimony from Shapiro that he had heard of these articles, and
was aware that, “from time to time,” “material belonging to someone else end[ed] up on”
Veoh. UMG argues that this evidence of knowledge that, as a general matter, unauthorized
materials had been previously posted on Veoh is sufficient to meet the § 512(c)(1)(A)
requirements.
At base, this argument relies on UMG’s primary theory, which we rejected above. Here, as
well, more specific information than UMG has adduced is required. The DMCA’s detailed
notice and takedown procedure assumes that, “from time to time,” “material belonging to
someone else ends up” on service providers’ websites, and establishes a process for ensuring
the prompt removal of such unauthorized material. If Veoh’s CEO's acknowledgment of this
general problem and awareness of news reports discussing it was enough to remove a
service provider from DMCA safe harbor eligibility, the notice and takedown procedures
would make little sense and the safe harbors would be effectively nullified. We cannot
conclude that Congress intended such a result, and we therefore hold that this evidence is
insufficient to warrant a trial.
UMG comes closer to meeting the § 512(c)(1)(A) requirements with its evidence of emails
sent to Veoh executives and investors by copyright holders and users identifying infringing
content. One email, sent by the CEO of Disney, a major copyright holder, to Michael Eisner,
a Veoh investor, stated that the movie Cinderella III and various episodes from the
television show Lost were available on Veoh without Disney’s authorization. If this
notification had come from a third party, such as a Veoh user, rather than from a copyright
holder, it might meet the red flag test because it specified particular infringing material. As
a copyright holder, however, Disney is subject to the notification requirements in §
512(c)(3), which this informal email failed to meet. Accordingly, this deficient notice “shall
not be considered under paragraph (1)(A) in determining whether a service provider has
actual knowledge or is aware of facts or circumstances from which infringing activity is
apparent.” Further, even if this email could have created actual knowledge or qualified as a
red flag, Eisner's email in response assured Disney that he would instruct Veoh to “take it
down,” and Eisner copied Veoh’s founder to ensure this happened “right away.” UMG
nowhere alleges that the offending material was not immediately removed, and accordingly
Veoh would be saved by § 512(c)(1)(A)(iii), which preserves the safe harbor for service
providers with such knowledge so long as they “act[] expeditiously to remove, or disable
access to, the material.”
UMG also points to an email from a Veoh user whose video was rejected for containing
infringing content. Upset that Veoh would not post his unauthorized material, he stated
that he had seen “plenty of [other] copyright infringement material” on the site, and
identified another user who he said posted infringing content. It is possible that this email
would be sufficient to constitute a red flag under § 512(c)(1)(A)(ii), even though it would not
qualify as sufficient notice from a copyright holder under § 512(c)(3). But even assuming
that is so, UMG has not specifically alleged that Veoh failed to expeditiously remove the
infringing content identified by the user’s email. Accordingly, this too fails to create a
genuine issue of material fact regarding Veoh’s knowledge of infringement.
165.
We do not credit UMG’s contention that the district court conflated the actual knowledge
and red flag awareness tests. A user email informing Veoh of material that appeared to the
user to be infringing and specifying its location provides a good example of the distinction.
Although the user's allegations would not give Veoh actual knowledge under §
512(c)(1)(A)(i), because Veoh would have no assurance that a third party who does not hold
the copyright in question would know whether the material was infringing, the email
nonetheless could act as a red flag under § 512(c)(1)(A)(ii) provided its information was
sufficiently specific. As the Second Circuit recognized:
The difference between actual and red flag knowledge is ... between a
subjective and an objective standard. In other words, the actual knowledge
provision turns on whether the provider actually or “subjectively” knew of
specific infringement, while the red flag provision turns on whether the
provider was subjectively aware of facts that would have made the specific
infringement “objectively” obvious to a reasonable person. The red flag
provision, because it incorporates an objective standard, is not swallowed up
by the actual knowledge provision under our construction of the § 512(c) safe
harbor. Both provisions do independent work, and both apply only to specific
instances of infringement.
Viacom Int’l v. YouTube, Inc., 676 F.3d 19, 31 (2d Cir. 2012); cf. S. Rep. No. 105-190, at 44
(“The ‘red flag’ test has both a subjective and an objective element. In determining whether
the service provider was aware of a ‘red flag,’ the subjective awareness of the service
provider of the facts or circumstances in question must be determined. However, in
deciding whether those facts or circumstances constitute a ‘red flag’—in other words,
whether infringing activity would have been apparent to a reasonable person operating
under the same or similar circumstances—an objective standard should be used.”). In sum,
we agree that there is a distinction between actual and red flag knowledge, but UMG has
not created a genuine issue of material fact as to whether Veoh had either kind of
knowledge here.
C.
A service provider is eligible for the § 512(c) safe harbor only if it “does not receive a
financial benefit directly attributable to the infringing activity, in a case in which the
service provider has the right and ability to control such activity.” UMG appeals the district
court's determination that Veoh did not have the necessary right and ability to control
infringing activity and thus remained eligible for safe harbor protection. We conclude the
district court was correct, and therefore affirm….
UMG argues that we should interpret § 512(c) as we did a similar concept in the common
law vicarious liability context in Napster, 239 F.3d at 1024. The Second Circuit recently
rejected this reading, see Viacom, 676 F.3d at 36–38, and we too are unpersuaded for
several reasons. First, § 512(c) nowhere mentions the term “vicarious liability.” Although it
uses a set of words that has sometimes been used to describe common law vicarious
liability, the language used in the common law standard is loose and has varied. For
example, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 930 n. 9
(2005), refers to “supervis[ing] the direct infringer” rather than “control[ing] such
166.
[infringing] activity,” § 512(c)(1)(B), and “supervise” and “control” are different in
potentially significant ways. “Control,” which we have noted means having the “power or
authority to guide or manage: directing or restraining domination,” connotes more ability to
command than does “supervise,” which means “to look over, inspect, oversee.” Webster's
Third New International Dictionary 496, 2296.
Second, § 512(c) actually presumes that service providers have the sort of control that UMG
argues satisfies the § 512(c)(1)(B) “right and ability to control” requirement to be eligible for
several of the safe harbors: they must “remove[] or disable access to” infringing material
when they become aware of it. Quoting Napster, 239 F.3d at 1024, UMG argues that service
providers have “the right and ability to control” infringing activity, § 512(c)(1)(B), as long as
they have “the ability to locate infringing material” and “terminate users' access.” Under
that reading, service providers would have the “right and ability to control” infringing
activity regardless of their becoming “aware of” the material. Under that interpretation, the
prerequisite to § 512(c) protection under § 512(c)(1)(A)(iii) and (C), would at the same time
be a disqualifier under § 512(c)(1)(B) where the “financial benefit” condition is met.
We agree with Judge Matz that “Congress could not have intended for courts to hold that a
service provider loses immunity under the safe harbor provision of the DMCA because it
engages in acts that are specifically required by the DMCA” to obtain safe harbor
protection. Moreover, Napster was decided after the DMCA was enacted, so Congress could
not have intended to codify Napster’s precise application upon which UMG relies….
Subsequent legislative statements help clarify Congress’ intent. First, Congress explicitly
stated in three different reports that the DMCA was intended to “protect qualifying service
providers from liability for all monetary relief for direct, vicarious and contributory
infringement.” Under UMG’s interpretation, however, every service provider subject to
vicarious liability would be automatically excluded from safe harbor protection. Second,
Congress made clear that it intended to provide safe harbor protection not by altering the
common law vicarious liability standards, but rather by carving out permanent safe
harbors to that liability for Internet service providers even while the common law
standards continue to evolve. See S. Rep. No. 105-190, at 19 (“There have been several
cases relevant to service provider liability for copyright infringement. Most have
approached the issue from the standpoint of contributory and vicarious liability. Rather
than embarking upon a wholesale clarification of these doctrines, the Committee decided to
leave current law in its evolving state and, instead, to create a series of ‘safe harbors,’ for
certain common activities of service providers. A service provider which qualifies for a safe
harbor, receives the benefit of limited liability.”)
Given Congress’ explicit intention to protect qualifying service providers who would
otherwise be subject to vicarious liability, it would be puzzling for Congress to make §
512(c) entirely coextensive with the vicarious liability requirements, which would
effectively exclude all vicarious liability claims from the § 512(c) safe harbor. In addition, it
is difficult to envision, from a policy perspective, why Congress would have chosen to
exclude vicarious infringement from the safe harbors, but retain protection for contributory
infringement. It is not apparent why the former might be seen as somehow worse than the
latter.
167.
Furthermore, if Congress had intended that the § 512(c)(1)(B) “right and ability to control”
requirement be coextensive with vicarious liability law, the statute could have
accomplished that result in a more direct manner.
It is conceivable that Congress [would have] intended that [service providers]
which receive a financial benefit directly attributable to the infringing
activity would not, under any circumstances, be able to qualify for the
subsection (c) safe harbor. But if that was indeed their intention, it would
have been far simpler and much more straightforward to simply say as much.
The Court does not accept that Congress would express its desire to do so by
creating a confusing, self-contradictory catch-22 situation that pits
512(c)(1)(B) and 512(c)(1)(C) directly at odds with one another, particularly
when there is a much simpler explanation: the DMCA requires more than the
mere ability to delete and block access to infringing material after that
material has been posted in order for the [service provider] to be said to have
“the right and ability to control such activity.”
[Quoting the district court judge in this case.] Indeed, in the anti-circumvention provision
in Title I of the DMCA, which was enacted at the same time as the § 512 safe harbors,
Congress explicitly stated, “Nothing in this section shall enlarge or diminish vicarious or
contributory liability for copyright infringement in connection with any technology, product,
service, device, component, or part thereof.” “If Congress had intended to exclude vicarious
liability from the DMCA [Title II] safe harbors, it would have done so expressly as it did in
Title I of the DMCA.”
Our reading of § 512(c)(1)(B) is further informed and reinforced by our concern that the
statute would be internally inconsistent in other respects were we to interpret the “right
and ability to control” language as UMG urges. First, § 512(m) cuts against holding that
Veoh’s general knowledge that infringing material could be uploaded to its site triggered an
obligation to “police” its services to the “fullest extent” possible. As we have explained, §
512(m) provides that § 512(c)’s safe harbor protection may not be conditioned on “a service
provider monitoring its service or affirmatively seeking facts indicating infringing activity.”
UMG's reading of the “right and ability to control” language would similarly run afoul of
CCBill, which likewise clarified that § 512(c) “impose[s] no such investigative duties on
service providers,” and “place[s] the burden of policing copyright infringement ... squarely
on the owners of the copyright.” CCBill did not suggest that Congress meant this limitation
on the duty to monitor to apply only to service providers who do not receive a direct
financial benefit under subsection (B).
In light of the DMCA’s language, structure, purpose and legislative history, we are
compelled to reject UMG’s argument that the district court should have employed Napster’s
vicarious liability standard to evaluate whether Veoh had sufficient “right and ability to
control” infringing activity under § 512(c). Although in some cases service providers subject
to vicarious liability will be excluded from the § 512(c) safe harbor, in others they will not.
As we are unpersuaded by UMG's argument, we conclude instead that whereas the
vicarious liability standard applied in Napster can be met by merely having the general
ability to locate infringing material and terminate users’ access, § 512(c) requires
“something more.”
168.
The Second Circuit recently considered what constitutes “something more.” See Viacom,
676 F.3d at 38. First, the court observed:
To date, only one court has found that a service provider had the right and
ability to control infringing activity under § 512(c)(1)(B). In Perfect 10, Inc. v.
Cybernet Ventures, Inc., the court found control where the service provider
instituted a monitoring program by which user websites received ‘detailed
instructions regard[ing] issues of layout, appearance, and content.’ The
service provider also forbade certain types of content and refused access to
users who failed to comply with its instructions.
The Second Circuit also suggested that “inducement of copyright infringement under
Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., which ‘premises liability on
purposeful, culpable expression and conduct,’ might also rise to the level of control under §
512(c)(1)(B).” Finally, the court noted that “[o]ther courts have suggested that control may
exist where the service provider is ‘actively involved in the listing, bidding, sale and
delivery’ of items offered for sale, ... or otherwise controls vendor sales by previewing
products prior to their listing, editing product descriptions, or suggesting prices.” After
offering this guidance, the Second Circuit “remand[ed] to the District Court to consider in
the first instance whether the plaintiffs ha[d] adduced sufficient evidence to allow a
reasonable jury to conclude that YouTube had the right and ability to control the infringing
activity and received a financial benefit directly attributable to that activity.”
We agree with the Second Circuit and hold that, in order to have the “right and ability to
control,” the service provider must “exert [] substantial influence on the activities of users.”
“Substantial influence” may include, as the Second Circuit suggested, high levels of control
over activities of users, as in Cybernet. Or it may include purposeful conduct, as in Grokster.
In this case, Veoh’s interactions with and conduct toward its users did not rise to such a
level. As Judge Matz recognized, “(a) the allegedly infringing material resided on Veoh’s
system; (b) Veoh had the ability to remove such material; (c) Veoh could have implemented,
and did implement, filtering systems; and (d) Veoh could have searched for potentially
infringing content.” Such circumstances are not equivalent to the activities found to
constitute substantial influence in Cybernet and Grokster. Nor has UMG, in its initial or
supplemental briefing to this court, pointed to other evidence raising a genuine issue of
material fact as to whether Veoh’s activities involved “something more than the ability to
remove or block access to materials posted on a service provider's website.” Accordingly,
because UMG has not created a triable issue regarding Veoh’s right and ability to control
infringing activity, we conclude that Veoh met all the § 512(c) requirements, and we affirm
the entry of summary judgment in its favor.
III.
UMG also appeals the district court’s Rule 12(b)(6) dismissal of its complaint against the
Investor Defendants for vicarious infringement, contributory infringement and inducement
of infringement. It is well-established that “[s]econdary liability for copyright infringement
does not exist in the absence of direct infringement....” UMG argues, however, that even if
summary judgment was properly granted to Veoh on the basis of the DMCA safe harbor, as
we have held it was, “the [Investor] Defendants remain potentially liable for their related
indirect infringement” because the district court did not “make a finding regarding Veoh’s
169.
direct infringement,” and the Investor Defendants do not qualify as “service providers” who
can receive DMCA safe harbor protection. The Investor Defendants argue that it would be
illogical to impose greater liability on them than on Veoh itself. Although we agree that this
would create an anomalous result, we assume without deciding that the suit against the
Investor Defendants can properly proceed even though Veoh is protected from monetary
liability by the DMCA.20 Reaching the merits of UMG’s secondary liability arguments, we
hold that the district court properly dismissed the complaint.
UMG first alleges that the Investor Defendants are liable for contributory infringement.
“[O]ne who, with knowledge of the infringing activity, induces, causes or materially
contributes to the infringing conduct of another, may be held liable as a ‘contributory’
infringer.” In Fonovisa, 76 F.3d at 264, we established the “site and facilities” test:
“providing the site and facilities for known infringing activity is sufficient to establish
contributory liability” where the defendant “actively strives to provide the environment and
the market for counterfeit ... sales to thrive.” The district court concluded this test was not
met, dismissing the complaint because UMG did “not allege sufficiently that [the Investor
Defendants] gave material assistance in helping Veoh or its users accomplish
infringement.” We agree.
UMG acknowledges that funding alone cannot satisfy the material assistance requirement.
It thus argues that the Investor Defendants “provided Veoh’s necessary funding and
directed its spending” on “basic operations including ... hardware, software, and
employees”—“elements” UMG argues “form ‘the site and facilities’ for Veoh’s direct
infringement.” UMG thus attempts to liken its case to UMG Recordings, Inc. v.
Bertelsmann AG et al., 222 F.R.D. 408 (N.D. Cal.2004), where the district court denied an
investor's motion to dismiss claims of contributory infringement. In Bertelsmann, however,
the investor was Napster's “only available source of funding,” and thus “held significant
power and control over Napster's operations.” Here, by contrast, there were multiple
investors, and none of the Investor Defendants could individually control Veoh.
Accordingly, UMG hinges its novel theory of secondary liability on the contention that the
three Investor Defendants together took control of Veoh’s operations by “obtain[ing] three of
20 In Perfect 10, Inc. v. Visa International Service Ass’n, 494 F.3d 788 (9th Cir. 2007), we commented on a
similar circumstance. There, the plaintiff sought secondary liability against a credit card company that had
processed payments for websites that posted infringing materials. Visa observed that,
The result, under Perfect 10’s theories, would therefore be that a service provider with actual
knowledge of infringement and the actual ability to remove the infringing material, but which
has not received a statutorily compliant notice, is entitled to a safe harbor from liability, while
credit card companies with actual knowledge but without the actual ability to remove
infringing material, would benefit from no safe harbor. We recognize that the DMCA was not
intended to displace the development of secondary liability in the courts; rather, we simply
take note of the anomalous result Perfect 10 seeks.
We remain concerned about the possibility of imposing secondary liability on tangentially involved parties, like
Visa and the Investor Defendants, while those accused of direct infringement receive safe harbor protection.
“[B]y limiting the liability of service providers,” the DMCA sought to assuage any “hesitat[ion] to make the
necessary investment in the expansion of the speed and capacity of the Internet.” Congress was no doubt well
aware that service providers can make the desired investment only if they receive funding from investors like
the Investor Defendants. Although we do not decide the matter today, were we to hold that Veoh was protected,
but its investors were not, investors might hesitate to provide the necessary funding to companies like Veoh,
and Congress’ purpose in passing the DMCA would be undermined.
170.
the five seats on Veoh’s Board of Directors,” and effectively provided the “site and facilities”
for direct infringement by wielding their majority power to direct spending.
Even assuming that such joint control, not typically an element of contributory
infringement, could satisfy Fonovisa’s site and facilities requirement, UMG’s argument fails
on its own terms, because the complaint nowhere alleged that the Investor Defendants
agreed to work in concert to this end. UMG suggests that it “did allege that the [Investor]
Defendants agreed to ‘operate’ Veoh jointly—UMG alleged that the [Investor] Defendants
operated Veoh by ‘s[eeking] and obtain[ing] seats on Veoh’s Board of Directors as a
condition of their investments.’” But three investors individually acquiring one seat apiece
is not the same as agreeing to operate as a unified entity to obtain and leverage majority
control. Unless the three independent investors were on some level working in concert, then
none of them actually had sufficient control over the Board to direct Veoh in the way UMG
contends. This missing allegation is critical because finding secondary liability without it
would allow plaintiffs to sue any collection of directors making up 51 percent of the board
on the theory that they constitute a majority, and therefore together they control the
company. Without this lynchpin allegation, UMG's claim that the Investor Defendants had
sufficient control over Veoh to direct its spending and operations in a manner that might
theoretically satisfy the “site and facilities” test falls apart. We therefore affirm the
dismissal of UMG's contributory infringement claim.
This missing allegation likewise requires us to affirm the district court's dismissal of
UMG's vicarious liability and inducement of infringement claims. Inducement liability is
proper where “one [] distributes a device with the object of promoting its use to infringe
copyright, as shown by clear expression or other affirmative steps taken to foster
infringement.” Vicarious liability is warranted if “the defendant profits directly from the
infringement and has a right and ability to supervise the direct infringer.” UMG’s
arguments that the Investor Defendants “distribute[d]” Veoh’s services and had the right
and ability to supervise the infringing users are premised on the unalleged contention that
the Investor Defendants agreed to act in concert, and thus together they held a majority of
seats on the Board and “maintained operational control over the company.” We therefore
affirm the dismissal of the complaint against the Investor Defendants….
NOTES AND QUESTIONS
Background About Viacom v. YouTube. The Viacom v. YouTube litigation was filed in 2007,
before the UMG case was filed, but it took longer to resolve. UMG and Viacom involve
functionally identical video hosting sites and made similar legal arguments in court. The
district court awarded YouTube a decisive win in 2010. In 2012, the Second Circuit
reversed on several grounds. In April 2013, the district court again ruled decisively for
YouTube. Viacom appealed the case to the Second Circuit again, but in March 2014, the
parties settled the case after 7 years of mostly pointless litigation.
Red Flags of Infringement. What, exactly, constitutes a “red flag” of infringement? For
example, if a website provides a tool letting users report problems with content, and one
user reports another user’s content item as infringing, does the website have a “red flag” of
infringement—and if so, does it now have impermissible scienter about that item, about
infringement on the site generally, or about something else?
171.
The Veoh court suggests that a third party sending a general notice of infringement could
create red flags, while the same notice sent by a rightsowner would not qualify as a
512(c)(3) notice and could be ignored. Does it fit with the statutory safe harbor scheme for
courts to give greater legal effect to notices from non-rightsowners than notices from
rightsowners?
In EMI Christian Music Group, Inc. v. MP3tunes, LLC, 844 F.3d 79 (2d Cir. 2016), the
Second Circuit held that the site operators’ knowledge that copyrighted works never had
been authorized for release in MP3 format could support a jury verdict of red flags/willful
blindness when those works were linked to and loaded onto the site.
In Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597 (9th Cir. 2018), the Ninth Circuit
said that “infringement must be apparent, not merely suspicious,” and “we look at objective
facts and circumstances from which the specific infringement would be obvious to a
reasonable person.” The court added: “It is hard to imagine that a site with 12.6 million
pictures and video clips uploaded by users would not contain some material that users had
uploaded without authorization,” but that’s not enough to constitute apparent
infringement.
Willful Blindness. What is the legal standard for willful blindness? The Ninth Circuit says
“service providers who do not locate and remove infringing materials they do not
specifically know of should not suffer the loss of safe harbor protection.” Is that a quadruple
negative? Can you translate this sentence into English that a layperson could understand?
Do you have any idea what facts might indicate that a service provider engaged in “willful
blindness”? Given that the statute already addressed “actual knowledge” and “red flags”
and Grokster added “inducement,” what defendant scienter is left for “willful blindness” to
address?
Right and Ability to Control. Does it strike you as odd that the court effectively concludes
that the phrase “right and ability to control” means something different depending on
whether it’s being used in the common law test for vicarious copyright infringement or in
the safe harbor statute?
What, exactly, constitutes “substantial influence” over users’ conduct? Doesn’t every user-
generated content website try to influence users’ conduct to advance the website’s
objectives?
In Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597 (9th Cir. 2018), the Ninth Circuit
concluded the following facts didn’t evidence substantial influence: “Nothing in the record
suggests that Motherless told its users what to upload. Its homepage welcomed users to ‘a
moral free zone where anything legal stays.’ It did not curate uploaded content in any
meaningful way, nor did it reject unpopular groups or content. Motherless deleted only
user-created groups that contained little or no content, and it started deleting bestiality
content due to legality issues raised by European advertisers.”
Who Is a “User”? The statute applies to material stored at a user’s direction. Who is a user?
One appeals court held that “users” include paid independent contractors who had
172.
uploading privileges. BWP Media USA, Inc. v. Clarity Digital Group, LLC, 820 F.3d 1175
(10th Cir. 2016).
The Substituted UMG Opinion. The Ninth Circuit issued its first UMG opinion in December
2011. In April 2012, the Second Circuit issued Viacom Intern., Inc. v. YouTube, Inc., 676
F.3d 19 (2d Cir. 2012). The YouTube opinion is mostly consistent with the Ninth Circuit’s
2011 UMG opinion, but it expressly disagreed with the Ninth Circuit regarding the safe
harbor’s meaning of “right and ability to control.” It also had a more detailed (though no
more clear) discussion about “willful blindness,” saying the concept “involve[s] a service
provider exerting substantial influence on the activities of users, without necessarily—or
even frequently—acquiring knowledge of specific infringing activity.” In light of the Second
Circuit’s opinion, the Ninth Circuit reconsidered its earlier opinion, and in March 2013 it
issued the opinion you just read. Among other changes, the Ninth Circuit’s substituted
opinion revised its discussion about “willful blindness” and “right and ability to control” to
harmonize with the Second Circuit’s YouTube opinion without changing the case’s result
(Veoh wins).
Meanwhile, the Second Circuit’s ambiguous discussion about willful blindness and red flags
have made it harder (and more expensive) for defendants to win a § 512(c) defense. Capitol
Records, Inc. v. MP3tunes, LLC shows how this happened.
MP3Tunes is a music-sharing site. It won summary judgment on Section 512 grounds in
2011. After the Second Circuit’s YouTube ruling, the court reevaluated its prior opinion and
reversed MP3Tunes’ summary judgment on two grounds (Capitol Records, Inc. v.
MP3tunes, LLC, 2013 WL 1987225 (S.D.N.Y. 2013)):
1) There was a fact dispute about MP3Tunes’ willful blindness based on the following
evidence:
an email received by MP3tunes in April 2007 gives a specific blog title and
states, “[a]lthough I don't like ratting myself out, everything I post is in clear
violation of the DMCA .... please remove any MP3s that are linked to that
site.”...Another email from November 2007 states, “if you search for ‘the clash
I fought the law’... you will get 5 results ... 2 of which point to the website
www.officerjellynutz.com[.] This website blatantly acknowledges that it
contains infringing MP3’s.”...In a third email, an MP3tunes employee
acknowledges that while “it's not clear if [content from a user’s site] is all
copyright [sic] material ... it probably is though.”
Consider the likelihood that every user-generated content website has received similar
emails.
2) There was a fact dispute about whether MP3Tunes had red flags of infringement. The
judge says:
Since something less than a formal takedown notice may now establish red
flag knowledge and EMI offers communications acknowledging likely
infringement, the issue of Defendants' red flag knowledge cannot be resolved
on summary judgment. This Court reaches this conclusion reluctantly, given
173.
MP3tunes’ salutary practice of sending instructions regarding DMCA-
compliant takedown notices to third parties reporting possible infringement
and the DMCA’s disavowal of any duty on the part of service providers to
monitor user content.
As a result, the case proceeded to a trial on both questions. A jury held MP3Tunes and its
executive liable for copyright infringement and awarded damages of $48 million.
Meanwhile, MP3Tunes went bankrupt in 2012, confirming that the Second Circuit’s
YouTube ruling turned an apparent MP3Tunes victory in court into a complete defeat for
MP3Tunes.
Then again, the MP3Tunes plaintiffs didn’t exactly profit from this long-running litigation.
The judge reduced the jury award to about $12 million, and the plaintiffs spent about $12
million in legal fees to achieve that result. Even the judge called it a “Pyrrhic victory” for
the plaintiffs. Capitol Records, Inc. v. MP3Tunes, LLC, 1:07-cv-09931-WHP-FM (S.D.N.Y.
Apr. 3, 2015). But see EMI Christian Music Group, Inc. v. MP3tunes, LLC, 844 F.3d 79 (2d
Cir. 2016) (expanding the defense’s liability).
Takedown Notices. Why didn’t UMG just send Veoh proper takedown notices instead of
suing it in court? If UMG had sent proper takedown notices, would Veoh have honored
them? Recall how Veoh handled the RIAA’s takedown notices.
The Challenges of Determining Infringement. Viacom’s marketing team and affiliates
uploaded videos to YouTube for their marketing benefit. In some cases, Viacom deliberately
altered clips to look like an unauthorized upload; supposedly that makes the clips more
interesting to viewers. The Viacom legal team would complain about clips posted by
Viacom’s marketing team because they wouldn’t realize employees of their own company
had made the uploads. If Viacom’s legal team doesn’t know that some clips were authorized
by its own marketing department, how is YouTube supposed to know?
Also, Viacom routinely acquiesced to leaving up user-posted video clips, but it constantly
changed its acquiescence policy—and never disclosed the policy to YouTube. If Viacom is
constantly changing its mind about which user postings it considers problematic, how is
YouTube supposed to know?
Also, Viacom TWICE withdrew clips from its complaint when it subsequently determined
the clips weren’t infringing. If Viacom’s litigators can’t figure out which clips are infringing
well enough to file an accurate complaint—when they have full access to Viacom’s
information and its lawyers are under Rule 11’s investigatory duty—how is YouTube
supposed to figure it out?
Preventing “Repeat Infringers.” What steps must service providers take to prevent “repeat
infringers”? This issue was confusingly explored in EMI Christian Music Group, Inc. v.
MP3tunes, LLC, 844 F.3d 79 (2d Cir. 2016). The court upheld the jury’s verdict that the
defense had not adequately prevented repeat infringers based on evidence that “MP3tunes
did not even try to connect known infringing activity of which it became aware through
takedown notices to users who repeatedly sideloaded files and created links to that
infringing content in the sideload.com index…. There was also evidence that MP3tunes was capable of cataloging the sideloads of each MP3tunes user. A jury could reasonably infer
174.
from that evidence that MP3tunes actually knew of specific repeat infringers and failed to
take action.” [Editor’s note: “sideloading” means that when a user posted a link to a file on a
third party site, MP3Tunes would automatically import that file into its database].
Does this ruling mean that service providers are required to build and operate a mechanism
to track recidivists? 17 U.S.C. § 512(m) says that the safe harbors are not conditioned on a
service provider “monitoring its service or affirmatively seeking facts indicating infringing
activity.” The Second Circuit responded:
a reasonable jury could have concluded that it was reasonable for MP3tunes
to track users who repeatedly created links to infringing content in the
sideload.com index or who copied files from those links. After all, MP3tunes
had already tracked and removed 153 users “who allowed others to access
their lockers and copy music files without authorization”; by comparison,
requiring MP3tunes to extend that policy to users who sideloaded infringing
content may not be an unreasonably burdensome request. Furthermore,
doing so would not require MP3tunes to “monitor” or “affirmatively seek
facts” about infringing activity in a manner inconsistent with § 512(m)(1)
because it already had adequate information at its disposal in the form of
takedown notices provided by EMI as to which links were allegedly
infringing. MP3tunes would simply have had to make use of information
already within its possession and connect that information to known users
In Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597 (9th Cir. 2018), the Ninth Circuit
affirmed a Section 512(c) defense for a service that didn’t have a written repeat infringer
policy and did not keep written records of the identities of infringers. However, because all
copyright removals were handled by the service’s principal, and he (allegedly) remembered
repeat infringers in his head, the court said the service satisfied the requirement. (Practice
pointer: despite this ruling, keep written repeat infringer policies and written records of the
identities of infringers so repeat infringers can be easily spotted).
Copyright Owner Over-Claiming. UMG argued that Veoh couldn’t advertise the availability
of material from 50 Cent, Avril Lavigne and Britney Spears, even though UMG did not
completely control those artists’ catalogs. This is a typical example of how copyright owners
routinely overclaim their rights.
Direct Financial Benefit and Advertising. Ordinarily, generating ad revenues at user-
generated content sites should not constitute a direct financial benefit from infringement,
even if ad impressions increase as more infringing activity takes place, because the service
provider isn’t trying to profit from infringement. However, in the IsoHunt case (discussed in
the Notes and Questions after Grokster), the Ninth Circuit said the service provider had a
direct financial benefit from the infringement (sufficient to disqualify it from Section 512(c))
because:
Fung promoted advertising by pointing to infringing activity; obtained
advertising revenue that depended on the number of visitors to his sites;
attracted primarily visitors who were seeking to engage in infringing activity,
as that is mostly what occurred on his sites; and encouraged that infringing
activity. Given this confluence of circumstances, Fung’s revenue stream was
175.
tied directly to the infringing activity involving his websites, both as to his
ability to attract advertisers and as to the amount of revenue he received.
Investor Liability. Look again at footnote 20 of the UMG opinion. Why weren’t the investors
automatically protected by the “corporate veil” doctrine?
Do you think Congress intended that websites can qualify for the § 512 safe harbor, but
their investors cannot?
If you were a potential investor in a new user-generated content website, would the UMG
ruling deter you from making the investment? See Michael A. Carrier, Copyright and
Innovation: The Untold Story, 2012 WIS. L. REV. 891.
Discovery Implications. Imagine that you are a copyright owner’s counsel. In light of this
opinion, what kinds of onerous discovery requests might you legitimately make of a service
provider defendant? What kinds of onerous discovery requests might you legitimately make
of the service provider’s investors?
Denouement to the UMG Case. The Ninth Circuit ruling confirmed that Veoh properly
complied with the rules specified by Congress. Good news for Veoh, right? Yes…except that
Veoh’s litigation costs for this and other cases drained its bank account, forcing Veoh to
shut down. Veoh’s investors lost their investments, its employees lost their jobs, and users
who uploaded videos to Veoh had their videos taken offline. So the case illustrates a
conundrum: the courts gave Veoh a clean bill of health, but getting that clean bill of health
killed Veoh.
In Viacom v. YouTube, Google disclosed that it spent $100 million on litigation costs
through the point it filed its summary judgment motions. Obviously, it spent even more
before settling the case. Google can afford to spend over $100M defending YouTube, but
smaller market players—like Veoh—can’t.
What implications might these facts (i.e., Veoh is legal but dead) have for the proper design
of immunities and safe harbors? Compare the litigation costs associated with the 47 U.S.C.
§ 230 immunity discussed later in the casebook, and see Eric Goldman, Want to End the
Litigation Epidemic? Create Lawsuit-Free Zones, FORBES TERTIUM QUID (Apr. 10, 2013).
Consequences of Bogus Takedown Notices. UMG didn’t send § 512(c)(3) takedown notices to
Veoh, but Congress recognized the possibility that copyright owners would send takedown
notices too freely or for illegitimate purposes. To curb such overzealousness, 17 U.S.C. §
512(f) created a cause of action for sending takedown notices that “knowingly materially
misrepresent[]” that the user activity is infringing.
In Rossi v. Motion Picture Association of America, 391 F.3d 1000 (9th Cir. 2004), the Ninth
Circuit said that § 512(f) turns on the sender’s subjective scienter. Because evidence of the
sender’s subjective bad faith will be rarely available, especially before discovery, § 512(f)
plaintiffs rarely have sufficient evidence to state a claim. As a result, § 512(f) plaintiffs
almost never win their claims.
176.
The Ninth Circuit revisited § 512(f) in Lenz v. Universal Music Corp., 815 F.3d 1145 (9th
Cir. 2016). The court held that senders of takedown notices need to consider the possibility
that the user’s content qualifies for fair use before sending the notice:
Universal faces liability if it knowingly misrepresented in the takedown
notification that it had formed a good faith belief the video was not
authorized by the law, i.e., did not constitute fair use.
In Lenz’s case, this legal standard entitled her to a trial. The case ultimately settled,
leaving the legal issues unresolved.
The Lenz panel’s initial opinion indicated that using robots to find alleging infringing
content and then sending automated takedown notices—which is how most major copyright
owners handle online copyright enforcement—would be OK. The court’s amended opinion
stripped out the dicta but did not resolve how a copyright owner might consider the
possibility of fair use when automating the takedown sending process. As a result, it
remains unclear if robo-notices are OK.
It also remains unclear if a takedown notice sender will be able to avoid § 512(f) liability
simply by saying it thought about fair use before sending the notice. Consider this
hypothetical deposition transcript of a takedown notice sender:
Q: Did you consider fair use before sending your takedown notice?
A: Yes.
Q: What steps did you take to evaluate the possibility of fair use?
A: I thought about it and decided it probably didn’t apply.
In light of Rossi’s subjective scienter standard (which the Lenz case did not overturn), could
a § 512(f) plaintiff overcome this transcript—even if an objective reasonable person would
have concluded that fair use applied to the content at issue?
Designating an Agent at the Copyright Office. § 512 requires service providers to file
paperwork with the Copyright Office designating an agent to receive incoming § 512(c)(3)
notices. The statute is clear: no designation with the Copyright Office, no safe harbor.
For the DMCA’s first 20 years, the Copyright Office allowed service providers to make one-
time designations. Once the paperwork was filed, the designation remained in effect
indefinitely unless the service provider amended it.
In 2016, the Copyright Office changed the rule (37 C.F.R. Part 201.38). Now, agent
designations only last for 3 years. Unless the service provider timely renews the
designation and pays an additional nominal fee, the service provider will categorically lose
the DMCA safe harbor protection after the designation expires. This designation renewal
requirement is not required (or contemplated) by the DMCA statute, and it will have
draconian consequences for anyone who inadvertently misses the designation renewal
deadline. Designations filed before 2017 had to be refiled by the end of 2017, or those
designations expired.
177.
If you file an agent designation for a client, you must also ensure that you and the client
track the 3 year expiration date.
European Upload Filters. The E.U.’s Directive on Copyright in the Digital Single Market
takes a different approach. In particular, Article 17 says that “online content-sharing
service providers shall be liable for unauthorised acts of communication to the public…
unless the service providers demonstrate that they have:…made, in accordance with high
industry standards of professional diligence, best efforts to ensure the unavailability of
specific works and other subject matter for which the rightholders have provided the
service providers with the relevant and necessary information…” It’s expected that Article
17 will force all Internet services to deploy pro-active “upload filters” to avoid liability for
user-submitted infringing files. This has several unwanted consequences:
Upload filters are expensive, so this requirement will further chill any startup
innovations involving user-generated content (not that Europe has a great track
record on that front). This also will drive some existing enterprises out of the UGC
business.
Upload filters have too many false positives. Filters usually do not accommodate fair
uses, parodies, and de minimis use. Imagine, for example, how upload filters will
handle GIFs and memes that are based on popular copyrighted material.
To avoid the liability created by this article, some services will prioritize licensing
professional content over user-generated content. Licensed professional content isn’t
infringement-free but has lower rates of infringement. To pay for this licensed
content, the services will increasingly deploy paywalls and subscription-based
business models—moving the Internet closer towards looking like the cable TV
industry.
IAP Liability. The DMCA attempted to protect IAPs for subscriber-caused copyright
infringement. Section 512(a) eliminates damages and limits injunctions for “transmitting,
routing, or providing connections for, material through a system or network controlled or
operated by or for the service provider.” Unlike the more commonly litigated 512(c) safe
harbor for web hosting, there is no notice-and-takedown predicate for 512(a); and 512(a)
seemingly applies equally to direct, contributory, and vicarious infringement claims. For
those reasons, for the first 15 years after the DMCA’s passage, copyright owners largely
ignored IAPs as defendants.
In 2011, major copyright owners and IAPs struck a deal called the Copyright Alert System,
sometimes called the “6 strikes” program. Copyright owners could send notices of claimed
P2P infringement about an IAP’s subscribers, and the IAP would treat each notice as a
“strike” that led to progressively stiffer discipline of the subscriber. It was not always clear
why the IAPs agreed to do this, because 512(a) should have protected IAPs either way.
The Copyright Alert System imploded in 2017. In its wake, copyright owners started sued
IAPs for subscribers’ infringing activities. Despite 512(a), the litigation has not been going
well for IAPs.
As a precondition of 512(a), service providers must terminate repeat infringers. Courts have
held that IAPs should terminate subscribers who have received too many complaints from
178.
copyright owners, even if those notices are never verified as accurate. (Indeed, many
infringement notices are generated and sent by automated robots, with no verification of
accuracy before being sent). In other words, IAPs must turn off Internet access to
subscribers who are accused of being repeat infringers.
With 512(a) out of the way, IAPs’ legal exposure poses a potentially existential threat. In
2019, Cox Communications was hit with a $1B damages award (subsequent proceedings
reduced this number some). Sony Music Entertainment v. Cox Communications, Inc., 2020
WL 3121306 (E.D. Va. 2020); see also UMG Recordings, Inc. v. Grande Communications
Networks, LLC, 2018 WL 1096871 (W.D. Tex. 2018); Warner Records Inc. v. Charter
Communications, Inc., 2020 WL 1872387 (D. Colo. 2020).
If IAPs can be liable for their subscribers’ infringing activity, what should IAPs do to
mitigate that risk? IAPs have a limited remedy toolkit (turn Internet access on or off), and
Internet access has become an essential service to most subscribers. Putting the service’s
available in the hands of copyright owners can’t be the right result.
CHAPTER 5 REVIEW QUESTION #2
A web host has not filed the paperwork with the Copyright Office to designate an agent for
notice, but the web host expeditiously honors all takedown requests. Under what
circumstances can the web host successfully assert a § 512(c) defense?
a) If it prominently disclosed the identity of the agent for notice on its website
b) If the web host is located outside the United States
c) If the web host deployed automated filters to prevent infringing items from being
uploaded
d) If it promptly files the designation with the Copyright Office after being served with a
lawsuit
e) It can’t assert the 512(c) defense
179.
The following case reviews the doctrines we’ve covered so far. As you read it, note the parts
of the opinion that confuse you or that you think conflict with materials we’ve already
covered in the book.
Ticketmaster L.L.C. v. RMG Technologies, Inc., 507 F. Supp. 2d 1096 (C.D. Cal.
2007).
…I. FACTUAL AND PROCEDURAL BACKGROUND
In this action, Plaintiff Ticketmaster (“Plaintiff” or “Ticketmaster”) alleges that Defendant
RMG has developed and marketed automated devices to access and navigate through
Ticketmaster’s website, thereby infringing Plaintiff’s copyrights and violating the website’s
Terms of Use and a number of federal and state statutes.
Plaintiff Ticketmaster sells tickets for entertainment and sports events on behalf of its
clients to the general public through a variety of means, including its copyrighted website
ticketmaster.com (“website”). Recognizing that competition to purchase tickets can be
intense, Plaintiff contends that it attempts to ensure a fair and equitable ticket buying
process on the website by contract and through technological means. First, visitors to
ticketmaster.com are required to accept contractual provisions set forth in the website’s
“Terms of Use.” These terms permit viewers to use ticketmaster.com for personal use only,
prohibit commercial use, prohibit the use of automatic devices, prohibit users from
accessing ticketing pages more than once during any three second interval, and prohibit
consumers from purchasing more than a specific number of tickets in a single transaction.
Second, Plaintiff contends that it employs a number of technological means to ensure that
ticket buying over the website is fair and equitable. One of these measures is a computer
security program known as CAPTCHA that is designed to distinguish between human
users and computer programs, and thereby prevent purchasers from using automated
devices to purchase tickets.
Plaintiff contends that Defendant RMG has marketed and sold applications that enable
Defendant’s customers to use automated devices to enter and navigate through its website
in violation of the Terms of Use governing the website, thereby causing injury to Plaintiff.
For example, Plaintiff contends that Defendant’s applications are prohibited “automatic
devices,” that the applications circumvent Plaintiff’s access control and copy protection
systems, including CAPTCHA, inundate Plaintiff’s computers with thousands of automatic
requests thereby preventing ordinary consumers from accessing the website, and enable
Defendant’s clients to purchase large quantities of tickets. Based on these allegations,
Plaintiff’s FAC, filed on June 25, 2007, states eleven causes of action against Defendant.
Plaintiff now moves for a preliminary injunction based on five of its claims. Plaintiff’s
evidence in support of its motion includes declarations from its Senior Director of
Applications Support, Kevin McLain, wherein Mr. McLain testifies how he was able to trace
ticket requests and purchases made on ticketmaster.com back to individual users and,
ultimately, to Defendant. Based on his methodology, McLain discovered, for example, that
Chris Kovach, a ticket broker and one of Defendant’s clients, purchased over 9,500 ticket
orders—or 24,000 tickets—over the last several years. McLain also explains that he
identified Gary Charles Bonner and Thomas J. Prior as Defendant’s clients. Using IP
180.
addresses registered to Defendant, Bonner made almost 13,000 ticket purchases over
several years, and made more than 425,000 ticket requests in a single day. Using IP
addresses registered to Defendant, Prior made almost 22,000 ticket orders over several
years, and made more than 600,000 ticket requests in a single day….
Defendant challenges the Motion on both legal and factual grounds. Defendant states that
the computer application Plaintiff seeks to enjoin Defendant from using and selling is its
Ticket Broker Acquisition Tool (“TBAT”), and that this application is not an “automated
device” but, rather, is simply a type of internet browser, akin to Internet Explorer,
requiring human interaction. Defendant also urges that it should not be bound by the
Terms of Use and that, in any case, Plaintiff has presented no evidence upon which it—as
opposed to the persons using TBAT—can be enjoined. Defendant also argues that Plaintiff’s
legal theories are flawed in various ways….
III. ANALYSIS
The five claims on which Plaintiff seeks a preliminary injunction are its claims for violation
of the United States Copyright Act, 17 U.S.C. §§ 501 et seq., the Digital Millennium
Copyright Act (“DMCA”) 17 U.S.C. § 1201, California Penal Code § 502, and the Computer
Fraud and Abuse Act (“CFAA”) 18 U.S.C. § 1030(g), and on its breach of contract claim.
A. Likelihood of Success on the Merits.
1. Plaintiff’s Copyright Claim
To prevail on its claim for copyright infringement, Plaintiff must (1) “show ownership of the
allegedly infringed material and (2) [it] must demonstrate that the alleged infringers
violate at least one exclusive right granted to copyright holders under 17 U.S.C. § 106.”
Ticketmaster alleges that RMG is violating its copyright in the ticketmaster.com website.
Ticketmaster has submitted evidence that it owns registered copyrights in the website
ticketmaster.com, and, separately, in portions of the website. “A website may constitute a
work of authorship fixed in a tangible medium of expression ... Copyright protection for a
website may extend to both the screen displays and the computer code for the website.”
Defendant does not dispute Plaintiff’s claim that its website is copyrighted. Ticketmaster
has thus satisfied the first element of its copyright claim.
Ticketmaster alleges that RMG infringes its copyrights in ticketmaster.com both directly
and indirectly. First, Ticketmaster states that each time Defendant views a page from
ticketmaster.com, a copy of that page is necessarily downloaded or “cached” from Plaintiff’s
computers onto the Defendant’s computer’s random access memory (“RAM”), thus
rendering Defendant directly liable for such copying. Plaintiff also argues that Defendant
directly participates in its customers’ unauthorized access of the website because its
customers do not acquire physical possession of the software. Rather, Defendant’s devices
are kept on Defendant’s own computer systems; in order to gain access to Defendant’s
devices, its customers must log onto Defendant’s website ticketbrokertools.com, and use the
devices hosted on ticketbrokertools.com to improperly access ticketmaster.com. Thus,
Defendant allows and, indeed, requires its customers to go through its own infrastructure
in order to employ the devices that access ticketmaster.com. Defendant denies this factual
181.
allegation and states that “TBAT [has never been] operated from RMG’s computer system
on behalf of any client, as it is not, nor has it ever, been centrally run on behalf of any
client.”
Second, Plaintiff states that Defendant is indirectly liable for contributory infringement,
vicarious infringement, and inducing copyright infringement because it provides its clients
with bots and other automated devices to infringe Plaintiff’s copyright in its website. Both
direct and indirect infringement occur insofar as the person viewing the website does so in
excess of the authorization Plaintiff grants through the website’s Terms of Use.
a. Defendant’s Direct Liability for Copyright Infringement
Defendant’s direct liability for copyright infringement is based on the automatically-created
copies of ticketmaster.com webpages that are stored on Defendant’s computer each time
Defendant accesses ticketmaster.com. Defendant does not contest that, as a technological
question, whenever a webpage is viewed on a computer, copies of the viewed pages are
made and stored on the viewer’s computer. However, Defendant contends that such
“cached” copies are not “copies” within the meaning of the Copyright Act, that such copies
could not give rise to copyright liability because their creation constitutes fair use, and that
Plaintiff has not shown that any pages from ticketmaster.com were ever downloaded or
stored on Defendant’s computer.
Section 101 of the Copyright Act defines “copies” as “material objects, other than
phonorecords, in which a work is fixed by any method now known or later developed, and
from which the work can be perceived, reproduced, or otherwise communicated, either
directly or with the aid of a machine or device.” The Copyright Act also provides that “[a]
work is ‘fixed’ in a tangible medium of expression when its embodiment in a copy or
phonorecord, by or under the authority of the author, is sufficiently permanent or stable to
permit it to be perceived, reproduced, or otherwise communicated for a period of more than
transitory duration.”
The copies of webpages stored automatically in a computer’s cache or random access
memory (“RAM”) upon a viewing of the webpage fall within the Copyright Act’s definition of
“copy.” See, e.g., MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511, 519 (9th Cir.
1993) (“We recognize that these authorities are somewhat troubling since they do not
specify that a copy is created regardless of whether the software is loaded into the RAM,
the hard disk or the read only memory (‘ROM’). However, since we find that the copy
created in the RAM can be ‘perceived, reproduced, or otherwise communicated,’ we hold
that the loading of software into the RAM creates a copy under the Copyright Act.”) See
also Twentieth Century Fox Film Corp. v. Cablevision Systems Corp., 478 F. Supp. 2d 607,
621 (S.D.N.Y. 2007) (agreeing with the “numerous courts [that] have held that the
transmission of information through a computer’s random access memory or RAM ...
creates a ‘copy’ for purposes of the Copyright Act,” and citing cases.) Thus, copies of
ticketmaster.com webpages automatically stored on a viewer’s computer are “copies” within
the meaning of the Copyright Act.
The Court must next determine whether Plaintiff has shown by a preponderance of the
evidence that Defendant did in fact view the website, thereby copying its webpages.
Although Plaintiff does not present direct evidence of such viewing, the logic from which
182.
such an inference may be drawn is compelling. Plaintiff presents expert testimony that
Defendant necessarily had to view ticketmaster.com in order to create the applications that
enable Defendant’s customers to enter and navigate through the website. Indeed, in order
to test the applications to determine whether they worked as intended, Defendant would
have had to actually use the applications to purchase tickets from the website. By
Defendant’s own description, TBAT is “a browser geared for the purchase of tickets from a
variety of websites including ... ticketmaster.com.” It also follows that Defendant’s clients
would have had to visit the website, and thus copy pages, in order to make ticket purchases.
The Court thus finds that Plaintiff is indeed likely to prove that Defendant visited (and
used) ticketmaster.com and necessarily made copies of pages from the copyrighted website.
Plaintiff also argues that Defendant is directly liable for infringement because its clients
must work through Defendant’s website and computer system in order to use Defendant’s
ticket purchasing software and thereby gain unauthorized access to ticketmaster.com.
Defendant disputes this allegation. However, the Court finds it unnecessary to decide
whether Plaintiff will prevail in its claim for direct infringement by showing that
Defendant directly participates in its clients’ conduct by acting as an intermediary for their
unauthorized use of ticketmaster.com. As discussed above, Plaintiff will likely succeed in its
claim for direct liability by showing that Defendant itself viewed and/or used the website.4
Next, the Court will consider whether Plaintiff is likely to demonstrate that such copying
constitutes copyright infringement. Plaintiff contends that Defendant infringed its
copyrights by accessing and using the copyrighted website in excess of the authorization
granted in the website’s Terms of Use, which Plaintiff contends creates a non-exclusive
license to view (and thus copy) pages from the website. Defendant presents a number of
legal and factual arguments against this theory, but none of them is meritorious.
First, the Court agrees that the Terms of Use presented on ticketmaster.com create a non-
exclusive license to copy the website. “The word ‘license,’ means permission, or authority;
and a license to do any particular thing, is a permission or authority to do that thing.” “No
magic words must be included in a document” to create a copyright license. Furthermore,
nonexclusive licenses can be implied from conduct. See Effects Associates, Inc. v. Cohen,
908 F.2d 555, 558-559 (9th Cir. 1990) (holding that by creating a work at defendant’s
request and handing it over to defendant to copy and distribute, plaintiff granted defendant
an implied nonexclusive license to the work.) Use of a work in excess of a license gives rise
to liability for copyright infringement.
Plaintiff has presented evidence showing that access to the website is governed by specific
Terms of Use, and that any person viewing the website is put on notice of the Terms of Use.
For example, the ticketmaster.com homepage displays the following warning: “Use of this
website is subject to express Terms of Use which prohibit commercial use of this site. By
continuing past this page, you agree to abide by these terms.” The underlined phrase
“Terms of Use” is a hyperlink to the full Terms of Use; the same phrase appears on almost
every page of ticketmaster.com. In addition, since 2003, users of ticketmaster.com have had
to affirmatively agree to the Terms of Use as part of the procedure to set up an account, and
4 In addition, even accepting Defendant’s version of the facts—that its clients download TBAT onto their own
computers and operate it independent of Defendant—its conduct would still render it liable for contributory
infringement, discussed infra.
183.
since mid-2006, users have had to affirmatively agree to the Terms of Use for every ticket
purchase.
Having determined that Plaintiff is highly likely to succeed in showing that Defendants
viewed and navigated through ticketmaster.com, the Court further concludes that Plaintiff
is highly likely to succeed in showing that Defendant received notice of the Terms of Use
and assented to them by actually using the website. See, e.g., Register.com, Inc. v. Verio,
Inc., 126 F. Supp. 2d 238, 248 (S.D.N.Y. 2000) (where website’s terms of use stated “by
submitting this query, you agree to abide by these terms,” court held “there can be no
question that [the user of website] manifested its assent to be bound” by the terms of use
when it electronically submitted queries to the database); Hotmail Corp. v. Van$ Money Pie
Inc., 1998 WL 388389, *2, 6 (N.D. Cal. 1998) (granting preliminary injunction based in part
on breach of “Terms of Service” agreement, to which defendants had assented.) Indeed,
Defendant does not contest that it was on notice of the Terms of Use; rather, Defendant
argues that the Terms of Use do not amount to an agreement or a license, and that the
Terms are too uncertain to be enforced. The Court finds no merit in these arguments.
The Terms of Use governing ticketmaster.com include the following terms:
“You [the viewer] agree that you are only authorized to visit, view and to
retain a copy of pages of this site for your own personal use, and that you
shall not duplicate, download, [or] modify ... the material on this Site for any
purpose other than to review event and promotions information, for personal
use ...”
“No ... areas of this Site may be used by our visitors for any commercial
purposes ...”
“You agree that you will not use any robot, spider or other automated device,
process, or means to access the Site.... You agree that you will not use any
device, software or routine that interferes with the proper working of the Site
nor shall you attempt to interfere with the proper working of the Site.”
“You agree that you will not take any action that imposes an unreasonable or
disproportionately large load on our infrastructure.”
“You agree that you will not access, reload or ‘refresh’ transactional event or
ticketing pages, or make any other request to transactional servers, more
than once during any three second interval.”
“You do not have permission to access this Site in any way that violates ...
these terms of use.”
“You understand and agree that ... Ticketmaster may terminate your access
to this Site, cancel your ticket order or tickets acquired through your ticket
order ... if Ticketmaster believes that your conduct or the conduct of any
person with whom Ticketmaster believes you act in concert ... violates or is
inconsistent with these Terms or the law, or violates the rights of
Ticketmaster, a client of Ticketmaster or another user of the Site.”
184.
Viewers are thus authorized to view—and thereby copy—pages of the website when they do
so in accordance with the Terms of Use. In addition, Plaintiff reserves the right to
terminate any person’s access to the website if it believes that person violated the Terms of
Use. Thus, by the Terms of Use, Plaintiff grants a nonexclusive license to consumers to copy
pages from the website in compliance with those Terms. Inasmuch as Defendant used the
website, Defendant assented to the terms.
Nor are the terms so vague as to be unenforceable. The above terms permit access for
personal use only, prohibit commercial use, prohibit the use of bots and automated devices,
limit the frequency with which users can make requests of the website, and require the
user to agree not to interfere with the proper working of the website. Defendant argues,
however, that the term “automated device” is confusing. Specifically, Defendant’s President,
Cipriano Garibay, a software designer, testifies in his declaration that TBAT—which he
appears to claim is the only product in issue in this case—is just a web browser and is not
an “automated device” because it requires human interaction to function. Garibay further
claims that he does not know what Plaintiff is referring to by the term “automated device”
because “every computer in the world, as well as all computer programs and web browsers,
have [sic] a large degree of automation built in since they are not run manually. Clearly,
Ticketmaster is not seeking to prohibit all computers and browsers from accessing its
website, otherwise the website would be useless. However, as Ticketmaster has not defined
‘automated device’ in its ‘Terms of Use,’ I can only speculate as to what it means by same.”
This claim is specious. First, the term appears in the provision in which website viewers
agree to “not use any robot, spider or other automated device, process, or means to access
the Site.” (emphasis added). Although the terms of use include no additional definition of
“automated device,” they identify robots and spiders as examples of such devices, which
Garibay states are “programs which by their very nature run without interfacing with
humans.” Plaintiff has submitted credible testimony showing that Defendant’s applications
are, in fact, automated devices. For example, Adam Lieb, a computer consultant who
studied a directory Defendant placed on Kovach’s computer, testified that “the term
‘automated device’ is easy to understand in the context of computer programming”—a field
in which Garibay claims 10 years of experience—and that TBAT is an automated device.
Lieb explains that even though TBAT may require human initialization or set up, the
application generates automated requests thereafter. Based on his examination of the
“super proxy” log files on Kovach’s computer, Lieb states that “several webpage requests
per second were made to Ticketmaster, via the proxy, from the same source IP address.
Thousands of requests were made per day. No human would be able to generate that many
requests during manual, non-automated web browsing. These were automated request[s]
made by an ‘automated device.’”
Based on his personal experience, Kovach describes Defendant’s software as “including
automated devices that RMG calls ‘workers’ that can automatically navigate the
Ticketmaster website.... [M]y level of service enabled me to use multiple workers—
sometimes over one hundred of them—simultaneously to search for and request tickets.”
Kovach further describes how he could command the workers to search for tickets according
to parameters that he would set, and that the workers would search for tickets
automatically and alert him when they found tickets matching his parameters. Indeed,
Defendant’s own website advertises its products as “let[ting] you do the work of a dozen
185.
people at once. Just enter the event information ... and the moment the event goes on sale,
PurchaseMaster goes into action.” In view of all of the evidence, Plaintiff is highly likely to
succeed on its claim that Defendant’s applications are automated devices that violate the
Terms of Use.
However, even setting aside Plaintiff’s prohibition of automated devices, the application as
described would violate other provisions of the Terms of Use. For example, using an
application that enables a person to make several requests per second would violate the
provision limiting the frequency of requests to no more than one every three seconds.
Furthermore, use of an application designed to thwart Plaintiff’s access control by, in
Defendant’s own description, “stealth technology [that] lets you hide your IP address, so you
never get blocked by Ticketmaster,” (original emphasis) would breach the user’s
agreement to “not use any device, software or routine that interferes with the proper
working of the Site nor shall you attempt to interfere with the proper working of the Site.”
See also Kovach Decl. ¶ 8 (explaining his understanding that the “workers are specifically
designed to navigate or otherwise avoid various security measures on Ticketmaster’s
website.”)
Finally, Defendant argues in summary fashion that to the extent Plaintiff’s claim is
predicated on automatically-made cache copies of Plaintiff’s webpages, such cache copies
constitute fair use as a matter of law under Perfect 10, Inc., v. Amazon.com, Inc., 487 F.3d
701, 716 (9th Cir. 2007). This argument is unavailing for several reasons. First, “[b]ecause
the defendant in an infringement action has the burden of proving fair use, the defendant is
responsible for introducing evidence of fair use in responding to a motion for preliminary
relief.” Here, Defendant has come forward with no evidence of fair use. Nor did Defendant
attempt to explain how its use satisfies any of the four fair use factors set forth in 17 U.S.C.
§ 107. Accordingly, the fair use defense fails to defeat Plaintiff’s motion on these grounds
alone.
Second, Perfect 10 does not stand for the absolute principle of law that Defendant attributes
to it. Rather, Perfect 10 addressed, among other questions, whether users who link to
infringing websites and thus make automatic cache copies of those infringing websites
themselves commit copyright infringement. The Ninth Circuit agreed with the district court
that such conduct was “fair use in this context” because the caching was “noncommercial,
transformative ... and has a minimal impact on the potential market for the original work.”
Significantly, the Court also noted that “a cache copies no more than necessary to assist the
user in Internet use,” and, in the case before it, the “background copying has no more than
a minimal effect” on the plaintiff’s rights. In this context, by contrast, Defendant is not an
“innocent” third-party visitor to another person’s infringing site. Instead, the purpose of
Defendant’s viewing ticketmaster.com and the copying that necessarily entails is to engage
in conduct that violates the Terms of Use in the ways described above. In addition,
Defendant’s use of the website is to further its own commercial objectives, that is, to create
and sell ticket purchasing applications that can gain unauthorized access to
ticketmaster.com. In addition, in this case, such copying has a significant, as opposed to
minimal, effect on Plaintiff’s rights because Defendant’s conduct empowers its customers to
also violate the Terms of Use, infringe on Plaintiff’s rights, and collectively cause Plaintiff
the harm described below. For all of these reasons, Defendant’s fair use defense fails.
186.
Because the Court finds that Plaintiff has a strong likelihood of proving that Defendant
violated ticketmaster.com’s Terms of Use by using automated devices, making excessive
requests, and interfering with the proper working of the website when it used and/or
designed applications that access ticketmaster.com, the Court finds that Plaintiff has a
strong likelihood of succeeding on the merits of its claim for direct copyright infringement.
b. Defendant’s Indirect Liability for Copyright Infringement
Plaintiff also argues that it has a strong likelihood of success on its claim for indirect
copyright infringement. The Court agrees.
“One infringes contributorily by intentionally inducing or encouraging direct infringement,
and infringes vicariously by profiting from direct infringement while declining to exercise a
right to stop or limit it.” Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913,
930-931 (2005). Although “[t]he Copyright Act does not expressly render anyone liable for
infringement committed by another, these doctrines of secondary liability emerged from
common law principles and are well established in the law.” In Grokster, the Supreme
Court held that “one who distributes a device with the object of promoting its use to
infringe copyright, as shown by clear expression or other affirmative steps taken to foster
infringement, is liable for the resulting acts of infringement by third parties.” Evidence to
support an inducement theory includes, for example “advertisement[s] or solicitation[s] that
broadcast [] a message designed to stimulate others to commit violations.” Here, as
described above, there is substantial evidence that Defendant designed its application for
the purpose of giving its clients unauthorized access to ticketmaster.com; Defendant even
advertises its product as “stealth technology [that] lets you hide your IP address, so you
never get blocked by Ticketmaster” (original emphasis.) Designing and marketing a
device whose purpose is to allow unauthorized access to, and thus to infringe on, a
copyrighted website is sufficient to trigger contributory liability for infringement committed
by the device’s immediate users. See, e.g., Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d
259, 264 (9th Cir. 1996) (stating that providing the site and facilities for known infringing
activity is sufficient to establish contributory liability, and quoting with approval 2 William
F. Patry, Copyright Law & Practice 1147, “Merely providing the means for infringement
may be sufficient” to incur contributory copyright liability.)
As discussed in the Background section, Plaintiff has presented examples of Defendant’s
clients making numerous ticket purchases and ticket requests using Defendant’s
applications and resources, including the examples of Bonner making more than 425,000
requests in a single day, and Prior making more than 600,000 requests in a single day, both
through IP addresses registered to Defendant. Requests so numerous cannot be made other
than with automated devices. Kovach testified how he used Defendant’s applications to
make automated ticket requests, and that Defendant made representatives available to
help him use its applications, circumvent Plaintiff’s security measures, and set up his
hardware for optimal use. Such uses infringe on Plaintiff’s copyrights for the reasons stated
above with regard to Defendant’s direct infringement.
Based on this evidence, the Court finds that Plaintiff is highly likely to prove that
Defendant induced or encouraged its clients’ direct infringement by providing them with
devices that gain them unauthorized access to and use of ticketmaster.com. Plaintiff is
187.
therefore highly likely to succeed in its claim against Defendant for contributory
infringement.
2. Plaintiff’s Claim Under the Digital Millennium Copyright Act
Plaintiff alleges that Defendant has violated the Digital Millennium Copyright Act
(“DMCA”), 17 U.S.C. § 1201 et seq., by trafficking in technological products, services,
devices, or components that are primarily designed to circumvent Plaintiff’s access control
and copy protection systems. Plaintiff’s Motion relies on two provisions of the DMCA.
First, Plaintiff claims Defendant is liable under section 1201(a)(2), which prohibits
trafficking in devices designed to circumvent “technological measure[s] that effectively
control[] access to a work protected under this title.” “A plaintiff alleging a violation of §
1201(a)(2) must prove: (1) ownership of a valid copyright on a work, (2) effectively
controlled by a technological measure, which has been circumvented, (3) that third parties
can now access (4) without authorization, in a manner that (5) infringes or facilitates
infringing a right protected by the Copyright Act, because of a product that (6) the
defendant either (i) designed or produced primarily for circumvention; (ii) made available
despite only limited commercial significance other than circumvention; or (iii) marketed for
use in circumvention of the controlling technological measure.”
The Court finds that Plaintiff is likely to prevail on its section 1201(a)(2) claim. Specifically,
as stated above, Plaintiff is likely to prove that (1) Plaintiff owns copyrights to
ticketmaster.com and specific portions thereof; (2) Plaintiff employs “technological
measures” such as CAPTCHA to block automated access to its copyrighted ticket purchase
pages; (3) Defendant’s customers are third parties who can now access those copyrighted
pages; (4) these parties access those pages without Plaintiff’s authorization; and (5) that
this access infringes Plaintiff’s rights because it entails copying those pages in excess of the
third parties’ license to do so; and (6)(i), (iii) these third parties have such access because of
Defendant’s products designed primarily for circumvention, and marketed for use in
circumvention of the controlling technological measure.
The majority of Defendant’s challenges to Plaintiff’s Motion on the DMCA claim are
repetitive of its arguments with regard to the copyright claim, and are unavailing for the
same reasons. The only unique arguments as to the DMCA claim are that CAPTCHA is not
a system or a program, but is simply an image, and that CAPTCHA is designed to regulate
ticket sales, not to regulate access to a copyrighted work.
First, the Court notes that the DMCA does not equate its use of the term “technological
measure” with Defendant’s terms “system” or “program.” In any case, Plaintiff has
submitted evidence that CAPTCHA is a technological measure that regulates access to a
copyrighted work. Although the DMCA does not appear to include a definition of the term,
it states that “a technological measure ‘effectively controls access to a work’ if the measure,
in the ordinary course of its operation, requires the application of information, or a process
or a treatment, with the authority of the copyright owner, to gain access to the work.” When
the user makes a ticket request on ticketmaster.com, CAPTCHA presents “a box with
stylized random characters partially obscured behind hash marks.” The user is required to
type the characters into an entry on the screen in order to proceed with the request. Most
automated devices cannot decipher and type the random characters and thus cannot
188.
proceed to the copyrighted ticket purchase pages. Thus, because CAPTCHA “in the ordinary
course of its operation, requires the application of information ... to gain access to the
work,” it is a technological measure that regulates access to a copyrighted work. Plaintiff is
therefore likely to prevail on its DMCA § 1201(a)(2) claim.
Section 1201(b)(1) similarly prohibits the trafficking of devices primarily designed or
produced for the purpose of circumventing “protection afforded by a technological measure
that effectively protects a right of a copyright owner under this title in a work or a portion
thereof.” Sections 1201(a)(2) and 1201(b)(1) differ only in that 1201(a)(2), by its terms,
makes it wrongful to traffic in devices that circumvent technological measures that control
access to protected works, while 1201(b)(1) makes it wrongful to traffic in devices that
circumvent technological measures that protect rights of a copyright owner in a work. Here,
CAPTCHA both controls access to a protected work because a user cannot proceed to
copyright protected webpages without solving CAPTCHA, and protects rights of a copyright
owner because, by preventing automated access to the ticket purchase webpage, CAPTCHA
prevents users from copying those pages. For the foregoing reasons, the Court finds that
Plaintiff is likely to prevail on its DMCA §§ 1201(a)(2) and 1201(b)(1) claims.
3. Plaintiff’s Breach of Contract Claim
Plaintiff argues that Defendant is breaching the ticketmaster.com Terms of Use in
numerous ways, and is therefore liable for breach of contract. The facts and issues that this
claim raises are the same as those raised by Plaintiff’s contention, in connection with its
copyright claims, that Defendant breached the Terms of Use. The Court addressed the
merits of that claim in its discussion of Plaintiff’s claim for copyright infringement, and
concluded that Plaintiff is highly likely to prove that use of ticketmaster.com is governed by
the Terms of Use; that Defendant was on notice of, and assented to, the Terms of Use; and
that Defendant violated the Terms of Use by using automated devices to access the website,
using an application that makes several requests per second (in violation of the provision
limiting the frequency of requests to no more than one every three seconds), and by using
an application designed to thwart Plaintiff’s access controls (which breaches the user’s
agreement to “not use any device, software or routine that interferes with the proper
working of the Site nor shall you attempt to interfere with the proper working of the Site.”).
The Court therefore finds that Plaintiff is therefore likely to prevail on its breach of
contract claim.
4. Plaintiff’s Computer Fraud and Abuse Act Claim
Plaintiff also argues that it is likely to prevail on its claim under the Computer Fraud and
Abuse Act (“CFAA”), 18 U.S.C. § 1030. Although the CFAA is a criminal statute, it permits
“any person who suffers damage or loss” through a violation of its provisions “to maintain a
civil action ... to obtain compensatory damages and injunctive relief or other equitable
relief.” To prevail on its CFAA claim, Plaintiff must demonstrate that Defendant
“intentionally accesse[d] a computer without authorization or exceed[ed] authorized access,
and thereby obtain[ed] information from any protected computer,” or that Defendant
“knowingly cause[d] the transmission of a program ... and ... cause [d] damage without
authorization to a protected computer.” Plaintiff must also demonstrate that Defendant’s
unauthorized access caused $5,000 in loss or damage during a one year period.
189.
It appears likely that Plaintiff will be able to prove that Defendant gained unauthorized
access to, and/or exceeded authorized access to, Plaintiff’s protected computers, and caused
damage thereby. Based on the statute and the cases Plaintiff cites, the Court also agrees
that the required $5,000 of harm may consist of harm to a computer system, and need not
be suffered by just one computer during one particular intrusion. However, because
Plaintiff has not quantified its harm as required by the statute or even attempted to show
what portion of the harm is attributable to Defendant, the Court cannot find that Plaintiff
has affirmatively shown that its harm caused by Defendant exceeds the $5,000 minimum.
Thus, the CFAA claim does not provide a basis for a preliminary injunction.
In light of the Court’s rulings on Plaintiff’s copyright, DMCA, and breach of contract claims,
the Court need not address whether Plaintiff is likely to succeed on its claims under
California Penal Code § 502, the fifth basis asserted for the preliminary injunction.
B. Irreparable Harm
Having determined that Plaintiff has a strong likelihood of success on the merits of its
copyright, DMCA, and breach of contract claims, the Court now addresses whether Plaintiff
has shown “the possibility of irreparable injury.”
For Plaintiff’s copyright claim, “a showing of a reasonable likelihood of success on the
merits raises a presumption of irreparable harm.” “A copyright holder seeking a
preliminary injunction is therefore not required to make an independent demonstration of
irreparable harm.” Here, because Plaintiff has shown a strong likelihood of success on the
merits of its copyright claim, the Court presumes irreparable harm. Defendant has done
nothing to rebut that presumption.
The Court also finds that Plaintiff has otherwise shown the possibility of irreparable harm
required to support the issuance of a preliminary injunction on its DMCA and breach of
contract claims. Specifically, Plaintiff has submitted extensive evidence demonstrating that
it is suffering a loss of goodwill with the buying public in that there is a growing public
perception that Plaintiff does not provide the public with a fair opportunity to buy tickets
due to automated purchases. Such evidence includes numerous complaints from consumers
about the unavailability of tickets, some of which demonstrate extreme dissatisfaction with
Plaintiff and indicate suspicions that Plaintiff is colluding with ticket brokers to deny
consumers tickets.5 Plaintiff has also submitted copies of consumer comments posted on
blogs expressing similar extreme dissatisfaction6 and evidence of numerous news stories
discussing the unavailability of tickets. For example, many of the news stories concern the
unavailability of tickets to concerts in Hannah Montana’s “Best of Both Worlds” tour. Based
on the reports, many parents expressed disappointed and outrage at Plaintiff because
5 Plaintiff’s brief quotes several of the complaints compiled in Exhibit 19. One such complaint states: “I would
like to know how within 20 seconds of a show going on sale I could not find ANY seats together at ANY price at
this event. However, there are gobs of them for sale on many different scalper sites. How is this possible and
why is this tolerated. The only explanation for this is that people inside TM are in cahoots with these criminals.
I would just like to know if there are any plans whatsoever to address this situation.” 6 For example, the following is a comment posted by someone who could not obtain tickets to a performance of
the rock group “Rush”: “I am absolutely irate about TicketBxxxxxd and its practices. As has been mentioned on
this site already, the whole process of getting tickets to concerts has gotten completely out of control with
scalpers, brokers, and God-knows-who-else trying to make a buck at the expense of fans.”
190.
tickets to many Hannah Montana concerts throughout the nation (Bossier City, Louisiana;
Miami, Florida; Atlanta, Georgia; and Kansas City, Missouri, for example) were snapped up
within several hours—and sometimes within minutes—of their release for sale. It also
appears that the public’s difficulty obtaining tickets to the Hannah Montana concerts was
so severe and created such an outcry that the Attorneys General of Missouri and Arkansas
initiated investigations into Plaintiff’s ticket selling practices….
Although the extent of Defendant’s culpability for this harm to Plaintiff’s goodwill cannot
yet be determined, it is likely that some of Defendant’s customers were able to obtain
tickets to such concerts by using Defendant’s applications. Given the alleged extent of
Defendant’s participation in the hundreds of thousands of automated ticket requests
wrongfully made of Plaintiff’s website, it is likely that Defendant’s conduct has caused, and
will continue to cause, some portion of Plaintiff’s loss of goodwill unless Defendant’s conduct
is enjoined. As a consequence of Plaintiff’s loss of consumer goodwill, Plaintiff also faces the
possibility of loss of goodwill and loss of business from its clients.
In this Circuit, intangible injuries, such as damage to goodwill, can constitute irreparable
harm. Plaintiff has also submitted evidence that it has attempted to use technological
countermeasures to prevent automated ticket requests, but that these efforts have had only
limited success. Thus, the Court is not persuaded by Defendant’s argument that Plaintiff’s
self-help measures (such as “blacklisting” IP addresses) are enough to prevent irreparable
harm and thus obviate the need for injunctive relief. In addition, the cost to Plaintiff of
developing and implementing such countermeasures is not easily calculable. For the
foregoing reasons, the Court finds that Plaintiff has demonstrated the possibility of
irreparable harm….
NOTES AND QUESTIONS
What exactly was Ticketmaster’s prima facie case of copyright infringement? Why did
RMG’s fair use defense fail?
Why wasn’t there sufficient damage to support the Computer Fraud & Abuse Act claim?
You probably aren’t sympathetic to RMG. But are you sympathetic to Ticketmaster?
Denouement. RMG ultimately defaulted, so Ticketmaster got a default judgment of $18.2M
in damages plus $350,000 in attorneys’ fees.
In 2016, Congress enacted the BOTS Act making it unlawful “to circumvent a security
measure, access control system, or other technological control or measure on an Internet
website or online service that is used by the ticket issuer to enforce posted event ticket
purchasing limits or to maintain the integrity of posted online ticket purchasing order
rules.” Several states have enacted analogous laws.
Ticketmaster, Redux. More than a decade after its RMG suit, Ticketmaster still sues ticket
brokers for automated purchases, using pretty much the same legal theories addressed in
the RMG case. For example, in one 2018 ruling, the court held:
191.
Robots downloading (“browsing”) webpages likely qualify for fair use (citing Perfect
10 v. Amazon, which came out after the RMG case).
Bypassing a CAPTCHA might still constitute a 1201 violation.
Ticketmaster’s cease-and-desist letter wasn’t sufficient to revoke authorization to
access Ticketmaster’s servers for CFAA purposes (but that might be easily fixed
with a reworded letter), and Ticketmaster’s TOU didn’t delimit access (cites to
Facebook v. Power Ventures and the Nosal case).
The California Penal Code 502 claim failed for the same reason.
The TOU’s liquidated damages ($0.25 per page request or reserve request made in
excess of 1,000 pages or 800 reserve requests per 24-hour period) appeared
reasonable.
Ticketmaster adequately alleged fraudulent account creation by alleging that “every
time Defendants created an account, they assented to the TOU with the intent to
breach the TOU by using bots and automated software to purchase large quantities
of tickets.”
Ticketmaster L.L.C. v. Prestige Entertainment, Inc., 306 F. Supp. 3d 1164 (C.D. Cal. 2018).
In the Prestige case, the defendants allegedly purchased 30-40% of Ticketmaster’s inventory
for certain shows. So despite a decade to develop new technology to fight the ticket brokers,
it seems like Ticketmaster still can’t defeat them. Why do you think that’s the case? What
should Ticketmaster do differently? Why hasn’t the BOTS Act solved this problem?
192.
VI. Trademarks and Domain Names
Trademark FAQs (from http://www.uspto.gov/web/offices/tac/tmfaq.htm on August 5,
2007) (omitted questions aren’t indicated)
What is a trademark?
A trademark includes any word, name, symbol, or device, or any combination, used, or
intended to be used, in commerce to identify and distinguish the goods of one manufacturer
or seller from goods manufactured or sold by others, and to indicate the source of the goods.
In short, a trademark is a brand name.
What is a service mark?
A service mark is any word, name, symbol, device, or any combination, used, or intended to
be used, in commerce, to identify and distinguish the services of one provider from services
provided by others, and to indicate the source of the services.
What is a certification mark?
A certification mark is any word, name, symbol, device, or any combination, used, or
intended to be used, in commerce with the owner’s permission by someone other than its
owner, to certify regional or other geographic origin, material, mode of manufacture,
quality, accuracy, or other characteristics of someone’s goods or services, or that the work or
labor on the goods or services was performed by members of a union or other organization.
What is a collective mark?
A collective mark is a trademark or service mark used, or intended to be used, in commerce,
by the members of a cooperative, an association, or other collective group or organization,
including a mark which indicates membership in a union, an association, or other
organization.
Do I have to register my trademark?
No, but federal registration has several advantages, including notice to the public of the
registrant’s claim of ownership of the mark, a legal presumption of ownership nationwide,
and the exclusive right to use the mark on or in connection with the goods or services set
forth in the registration.
What are the benefits of federal trademark registration?
1. Constructive notice nationwide of the trademark owner’s claim.
2. Evidence of ownership of the trademark.
3. Jurisdiction of federal courts may be invoked.
4. Registration can be used as a basis for obtaining registration in foreign countries.
5. Registration may be filed with U.S. Customs Service to prevent importation of infringing
foreign goods.
Are there federal regulations governing the use of the designations “TM” or “SM” with
trademarks?
No. Use of the symbols “TM” or “SM” (for trademark and service mark, respectively) may,
however, be governed by local, state, or foreign laws and the laws of the pertinent
jurisdiction must be consulted. These designations usually indicate that a party claims
rights in the mark and are often used before a federal registration is issued.
193.
When is it proper to use the federal registration symbol (the letter R enclosed within a circle
— ® — with the mark.
The federal registration symbol may be used once the mark is actually registered in the
U.S. Patent and Trademark Office. Even though an application is pending, the registration
symbol may not be used before the mark has actually become registered. The federal
registration symbol should only be used on goods or services that are the subject of the
federal trademark registration. [Note: Several foreign countries use the letter R enclosed
within a circle to indicate that a mark is registered in that country. Use of the symbol by
the holder of a foreign registration may be proper.]
What constitutes interstate commerce?
For goods, “Interstate commerce” involves sending the goods across state lines with the
mark displayed on the goods or the packaging for the goods. With services, “interstate
commerce” involves offering a service to those in another state or rendering a service which
affects interstate commerce (e.g. restaurants, gas stations, hotels, etc.).
Is a federal registration valid outside the United States?
No. However, if you are a qualified owner of a trademark application pending before the
USPTO, or of a registration issued by the USPTO, you may seek registration in any of the
countries that have joined the Madrid Protocol by filing a single application, called an
“international application,” with [the] International Bureau of the World Property
Intellectual Organization, through the USPTO….Also, certain countries recognize a United
States registration as a basis for filing an application to register a mark in those countries
under international treaties….
What are common law rights?
Federal registration is not required to establish rights in a trademark. Common law rights
arise from actual use of a mark. Generally, the first to either use a mark in commerce or file
an intent to use application with the Patent and Trademark Office has the ultimate right to
use and registration. However, there are many benefits of federal trademark registration.
CHAPTER 6 REVIEW QUESTION #1
Which of the following are potentially protectable as trademarks?
a) a domain name
b) a Twitter handle
c) a hashtag
d) a meme GIF
e) an emoji
f) a celebrity’s name
194.
Trademark Glossary
The Multi-Factor Likelihood of Confusion Test
The Ninth Circuit Model Civil Jury Instructions 15.16, 2016 version (sometimes called the
Sleekcraft factors):
You must consider whether the defendant’s use of the trademark is likely to
cause confusion about the source of the plaintiff’s or the defendant’s goods.
…As you consider the likelihood of confusion you should examine the
following:
1. Strength or Weakness of the Plaintiff’s Mark. The more the consuming
public recognizes the plaintiff’s trademark as an indication of origin of the
plaintiff’s goods, the more likely it is that consumers would be confused about
the source of the defendant’s goods if the defendant uses a similar mark.
2. Defendant’s Use of the Mark. If the defendant and plaintiff use their
trademarks on the same, related, or complementary kinds of goods there may
be a greater likelihood of confusion about the source of the goods than
otherwise.
3. Similarity of Plaintiff’s and Defendant’s Marks. If the overall impression
created by the plaintiff’s trademark in the marketplace is similar to that
created by the defendant’s trademark in [appearance] [sound] [or] [meaning],
there is a greater chance [that consumers are likely to be confused by
defendant’s use of a mark] [of likelihood of confusion]. [Similarities in
appearance, sound or meaning weigh more heavily than differences in finding
the marks are similar.]
4. Actual Confusion. If use by the defendant of the plaintiff’s trademark has
led to instances of actual confusion, this strongly suggests a likelihood of
confusion. However actual confusion is not required for a finding of likelihood
of confusion. Even if actual confusion did not occur, the defendant’s use of the
trademark may still be likely to cause confusion. As you consider whether the
trademark used by the defendant creates for consumers a likelihood of
confusion with the plaintiff’s trademark, you should weigh any instances of
actual confusion against the opportunities for such confusion. If the instances
of actual confusion have been relatively frequent, you may find that there has
been substantial actual confusion. If, by contrast, there is a very large volume
of sales, but only a few isolated instances of actual confusion you may find
that there has not been substantial actual confusion.
5. Defendant’s Intent. Knowing use by defendant of the plaintiff’s trademark
to identify similar goods may strongly show an intent to derive benefit from
the reputation of the plaintiff’s mark, suggesting an intent to cause a
likelihood of confusion. On the other hand, even in the absence of proof that
the defendant acted knowingly, the use of plaintiff’s trademark to identify
similar goods may indicate a likelihood of confusion.
195.
6. Marketing/Advertising Channels. If the plaintiff’s and defendant’s [goods]
[services] are likely to be sold in the same or similar stores or outlets, or
advertised in similar media, this may increase the likelihood of confusion.
7. Consumer’s Degree of Care. The more sophisticated the potential buyers of
the goods or the more costly the goods, the more careful and discriminating
the reasonably prudent purchaser exercising ordinary caution may be. They
may be less likely to be confused by similarities in the plaintiff’s and
defendant’s trademarks.
8. Product Line Expansion. When the parties’ products differ, you may
consider how likely the plaintiff is to begin selling the products for which the
defendant is using the plaintiff’s trademark. If there is a strong possibility of
expanding into the other party’s market, there is a greater likelihood of
confusion.
[9. Other Factors. Any other factors that bear on likelihood of confusion.]
Dilution
To establish a federal trademark dilution claim, a plaintiff must show:
(1) its mark is “famous,” defined as “widely recognized by the general consuming public of
the United States.” Some factors to help evaluate fame:
the mark owner’s advertising/publicity duration/extent/geographic reach
the mark owner’s amount/volume/geographic extent of sales
the mark’s actual recognition
if the mark has a federal trademark registration
(2) defendant used the mark in commerce
(3) defendant’s use of the mark began after the mark became famous
(4) the mark suffers a likelihood of dilution, as evidenced by either
(a) blurring = the defendant’s activity impairs the mark’s distinctiveness (factors:
mark similarity; level of distinctiveness; degree of exclusivity; level of recognition), or
(b) tarnishment = the defendant’s activity harms the mark’s reputation
Nominative Use (from New Kids on the Block v. News America Publishing, 971 F.2d 302
(9th Cir. 1992)):
The Ninth Circuit’s elements of a nominative use defense:
(1) “the product or service in question must be one not readily identifiable without use of
the trademark,”
(2) “only so much of the mark or marks may be used as is reasonably necessary to identify
the product or service,” and
(3) “the user must do nothing that would, in conjunction with the mark, suggest
sponsorship or endorsement by the trademark holder”
196.
Uniform Dispute Resolution Procedure Standards
The elements of a successful UDPR action:
(1) the domain name is confusing similar (or identical) to a third party’s mark
(2) the registrant has no legitimate interests in the name. However, the registrant can show
legitimate rights by:
actual or planned bona fide offering of goods/services;
it is commonly known by the domain name; or
making a legitimate noncommercial or fair use without intent for commercial gain,
misleading diversion of traffic, or dilution.
(3) the name is being used in bad faith, such as:
the registrant acquired the name for profitable resale;
the registrant registered the name to block the legitimate TM owner if a pattern can
be shown;
the registrant acquired name to disrupt a competitor; or
name is intended to attract attention to site by creating a likelihood of confusion.
Anticybersquatting Consumer Protection Act
The elements of a federal ACPA claim:
(1) The domain name registrant registers a domain name containing a third party
trademark
(2) The registrant has a bad faith intent to profit from the domain name. Some factors that
might show or negate bad faith
the registrant’s IP rights in the domain name
if the domain name contains the registrant’s real name
the use of the domain name in a bona fide offering of goods/services
a bona fide noncommercial or fair use of the domain name
an intent to divert consumers in a way that harms the trademark owner’s goodwill
an offer to sell the domain name without having used it for a bona fide offering of
goods/services
providing false contact info
multiple bogus registrations
distinctiveness/famousness of the mark
(3) The registrant registers, traffics in or uses a domain name that is identical or
confusingly similar to the mark or, in the case of a famous mark, dilutes it.
197.
The next case is one of the leading cases involving “gripers,” individuals who express their
frustrations about a company or individual using online channels. Ken Hamidi, from the
Intel v. Hamidi case, was also a griper.
In the 2000s, gripers built disparaging websites at a domain name containing their griping
target’s name—sometimes using name verbatim, sometimes followed by the “sucks” suffix.
Such griping practices are now rare. Nowadays, gripers more typically take their gripes to
review websites like Yelp or to social media. Services like Twitter and Facebook have their
own policies defining what they consider to be acceptable griping, and their house rules
play a large role in regulating griping.
The following case illustrates a trademark owner’s then-standard maneuvers to shut down
a domain name griper. After this ruling, anti-griper lawsuits have rarely succeeded in
court.
Lamparello v. Falwell, 420 F.3d 309 (4th Cir. 2005).
Christopher Lamparello appeals the district court’s order enjoining him from maintaining a
gripe website critical of Reverend Jerry Falwell. For the reasons stated below, we reverse.
I.
Reverend Falwell is “a nationally known minister who has been active as a commentator on
politics and public affairs.” He holds the common law trademarks “Jerry Falwell” and
“Falwell,” and the registered trademark “Listen America with Jerry Falwell.” Jerry Falwell
Ministries can be found online at “www.falwell.com,” a website which receives 9,000 hits (or
visits) per day.
Lamparello registered the domain name “www.fallwell.com” on February 11, 1999, after
hearing Reverend Falwell give an interview “in which he expressed opinions about gay
people and homosexuality that [Lamparello] considered ... offensive.” Lamparello created a
website at that domain name to respond to what he believed were “untruths about gay
people.” Lamparello’s website included headlines such as “Bible verses that Dr. Falwell
chooses to ignore” and “Jerry Falwell has been bearing false witness (Exodus 20:16) against
his gay and lesbian neighbors for a long time.” The site also contained in-depth criticism of
Reverend Falwell’s views. For example, the website stated:
Dr. Falwell says that he is on the side of truth. He says that he will preach
that homosexuality is a sin until the day he dies. But we believe that if the
reverend were to take another thoughtful look at the scriptures, he would
discover that they have been twisted around to support an anti-gay political
agenda ... at the expense of the gospel.
Although the interior pages of Lamparello’s website did not contain a disclaimer, the
homepage prominently stated, “This website is NOT affiliated with Jerry Falwell or his
ministry”; advised, “If you would like to visit Rev. Falwell’s website, you may click here”;
and provided a hyperlink to Reverend Falwell’s website.
198.
At one point, Lamparello’s website included a link to the Amazon.com webpage for a book
that offered interpretations of the Bible that Lamparello favored, but the parties agree that
Lamparello has never sold goods or services on his website. The parties also agree that
“Lamparello’s domain name and web site at www.fallwell.com,” which received only 200
hits per day, “had no measurable impact on the quantity of visits to [Reverend Falwell’s]
web site at www.falwell.com.”
Nonetheless, Reverend Falwell sent Lamparello letters in October 2001 and June 2003
demanding that he cease and desist from using www.fallwell.com or any variation of
Reverend Falwell’s name as a domain name. Ultimately, Lamparello filed this action
against Reverend Falwell and his ministries (collectively referred to hereinafter as
“Reverend Falwell”), seeking a declaratory judgment of noninfringement. Reverend Falwell
counter-claimed, alleging trademark infringement under 15 U.S.C. § 1114 (2000), false
designation of origin under 15 U.S.C. § 1125(a), unfair competition under 15 U.S.C. § 1126
and the common law of Virginia,1 and cybersquatting under 15 U.S.C. § 1125(d).
The parties stipulated to all relevant facts and filed cross-motions for summary judgment.
The district court granted summary judgment to Reverend Falwell, enjoined Lamparello
from using Reverend Falwell’s mark at www.fallwell.com, and required Lamparello to
transfer the domain name to Reverend Falwell. However, the court denied Reverend
Falwell’s request for statutory damages or attorney fees, reasoning that the “primary
motive” of Lamparello’s website was “to put forth opinions on issues that were contrary to
those of [Reverend Falwell]” and “not to take away monies or to profit.”
Lamparello appeals the district court’s order; Reverend Falwell cross-appeals the denial of
statutory damages and attorney fees. We review de novo a district court’s ruling on cross-
motions for summary judgment. See People for the Ethical Treatment of Animals v.
Doughney, 263 F.3d 359, 364 (4th Cir. 2001) [hereinafter “PETA”].
II.
We first consider Reverend Falwell’s claims of trademark infringement and false
designation of origin.
A….
Both infringement and false designation of origin have five elements. To prevail under
either cause of action, the trademark holder must prove:
(1) that it possesses a mark; (2) that the [opposing party] used the mark; (3)
that the [opposing party’s] use of the mark occurred “in commerce”; (4) that
the [opposing party] used the mark “in connection with the sale, offering for
1 …because “[t]he test for trademark infringement and unfair competition under the Lanham Act is essentially
the same as that for common law unfair competition under Virginia law because both address the likelihood of
confusion as to the source of the goods or services involved,” Reverend Falwell’s state-law unfair competition
claim rises or falls with his federal claims of infringement and false designation of origin. Therefore, we will not
analyze his state-law claim separately.
199.
sale, distribution, or advertising” of goods or services; and (5) that the
[opposing party] used the mark in a manner likely to confuse consumers.
Trademark law serves the important functions of protecting product identification,
providing consumer information, and encouraging the production of quality goods and
services. See Qualitex Co. v. Jacobson Prods. Co., 514 U.S. 159, 164 (1995). But protections
“‘against unfair competition’” cannot be transformed into “‘rights to control language.’”
“Such a transformation” would raise serious First Amendment concerns because it would
limit the
ability to discuss the products or criticize the conduct of companies that may
be of widespread public concern and importance. Much useful social and
commercial discourse would be all but impossible if speakers were under
threat of an infringement lawsuit every time they made reference to a person,
company or product by using its trademark.
Lamparello and his amici argue at length that application of the Lanham Act must be
restricted to “commercial speech” to assure that trademark law does not become a tool for
unconstitutional censorship. The Sixth Circuit has endorsed this view, see Taubman Co. v.
Webfeats, 319 F.3d 770, 774 (6th Cir. 2003), and the Ninth Circuit recently has done so as
well, see Bosley Med. Inst., Inc. v. Kremer, 403 F.3d 672, 674 (9th Cir. 2005).
In its two most significant recent amendments to the Lanham Act, the Federal Trademark
Dilution Act of 1995 (“FTDA”) and the Anticybersquatting Consumer Protection Act of 1999
(“ACPA”), Congress left little doubt that it did not intend for trademark laws to impinge the
First Amendment rights of critics and commentators. The dilution statute applies to only a
“commercial use in commerce of a mark,” and explicitly states that the “[n]oncommercial
use of a mark” is not actionable. Congress explained that this language was added to
“adequately address [] legitimate First Amendment concerns,” and “incorporate[d] the
concept of ‘commercial’ speech from the ‘commercial speech’ doctrine.” Similarly, Congress
directed that in determining whether an individual has engaged in cybersquatting, the
courts may consider whether the person’s use of the mark is a “bona fide noncommercial or
fair use.” The legislature believed this provision necessary to “protect[] the rights of
Internet users and the interests of all Americans in free speech and protected uses of
trademarked names for such things as parody, comment, criticism, comparative
advertising, news reporting, etc.”
In contrast, the trademark infringement and false designation of origin provisions of the
Lanham Act (Sections 32 and 43(a), respectively) do not employ the term “noncommercial.”
They do state, however, that they pertain only to the use of a mark “in connection with the
sale, offering for sale, distribution, or advertising of any goods or services,” or “in connection
with any goods or services.” But courts have been reluctant to define those terms narrowly.2
Rather, as the Second Circuit has explained, “[t]he term ‘services’ has been interpreted
broadly” and so “[t]he Lanham Act has ... been applied to defendants furnishing a wide
variety of non-commercial public and civic benefits.” Similarly, in PETA we noted that a
website need not actually sell goods or services for the use of a mark in that site’s domain
2 Indeed, Lamparello agreed at oral argument that the Lanham Act’s prohibitions on infringement and false
designation apply to more than just commercial speech as defined by the Supreme Court.
200.
name to constitute a use “‘in connection with’ goods or services.” PETA, 263 F.3d at 365; see
also Taubman Co., 319 F.3d at 775 (concluding that website with two links to websites of
for-profit entities violated the Lanham Act).
Thus, even if we accepted Lamparello’s contention that Sections 32 and 43(a) of the
Lanham Act apply only to commercial speech, we would still face the difficult question of
what constitutes such speech under those provisions. In the case at hand, we need not
resolve that question or determine whether Sections 32 and 43(a) apply exclusively to
commercial speech because Reverend Falwell’s claims of trademark infringement and false
designation fail for a more obvious reason. The hallmark of such claims is a likelihood of
confusion—and there is no likelihood of confusion here.
B.
1.
“[T]he use of a competitor’s mark that does not cause confusion as to source is permissible.”
Accordingly, Lamparello can only be liable for infringement and false designation if his use
of Reverend Falwell’s mark would be likely to cause confusion as to the source of the
website found at www.fallwell.com. This likelihood-of-confusion test “generally strikes a
comfortable balance” between the First Amendment and the rights of markholders.
We have identified seven factors helpful in determining whether a likelihood of confusion
exists as to the source of a work, but “not all these factors are always relevant or equally
emphasized in each case.” The factors are: “(a) the strength or distinctiveness of the mark;
(b) the similarity of the two marks; (c) the similarity of the goods/services the marks
identify; (d) the similarity of the facilities the two parties use in their businesses; (e) the
similarity of the advertising used by the two parties; (f) the defendant’s intent; (g) actual
confusion.”
Reverend Falwell’s mark is distinctive, and the domain name of Lamparello’s website,
www.fallwell.com, closely resembles it. But, although Lamparello and Reverend Falwell
employ similar marks online, Lamparello’s website looks nothing like Reverend Falwell’s;
indeed, Lamparello has made no attempt to imitate Reverend Falwell’s website. Moreover,
Reverend Falwell does not even argue that Lamparello’s website constitutes advertising or
a facility for business, let alone a facility or advertising similar to that of Reverend Falwell.
Furthermore, Lamparello clearly created his website intending only to provide a forum to
criticize ideas, not to steal customers.
Most importantly, Reverend Falwell and Lamparello do not offer similar goods or services.
Rather they offer opposing ideas and commentary. Reverend Falwell’s mark identifies his
spiritual and political views; the website at www.fallwell.com criticizes those very views.
After even a quick glance at the content of the website at www.fallwell.com, no one seeking
Reverend Falwell’s guidance would be misled by the domain name—www.fallwell.com—
into believing Reverend Falwell authorized the content of that website. No one would
believe that Reverend Falwell sponsored a site criticizing himself, his positions, and his
interpretations of the Bible.3
3 If Lamparello had neither criticized Reverend Falwell by name nor expressly rejected Reverend Falwell’s
teachings, but instead simply had quoted Bible passages and offered interpretations of them subtly different
201.
Finally, the fact that people contacted Reverend Falwell’s ministry to report that they
found the content at www.fallwell.com antithetical to Reverend Falwell’s views does not
illustrate, as Reverend Falwell claims, that the website engendered actual confusion. To the
contrary, the anecdotal evidence Reverend Falwell submitted shows that those searching
for Reverend Falwell’s site and arriving instead at Lamparello’s site quickly realized that
Reverend Falwell was not the source of the content therein.
For all of these reasons, it is clear that the undisputed record evidences no likelihood of
confusion. In fact, Reverend Falwell even conceded at oral argument that those viewing the
content of Lamparello’s website probably were unlikely to confuse Reverend Falwell with
the source of that material.
2.
Nevertheless, Reverend Falwell argues that he is entitled to prevail under the “initial
interest confusion” doctrine. This relatively new and sporadically applied doctrine holds
that “the Lanham Act forbids a competitor from luring potential customers away from a
producer by initially passing off its goods as those of the producer’s, even if confusion as to
the source of the goods is dispelled by the time any sales are consummated.” According to
Reverend Falwell, this doctrine requires us to compare his mark with Lamparello’s website
domain name, www.fallwell.com, without considering the content of Lamparello’s website.
Reverend Falwell argues that some people who misspell his name may go to
www.fallwell.com assuming it is his site, thus giving Lamparello an unearned audience—
albeit one that quickly disappears when it realizes it has not reached Reverend Falwell’s
site. This argument fails for two reasons.
First, we have never adopted the initial interest confusion theory; rather, we have followed
a very different mode of analysis, requiring courts to determine whether a likelihood of
confusion exists by “examin[ing] the allegedly infringing use in the context in which it is
seen by the ordinary consumer.”
Contrary to Reverend Falwell’s arguments, we did not abandon this approach in PETA. Our
inquiry in PETA was limited to whether Doughney’s use of the domain name
“www.peta.org” constituted a successful enough parody of People for the Ethical Treatment
of Animals that no one was likely to believe www.peta.org was sponsored or endorsed by
that organization. For a parody to be successful, it “must convey two simultaneous—and
contradictory—messages: that it is the original, but also that it is not the original and is
instead a parody.” Doughney argued that his domain name conveyed the first message (that
it was PETA’s website) and that the content of his website conveyed the requisite second
message (that it was not PETA’s site). Although “[t]he website’s content ma[de] it clear that
it [wa]s not related to PETA,” we concluded that the website’s content could not convey the
requisite second message because the site’s content “[wa]s not conveyed simultaneously
with the first message, [i.e., the domain name itself,] as required to be considered a parody.”
Accordingly, we found the “district court properly rejected Doughney’s parody defense.”
from those of Reverend Falwell, this would be a different case. For, while a gripe site, or a website dedicated to
criticism of the markholder, will seldom create a likelihood of confusion, a website purporting to be the official
site of the markholder and, for example, articulating positions that could plausibly have come from the
markholder may well create a likelihood of confusion.
202.
PETA simply outlines the parameters of the parody defense; it does not adopt the initial
interest confusion theory or otherwise diminish the necessity of examining context when
determining whether a likelihood of confusion exists. Indeed, in PETA itself, rather than
embracing a new approach, we reiterated that “[t]o determine whether a likelihood of
confusion exists, a court should not consider how closely a fragment of a given use
duplicates the trademark, but must instead consider whether the use in its entirety creates a
likelihood of confusion.” (emphasis added). When dealing with domain names, this means a
court must evaluate an allegedly infringing domain name in conjunction with the content of
the website identified by the domain name.4
Moreover, even if we did endorse the initial interest confusion theory, that theory would not
assist Reverend Falwell here because it provides no basis for liability in circumstances such
as these. The few appellate courts that have followed the Ninth Circuit and imposed
liability under this theory for using marks on the Internet have done so only in cases
involving a factor utterly absent here—one business’s use of another’s mark for its own
financial gain.
Profiting financially from initial interest confusion is thus a key element for imposition of
liability under this theory.5 When an alleged infringer does not compete with the
markholder for sales, “some initial confusion will not likely facilitate free riding on the
goodwill of another mark, or otherwise harm the user claiming infringement. Where
confusion has little or no meaningful effect in the marketplace, it is of little or no
consequence in our analysis.” For this reason, even the Ninth Circuit has stated that a firm
is not liable for using another’s mark in its domain name if it “could not financially
capitalize on [a] misdirected consumer [looking for the markholder’s site] even if it so
desired.”
This critical element—use of another firm’s mark to capture the markholder’s customers
and profits—simply does not exist when the alleged infringer establishes a gripe site that
criticizes the markholder. See Hannibal Travis, The Battle For Mindshare: The Emerging
Consensus that the First Amendment Protects Corporate Criticism and Parody on the
Internet, 10 VA. J.L. & TECH. 3, 85 (Winter 2005) (“The premise of the ‘initial interest’
confusion cases is that by using the plaintiff’s trademark to divert its customers, the
defendant is engaging in the old ‘bait and switch.’ But because ... Internet users who find
[gripe sites] are not sold anything, the mark may be the ‘bait,’ but there is simply no
‘switch.’”) (citations omitted).6 Applying the initial interest confusion theory to gripe sites
4 Contrary to Reverend Falwell’s suggestions, this rule does not change depending on how similar the domain
name or title is to the mark. Hence, Reverend Falwell’s assertion that he objects only to Lamparello using the
domain name www.fallwell.com and has no objection to Lamparello posting his criticisms at
“www.falwelliswrong.com,” or a similar domain name, does not entitle him to a different evaluation rule. Rather
it has long been established that even when alleged infringers use the very marks at issue in titles, courts look
to the underlying content to determine whether the titles create a likelihood of confusion as to source. 5 Offline uses of marks found to cause actionable initial interest confusion also have involved financial gain. And
even those courts recognizing the initial interest confusion theory of liability but finding no actionable initial
confusion involved one business’s use of another’s mark for profit. 6 Although the appellate courts that have adopted the initial interest confusion theory have only applied it to
profit-seeking uses of another’s mark, the district courts have not so limited the application of the theory.
Without expressly referring to this theory, two frequently-discussed district court cases have held that using
another’s domain name to post content antithetical to the markholder constitutes infringement. See Planned
203.
like Lamparello’s would enable the markholder to insulate himself from criticism—or at
least to minimize access to it. We have already condemned such uses of the Lanham Act,
stating that a markholder cannot “‘shield itself from criticism by forbidding the use of its
name in commentaries critical of its conduct.’” “[J]ust because speech is critical of a
corporation and its business practices is not a sufficient reason to enjoin the speech.”
In sum, even if we were to accept the initial interest confusion theory, that theory would
not apply in the case at hand. Rather, to determine whether a likelihood of confusion exists
as to the source of a gripe site like that at issue in this case, a court must look not only to
the allegedly infringing domain name, but also to the underlying content of the website.
When we do so here, it is clear, as explained above, that no likelihood of confusion exists.
Therefore, the district court erred in granting Reverend Falwell summary judgment on his
infringement, false designation, and unfair competition claims.
III.
We evaluate Reverend Falwell’s cybersquatting claim separately because the elements of a
cybersquatting violation differ from those of traditional Lanham Act violations. To prevail
on a cybersquatting claim, Reverend Falwell must show that Lamparello: (1) “had a bad
faith intent to profit from using the [www.fallwell.com] domain name,” and (2) the domain
name www.fallwell.com “is identical or confusingly similar to, or dilutive of, the distinctive
and famous [Falwell] mark.”
“The paradigmatic harm that the ACPA was enacted to eradicate” is “the practice of
cybersquatters registering several hundred domain names in an effort to sell them to the
legitimate owners of the mark.” Lucas Nursery & Landscaping, Inc. v. Grosse, 359 F.3d
806, 810 (6th Cir. 2004). The Act was also intended to stop the registration of multiple
marks with the hope of selling them to the highest bidder, “distinctive marks to defraud
consumers” or “to engage in counterfeiting activities,” and “well-known marks to prey on
consumer confusion by misusing the domain name to divert customers from the mark
owner’s site to the cybersquatter’s own site, many of which are pornography sites that
derive advertising revenue based on the number of visits, or ‘hits,’ the site receives.” S.Rep.
No. 106-140. The Act was not intended to prevent “noncommercial uses of a mark, such as
for comment, criticism, parody, news reporting, etc.,” and thus they “are beyond the scope”
of the ACPA.
To distinguish abusive domain name registrations from legitimate ones, the ACPA directs
courts to consider nine nonexhaustive factors [the court then quotes the statute]….
These factors attempt “to balance the property interests of trademark owners with the
legitimate interests of Internet users and others who seek to make lawful uses of others’
Parenthood Fed’n of Am., Inc. v. Bucci, 1997 WL 133313 (S.D.N.Y. March 24, 1997), aff’d, 152 F.3d 920 (2d Cir.
1998) (table) (finding use of domain name “www.plannedparenthood.com” to provide links to passages of anti-
abortion book constituted infringement); Jews for Jesus v. Brodsky, 993 F. Supp. 282 (D. N.J. 1998), aff’d, 159
F.3d 1351 (3d Cir. 1998) (table) (finding use of “www.jewsforjesus.org” to criticize religious group constituted
infringement). We think both cases were wrongly decided to the extent that in determining whether the domain
names were confusing, the courts did not consider whether the websites’ content would dispel any confusion. In
expanding the initial interest confusion theory of liability, these cases cut it off from its moorings to the
detriment of the First Amendment.
204.
marks, including for purposes such as comparative advertising, comment, criticism, parody,
news reporting, fair use, etc.” H.R. Rep. No. 106-412 (emphasis added). “The first four
[factors] suggest circumstances that may tend to indicate an absence of bad-faith intent to
profit from the goodwill of a mark, and the others suggest circumstances that may tend to
indicate that such bad-faith intent exists.” Id. However, “[t]here is no simple formula for
evaluating and weighing these factors. For example, courts do not simply count up which
party has more factors in its favor after the evidence is in.” In fact, because use of these
listed factors is permissive, “[w]e need not ... march through” them all in every case. “The
factors are given to courts as a guide, not as a substitute for careful thinking about whether
the conduct at issue is motivated by a bad faith intent to profit.”
After close examination of the undisputed facts involved in this case, we can only conclude
that Reverend Falwell cannot demonstrate that Lamparello “had a bad faith intent to profit
from using the [www.fallwell.com] domain name.” Lamparello clearly employed
www.fallwell.com simply to criticize Reverend Falwell’s views. Factor IV of the ACPA
counsels against finding a bad faith intent to profit in such circumstances because “use of a
domain name for purposes of ... comment, [and] criticism,” constitutes a “bona fide
noncommercial or fair use” under the statute.7 That Lamparello provided a link to an
Amazon.com webpage selling a book he favored does not diminish the communicative
function of his website. The use of a domain name to engage in criticism or commentary
“even where done for profit” does not alone evidence a bad faith intent to profit, H.R. Rep.
No. 106-412, and Lamparello did not even stand to gain financially from sales of the book at
Amazon.com. Thus factor IV weighs heavily in favor of finding Lamparello lacked a bad
faith intent to profit from the use of the domain name.
Equally important, Lamparello has not engaged in the type of conduct described in the
statutory factors as typifying the bad faith intent to profit essential to a successful
cybersquatting claim. First, we have already held that Lamparello’s domain name does not
create a likelihood of confusion as to source or affiliation. Accordingly, Lamparello has not
engaged in the type of conduct—“creating a likelihood of confusion as to the source,
sponsorship, affiliation, or endorsement of the site”—described as an indicator of a bad faith
intent to profit in factor V of the statute.
Factors VI and VIII also counsel against finding a bad faith intent to profit here.
Lamparello has made no attempt—or even indicated a willingness—“to transfer, sell, or
otherwise assign the domain name to [Reverend Falwell] or any third party for financial
gain.” Similarly, Lamparello has not registered “multiple domain names”; rather, the record
indicates he has registered only one. Thus, Lamparello’s conduct is not of the suspect
variety described in factors VI and VIII of the Act.
Notably, the case at hand differs markedly from those in which the courts have found a bad
faith intent to profit from domain names used for websites engaged in political commentary
7 We note that factor IV does not protect a faux noncommercial site, that is, a noncommercial site created by the
registrant for the sole purpose of avoiding liability under the FTDA, which exempts noncommercial uses of
marks, or under the ACPA. As explained by the Senate Report discussing the ACPA, an individual cannot avoid
liability for registering and attempting to sell a hundred domain names incorporating famous marks by posting
noncommercial content at those domain names. But Lamparello’s sole purpose for registering www.fallwell.com
was to criticize Reverend Falwell, and this noncommercial use was not a ruse to avoid liability. Therefore, factor
IV indicates that Lamparello did not have a bad faith intent to profit.
205.
or parody. For example, in PETA we found the registrant of www.peta.org engaged in
cybersquatting because www.peta.org was one of fifty to sixty domain names Doughney had
registered and because Doughney had evidenced a clear intent to sell www.peta.org to
PETA, stating that PETA should try to “‘settle’ with him and ‘make him an offer.’”
Similarly, in Coca-Cola Co. v. Purdy, 382 F.3d 774 (8th Cir. 2004), the Eighth Circuit found
an anti-abortion activist who had registered domain names incorporating famous marks
such as “Washington Post” liable for cybersquatting because he had registered almost
seventy domain names, had offered to stop using the Washington Post mark if the
newspaper published an opinion piece by him on its editorial page, and posted content that
created a likelihood of confusion as to whether the famous markholders sponsored the anti-
abortion sites and “ha[d] taken positions on hotly contested issues.” In contrast, Lamparello
did not register multiple domain names, he did not offer to transfer them for valuable
consideration, and he did not create a likelihood of confusion.
Instead, Lamparello, like the plaintiffs in two cases recently decided by the Fifth and Sixth
Circuits, created a gripe site. Both courts expressly refused to find that gripe sites located
at domain names nearly identical to the marks at issue violated the ACPA. In TMI, Inc. v.
Maxwell, 368 F.3d 433, 434-35 (5th Cir. 2004), Joseph Maxwell, a customer of homebuilder
TMI, registered the domain name “www.trendmakerhome.com,” which differed by only one
letter from TMI’s mark, TrendMaker Homes, and its domain name,
“www.trendmakerhomes.com.” Maxwell used the site to complain about his experience with
TMI and to list the name of a contractor whose work pleased him. After his registration
expired, Maxwell registered “www.trendmakerhome.info.” TMI then sued, alleging
cybersquatting. The Fifth Circuit reversed the district court’s finding that Maxwell violated
the ACPA, reasoning that his site was noncommercial and designed only “to inform
potential customers about a negative experience with the company.”
Similarly, in Lucas Nursery & Landscaping, a customer of Lucas Nursery registered the
domain name “www.lucasnursery.com” and posted her dissatisfaction with the company’s
landscaping services. Because the registrant, Grosse, like Lamparello, registered a single
domain name, the Sixth Circuit concluded that her conduct did not constitute that which
Congress intended to proscribe—i.e., the registration of multiple domain names. Noting
that Grosse’s gripe site did not create any confusion as to sponsorship and that she had
never attempted to sell the domain name to the markholder, the court found that Grosse’s
conduct was not actionable under the ACPA. The court explained: “One of the ACPA’s main
objectives is the protection of consumers from slick internet peddlers who trade on the
names and reputations of established brands. The practice of informing fellow consumers of
one’s experience with a particular service provider is surely not inconsistent with this
ideal.”
Like Maxwell and Grosse before him, Lamparello has not evidenced a bad faith intent to
profit under the ACPA. To the contrary, he has used www.fallwell.com to engage in the type
of “comment[][and] criticism” that Congress specifically stated militates against a finding of
bad faith intent to profit. And he has neither registered multiple domain names nor
attempted to transfer www.fallwell.com for valuable consideration. We agree with the Fifth
and Sixth Circuits that, given these circumstances, the use of a mark in a domain name for
a gripe site criticizing the markholder does not constitute cybersquatting.
206.
IV.
For the foregoing reasons, Lamparello, rather than Reverend Falwell, is entitled to
summary judgment on all counts. Accordingly, the judgment of the district court is reversed
and the case is remanded for entry of judgment for Lamparello.
NOTES AND QUESTIONS
Website Evolution. Lamparello’s website evolved substantially over the years. Screen shot
from October 1999:
207.
Screen shot from October 2002:
208.
Screen shot from July 2003:
Which (if any) of these screenshots would you find confusing if you visited the site for the
first time?
Case Prelude. Falwell did not sue Lamparello initially. Instead, Falwell initiated—and
won—a UDRP proceeding. See The Reverend Dr. Jerry L. Falwell and The Liberty Alliance
v. Lamparello International, #FA0310000198936, National Arbitration Forum, Nov. 20,
2003, https://www.adrforum.com/domaindecisions/198936.htm. To prevent the registrar
from transferring his domain name (the remedy of a successful UDRP proceeding),
Lamparello sued Falwell in federal court for a declaratory judgment. Per UDRP policy,
Lamparello’s lawsuit immediately froze the domain name transfer. Because Lamparello
brought Falwell into court, it was logical for Falwell to countersue Lamparello for
trademark infringement and ACPA.
Gripers and Commerciality. Often, 1990s and 2000s gripers registered
[trademarkowner]sucks.com, commonly called a “sucks site.” Instead of a “sucks site,”
Lamparello registered a misspelled version of Falwell’s last name. Nevertheless, most
209.
visitors to fallwell.com quickly realized that Lamparello was a griper. Why, then, did
Lamparello lose both his UDRP proceeding and at the district court?
Why does the court punt on the “use in commerce” question? Isn’t Lamparello’s site
obviously non-commercial? Lamparello had, at one point, an outlink to Amazon, but so
what? See Eric Goldman, Online Word of Mouth and Its Implications for Trademark Law,
in TRADEMARK LAW AND THEORY: A HANDBOOK OF CONTEMPORARY RESEARCH 404 (Graeme
B. Dinwoodie and Mark D. Janis eds.) (Edward Elgar Press, 2008).
In a 2015 griper case, the Fourth Circuit again struggled with a griper’s commerciality, or
lack thereof. The case involved the “NAACP” mark, which stands for the National
Association for the Advancement of Colored People, but the registrant promoted the
“National Association for the Abortion of Colored People.” The court relied on the Lanham
Act language that the defendant must use the mark “in connection with” goods and
services:
the [district] court held that because the Radiance article appeared in a
Google search for the term “NAACP,” it diverted “Internet users to Radiance’s
article as opposed to the NAACP’s websites,” which thereby created a
connection to the NAACP’s goods and services. But typically the use of the
mark has to be in connection with the infringer’s goods or services, not the
trademark holder’s. If the general rule was that the use of the mark merely
had to be in connection with the trademark holder’s goods or services, then
even the most offhand mention of a trademark holder’s mark could
potentially satisfy the “in connection with” requirement. That interpretation
would expand the requirement to the point that it would equal or surpass the
scope of the Lanham Act’s “in commerce” jurisdictional element….The
provision of mere “information services” without any commercial or
transactional component is speech – nothing more….
The article was just one piece of each Radiance website’s content, which was
comprised of articles, videos, and multimedia advocacy materials. That the
protected marks appear somewhere in the content of a website that includes
transactional components [such as a “donate” button] is not alone enough to
satisfy the “in connection with” element. To say it was would come too close to
an absolute rule that any social issues commentary with any transactional
component in the neighborhood enhanced the commentator’s risk of Lanham
Act liability.
The Radiance Foundation, Inc. v. National Association for the Advancement of
Colored People, 786 F.3d 316 (4th Cir. 2015). Another way to interpret this passage
is that the Fourth Circuit will make increasingly tortured efforts to distinguish its
mistaken precedent rather than expressly overturning it.
What Are We Fighting For? Two uncontroversial propositions: (1) Lamparello’s website got
a small amount of traffic, and (2) even if Lamparello could not post his critical remarks at
fallwell.com, he could freely publish those remarks elsewhere. Given this, why did Falwell
care about the domain name? Then again, why did Lamparello?
210.
Scope of the ACPA. With respect to the domain name news.google.com, “google” is the
second-level domain, “.com” is the top-level domain, and “news” is sometimes called the
third-level domain. The ACPA only applies to second-level domain names. It probably does
not apply to top-level domain names. See Del Monte International GMBH v. Del Monte
Corp., 995 F. Supp. 2d 1107 (C.D. Cal. 2014). The ACPA does not apply to third-level
domain names, other parts of a URL (see Patmont Motors v. Gateway Marine, 1997 WL
811770 (N.D. Cal. 1997)), email aliases, Twitter handles or other online identifiers. Given
the general decline in importance of second-level domain names, it’s possible that the
ACPA’s relevance is continuing to wane.
It is difficult to hold domain name registrars liable for ACPA violations. See Academy of
Motion Picture Arts and Sciences v. GoDaddy.com, Inc., 2015 WL 5311085 (C.D. Cal. 2015).
211.
The next case deals with a long-outdated practice called keyword metatag stuffing. It’s a
good example of how courts negatively react to “surreptitious” marketing practices, as well
as their constant struggles to understand Internet technology. Pay close attention to the
litigants’ business objectives and think about whether they achieved those goals.
Promatek Industries, Ltd. v. Equitrac Corp., 300 F.3d 808 (7th Cir. 2002).
This appeal concerns the propriety of a preliminary injunction in which one competitor,
Promatek, prevailed against another, Equitrac. The preliminary injunction was issued
without a hearing and Equitrac had to place language on its web page to remedy violations
of the Lanham Act. Equitrac now appeals that order and because the district court did not
abuse its discretion, we affirm.
I. BACKGROUND
Promatek and Equitrac are competitors in selling cost-recovery equipment. Equitrac’s
marketing department advised its web designer that certain words and phrases should be
used as metatags for Equitrac’s website.1 In response, the web designer placed the term
“Copitrack” in the contents of Equitrac’s website as a metatag.* Equitrac used the term as a
metatag because it provides maintenance and service on Copitrak equipment, a product
used in the cost-recovery business.2 Promatek holds the trademark for Copitrak, and once it
learned of Equitrac’s use of the term Copitrack in the metatag, it brought suit. After
learning of Promatek’s suit, Equitrac contacted all of the search engines known to it and
requested that they remove any link between the term Copitrack and Equitrac’s website.
Equitrac also removed the Copitrack metatag from its website.
Not satisfied with Equitrac’s remedial measures, Promatek sought a preliminary injunction
preventing Equitrac from using the term Copitrack in its website. After receiving materials
submitted by both parties, the district court granted Promatek’s motion for preliminary
1 [Quoting Brookfield for this definition:] Metatags are HTML [HyperText Markup Language] code intended to
describe the contents of the web site. There are different types of metatags, but those of principal concern to us
are the “description” and “keyword” metatags. The description metatags are intended to describe the web site;
the keyword metatags, at least in theory, contain keywords relating to the contents of the web site. The more
often a term appears in the metatags and in the text of the web page, the more likely it is that the web page will
be “hit” in a search for that keyword and the higher on the list of “hits” the web page will appear. * [Editor’s note: the site’s metatags from May 11, 2000]:
<head>
<BASE HREF=“http://www.equitrac.com/”>
<meta NAME=“description” CONTENT=“Equitrac Corporation is the global leader in
automated cost recovery and expense management solutions. The company’s System 4,
OfficeTrac, DebitLog, PAS and PrintLog software and Alpha hardware track, record and report
on print, copy, fax, postage and phone usage of office equipment.”>
<meta NAME=“keywords” CONTENT=“PrintLog, printing, tracking, copying, cost recovery,
billback, disbursements, clients, projects, printers, copiers, networking, hardcopy, vending,
accounting, reporting, billing, Equitrac, System 4, Copitrack, PAS, pcounter, xcounter,
uniprint, ocs, plotting, software, transactions, DebitLog, Telemetrac, Telemate, Officetrac,
Disbursemate, copy centers, HP, Xerox, Canon, Ricoh, Savin, Mita, Toshiba, Pitney, Metrics,
document, copies”>
<title>Equitrac Corporation</title>
<meta name=“Microsoft Border” content=“none”>
</head> 2 The parties agree that Equitrac meant to use the term “Copitrak” as its metatag rather than “Copitrack.”
212.
injunction. Under the terms of the injunction, Equitrac was directed to place language on
its web page informing consumers that any link between its website and Copitrack was in
error:
If you were directed to this site through the term “Copitrack,” that is in error
as there is no affiliation between Equitrac and that term. The mark
“Copitrak” is a registered trademark of Promatek Industries, Ltd., which can
be found at www.promatek.com or www.copitrak.com.
Equitrac appeals the issuance of the injunction, arguing that the ordered language will not
only inform consumers of its competitor, Promatek, but will encourage people to go to
Promatek’s website. Promatek counters that without this language, Equitrac will continue
to benefit, to Promatek’s detriment, from consumer internet searches containing the word
Copitrack. We conclude that the district court was correct in finding Promatek would suffer
a greater harm than Equitrac if corrective measures were not taken, and we affirm the
grant of the preliminary injunction.
II. ANALYSIS…
A. The District Court Was Correct in Granting the Injunction
1. Likelihood of success on the merits
Equitrac argues that because there was no likelihood of success on the merits of Promatek’s
Lanham Act claim, the district court erred in granting the preliminary injunction. In order
to prevail under the Lanham Act, 15 U.S.C. § 1125(a), Promatek must establish that
Copitrak is a protectable trademark and that Equitrac’s use of the term is likely to cause
confusion among consumers. Preregistration of Promatek’s Copitrak trademark is prima
facie evidence of the mark’s validity, which Equitrac does not dispute. Therefore, we turn to
the issue of whether consumers would be confused by Equitrac’s use of Copitrak as a
metatag.
In assessing the likelihood of consumer confusion, we consider: (1) the similarity between
the marks in appearance and suggestion, (2) the similarity of the products, (3) the area and
manner of concurrent use of the products, (4) the degree of care likely to be exercised by
consumers, (5) the strength of the plaintiff’s marks, (6) any evidence of actual confusion,
and (7) the defendant’s intent to palm off its goods as those of the plaintiff’s. None of these
factors are dispositive and the proper weight given to each will vary in each case. However,
the similarity of the marks, the defendant’s intent, and evidence of actual confusion are of
particular importance.
Given these factors, it is clear that Promatek has a fair likelihood of succeeding on the
merits of its Lanham Act claim. Although Promatek has not provided us with evidence
regarding the strength of its Copitrak mark or evidence of any actual consumer confusion,
the other factors weigh in its favor. First, not only are the marks Copitrack and Copitrak
similar, Equitrac admits that it meant to use the correct spelling of Copitrak in its metatag.
Second, Equitrac’s use of Copitrack refers to Promatek’s registered trademark, Copitrak.
Additionally, Equitrac and Promatek are direct competitors in the cost-recovery and cost-
213.
control equipment and services market. Most importantly, for purposes of this case,
however, is the degree of care to be exercised by consumers.
Although Equitrac claims that it did not intend to mislead consumers with respect to
Copitrak, the fact remains that there is a strong likelihood of consumer confusion as a
result of its use of the Copitrack metatag. The degree of care exercised by consumers could
lead to initial interest confusion. Initial interest confusion, which is actionable under the
Lanham Act, occurs when a customer is lured to a product by the similarity of the mark,
even if the customer realizes the true source of the goods before the sale is consummated.
The Ninth Circuit has dealt with initial interest confusion for websites and metatags and
held that placing a competitor’s trademark in a metatag creates a likelihood of confusion. In
Brookfield Communications, the court found that although consumers are not confused
when they reach a competitor’s website, there is nevertheless initial interest confusion.
This is true in this case, because by Equitrac’s placing the term Copitrack in its metatag,
consumers are diverted to its website and Equitrac reaps the goodwill Promatek developed
in the Copitrak mark. That consumers who are misled to Equitrac’s website are only briefly
confused is of little or no consequence. In fact, “that confusion as to the source of a product
or service is eventually dispelled does not eliminate the trademark infringement which has
already occurred.” What is important is not the duration of the confusion, it is the
misappropriation of Promatek’s goodwill. Equitrac cannot unring the bell. As the court in
Brookfield explained, “[u]sing another’s trademark in one’s metatags is much like posting a
sign with another’s trademark in front of one’s store.” Customers believing they are
entering the first store rather than the second are still likely to mill around before they
leave. The same theory is true for websites. Consumers who are directed to Equitrac’s
webpage are likely to learn more about Equitrac and its products before beginning a new
search for Promatek and Copitrak. Therefore, given the likelihood of initial consumer
confusion, the district court was correct in finding Promatek could succeed on the merits.
2. No adequate remedy at law
A plaintiff seeking a preliminary injunction must also prove that it has no adequate remedy
at law and as a result, will suffer irreparable harm if the injunction is not issued.
Furthermore, it is well settled that injuries arising from Lanham Act violations are
presumed to be irreparable, even if the plaintiff fails to demonstrate a business loss.
As has been discussed, Promatek has suffered injury to its consumer goodwill through
Equitrac’s use of Copitrack as a metatag and would have continued to suffer in the absence
of an injunction. This damage would have constituted irreparable harm for which Promatek
had no adequate remedy. Because of the difficulty in assessing the damages associated with
a loss of goodwill, the district court was correct in finding that Promatek lacked an
adequate remedy at law.
3. Balancing of the harms
The final factor we must consider is the balance of harms—the irreparable harm Equitrac
will suffer if the injunction is enforced weighed against the irreparable harm Promatek will
suffer if it is not. We must also consider the effect the injunction will have on the public. We
review a district court’s balancing of the harms for an abuse of discretion.
214.
In finding that the harm to Promatek as a result of denying the injunction outweighed the
harm to Equitrac in granting it, the district court found, and we agree, that without the
injunction, Equitrac would continue to attract consumers browsing the web by using
Promatek’s trademark, thereby acquiring goodwill that belongs to Promatek. In response,
Equitrac points out that even though it offers products for sale on its website, it has yet to
consummate a sale by this means. Furthermore, Equitrac claims that “consumers of
products and services provided by Equitrac and Promatek are sophisticated business people
who are not likely to be confused between Equitrac and Copitrak and are not likely to buy
based on a visit to a website.”
Although Equitrac claims that the language on its website is harmful because it alerts
consumers to Promatek’s website, it has not provided any evidence of customers it has lost
as a result of the remedial language. Indeed the remedial language on the website is more
informative than it is harmful. Equitrac’s speculative argument that Promatek may gain a
competitive advantage by inclusion of the remedial language is rejected. As to the public
interest, because the injunction prevents consumer confusion in the marketplace, the public
interest will be served as well. Accordingly, the strong likelihood of consumer confusion
weighs strongly in favor of issuing the injunction, and the district court did not abuse its
discretion in finding this to be the case.
B. No evidentiary hearing was needed….
Equitrac claims that the court should not have issued the preliminary injunction without a
hearing. Specifically, Equitrac argues that because the court failed to find, and did not
receive evidence to contradict, Equitrac’s position that it was entitled to advertise that it
was capable of servicing Copitrak equipment, Promatek’s motion for a preliminary
injunction should have been denied. Equitrac’s argument misses the point. What is relevant
to the preliminary injunction is not that Equitrac may advertise that it is capable of
servicing Copitrak. Equitrac is free to do so; it is also free to place comparison claims on its
website, or include press releases involving the litigation between Equitrac and Promatek.
It is Equitrac’s use of the term Copitrack in its metatag that is a prohibited practice because
of its potential for customer confusion. [Editor’s note: regarding this italicized language, see
below] Because Equitrac failed to demonstrate that its evidence would weaken Promatek’s
case, an evidentiary hearing was not necessary….
Promatek Industries, Ltd. v. Equitrac Corp., October 18, 2002 Amendment
The slip opinion of this Court issued on 8/13/02 is hereby amended as follows: On page 9,
the second-to-last sentence of the first paragraph (beginning “It is Equitrac’s use of the
term...”) should be removed and replaced with the following: “The problem here is not that
Equitrac, which repairs Promatek products, used Promatek’s trademark in its metatag, but
that it used that trademark in a way calculated to deceive consumers into thinking that
Equitrac was Promatek. Id.” Immediately following the sentence to be inserted above, the
following footnote should be inserted: “It is not the case that trademarks can never appear
in metatags, but that they may only do so where a legitimate use of the trademark is being
made.”
215.
NOTES AND QUESTIONS
Screen Shots. The Equitrac home page from May 2002—missing a few graphical elements,
but showing the disclaimer:
216.
Google’s 2001 search results for “Copitrak”:
Google’s 2001 search results for “Copitrack”:
217.
Who Won This Case? Think carefully about the parties’ stated objectives. We know
Promatek won the appellate ruling, but which party do you think better fulfilled its
apparent business objectives?
Non-Deceptive Metatag Usage? The court says that Equitrac loses because “it used that
trademark in a way calculated to deceive consumers into thinking that Equitrac was
Promatek.” How, exactly, did Equitrac’s use of the keyword metatags satisfy this standard?
For many years, courts routinely held that including a third party trademark in the
website’s metatags was per se infringing. In addition to the Promatek case, other federal
appellate cases supporting this proposition include Venture Tape Corp. v. McGills Glass
Warehouse. 540 F.3d 56 (1st Cir. 2008) and North American Medical Corp. v. Axiom
Worldwide, Inc. 522 F.3d 1211 (11th Cir. 2008).
Over time, courts questioned this outcome as it became clearer that search engines
generally ignore keyword metatags. See, e.g., Southern Snow Mfg. Inc. v. Sno Wizards
Holdings, Inc., 2011 WL 601639 (E.D. La. 2011); Sazerac Brands LLC v. Peristyle
LLC, 2017 WL 4558022 (E.D. Ky. 2017) (“Sazerac fails to explain why metatags should still
form the basis for Lanham Act liability in light of major search engines' change in policy”).
Still, even years after keyword metatags have become technologically irrelevant, courts
encountering keyword metatags can overreact. See adidas America, Inc. v. Skechers USA,
Inc., 890 F.3d 747 (9th Cir. 2018) (competitor’s use of keyword metatags created an
“inference” of an intent to confuse consumers).
218.
Keyword advertising generates tens of billions of dollars of revenue each year. There has
been particular angst about competitive keyword advertising, when a company buys the
trademark of its rival as a trigger to show its ads. The following ruling effectively confirmed
the legality of competitive keyword advertising.
Network Automation, Inc. v. Advanced Systems Concepts, Inc., 638 F.3d 1137 (9th
Cir. 2011)
“We must be acutely aware of excessive rigidity when applying the law in the
Internet context; emerging technologies require a flexible approach.”
Brookfield Commc’ns, Inc. v. West Coast Entm’t Corp., 174 F.3d 1036, 1054
(9th Cir. 1999).
Network Automation (“Network”) and Advanced Systems Concepts (“Systems”) are both in
the business of selling job scheduling and management software, and both advertise on the
Internet. Network sells its software under the mark AutoMate, while Systems’ product is
sold under the registered trademark ActiveBatch. Network decided to advertise its product
by purchasing certain keywords, such as “ActiveBatch,” which when keyed into various
search engines, most prominently Google and Microsoft Bing, produce a results page
showing “www.NetworkAutomation.com” as a sponsored link. Systems’ objection to
Network’s use of its trademark to interest viewers in Network’s website gave rise to this
trademark infringement action.
The district court was confronted with the question whether Network’s use of ActiveBatch
to advertise its products was a clever and legitimate use of readily available technology,
such as Google’s AdWords, or a likely violation of the Lanham Act, 15 U.S.C. § 1114. The
court found a likelihood of initial interest confusion by applying the eight factors we
established more than three decades ago in AMF Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th
Cir. 1979), and reasoning that the three most important factors in “cases involving the
Internet” are (1) the similarity of the marks; (2) the relatedness of the goods; and (3) the
marketing channel used. The court therefore issued a preliminary injunction against
Network’s use of the mark ActiveBatch.
Mindful that the sine qua non of trademark infringement is consumer confusion, and that
the Sleekcraft factors are but a nonexhaustive list of factors relevant to determining the
likelihood of consumer confusion, we conclude that Systems’ showing of a likelihood of
confusion was insufficient to support injunctive relief. Therefore, we vacate the injunction
and reverse and remand.
I. FACTUAL AND PROCEDURAL BACKGROUND
Systems is a software engineering and consulting firm founded in 1981. It has used the
ActiveBatch trademark since 2000, and it procured federal registration of the mark in 2001.
Systems markets ActiveBatch software to businesses, which use the product to centralize
and manage disparate tasks. Network is a software company founded in 1997 under the
name Unisyn. Its signature product, AutoMate, also provides businesses with job
scheduling, event monitoring, and related services. Network has approximately 15,000 total
customers, and between 4,000 and 5,000 active customers, including Fortune 500
219.
companies and mid-sized and small firms. The cost of a license to use AutoMate typically
ranges from $995 to $10,995. There is no dispute that Network and Systems are direct
competitors, or that ActiveBatch and AutoMate are directly competing products.
Google AdWords is a program through which the search engine sells “keywords,” or search
terms that trigger the display of a sponsor’s advertisement. When a user enters a keyword,
Google displays the links generated by its own algorithm in the main part of the page, along
with the advertisements in a separate “sponsored links” section next to or above the
objective results. Multiple advertisers can purchase the same keyword, and Google charges
sponsors based on the number of times users click on an ad to travel from the search results
page to the advertiser’s own website. Network purchased “ActiveBatch” as a keyword from
Google AdWords and a comparable program offered by Microsoft’s Bing search engine.
As a result, consumers searching for business software who enter “ActiveBatch” as a search
term would locate a results page where the top objective results are links to Systems’ own
website and various articles about the product. In the “Sponsored Links” or “Sponsored
Sites” section of the page, above or to the right of the regular results, users see Network’s
advertisement, either alone or alongside Systems’ own sponsored link. The text of
Network’s advertisements begin with phrases such as “Job Scheduler,” “Intuitive Job
Scheduler,” or “Batch Job Scheduling,” and end with the company’s web site address,
www.NetworkAutomation.com. The middle line reads: “Windows Job Scheduling + Much
More. Easy to Deploy, Scalable. D/L Trial.”
220.
[Screenshot from the court’s opinion—apologies for the poor resolution]
221.
[Screenshot taken March 17, 2011]
On November 16, 2009, Systems demanded that Network cease and desist from using the
ActiveBatch mark in its search engine advertising, as it was not “authorized to use these
marks in commerce.” In a second letter, Systems explained that Network’s use of
ActiveBatch in its Google AdWords keyword advertising infringed Systems’ trademark
rights by deceiving customers into believing that Network’s software products were
affiliated with Systems’ products. Systems threatened litigation unless Network
immediately ceased all use of Systems’ mark, including removing the mark from the Google
AdWords Program. Network responded that its use of the ActiveBatch mark was non-
infringing as a matter of law, and filed this lawsuit seeking a declaratory judgment of non-
infringement. Systems counterclaimed on February 22, 2010, alleging trademark
infringement under the Lanham Act, 15 U.S.C. § 1114(1), and moved for a preliminary
injunction against Network’s use of the ActiveBatch mark pending trial.
The district court granted injunctive relief on April 30, 2010. Noting that the parties did not
dispute the validity or ownership of the ActiveBatch mark, the district court ruled that
Systems was likely to succeed in satisfying the Lanham Act’s “use in commerce”
requirement by showing that Network “used” the mark when it purchased advertisements
from search engines triggered by the term “ActiveBatch.” Applying the eight-factor
Sleekcraft test for source confusion, the district court emphasized three factors it viewed as
222.
significant for “cases involving the Internet”: the similarity of the marks, relatedness of the
goods or services, and simultaneous use of the Web as a marketing channel. The district
court concluded that all three factors favored Systems: Network used the identical mark to
sell a directly competing product, and both advertised on the Internet.
The district court also concluded that Systems’ mark was strong because, as a federally
registered trademark, ActiveBatch is presumptively distinctive. It concluded that the
degree of consumer care suggested likely confusion because “there is generally a low degree
of care exercised by Internet consumers.” Moreover, Network intentionally used Systems’
mark to advertise its own product. Finally, the district court noted that neither party
introduced evidence of actual confusion, and that the likelihood of product expansion was
not relevant.
The district court also analyzed whether Network infringed Systems’ mark by creating
initial interest confusion—as opposed to source confusion—which “occurs when the
defendant uses the plaintiff’s trademark in a manner calculated to capture initial consumer
attention, even though no actual sale is finally completed as a result of the confusion.”
Because the district court found that Network’s advertisements did not clearly divulge their
source, it concluded that consumers might be confused into unwittingly visiting Network’s
website, allowing the company to “impermissibly capitalize[] on [Systems’] goodwill.”
Based on its analysis of the Sleekcraft factors and its finding of likely initial interest
confusion, the district court concluded that Systems had a strong likelihood of success on
the merits of its trademark infringement claim. It then presumed a likelihood of irreparable
harm, and concluded that the balance of hardships and the public interest favored Systems.
Following entry of the preliminary injunction, Network timely appealed….
III. DISCUSSION…
To prevail on a claim of trademark infringement under the Lanham Act, 15 U.S.C. § 1114, a
party “must prove: (1) that it has a protectible ownership interest in the mark; and (2) that
the defendant’s use of the mark is likely to cause consumer confusion.”
Network does not contest the ownership or its use of the mark. We note that the district
court correctly found the prerequisite “use in commerce” in Network’s use of the mark to
purchase keywords to advertise its products for sale on the Internet. Previously we have
assumed, without expressly deciding, that the use of a trademark as a search engine
keyword that triggers the display of a competitor’s advertisement is a “use in commerce”
under the Lanham Act. See Playboy Enters., Inc. v. Netscape Commc’ns Corp., 354 F.3d
1020, 1024 (9th Cir. 2004); Brookfield, 174 F.3d at 1053. We now agree with the Second
Circuit that such use is a “use in commerce” under the Lanham Act. See Rescuecom Corp.
v. Google Inc., 562 F.3d 123, 127 (2d Cir. 2009) (holding that Google’s sale of trademarks as
search engine keywords is a use in commerce); see also J. THOMAS MCCARTHY, MCCARTHY
ON TRADEMARKS & UNFAIR COMPETITION §§ 23:11.50, 25:70:25 (4th ed. 2010) (suggesting
that cases taking a more restrictive view of “use” in this context are based on an erroneous
interpretation of the Lanham Act).
This case, therefore, turns on whether Network’s use of Systems’ trademark is likely to
cause consumer confusion. Network argues that its use of Systems’ mark is legitimate
223.
“comparative, contextual advertising” which presents sophisticated consumers with clear
choices. Systems characterizes Network’s behavior differently, accusing it of misleading
consumers by hijacking their attention with intentionally unclear advertisements. To
resolve this dispute we must apply the Sleekcraft test in a flexible manner, keeping in mind
that the eight factors it recited are not exhaustive, and that only some of them are relevant
to determining whether confusion is likely in the case at hand.
A.
In Sleekcraft, we…identified eight “relevant” factors for determining whether consumers
would likely be confused by related goods: “[1] strength of the mark; [2] proximity of the
goods; [3] similarity of the marks; [4] evidence of actual confusion; [5] marketing channels
used; [6] type of goods and the degree of care likely to be exercised by the purchaser; [7]
defendant’s intent in selecting the mark; and [8] likelihood of expansion of the product
lines.” We also noted that “the list is not exhaustive,” and that “[o]ther variables may come
into play depending on the particular facts presented.”
The Sleekcraft factors are intended as an adaptable proxy for consumer confusion, not a
rote checklist. See, e.g., Fortune Dynamic, Inc. v. Victoria’s Secret Stores Brand Mgmt.,
Inc., 618 F.3d 1025, 1030 (9th Cir. 2010) (“This eight-factor analysis is ‘pliant,’ illustrative
rather than exhaustive, and best understood as simply providing helpful guideposts.”);
Dreamwerks Prod. Grp., Inc. v. SKG Studio, 142 F.3d 1127, 1129 (9th Cir. 1998) (“The
factors should not be rigidly weighed; we do not count beans.”); Eclipse Assoc. Ltd. v. Data
Gen. Corp., 894 F.2d 1114, 1118 (9th Cir. 1990) (“These tests were not meant to be
requirements or hoops that a district court need jump through to make the
determination.”).
When we first confronted issues of trademark infringement and consumer confusion in the
Internet context over a decade ago in Brookfield, we noted that “[w]e must be acutely aware
of excessive rigidity when applying the law in the Internet context; emerging technologies
require a flexible approach.”… There, Brookfield, a software company, marketed an
entertainment database program under the mark MovieBuff. It sold the software, and
offered access to the database, on its website, moviebuffonline.com. West Coast, a video
retailer, had registered the mark The Movie Buff’s Movie Store. West Coast operated a
website using the domain name moviebuff.com, which included a film database that
competed with Brookfield’s product.
We held that Brookfield was likely to succeed in its claim to be the senior user of
MovieBuff, and that there was a likelihood of source confusion stemming from West Coast’s
use of the mark in its domain name. “Heeding our repeated warnings against simply
launching into a mechanical application of the eight-factor Sleekcraft test,” we determined
that three of the eight factors were the most important in analyzing source confusion in the
context of Internet domain names: (1) the similarity of the marks; (2) the relatedness of the
goods and services offered; and (3) the simultaneous use of the Internet as a marketing
channel. Reasoning that the two marks were virtually identical in terms of sight, sound and
meaning, that West Coast and Brookfield both offered products and services relating to
movies, and that they both used the Web as a marketing and advertising device, we
concluded that consumer confusion was likely, particularly given the nature of the
224.
consumers at issue, who included casual movie watchers unlikely to realize that they had
mistakenly clicked on to West Coast’s site when they had intended to reach Brookfield’s.
Brookfield also asserted that West Coast infringed its mark by causing initial interest
confusion because it had included MovieBuff in its “metatags,” code not visible to web users
embedded in a website to attract search engines seeking a corresponding keyword.3
Although were we to apply the same analysis in the metatags context as we did in the
domain name context, we would easily reach the same conclusion as to each of the factors
(with the possible exception of purchaser care), we declined to do so, reasoning that the
“question in the metatags context is quite different.” In the metatags context, the question
was whether West Coast could use the mark MovieBuff in the metatags of its website to
attract search engines to locate its site when the keyword “MovieBuff” was entered, a
question analogous to the issue presented here. As in the domain name context, the degree
of care and sophistication of the consumer was a key factor, although the outcome differed.
We did not find a likelihood of source confusion because the results list from a search for
“MovieBuff” would result in a list that included both Brookfield’s and West Coast’s
websites, and if the consumer clicked on West Coast’s site its own name was “prominently
display[ed].” Thus a consumer was much less likely to be confused about which site he was
viewing.
Finding no source confusion, we nonetheless concluded that West Coast’s use of MovieBuff
in its metatags was likely to cause initial interest confusion. That is, by using Brookfield’s
mark MovieBuff to direct persons searching for Brookfield’s product to the West Coast site,
West Coast derived an improper benefit from the goodwill Brookfield developed in its mark.
Five years later in Playboy, we considered the practice of “keying”—another situation
analogous to that here. Netscape operated a search engine that offered an early version of a
keyword advertising program. It sold lists of terms to sponsors, and when users searched
for the keywords on the list, the sponsor’s advertisement would be displayed on the results
page. Netscape required its advertisers from the adult entertainment industry to link their
ads to one such list that contained more than 400 terms, including trademarks held by
Playboy. Playboy sued, contending that this practice infringed its trademarks in violation of
the Lanham Act. The district court entered summary judgment in favor of Netscape.
We reversed, holding that summary judgment was inappropriate because genuine issues of
material fact existed as to whether Netscape’s keying practices constituted actionable
infringement. Following Brookfield, we analyzed the keying issue in terms of initial interest
confusion, “find[ing] insufficient evidence to defeat summary judgment on any other
theory.” Playboy claimed that Netscape “misappropriated the goodwill of [its] marks by
leading Internet users to competitors’ websites just as West Coast ... misappropriated the
goodwill of Brookfield’s mark.” In framing the initial interest confusion inquiry, we stressed
that Playboy’s infringement claim relied on the fact that the linked banner advertisements
were “unlabeled,” and were, therefore, more likely to mislead consumers into believing they
had followed a link to Playboy’s own website.
3 Modern search engines such as Google no longer use metatags. Instead they rely on their own algorithms to
find websites.
225.
In Playboy, as in Brookfield, we applied the Sleekcraft test flexibly, determining that
evidence of actual confusion was the most important factor. Playboy had introduced an
expert study showing that a “statistically significant number” of Internet users searching
for the terms “playboy” and “playmate” would think that Playboy itself sponsored the
banner advertisements which appeared on the search results page. We noted that this
study “alone probably suffices to reverse the grant of summary judgment,” but we
nonetheless analyzed other relevant Sleekcraft factors. As to the strength of the mark, we
credited Playboy’s expert reports showing it had created strong secondary meanings for
“playboy” and “playmate.” This suggested that consumers who entered these terms were
likely searching for Playboy’s products in particular. Analyzing the nature of the goods and
consumer, we “presume[d] that the average searcher seeking adult-oriented materials on
the Internet is easily diverted from a specific product he or she is seeking if other options,
particularly graphic ones, appear more quickly.” We concluded that there were genuine
issues of material fact with respect to whether consumers were likely to be confused by
Netscape’s keying practices.
Concurring, Judge Berzon was struck by how analytically similar the keyed advertisements
in Playboy were to the infringing metatags in Brookfield. We agree, and also find similarity
to the use of the keyword “ActiveBatch” in this case. Judge Berzon cautioned that a broad
reading of Brookfield’s metatags holding could result in a finding of initial interest
confusion “when a consumer is never confused as to source or affiliation, but instead knows,
or should know, from the outset that a product or web link is not related to that of the
trademark holder because the list produced by the search engine so informs him.” She
clarified that the Playboy panel’s holding was limited to “situations in which the banner
advertisements are not labeled or identified.”
Judge Berzon analogized the experience of browsing clearly labeled keyword
advertisements to shopping at Macy’s, explaining that if a shopper en route to the Calvin
Klein section is diverted by a prominently displayed Charter Club (Macy’s own brand)
collection and never reaches the Calvin Klein collection, it could not be said that Macy’s had
infringed on Calvin Klein’s trademark by diverting the customer to it with a clearly labeled,
but more prominent display. Therefore, it would be wrong to expand the initial interest
confusion theory of infringement beyond the realm of the misleading and deceptive to the
context of legitimate comparative and contextual advertising.
B.
Here we consider whether the use of another’s trademark as a search engine keyword to
trigger one’s own product advertisement violates the Lanham Act. We begin by examining
the Sleekcraft factors that are most relevant to the determination whether the use is likely
to cause initial interest confusion.4 While the district court analyzed each of the Sleekcraft
factors, it identified the three most important factors as (1) the similarity of the marks, (2)
the relatedness of the goods or services, and (3) the simultaneous use of the Web as a
marketing channel, for any case addressing trademark infringement on the Internet….
However, we did not intend Brookfield to be read so expansively as to forever enshrine
these three factors—now often referred to as the “Internet trinity” or “Internet troika”—as
4 Systems’ argument rests only on the theory of initial interest confusion. It does not argue source confusion.
226.
the test for trademark infringement on the Internet. Brookfield was the first to present a
claim of initial interest confusion on the Internet; we recognized at the time it would not be
the last, and so emphasized flexibility over rigidity. Depending on the facts of each specific
case arising on the Internet, other factors may emerge as more illuminating on the question
of consumer confusion. In Brookfield, we used the “troika” factors to analyze the risk of
source confusion generated by similar domain names, but we did not wholesale adopt them
in the metatag analysis. Subsequent courts similarly have found the “troika” helpful to
resolve disputes involving websites with similar names or appearances. The leading
trademark treatise correctly explains that the “troika” analysis “is appropriate for domain
name disputes.”
Given the multifaceted nature of the Internet and the ever-expanding ways in which we all
use the technology, however, it makes no sense to prioritize the same three factors for every
type of potential online commercial activity. The “troika” is a particularly poor fit for the
question presented here. The potential infringement in this context arises from the risk
that while using Systems’ mark to search for information about its product, a consumer
might be confused by a results page that shows a competitor’s advertisement on the same
screen, when that advertisement does not clearly identify the source or its product.
In determining the proper inquiry for this particular trademark infringement claim, we
adhere to two long stated principles: the Sleekcraft factors (1) are non-exhaustive, and (2)
should be applied flexibly, particularly in the context of Internet commerce. Finally,
because the sine qua non of trademark infringement is consumer confusion, when we
examine initial interest confusion, the owner of the mark must demonstrate likely
confusion, not mere diversion.
We turn to an examination of each Sleekcraft factor to analyze whether there is a likelihood
of consumer confusion in this case, assigning each factor appropriate weight in accordance
with its relevance to the factual circumstances presented here.
1. Strength of the Mark
“The stronger a mark—meaning the more likely it is to be remembered and associated in
the public mind with the mark’s owner—the greater the protection it is accorded by the
trademark laws.” Two relevant measurements are conceptual strength and commercial
strength. Conceptual strength involves classification of a mark “along a spectrum of
generally increasing inherent distinctiveness as generic, descriptive, suggestive, arbitrary,
or fanciful.” “A mark’s conceptual strength depends largely on the obviousness of its
connection to the good or service to which it refers.” Federal trademark “[r]egistration alone
may be sufficient in an appropriate case to satisfy a determination of distinctiveness.”
However, “while the registration adds something on the scales, we must come to grips with
an assessment of the mark itself.” Commercial strength is based on “actual marketplace
recognition,” and thus “advertising expenditures can transform a suggestive mark into a
strong mark.”
This factor is probative of confusion here because a consumer searching for a generic term
is more likely to be searching for a product category. See [Brookfield] at 1058 n. 19
(“Generic terms are those used by the public to refer generally to the product rather than a
particular brand of the product.”). That consumer is more likely to expect to encounter links
227.
and advertisements from a variety of sources. By contrast, a user searching for a distinctive
term is more likely to be looking for a particular product, and therefore could be more
susceptible to confusion when sponsored links appear that advertise a similar product from
a different source. On the other hand, if the ordinary consumers of this particular product
are particularly sophisticated and knowledgeable, they might also be aware that Systems is
the source of ActiveBatch software and not be confused at all.
The district court acknowledged that the parties failed to address the strength of the mark,
but it concluded that the factor favors Systems. It reasoned that ActiveBatch is a suggestive
mark because it “requires a mental leap from the mark to the product,” and as a registered
trademark it is “inherently distinctive.” We agree. Because the mark is both Systems’
product name and a suggestive federally registered trademark, consumers searching for the
term are presumably looking for its specific product, and not a category of goods.
Nonetheless, that may not be the end of the inquiry about this factor, as the sophistication
of the consumers of the product may also play a role. The district court properly declined to
consider commercial strength, which, as an evidence-intensive inquiry, is unnecessary at
the preliminary injunction stage.
2. Proximity of the Goods
“Related goods are generally more likely than unrelated goods to confuse the public as to
the producers of the goods.” “[T]he danger presented is that the public will mistakenly
assume there is an association between the producers of the related goods, though no such
association exists.” The proximity of goods is measured by whether the products are: (1)
complementary; (2) sold to the same class of purchasers; and (3) similar in use and function.
The proximity of the goods was relevant in Playboy, where unsophisticated consumers were
confronted with unlabeled banner advertisements that touted adult-oriented material very
similar to Playboy’s own products. There, we concluded that under the circumstances, the
relatedness of the goods bolstered the likelihood of confusion, and therefore favored
Playboy. However, the proximity of the goods would become less important if
advertisements are clearly labeled or consumers exercise a high degree of care, because
rather than being misled, the consumer would merely be confronted with choices among
similar products. Id. at 1035 (Berzon, J., concurring) (“[S]uch choices do not constitute
trademark infringement off the internet, and I cannot understand why they should on the
internet.”).
Because the products at issue here are virtually interchangeable, this factor may be helpful,
but it must be considered in conjunction with the labeling and appearance of the
advertisements and the degree of care exercised by the consumers of the ActiveBatch
software. By weighing this factor in isolation and failing to consider whether the parties’
status as direct competitors would actually lead to a likelihood of confusion, the district
court allowed this factor to weigh too heavily in the analysis.
3. Similarity of the Marks
“[T]he more similar the marks in terms of appearance, sound, and meaning, the greater the
likelihood of confusion.” “Where the two marks are entirely dissimilar, there is no likelihood
228.
of confusion.” “Similarity of the marks is tested on three levels: sight, sound, and meaning.
Each must be considered as they are encountered in the marketplace.”
In Sleekcraft, we concluded that the marks “Sleekcraft” and “Slickcraft” were similar in
terms of sight, sound, and meaning by examining the actual situations in which consumers
were likely to read, hear, and consider the meaning of the terms. Such an inquiry is
impossible here where the consumer does not confront two distinct trademarks. Rather,
after entering one company’s mark as a search term, the consumer sees a competitor’s
sponsored link that displays neither company’s trademarks. The district court erroneously
treated “ActiveBatch,” the keyword purchased by Network, as conceptually separate from
ActiveBatch the trademark owned by Systems. This is an artificial distinction that does not
reflect what consumers “encountered in the marketplace.” Again, however, because the
consumer keys in Systems’ trademark, which results in Network’s sponsored link,
depending on the labeling and appearance of the advertisement, including whether it
identifies Network’s own mark, and the degree of care and sophistication of the consumer,
it could be helpful in determining initial interest confusion.
4. Evidence of Actual Confusion
“[A] showing of actual confusion among significant numbers of consumers provides strong
support for the likelihood of confusion.” However, “actual confusion is not necessary to a
finding of likelihood of confusion under the Lanham Act.” Indeed, “[p]roving actual
confusion is difficult ... and the courts have often discounted such evidence because it was
unclear or insubstantial.”
In Playboy, the expert report showing a significant number of users were confused by the
keying practice at issue was strong evidence that Playboy’s infringement claim should be
allowed to proceed. Playboy, however, was decided at the summary judgment stage,
whereas here we examine a sparse record supporting preliminary injunctive relief. As the
district court noted, neither Network nor Systems provided evidence regarding actual
confusion, which is not surprising given the procedural posture. Therefore, while this is a
relevant factor for determining the likelihood of confusion in keyword advertising cases, its
importance is diminished at the preliminary injunction stage of the proceedings. The
district court correctly concluded that this factor should be accorded no weight.
5. Marketing Channels
“Convergent marketing channels increase the likelihood of confusion.” In Sleekcraft, the
two products were sold in niche marketplaces, including boat shows, specialty retail outlets,
and trade magazines. However, this factor becomes less important when the marketing
channel is less obscure. Today, it would be the rare commercial retailer that did not
advertise online, and the shared use of a ubiquitous marketing channel does not shed much
light on the likelihood of consumer confusion. See Playboy, 354 F.3d at 1028 (“Given the
broad use of the Internet today, the same could be said for countless companies. Thus, this
factor merits little weight.”).
Therefore, the district court’s determination that because both parties advertise on the
Internet this factor weighed in favor of Systems was incorrect.
229.
6. Type of Goods and Degree of Care
“Low consumer care ... increases the likelihood of confusion.” “In assessing the likelihood of
confusion to the public, the standard used by the courts is the typical buyer exercising
ordinary caution.... When the buyer has expertise in the field, a higher standard is proper
though it will not preclude a finding that confusion is likely. Similarly, when the goods are
expensive, the buyer can be expected to exercise greater care in his purchases; again,
though, confusion may still be likely.”
The nature of the goods and the type of consumer is highly relevant to determining the
likelihood of confusion in the keyword advertising context. A sophisticated consumer of
business software exercising a high degree of care is more likely to understand the
mechanics of Internet search engines and the nature of sponsored links, whereas an un-
savvy consumer exercising less care is more likely to be confused. The district court
determined that this factor weighed in Systems’ favor because “there is generally a low
degree of care exercised by Internet consumers.” However, the degree of care analysis
cannot begin and end at the marketing channel. We still must consider the nature and cost
of the goods, and whether “the products being sold are marketed primarily to expert
buyers.”
In Brookfield, the websites were visited by both sophisticated entertainment industry
professionals and amateur film fans, which supported the conclusion that at least some of
the consumers were likely to exercise a low degree of care. In Playboy, the relevant
consumer was looking for cheap, interchangeable adult-oriented material, which similarly
led to our court’s finding that the consumers at issue would exercise a low degree of care. In
both cases, we looked beyond the medium itself and to the nature of the particular goods
and the relevant consumers.
We have recently acknowledged that the default degree of consumer care is becoming more
heightened as the novelty of the Internet evaporates and online commerce becomes
commonplace. In Toyota Motor Sales v. Tabari, 610 F.3d 1171 (9th Cir. 2010), we vacated a
preliminary injunction that prohibited a pair of automobile brokers from using Toyota’s
“Lexus” mark in their domain names. We determined that it was unlikely that a reasonably
prudent consumer would be confused into believing that a domain name that included a
product name would necessarily have a formal affiliation with the maker of the product, as
“[c]onsumers who use the internet for shopping are generally quite sophisticated about such
matters.” The Tabari panel reasoned,
[I]n the age of FIOS, cable modems, DSL and T1 lines, reasonable, prudent
and experienced internet consumers are accustomed to such exploration by
trial and error. They skip from site to site, ready to hit the back button
whenever they’re not satisfied with a site’s contents. They fully expect to find
some sites that aren’t what they imagine based on a glance at the domain
name or search engine summary. Outside the special case of ... domains that
actively claim affiliation with the trademark holder, consumers don’t form
any firm expectations about the sponsorship of a website until they’ve seen
the landing page—if then.
230.
We further explained that we expect consumers searching for expensive products online to
be even more sophisticated. Id. at 1176 (“Unreasonable, imprudent and inexperienced web-
shoppers are not relevant.”).
Therefore the district court improperly concluded that this factor weighed in Systems’ favor
based on a conclusion reached by our court more than a decade ago in Brookfield and
GoTo.com that Internet users on the whole exercise a low degree of care. While the
statement may have been accurate then, we suspect that there are many contexts in which
it no longer holds true.
7. Defendant’s Intent
“When the alleged infringer knowingly adopts a mark similar to another’s, reviewing courts
presume that the defendant can accomplish his purpose: that is, that the public will be
deceived.” Nevertheless, we have also “recognized that liability for infringement may not be
imposed for using a registered trademark in connection with truthful comparative
advertising.”
Therefore, much like the proximity of the goods, the defendant’s intent may be relevant
here, but only insofar as it bolsters a finding that the use of the trademark serves to
mislead consumers rather than truthfully inform them of their choice of products. The
district court incorrectly considered the intent factor in isolation, and concluded that it
weighed in Systems’ favor without first determining that Network intended to deceive
consumers rather than compare its product to ActiveBatch.
8. Likelihood of Expansion of the Product Lines
“Inasmuch as a trademark owner is afforded greater protection against competing goods, a
‘strong possibility’ that either party may expand his business to compete with the other will
weigh in favor of finding that the present use is infringing. When goods are closely related,
any expansion is likely to result in direct competition.” Where two companies are direct
competitors, this factor is unimportant. Therefore, the district court correctly declined to
consider the likelihood of expansion.
9. Other Relevant Factors
The eight Sleekcraft factors are “not exhaustive. Other variables may come into play
depending on the particular facts presented.” In the keyword advertising context the
“likelihood of confusion will ultimately turn on what the consumer saw on the screen and
reasonably believed, given the context.” Hearts on Fire Co. v. Blue Nile, Inc., 603 F. Supp.
2d 274, 289 (D. Mass. 2009).6 In Playboy, we found it important that the consumers saw
banner advertisements that were “confusingly labeled or not labeled at all.” We noted that
6 The Hearts on Fire court identified a new seven-factor test to determine whether there is a likelihood of
consumer confusion arising from a firm’s use of a competitor’s trademark as a search engine keyword triggering
its own sponsored links. Network urges us to adopt the Hearts on Fire factors. While we agree that the
decision’s reasoning is useful, we decline to add another multi-factor test to the extant eight-factor Sleekcraft
test.
231.
clear labeling “might eliminate the likelihood of initial interest confusion that exists in this
case.”
The appearance of the advertisements and their surrounding context on the user’s screen
are similarly important here. The district court correctly examined the text of Network’s
sponsored links, concluding that the advertisements did not clearly identify their source.
However, the district court did not consider the surrounding context. In Playboy, we also
found it important that Netscape’s search engine did not clearly segregate the sponsored
advertisements from the objective results. Here, even if Network has not clearly identified
itself in the text of its ads, Google and Bing have partitioned their search results pages so
that the advertisements appear in separately labeled sections for “sponsored” links. The
labeling and appearance of the advertisements as they appear on the results page includes
more than the text of the advertisement, and must be considered as a whole.
C.
Given the nature of the alleged infringement here, the most relevant factors to the analysis
of the likelihood of confusion are: (1) the strength of the mark; (2) the evidence of actual
confusion; (3) the type of goods and degree of care likely to be exercised by the purchaser;
and (4) the labeling and appearance of the advertisements and the surrounding context on
the screen displaying the results page.
The district court did not weigh the Sleekcraft factors flexibly to match the specific facts of
this case. It relied on the Internet “troika,” which is highly illuminating in the context of
domain names, but which fails to discern whether there is a likelihood of confusion in a
keywords case. Because the linchpin of trademark infringement is consumer confusion, the
district court abused its discretion in issuing the injunction….
NOTES AND QUESTIONS
How Keyword Advertising Works. For a good summary of keyword advertising technology
and the efficacy of search ads, see In the Matter of 1-800 Contacts, Inc., FTC Docket No.
9372 (Oct. 27, 2017), https://www.ftc.gov/system/files/documents/cases/docket_9372_1-
800_contacts_inc._initial_decision_final_redacted_public_version.pdf (especially pages 21-
37).
Trademarks in Ad Copy. When the advertiser only purchases the trademark as the
keyword to display ads, but doesn’t reference the trademark in the ad copy, the advertiser
routinely wins any resulting trademark litigation:
apart from a single district court summary judgment decision from over ten
years ago, no court has found bidding on trademark keywords to constitute
trademark infringement, absent some additional factor, such as a misleading
use of the trademark in the ad text that confuses consumers as to the
advertisement’s source, sponsorship, or affiliation. Rather, “[c]ourts have
consistently rejected the notion that buying or creating internet search terms,
alone, is enough to raise a claim of trademark infringement”
In the Matter of 1-800 Contacts, Inc., 2018 WL 6078349 (FTC Docket #9372, Nov. 7, 2018).
232.
As this passage indicates, the legal analysis may be more complicated if the advertiser
references the trademark in the ad copy. Nevertheless, advertisers have had substantial
courtroom success in those cases as well.
If Consumers Search for a Brand, What Do They Expect to Get? The court says:
a consumer searching for a generic term is more likely to be searching for a
product category….That consumer is more likely to expect to encounter links
and advertisements from a variety of sources. By contrast, a user searching
for a distinctive term is more likely to be looking for a particular product, and
therefore could be more susceptible to confusion when sponsored links appear
that advertise a similar product from a different source.
Does this sound right to you? The court relied on its own intuition, not any empirical
studies of consumer search behavior. Unfortunately, this intuition is demonstrably false.
See Jeffrey P. Dotson et al, Brand Attitudes and Search Engine Queries, 37 J. INTERACTIVE
MARKETING 105 (2016):
there are many reasons a user might submit a brand search query. Users
who are shopping in a category are more likely to search for any brand in the
category; users are more likely to search for brands for which they hold
positive attitudes; users who own a brand are more likely to search for the
brand; and users who are category enthusiasts are more likely to search for
all brands in the category
See also Comphy Co. v. Amazon.com, Inc., 371 F. Supp. 3d 914 (W.D. Wash. 2019) (“use of
COMPHY as a search term does not necessarily indicate an intent to search for Plaintiff’s
products. This is true even in the more limited situation where COMPHY is used in
reference to bedding”); David J. Franklyn & David A. Hyman, Trademarks As Search
Engine Keywords: Much Ado About Something?, 26 HARV. J. L. & TECH. 481, 517 (2013)
(emphasis added):
We began by asking survey respondents who had searched for a particular
brand of product whether they were usually interested in finding information
about that brand, or whether they were also interested in getting information
about similar products from other brands. A near majority, 47%, of survey
respondents indicated they usually wanted information about the specific
brand they had searched for, while 31% usually wanted information
about similar products from other brands, and 22% had no preference.
What is “Initial Interest Confusion”? How did the Lamparello court define initial interest
confusion? How did Promatek, Brookfield and Network Automation? Although the
Brookfield definition is the most cited definition, there are dozens of definitions of the term
“initial interest confusion.”
Is the Initial Interest Confusion Doctrine Dying? Following the Network Automation case,
the initial interest confusion doctrine has waned substantially. For example, 1-800
233.
Contacts, Inc. v. Lens.com, Inc., 722 F.3d 1229 (10th Cir. 2013) is a keyword advertising
case where the trademark owner argued initial interest confusion. The Tenth Circuit said
that an ad’s click-through rate provides an upper bound on the amount of consumer
confusion created by the ad (i.e., assume that every click on the ad was a confused
consumer). Trademark law consistently says that a consumer confusion rate of less than
10% shows that the ads don’t create a likelihood of consumer confusion; and in the 1-800
Contacts case, the defendants’ ads generated a clickthrough rate of 1.5% or less, well below
the 10% threshold that evidences a lack of consumer confusion. As a result, the court said 1-
800 Contacts couldn’t show initial interest confusion.
Here’s the punchline: ads never have clickthrough rates anywhere close to 10%. Typically
clickthrough rates are in the 1-2% range. As a result, if other courts follow this clickthrough
rate-based approach, defendants should win every initial interest confusion claim based on
buying a competitor’s trademark for keyword advertising.
More generally, the “initial interest confusion” doctrine rarely appears in court opinions
any more, and it has contributed to a trademark owner’s win in only a handful of cases in
the past half-decade.
Internal Search Engines. Most keyword advertising cases involve general-purpose search
engines like Google. Do outcomes differ when a consumer searches for a third party
trademark in an e-commerce website’s internal search function? The Ninth Circuit
addressed this issue in Multi Time Machine, Inc. v. Amazon.com, Inc., 804 F. 3d 930 (9th
Cir. 2015) (this is the second panel opinion; it replaced an earlier withdrawn opinion).
MTM manufactures watches. It does not allow its watches to be sold on Amazon, and
Amazon has never sold any MTM watches. When Amazon customers searched for “mtm
special ops”, they saw a page like this:
234.
The court ruled for Amazon because:
Amazon is responding to a customer’s inquiry about a brand it does not carry
by doing no more than stating clearly (and showing pictures of) what brands
it does carry. To whatever extent the Sleekcraft factors apply in a case such
235.
as this – a merchant responding to a request for a particular brand it does
not sell by offering other brands clearly identified as such – the undisputed
evidence shows that confusion on the part of the inquiring buyer is not at all
likely. Not only are the other brands clearly labeled and accompanied by
photographs, there is no evidence of actual confusion by anyone.
Publicity Rights and Keyword Advertising. Habush v. Cannon, 346 Wis.2d 709 (Wis. App.
Ct. 2013), held that buying a person’s name (in that case, a rival lawyer) as a keyword for
competitive advertising didn’t violate the person’s publicity rights.
Is Suing Over Keyword Advertising Litigation a Good Business Decision? Trademark
owners have a poor track record in keyword advertising cases. Irrespective of the courtroom
result, the lawsuits often are economically irrational based on minimal financial
consequences of the defendant’s advertising. Consider one court’s summation (emphasis
added):
Apparently, Defendants bid on 14,057 keywords with their AdWords
accounts. The evidence shows that 14 (or 0.1%) included the word “bandago.”
Of those 14 AdWords, only three generated any clicks at all. Each of those
three keywords generated exactly one click. In other words, Defendants’ bids
on infringing keywords from November 2008 to April 2009 resulted in a total
of three visits to Defendants’ website. Even assuming all three visits were
from different users, that each would have rented from Bandago absent the
advertisements, and that each of those users proceeded to rent vans from
Defendants instead, Digby’s actual damages attributable to the
infringing AdWords must have been vanishingly small.
Digby Adler Group LLC v. Image Rent a Car, Inc., 79 F. Supp. 3d 1095 (N.D. Cal. 2015). It’s
in fact fairly common for keyword advertising lawsuits to have dubious economic stakes.
More examples:
Passport Health v. Avance Health: the advertiser got 41 clicks in 3 years.
800-JR Cigar v. GoTo.com: the search engine defendant generated $345 in revenue
(not profit, just revenue) from the litigated terms.
Control Solutions, Inc. v. MicroDAQ.com, Inc.: the advertiser made one sale for $305,
which the buyer subsequently returned.
InternetShopsInc.com v. Six C: the advertiser got 1,319 impressions, 35 clicks and
zero sales.
As a result, many trademark owners just avail themselves of any extra-judicial recourse
offered by keyword sellers, such as Google’s trademark policy for keyword ads, even if it
doesn’t provide full relief.
236.
The Internet makes markets more efficient, but that also helps purveyors of counterfeit
items reach consumers. The following case largely resolved the legal questions about
marketplace operator liability for user-caused trademark infringements. It remains the
flagship case on secondary trademark liability online.
Tiffany Inc. v. eBay, Inc., 600 F.3d 93 (2d Cir. 2010).
eBay, Inc. (“eBay”), through its eponymous online marketplace, has revolutionized the
online sale of goods, especially used goods. It has facilitated the buying and selling by
hundreds of millions of people and entities, to their benefit and eBay’s profit. But that
marketplace is sometimes employed by users as a means to perpetrate fraud by selling
counterfeit goods.
Plaintiffs Tiffany (NJ) Inc. and Tiffany and Company (together, “Tiffany”) have created and
cultivated a brand of jewelry bespeaking high-end quality and style. Based on Tiffany’s
concern that some use eBay’s website to sell counterfeit Tiffany merchandise, Tiffany has
instituted this action against eBay, asserting various causes of action—sounding in
trademark infringement, trademark dilution and false advertising—arising from eBay’s
advertising and listing practices. For the reasons set forth below, we affirm the district
court’s judgment with respect to Tiffany’s claims of trademark infringement and dilution
but remand for further proceedings with respect to Tiffany’s false advertising claim.
BACKGROUND…
eBay
eBay is the proprietor of www.ebay.com, an Internet-based marketplace that allows those
who register with it to purchase goods from and sell goods to one another. It “connect[s]
buyers and sellers and [] enable[s] transactions, which are carried out directly between
eBay members.” In its auction and listing services, it “provides the venue for the sale [of
goods] and support for the transaction[s], [but] it does not itself sell the items” listed for
sale on the site, nor does it ever take physical possession of them. Thus, “eBay generally
does not know whether or when an item is delivered to the buyer.”
eBay has been enormously successful. More than six million new listings are posted on its
site daily. At any given time it contains some 100 million listings.
eBay generates revenue by charging sellers to use its listing services. For any listing, it
charges an “insertion fee” based on the auction’s starting price for the goods being sold and
ranges from $0.20 to $4.80. For any completed sale, it charges a “final value fee” that
ranges from 5.25% to 10% of the final sale price of the item. Sellers have the option of
purchasing, at additional cost, features “to differentiate their listings, such as a border or
bold-faced type.”
eBay also generates revenue through a company named PayPal, which it owns and which
allows users to process their purchases. PayPal deducts, as a fee for each transaction that it
processes, 1.9% to 2.9% of the transaction amount, plus $0.30. This gives eBay an added
incentive to increase both the volume and the price of the goods sold on its website.
237.
Tiffany
Tiffany is a world-famous purveyor of, among other things, branded jewelry. Since 2000, all
new Tiffany jewelry sold in the United States has been available exclusively through
Tiffany’s retail stores, catalogs, and website, and through its Corporate Sales Department.
It does not use liquidators, sell overstock merchandise, or put its goods on sale at
discounted prices. It does not—nor can it, for that matter—control the “legitimate
secondary market in authentic Tiffany silvery jewelry,” i.e., the market for second-hand
Tiffany wares. The record developed at trial “offere[d] little basis from which to discern the
actual availability of authentic Tiffany silver jewelry in the secondary market.”
Sometime before 2004, Tiffany became aware that counterfeit Tiffany merchandise was
being sold on eBay’s site. Prior to and during the course of this litigation, Tiffany conducted
two surveys known as “Buying Programs,” one in 2004 and another in 2005, in an attempt
to assess the extent of this practice. Under those programs, Tiffany bought various items on
eBay and then inspected and evaluated them to determine how many were counterfeit.
Tiffany found that 73.1% of the purported Tiffany goods purchased in the 2004 Buying
Program and 75.5% of those purchased in the 2005 Buying Program were counterfeit. The
district court concluded, however, that the Buying Programs were “methodologically flawed
and of questionable value,” and “provide[d] limited evidence as to the total percentage of
counterfeit goods available on eBay at any given time.” The court nonetheless decided that
during the period in which the Buying Programs were in effect, a “significant portion of the
‘Tiffany’ sterling silver jewelry listed on the eBay website ... was counterfeit,” and that eBay
knew “that some portion of the Tiffany goods sold on its website might be counterfeit.” The
court found, however, that “a substantial number of authentic Tiffany goods are [also] sold
on eBay.”
Reducing or eliminating the sale of all second-hand Tiffany goods, including genuine
Tiffany pieces, through eBay’s website would benefit Tiffany in at least one sense: It would
diminish the competition in the market for genuine Tiffany merchandise. See id. at 510 n.
36 (noting that “there is at least some basis in the record for eBay’s assertion that one of
Tiffany’s goals in pursuing this litigation is to shut down the legitimate secondary market
in authentic Tiffany goods”). The immediate effect would be loss of revenue to eBay, even
though there might be a countervailing gain by eBay resulting from increased consumer
confidence about the bona fides of other goods sold through its website.
Anti-Counterfeiting Measures
Because eBay facilitates many sales of Tiffany goods, genuine and otherwise, and obtains
revenue on every transaction, it generates substantial revenues from the sale of purported
Tiffany goods, some of which are counterfeit. “eBay’s Jewelry & Watches category manager
estimated that, between April 2000 and June 2004, eBay earned $4.1 million in revenue
from completed listings with ‘Tiffany’ in the listing title in the Jewelry & Watches
category.” Although eBay was generating revenue from all sales of goods on its site,
including counterfeit goods, the district court found eBay to have “an interest in eliminating
counterfeit Tiffany merchandise from eBay ... to preserve the reputation of its website as a
safe place to do business.” The buyer of fake Tiffany goods might, if and when the forgery
was detected, fault eBay. Indeed, the district court found that “buyers ... complain[ed] to
eBay” about the sale of counterfeit Tiffany goods. “[D]uring the last six weeks of 2004, 125
consumers complained to eBay about purchasing ‘Tiffany’ items through the eBay website
that they believed to be counterfeit.”
238.
Because eBay “never saw or inspected the merchandise in the listings,” its ability to
determine whether a particular listing was for counterfeit goods was limited. Even had it
been able to inspect the goods, moreover, in many instances it likely would not have had the
expertise to determine whether they were counterfeit.
Notwithstanding these limitations, eBay spent “as much as $20 million each year on tools
to promote trust and safety on its website.” For example, eBay and PayPal set up “buyer
protection programs,” under which, in certain circumstances, the buyer would be
reimbursed for the cost of items purchased on eBay that were discovered not to be genuine.
eBay also established a “Trust and Safety” department, with some 4,000 employees
“devoted to trust and safety” issues, including over 200 who “focus exclusively on combating
infringement” and 70 who “work exclusively with law enforcement.”
By May 2002, eBay had implemented a “fraud engine,” “which is principally dedicated to
ferreting out illegal listings, including counterfeit listings.” eBay had theretofore employed
manual searches for keywords in listings in an effort to “identify blatant instances of
potentially infringing ... activity.” “The fraud engine uses rules and complex models that
automatically search for activity that violates eBay policies.” In addition to identifying
items actually advertised as counterfeit, the engine also incorporates various filters
designed to screen out less-obvious instances of counterfeiting using “data elements
designed to evaluate listings based on, for example, the seller’s Internet protocol address,
any issues associated with the seller’s account on eBay, and the feedback the seller has
received from other eBay users.” In addition to general filters, the fraud engine
incorporates “Tiffany-specific filters,” including “approximately 90 different keywords”
designed to help distinguish between genuine and counterfeit Tiffany goods. During the
period in dispute, eBay also “periodically conducted [manual] reviews of listings in an effort
to remove those that might be selling counterfeit goods, including Tiffany goods.”
For nearly a decade, including the period at issue, eBay has also maintained and
administered the “Verified Rights Owner (‘VeRO’) Program”—a “‘notice-and-takedown’
system” allowing owners of intellectual property rights, including Tiffany, to “report to
eBay any listing offering potentially infringing items, so that eBay could remove such
reported listings.” Any such rights-holder with a “good-faith belief that [a particular listed]
item infringed on a copyright or a trademark” could report the item to eBay, using a “Notice
Of Claimed Infringement form or NOCI form.” During the period under consideration,
eBay’s practice was to remove reported listings within twenty-four hours of receiving a
NOCI, but eBay in fact deleted seventy to eighty percent of them within twelve hours of
notification.
On receipt of a NOCI, if the auction or sale had not ended, eBay would, in addition to
removing the listing, cancel the bids and inform the seller of the reason for the cancellation.
If bidding had ended, eBay would retroactively cancel the transaction. In the event of a
cancelled auction, eBay would refund the fees it had been paid in connection with the
auction.
In some circumstances, eBay would reimburse the buyer for the cost of a purchased item,
provided the buyer presented evidence that the purchased item was counterfeit. During the
relevant time period, the district court found, eBay “never refused to remove a reported
239.
Tiffany listing, acted in good faith in responding to Tiffany’s NOCIs, and always provided
Tiffany with the seller’s contact information.”
In addition, eBay has allowed rights owners such as Tiffany to create an “About Me”
webpage on eBay’s website “to inform eBay users about their products, intellectual property
rights, and legal positions.” eBay does not exercise control over the content of those pages in
a manner material to the issues before us.
Tiffany, not eBay, maintains the Tiffany “About Me” page. With the headline “BUYER
BEWARE,” the page begins: “Most of the purported TIFFANY & CO. silver jewelry
and packaging available on eBay is counterfeit.” It also says, inter alia:
The only way you can be certain that you are purchasing a genuine TIFFANY
& CO. product is to purchase it from a Tiffany & Co. retail store, via our
website (www.tiffany.com) or through a Tiffany & Co. catalogue. Tiffany &
Co. stores do not authenticate merchandise. A good jeweler or appraiser may
be able to do this for you.
In 2003 or early 2004, eBay began to use “special warning messages when a seller
attempted to list a Tiffany item.” These messages “instructed the seller to make sure that
the item was authentic Tiffany merchandise and informed the seller that eBay ‘does not
tolerate the listing of replica, counterfeit, or otherwise unauthorized items’ and that
violation of this policy ‘could result in suspension of [the seller’s] account.’” The messages
also provided a link to Tiffany’s “About Me” page with its “buyer beware” disclaimer. If the
seller “continued to list an item despite the warning, the listing was flagged for review.”
In addition to cancelling particular suspicious transactions, eBay has also suspended from
its website “‘hundreds of thousands of sellers every year,’ tens of thousands of whom were
suspected [of] having engaged in infringing conduct.” eBay primarily employed a “‘three
strikes rule’” for suspensions, but would suspend sellers after the first violation if it was
clear that “the seller ‘listed a number of infringing items,’ and ‘[selling counterfeit
merchandise] appears to be the only thing they’ve come to eBay to do.’” But if “a seller
listed a potentially infringing item but appeared overall to be a legitimate seller, the
‘infringing items [were] taken down, and the seller [would] be sent a warning on the first
offense and given the educational information, [and] told that ... if they do this again, they
will be suspended from eBay.’”5
By late 2006, eBay had implemented additional anti-fraud measures: delaying the ability of
buyers to view listings of certain brand names, including Tiffany’s, for 6 to 12 hours so as to
give rights-holders such as Tiffany more time to review those listings; developing the ability
to assess the number of items listed in a given listing; and restricting one-day and three-
day auctions and cross-border trading for some brand-name items.
5 According to the district court, “eBay took appropriate steps to warn and then to suspend sellers when eBay
learned of potential trademark infringement under that seller’s account.” The district court concluded that it
was understandable that eBay did not have a “hard-and-fast, one-strike rule” of suspending sellers because a
NOCI “did not constitute a definitive finding that the listed item was counterfeit” and because “suspension was
a very serious matter, particularly to those sellers who relied on eBay for their livelihoods.” The district court
ultimately found eBay’s policy to be “appropriate and effective in preventing sellers from returning to eBay and
re-listing potentially counterfeit merchandise.”
240.
The district court concluded that “eBay consistently took steps to improve its technology
and develop anti-fraud measures as such measures became technologically feasible and
reasonably available.”
eBay’s Advertising
At the same time that eBay was attempting to reduce the sale of counterfeit items on its
website, it actively sought to promote sales of premium and branded jewelry, including
Tiffany merchandise, on its site. Among other things,
eBay “advised its sellers to take advantage of the demand for Tiffany
merchandise as part of a broader effort to grow the Jewelry & Watches
category.” And prior to 2003, eBay advertised the availability of Tiffany
merchandise on its site. eBay’s advertisements trumpeted “Mother’s Day
Gifts!,” a “Fall FASHION BRAND BLOWOUT,” “Jewelry Best Sellers,”
“GREAT BRANDS, GREAT PRICES,” or “Top Valentine’s Deals,” among
other promotions. It encouraged the viewer to “GET THE FINER THINGS.”
These advertisements provided the reader with hyperlinks, at least one of
each of which was related to Tiffany merchandise—“Tiffany,” “Tiffany & Co.
under $150,” “Tiffany & Co,” “Tiffany Rings,” or “Tiffany & Co. under $50.”
eBay also purchased sponsored-link advertisements on various search engines to promote
the availability of Tiffany items on its website. In one such case, in the form of a printout of
the results list from a search on Yahoo! for “tiffany,” the second sponsored link read
“Tiffany on eBay. Find tiffany items at low prices. With over 5 million items for sale every
day, you’ll find all kinds of unique [unreadable] Marketplace. www.ebay.com.” Tiffany
complained to eBay of the practice in 2003, and eBay told Tiffany that it had ceased buying
sponsored links. The district court found, however, that eBay continued to do so indirectly
through a third party….
DISCUSSION…
I. Direct Trademark Infringement
Tiffany alleges that eBay infringed its trademark in violation of section 32 of the Lanham
Act. The district court described this as a claim of “direct trademark infringement,” and we
adopt that terminology. Under section 32, “the owner of a mark registered with the Patent
and Trademark Office can bring a civil action against a person alleged to have used the
mark without the owner’s consent.” We analyze such a claim “under a familiar two-prong
test. The test looks first to whether the plaintiff’s mark is entitled to protection, and second
to whether the defendant’s use of the mark is likely to cause consumers confusion as to the
origin or sponsorship of the defendant’s goods.”
In the district court, Tiffany argued that eBay had directly infringed its mark by using it on
eBay’s website and by purchasing sponsored links containing the mark on Google and
Yahoo! Tiffany also argued that eBay and the sellers of the counterfeit goods using its site
were jointly and severally liable. The district court rejected these arguments on the ground
that eBay’s use of Tiffany’s mark was protected by the doctrine of nominative fair use.
241.
The doctrine of nominative fair use allows “[a] defendant [to] use a plaintiff’s trademark to
identify the plaintiff’s goods so long as there is no likelihood of confusion about the source of
[the] defendant’s product or the mark-holder’s sponsorship or affiliation.” The doctrine
apparently originated in the Court of Appeals for the Ninth Circuit. To fall within the
protection, according to that court: “First, the product or service in question must be one
not readily identifiable without use of the trademark; second, only so much of the mark or
marks may be used as is reasonably necessary to identify the product or service; and third,
the user must do nothing that would, in conjunction with the mark, suggest sponsorship or
endorsement by the trademark holder.”
The Court of Appeals for the Third Circuit has endorsed these principles. We have referred
to the doctrine, albeit without adopting or rejecting it. Other circuits have done similarly.
We need not address the viability of the doctrine to resolve Tiffany’s claim, however. We
have recognized that a defendant may lawfully use a plaintiff’s trademark where doing so is
necessary to describe the plaintiff’s product and does not imply a false affiliation or
endorsement by the plaintiff of the defendant. “While a trademark conveys an exclusive
right to the use of a mark in commerce in the area reserved, that right generally does not
prevent one who trades a branded product from accurately describing it by its brand name,
so long as the trader does not create confusion by implying an affiliation with the owner of
the product.”
We agree with the district court that eBay’s use of Tiffany’s mark on its website and in
sponsored links was lawful. eBay used the mark to describe accurately the genuine Tiffany
goods offered for sale on its website. And none of eBay’s uses of the mark suggested that
Tiffany affiliated itself with eBay or endorsed the sale of its products through eBay’s
website.
In addition, the “About Me” page that Tiffany has maintained on eBay’s website since 2004
states that “[m]ost of the purported ‘TIFFANY & CO.’ silver jewelry and packaging
available on eBay is counterfeit.” The page further explained that Tiffany itself sells its
products only through its own stores, catalogues, and website.
Tiffany argues, however, that even if eBay had the right to use its mark with respect to the
resale of genuine Tiffany merchandise, eBay infringed the mark because it knew or had
reason to know that there was “a substantial problem with the sale of counterfeit [Tiffany]
silver jewelry” on the eBay website. As we discuss below, eBay’s knowledge vel non that
counterfeit Tiffany wares were offered through its website is relevant to the issue of
whether eBay contributed to the direct infringement of Tiffany’s mark by the counterfeiting
vendors themselves, or whether eBay bears liability for false advertising. But it is not a
basis for a claim of direct trademark infringement against eBay, especially inasmuch as it
is undisputed that eBay promptly removed all listings that Tiffany challenged as
counterfeit and took affirmative steps to identify and remove illegitimate Tiffany goods. To
impose liability because eBay cannot guarantee the genuineness of all of the purported
Tiffany products offered on its website would unduly inhibit the lawful resale of genuine
Tiffany goods.
We conclude that eBay’s use of Tiffany’s mark in the described manner did not constitute
direct trademark infringement.
242.
II. Contributory Trademark Infringement
The more difficult issue, and the one that the parties have properly focused our attention
on, is whether eBay is liable for contributory trademark infringement—i.e., for culpably
facilitating the infringing conduct of the counterfeiting vendors. Acknowledging the paucity
of case law to guide us, we conclude that the district court correctly granted judgment on
this issue in favor of eBay.
A. Principles
Contributory trademark infringement is a judicially created doctrine that derives from the
common law of torts. The Supreme Court most recently dealt with the subject in Inwood
Laboratories, Inc. v. Ives Laboratories, Inc., 456 U.S. 844 (1982). There, the plaintiff, Ives,
asserted that several drug manufacturers had induced pharmacists to mislabel a drug the
defendants produced to pass it off as Ives’. According to the Court, “if a manufacturer or
distributor intentionally induces another to infringe a trademark, or if it continues to
supply its product to one whom it knows or has reason to know is engaging in trademark
infringement, the manufacturer or distributor is contributorially responsible for any harm
done as a result of the deceit.” The Court ultimately decided to remand the case to the
Court of Appeals after concluding it had improperly rejected factual findings of the district
court favoring the defendant manufacturers.
Inwood’s test for contributory trademark infringement applies on its face to manufacturers
and distributors of goods. Courts have, however, extended the test to providers of services.
The Seventh Circuit applied Inwood to a lawsuit against the owner of a swap meet, or “flea
market,” whose vendors were alleged to have sold infringing Hard Rock Café T-shirts. The
court “treated trademark infringement as a species of tort,” and analogized the swap meet
owner to a landlord or licensor, on whom the common law “imposes the same duty ... [as
Inwood] impose[s] on manufacturers and distributors.”
Speaking more generally, the Ninth Circuit concluded that Inwood’s test for contributory
trademark infringement applies to a service provider if he or she exercises sufficient control
over the infringing conduct. Lockheed Martin Corp. v. Network Solutions, Inc., 194 F.3d
980, 984 (9th Cir. 1999); see also id. (“Direct control and monitoring of the instrumentality
used by a third party to infringe the plaintiff’s mark permits the expansion of Inwood Lab.’s
‘supplies a product’ requirement for contributory infringement.”).
We have apparently addressed contributory trademark infringement in only two related
decisions, and even then in little detail. Citing Inwood, we said that “[a] distributor who
intentionally induces another to infringe a trademark, or continues to supply its product to
one whom it knows or has reason to know is engaging in trademark infringement, is
contributorially liable for any injury.”
243.
The limited case law leaves the law of contributory trademark infringement ill-defined.
Although we are not the first court to consider the application of Inwood to the Internet, we
are apparently the first to consider its application to an online marketplace.9
B. Discussion
1. Does Inwood Apply?
In the district court, the parties disputed whether eBay was subject to the Inwood test.
eBay argued that it was not because it supplies a service while Inwood governs only
manufacturers and distributors of products. The district court rejected that distinction. It
adopted instead the reasoning of the Ninth Circuit in Lockheed to conclude that Inwood
applies to a service provider who exercises sufficient control over the means of the
infringing conduct. Looking “to the extent of the control exercised by eBay over its sellers’
means of infringement,” the district court concluded that Inwood applied in light of the
“significant control” eBay retained over the transactions and listings facilitated by and
conducted through its website.
On appeal, eBay no longer maintains that it is not subject to Inwood. We therefore assume
without deciding that Inwood’s test for contributory trademark infringement governs.
2. Is eBay Liable Under Inwood?
The question that remains, then, is whether eBay is liable under the Inwood test on the
basis of the services it provided to those who used its website to sell counterfeit Tiffany
products. As noted, when applying Inwood to service providers, there are two ways in which
a defendant may become contributorially liable for the infringing conduct of another: first,
if the service provider “intentionally induces another to infringe a trademark,” and second,
if the service provider “continues to supply its [service] to one whom it knows or has reason
to know is engaging in trademark infringement.” Inwood, 456 U.S. at 854. Tiffany does not
argue that eBay induced the sale of counterfeit Tiffany goods on its website—the
circumstances addressed by the first part of the Inwood test. It argues instead, under the
second part of the Inwood test, that eBay continued to supply its services to the sellers of
counterfeit Tiffany goods while knowing or having reason to know that such sellers were
infringing Tiffany’s mark.
The district court rejected this argument. First, it concluded that to the extent the NOCIs
that Tiffany submitted gave eBay reason to know that particular listings were for
counterfeit goods, eBay did not continue to carry those listings once it learned that they
were specious. The court found that eBay’s practice was promptly to remove the challenged
listing from its website, warn sellers and buyers, cancel fees it earned from that listing, and
direct buyers not to consummate the sale of the disputed item. The court therefore declined
to hold eBay contributorially liable for the infringing conduct of those sellers. On appeal,
Tiffany does not appear to challenge this conclusion. In any event, we agree with the
district court that no liability arises with respect to those terminated listings.
9 European courts have done so. A Belgian court declined to hold eBay liable for counterfeit cosmetic products
sold through its website. French courts, by contrast, have concluded that eBay violated applicable trademark
laws.
244.
Tiffany disagrees vigorously, however, with the district court’s further determination that
eBay lacked sufficient knowledge of trademark infringement by sellers behind other, non-
terminated listings to provide a basis for Inwood liability. Tiffany argued in the district
court that eBay knew, or at least had reason to know, that counterfeit Tiffany goods were
being sold ubiquitously on its website. As evidence, it pointed to, inter alia, the demand
letters it sent to eBay in 2003 and 2004, the results of its Buying Programs that it shared
with eBay, the thousands of NOCIs it filed with eBay alleging its good faith belief that
certain listings were counterfeit, and the various complaints eBay received from buyers
claiming that they had purchased one or more counterfeit Tiffany items through eBay’s
website. Tiffany argued that taken together, this evidence established eBay’s knowledge of
the widespread sale of counterfeit Tiffany products on its website. Tiffany urged that eBay
be held contributorially liable on the basis that despite that knowledge, it continued to
make its services available to infringing sellers.
The district court rejected this argument. It acknowledged that “[t]he evidence produced at
trial demonstrated that eBay had generalized notice that some portion of the Tiffany goods
sold on its website might be counterfeit.” The court characterized the issue before it as
“whether eBay’s generalized knowledge of trademark infringement on its website was
sufficient to meet the ‘knowledge or reason to know’ prong of the Inwood test.” eBay had
argued that “such generalized knowledge is insufficient, and that the law demands more
specific knowledge of individual instances of infringement and infringing sellers before
imposing a burden upon eBay to remedy the problem.”
The district court concluded that “while eBay clearly possessed general knowledge as to
counterfeiting on its website, such generalized knowledge is insufficient under the Inwood
test to impose upon eBay an affirmative duty to remedy the problem.” The court reasoned
that Inwood’s language explicitly imposes contributory liability on a defendant who
“continues to supply its product [—in eBay’s case, its service—] to one whom it knows or
has reason to know is engaging in trademark infringement.” The court also noted that
plaintiffs “bear a high burden in establishing ‘knowledge’ of contributory infringement,” and
that courts have
been reluctant to extend contributory trademark liability to defendants
where there is some uncertainty as to the extent or the nature of the
infringement. In Inwood, Justice White emphasized in his concurring opinion
that a defendant is not “require[d] ... to refuse to sell to dealers who merely
might pass off its goods.”
Accordingly, the district court concluded that for Tiffany to establish eBay’s contributory
liability, Tiffany would have to show that eBay “knew or had reason to know of specific
instances of actual infringement” beyond those that it addressed upon learning of them.
Tiffany failed to make such a showing.
On appeal, Tiffany argues that the distinction drawn by the district court between eBay’s
general knowledge of the sale of counterfeit Tiffany goods through its website, and its
specific knowledge as to which particular sellers were making such sales, is a “false” one
not required by the law. Tiffany posits that the only relevant question is “whether all of the
knowledge, when taken together, puts [eBay] on notice that there is a substantial problem
245.
of trademark infringement. If so and if it fails to act, [eBay] is liable for contributory
trademark infringement.”
We agree with the district court. For contributory trademark infringement liability to lie, a
service provider must have more than a general knowledge or reason to know that its
service is being used to sell counterfeit goods. Some contemporary knowledge of which
particular listings are infringing or will infringe in the future is necessary.
We are not persuaded by Tiffany’s proposed interpretation of Inwood. Tiffany understands
the “lesson of Inwood” to be that an action for contributory trademark infringement lies
where “the evidence [of infringing activity]—direct or circumstantial, taken as a whole—...
provide[s] a basis for finding that the defendant knew or should have known that its
product or service was being used to further illegal counterfeiting activity.” We think that
Tiffany reads Inwood too broadly. Although the Inwood Court articulated a “knows or has
reason to know” prong in setting out its contributory liability test, the Court explicitly
declined to apply that prong to the facts then before it. The Court applied only the
inducement prong of the test.
We therefore do not think that Inwood establishes the contours of the “knows or has reason
to know” prong. Insofar as it speaks to the issue, though, the particular phrasing that the
Court used—that a defendant will be liable if it “continues to supply its product to one
whom it knows or has reason to know is engaging in trademark infringement” (emphasis
added)—supports the district court’s interpretation of Inwood, not Tiffany’s.
We find helpful the Supreme Court’s discussion of Inwood in a subsequent copyright case,
Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984). There,
defendant Sony manufactured and sold home video tape recorders. Plaintiffs Universal
Studios and Walt Disney Productions held copyrights on various television programs that
individual television-viewers had taped using the defendant’s recorders. The plaintiffs
contended that this use of the recorders constituted copyright infringement for which the
defendants should be held contributorily liable. In ruling for the defendants, the Court
discussed Inwood and the differences between contributory liability in trademark versus
copyright law.
If Inwood’s narrow standard for contributory trademark infringement
governed here, [the plaintiffs’] claim of contributory infringement would
merit little discussion. Sony certainly does not ‘intentionally induce[]’ its
customers to make infringing uses of [the plaintiffs’] copyrights, nor does it
supply its products to identified individuals known by it to be engaging in
continuing infringement of [the plaintiffs’] copyrights.
(emphases added).
Thus, the Court suggested, had the Inwood standard applied in Sony, the fact that Sony
might have known that some portion of the purchasers of its product used it to violate the
copyrights of others would not have provided a sufficient basis for contributory liability.
Inwood’s “narrow standard” would have required knowledge by Sony of “identified
246.
individuals” engaging in infringing conduct. Tiffany’s reading of Inwood is therefore
contrary to the interpretation of that case set forth in Sony.
Although the Supreme Court’s observations in Sony, a copyright case, about the “knows or
has reason to know” prong of the contributory trademark infringement test set forth in
Inwood were dicta, they constitute the only discussion of that prong by the Supreme Court
of which we are aware. We think them to be persuasive authority here.
Applying Sony’s interpretation of Inwood, we agree with the district court that “Tiffany’s
general allegations of counterfeiting failed to provide eBay with the knowledge required
under Inwood.” Tiffany’s demand letters and Buying Programs did not identify particular
sellers who Tiffany thought were then offering or would offer counterfeit goods.13 And
although the NOCIs and buyer complaints gave eBay reason to know that certain sellers
had been selling counterfeits, those sellers’ listings were removed and repeat offenders were
suspended from the eBay site. Thus Tiffany failed to demonstrate that eBay was supplying
its service to individuals who it knew or had reason to know were selling counterfeit Tiffany
goods.
Accordingly, we affirm the judgment of the district court insofar as it holds that eBay is not
contributorially liable for trademark infringement.
3. Willful Blindness.
Tiffany and its amici express their concern that if eBay is not held liable except when
specific counterfeit listings are brought to its attention, eBay will have no incentive to root
out such listings from its website. They argue that this will effectively require Tiffany and
similarly situated retailers to police eBay’s website—and many others like it—“24 hours a
day, and 365 days a year.” They urge that this is a burden that most mark holders cannot
afford to bear.
First, and most obviously, we are interpreting the law and applying it to the facts of this
case. We could not, even if we thought it wise, revise the existing law in order to better
serve one party’s interests at the expense of the other’s.
But we are also disposed to think, and the record suggests, that private market forces give
eBay and those operating similar businesses a strong incentive to minimize the counterfeit
goods sold on their websites. eBay received many complaints from users claiming to have
been duped into buying counterfeit Tiffany products sold on eBay. The risk of alienating
these users gives eBay a reason to identify and remove counterfeit listings.14 Indeed, it has
spent millions of dollars in that effort.
Moreover, we agree with the district court that if eBay had reason to suspect that
counterfeit Tiffany goods were being sold through its website, and intentionally shielded
13 The demand letters did say that eBay should presume that sellers offering five or more Tiffany goods were
selling counterfeits, but we agree with the district court that this presumption was factually unfounded. 14 At the same time, we appreciate the argument that insofar as eBay receives revenue from undetected
counterfeit listings and sales through the fees it charges, it has an incentive to permit such listings and sales to
continue.
247.
itself from discovering the offending listings or the identity of the sellers behind them, eBay
might very well have been charged with knowledge of those sales sufficient to satisfy
Inwood’s “knows or has reason to know” prong. A service provider is not, we think,
permitted willful blindness. When it has reason to suspect that users of its service are
infringing a protected mark, it may not shield itself from learning of the particular
infringing transactions by looking the other way.15 In the words of the Seventh Circuit,
“willful blindness is equivalent to actual knowledge for purposes of the Lanham Act.”
eBay appears to concede that it knew as a general matter that counterfeit Tiffany products
were listed and sold through its website. Without more, however, this knowledge is
insufficient to trigger liability under Inwood. The district court found, after careful
consideration, that eBay was not willfully blind to the counterfeit sales. That finding is not
clearly erroneous.17 eBay did not ignore the information it was given about counterfeit sales
on its website.
III. Trademark Dilution…
The district court rejected Tiffany’s dilution by blurring claim on the ground that “eBay
never used the TIFFANY Marks in an effort to create an association with its own product,
but instead, used the marks directly to advertise and identify the availability of authentic
Tiffany merchandise on the eBay website.” The court concluded that “just as the dilution by
blurring claim fails because eBay has never used the [Tiffany] Marks to refer to eBay’s own
product, the dilution by tarnishment claim also fails.”
We agree. There is no second mark or product at issue here to blur with or to tarnish
“Tiffany.”
Tiffany argues that counterfeiting dilutes the value of its product. Perhaps. But insofar as
eBay did not itself sell the goods at issue, it did not itself engage in dilution….
IV. False Advertising
Finally, Tiffany claims that eBay engaged in false advertising in violation of federal law.
15 To be clear, a service provider is not contributorially liable under Inwood merely for failing to anticipate that
others would use its service to infringe a protected mark. But contributory liability may arise where a defendant
is (as was eBay here) made aware that there was infringement on its site but (unlike eBay here) ignored that
fact. 17 Tiffany’s reliance on the “flea market” cases, Hard Rock Café and Fonovisa, is unavailing. eBay’s efforts to
combat counterfeiting far exceeded the efforts made by the defendants in those cases. See Hard Rock Café, 955
F.2d at 1146 (defendant did not investigate any of the seizures of counterfeit products at its swap meet, even
though it knew they had occurred); Fonovisa, 76 F.3d at 265 (concluding that plaintiff stated a claim for
contributory trademark infringement based on allegation that swap meet “disregard[ed] its vendors’ blatant
trademark infringements with impunity”). Moreover, neither case concluded that the defendant was willfully
blind. The court in Hard Rock Café remanded so that the district court could apply the correct definition of
“willful blindness,” and the court in Fonovisa merely sustained the plaintiff’s complaint against a motion to
dismiss.
248.
A. Principles
Section 43(a) of the Lanham Act prohibits any person from, “in commercial advertising or
promotion, misrepresent[ing] the nature, characteristics, qualities, or geographic origin of
his or her or another person’s goods, services, or commercial activities.” A claim of false
advertising may be based on at least one of two theories: “that the challenged
advertisement is literally false, i.e., false on its face,” or “that the advertisement, while not
literally false, is nevertheless likely to mislead or confuse consumers.”
In either case, the “injuries redressed in false advertising cases are the result of public
deception.” And “[u]nder either theory, the plaintiff must also demonstrate that the false or
misleading representation involved an inherent or material quality of the product.”
Where an advertising claim is literally false, “the court may enjoin the use of the claim
without reference to the advertisement’s impact on the buying public.” To succeed in a
likelihood-of-confusion case where the statement at issue is not literally false, however, a
plaintiff “must demonstrate, by extrinsic evidence, that the challenged commercials tend to
mislead or confuse consumers,” and must “demonstrate that a statistically significant part
of the commercial audience holds the false belief allegedly communicated by the challenged
advertisement.”
B. Discussion
eBay advertised the sale of Tiffany goods on its website in various ways. Among other
things, eBay provided hyperlinks to “Tiffany,” “Tiffany & Co. under $150,” “Tiffany & Co.,”
“Tiffany Rings,” and “Tiffany & Co. under $50.” eBay also purchased advertising space on
search engines, in some instances providing a link to eBay’s site and exhorting the reader
to “Find tiffany items at low prices.” Yet the district court found, and eBay does not deny,
that “eBay certainly had generalized knowledge that Tiffany products sold on eBay were
often counterfeit.” Tiffany argues that because eBay advertised the sale of Tiffany goods on
its website, and because many of those goods were in fact counterfeit, eBay should be liable
for false advertising.
The district court rejected this argument. The court first concluded that the advertisements
at issue were not literally false “[b]ecause authentic Tiffany merchandise is sold on eBay’s
website,” even if counterfeit Tiffany products are sold there, too.
The court then considered whether the advertisements, though not literally false, were
nonetheless misleading. It concluded they were not for three reasons. First, the court found
that eBay’s use of Tiffany’s mark in its advertising was “protected, nominative fair use.”
Second, the court found that “Tiffany has not proven that eBay had specific knowledge as to
the illicit nature of individual listings,” implying that such knowledge would be necessary
to sustain a false advertising claim. Finally, the court reasoned that “to the extent that the
advertising was false, the falsity was the responsibility of third party sellers, not eBay.”
We agree with the district court that eBay’s advertisements were not literally false
inasmuch as genuine Tiffany merchandise was offered for sale through eBay’s website. But
we are unable to affirm on the record before us the district court’s further conclusion that
eBay’s advertisements were not “likely to mislead or confuse consumers.”
249.
As noted, to evaluate Tiffany’s claim that eBay’s advertisements misled consumers, a court
must determine whether extrinsic evidence indicates that the challenged advertisements
were misleading or confusing. The reasons the district court gave for rejecting Tiffany’s
claim do not seem to reflect this determination, though. The court’s first rationale was that
eBay’s advertisements were nominative fair use of Tiffany’s mark.
But, even if that is so, it does not follow that eBay did not use the mark in a misleading
advertisement. It may, after all, constitute fair use for Brand X Coffee to use the trademark
of its competitor, Brand Y Coffee, in an advertisement stating that “In a blind taste test, 9
out of 10 New Yorkers said they preferred Brand X Coffee to Brand Y Coffee.” But if 9 out of
10 New Yorkers in a statistically significant sample did not say they preferred X to Y, or if
they were paid to say that they did, then the advertisement would nonetheless be literally
false in the first example, or misleading in the second.
There is a similar difficulty with the district court’s reliance on the fact that eBay did not
know which particular listings on its website offered counterfeit Tiffany goods. That is
relevant, as we have said, to whether eBay committed contributory trademark
infringement. But it sheds little light on whether the advertisements were misleading
insofar as they implied the genuineness of Tiffany goods on eBay’s site.
Finally, the district court reasoned that if eBay’s advertisements were misleading, that was
only because the sellers of counterfeits made them so by offering inauthentic Tiffany goods.
Again, this consideration is relevant to Tiffany’s direct infringement claim, but less
relevant, if relevant at all, here. It is true that eBay did not itself sell counterfeit Tiffany
goods; only the fraudulent vendors did, and that is in part why we conclude that eBay did
not infringe Tiffany’s mark. But eBay did affirmatively advertise the goods sold through its
site as Tiffany merchandise. The law requires us to hold eBay accountable for the words
that it chose insofar as they misled or confused consumers.
eBay and its amici warn of the deterrent effect that will grip online advertisers who are
unable to confirm the authenticity of all of the goods they advertise for sale. We rather
doubt that the consequences will be so dire. An online advertiser such as eBay need not
cease its advertisements for a kind of goods only because it knows that not all of those
goods are authentic. A disclaimer might suffice. But the law prohibits an advertisement
that implies that all of the goods offered on a defendant’s website are genuine when in fact,
as here, a sizeable proportion of them are not.
Rather than vacate the judgment of the district court as to Tiffany’s false advertising claim,
we think it prudent to remand the cause so that the district court, with its greater
familiarity with the evidence, can reconsider the claim in light of what we have said. The
case is therefore remanded…for further proceedings for the limited purpose of the district
court’s re-examination of the false advertising claim in accordance with this opinion….
NOTES AND QUESTIONS
Tre Milano, LLC v. Amazon.com, Inc., 2012 WL 3594380 (Cal. App. Ct. 2012), upheld
Amazon’s anti-counterfeiting practices for its marketplace sellers, even though Amazon’s
procedures were arguably less stringent than eBay’s, and even though Amazon rejected
250.
some takedown demands sent by the trademark owner (when the trademark owner hadn’t
done a “test buy” to determine if the item was, in fact, counterfeit).
For an example of how the Tiffany opinion helped protect a domain name registrar from
secondary trademark infringement, see Academy of Motion Picture Arts and Sciences v.
GoDaddy.com, Inc., 2015 WL 5311085 (C.D. Cal. 2015).
Some courts have held that online marketplace operators do not make a “sale” that would
trigger strict liability under IP law because the vendors, not the operators, transfer title to
the goods to buyers. Milo & Gabby LLC v. Amazon.com, Inc., 693 Fed. Appx. 879 (Fed. Cir.
2017) (copyright); The Ohio State University v. Redbubble, Inc., 369 F. Supp. 3d 840 (S.D.
Ohio 2019) (trademark); Blazer v. eBay, Inc., 2017 WL 1047572 (N.D. Ala. 2017) (utility
patents). In the latter case, the court blessed eBay’s practice of removing allegedly patent-
infringing items only in response to court orders.
In contrast to the favorable legal conditions for online marketplaces, trademark law is less
hospitable to print-on-demand services that manufacture physical items based on user-
uploaded designs. See, e.g., H-D USA, LLC v. SunFrog LLC, 311 F. Supp. 3d 1000 (E.D.
Wis. 2018) (holding print-on-demand service SunFrog liable for trademark counterfeiting
and issuing $19.2M in damages plus a strong permanent injunction).
In addition, as discussed in the notes after the Zeran Section 230 opinion, some courts are
questioning if the definition of “seller” is limited to those who transfer title. See, e.g.,
Oberdorf v. Amazon.com, Inc., 930 F.3d 136 (3d Cir. 2019) (an en banc review is now
pending with the Third Circuit).
251.
VII. Pornography
Pornography Glossary
Obscenity is: “(a) whether the average person, applying contemporary community
standards, would find that the work, taken as a whole, appeals to the prurient interest; (b)
whether the work depicts or describes, in a patently offensive way, sexual conduct
specifically defined by the applicable state law; and (c) whether the work, taken as a whole,
lacks serious literary, artistic, political or scientific value.” [Miller v. California, 413 U.S. 15
(1973)]
Indecency is: “language that describes, in terms patently offensive as measured by
contemporary community standards for the broadcast medium, sexual or excretory
activities and organs, at times of the day when there is a reasonable risk that children may
be in the audience.” [FCC definition, quoted in Federal Communications Commission v.
Pacifica Foundation, 438 U.S. 726 (1978)]
Compare the Communications Decency Act (CDA): “any comment, request,
suggestion, proposal, image or other communication that, in context, depicts or
describes, in terms patently offensive as measured by contemporary community
standards, sexual or excretory activities or organs.”
Harmful to minor material is: “(a) patently offensive to prevailing standards in the adult
community as a whole with respect to what is suitable for minors; (b) appeals to the
prurient interests of minors; and (c) is utterly without redeeming social importance for
minors.” [Ginsberg v. New York, 390 U.S. 629 (1968)]
Compare the Child Online Protection Act (COPA): “any communication, picture,
image, graphic image file, article, recording, writing, or other matter of any kind
that is obscene or that (A) the average person, applying contemporary community
standards, would find, taking the material as a whole and with respect to minors, is
designed to appeal to, or is designed to pander to, the prurient interest; (B) depicts,
describes, or represents, in a manner patently offensive with respect to minors, an
actual or simulated sexual act or sexual contact, an actual or simulated normal or
perverted sexual act, or a lewd exhibition of the genitals or post-pubescent female
breast; and (C) taken as a whole, lacks serious literary, artistic, political, or scientific
value for minors.”
Child pornography is: “works that visually depict sexual conduct by children below a
specified age, where the category of “sexual conduct” proscribed is suitably limited and
described.” [New York v. Ferber, 458 U.S. 747 (1982)] In the New York statute’s case,
“sexual conduct” was defined as “actual or simulated sexual intercourse, deviate sexual
intercourse, sexual bestiality, masturbation, sado-masochistic abuse, or lewd exhibition of
the genitals.”
Pornography is: ?????
252.
As you read the next two opinions, think about our three branches of government. Do the
cases illustrate a healthy dialogue between the legislative and judicial branches? Or do they
reinforce the stereotypes that legislative bodies sometimes act irrationally, and level-
headed judges must be the voice of reason in curbing legislative excesses?
The next opinion is the Supreme Court’s first-ever Internet law ruling, and it remains a
flagship ruling applying the First Amendment to the Internet. Do you think the current
Supreme Court would reach the same conclusion?
Reno v. American Civil Liberties Union, 521 U.S. 844 (1997).
Stevens, Justice.
At issue is the constitutionality of two statutory provisions enacted to protect minors from
“indecent” and “patently offensive” communications on the Internet. Notwithstanding the
legitimacy and importance of the congressional goal of protecting children from harmful
materials, we agree with the three-judge District Court that the statute abridges “the
freedom of speech” protected by the First Amendment….
II
The Telecommunications Act of 1996 was an unusually important legislative enactment. As
stated on the first of its 103 pages, its primary purpose was to reduce regulation and
encourage “the rapid deployment of new telecommunications technologies.” The major
components of the statute have nothing to do with the Internet; they were designed to
promote competition in the local telephone service market, the multichannel video market,
and the market for over-the-air broadcasting. The Act includes seven Titles, six of which
are the product of extensive committee hearings and the subject of discussion in Reports
prepared by Committees of the Senate and the House of Representatives. By contrast, Title
V—known as the “Communications Decency Act of 1996” (CDA)—contains provisions that
were either added in executive committee after the hearings were concluded or as
amendments offered during floor debate on the legislation. An amendment offered in the
Senate was the source of the two statutory provisions challenged in this case. They are
informally described as the “indecent transmission” provision and the “patently offensive
display” provision.
The first, 47 U.S.C. § 223(a) (1994 ed., Supp. II), prohibits the knowing transmission of
obscene or indecent messages to any recipient under 18 years of age. It provides in
pertinent part:
“(a) Whoever-
“(1) in interstate or foreign communications-
. . . . .
“(B) by means of a telecommunications device knowingly-
“(i) makes, creates, or solicits, and
“(ii) initiates the transmission of,
“any comment, request, suggestion, proposal, image, or other communication
which is obscene or indecent, knowing that the recipient of the
communication is under 18 years of age, regardless of whether the maker of
such communication placed the call or initiated the communication;
253.
. . . . .
“(2) knowingly permits any telecommunications facility under his control to
be used for any activity prohibited by paragraph (1) with the intent that it be
used for such activity,
“shall be fined under Title 18, or imprisoned not more than two years, or
both.”
The second provision, § 223(d), prohibits the knowing sending or displaying of patently
offensive messages in a manner that is available to a person under 18 years of age. It
provides:
“(d) Whoever-
“(1) in interstate or foreign communications knowingly-
“(A) uses an interactive computer service to send to a specific person or
persons under 18 years of age, or
“(B) uses any interactive computer service to display in a manner available to
a person under 18 years of age,
“any comment, request, suggestion, proposal, image, or other communication
that, in context, depicts or describes, in terms patently offensive as measured
by contemporary community standards, sexual or excretory activities or
organs, regardless of whether the user of such service placed the call or
initiated the communication; or
“(2) knowingly permits any telecommunications facility under such person’s
control to be used for an activity prohibited by paragraph (1) with the intent
that it be used for such activity,
“shall be fined under Title 18, or imprisoned not more than two years, or
both.”
The breadth of these prohibitions is qualified by two affirmative defenses. One covers those
who take “good faith, reasonable, effective, and appropriate actions” to restrict access by
minors to the prohibited communications. § 223(e)(5)(A). The other covers those who
restrict access to covered material by requiring certain designated forms of age proof, such
as a verified credit card or an adult identification number or code. § 223(e)(5)(B)….
IV
In arguing for reversal, the Government contends that the CDA is plainly constitutional
under three of our prior decisions: (1) Ginsberg v. New York, 390 U.S. 629 (1968); (2) FCC v.
Pacifica Foundation, 438 U.S. 726, (1978); and (3) Renton v. Playtime Theatres, Inc., 475
U.S. 41 (1986). A close look at these cases, however, raises—rather than relieves—doubts
concerning the constitutionality of the CDA.
In Ginsberg, we upheld the constitutionality of a New York statute that prohibited selling
to minors under 17 years of age material that was considered obscene as to them even if not
obscene as to adults. We rejected the defendant’s broad submission that “the scope of the
constitutional freedom of expression secured to a citizen to read or see material concerned
with sex cannot be made to depend on whether the citizen is an adult or a minor.” In
rejecting that contention, we relied not only on the State’s independent interest in the well-
being of its youth, but also on our consistent recognition of the principle that “the parents’
254.
claim to authority in their own household to direct the rearing of their children is basic in
the structure of our society.”
In four important respects, the statute upheld in Ginsberg was narrower than the CDA.
First, we noted in Ginsberg that “the prohibition against sales to minors does not bar
parents who so desire from purchasing the magazines for their children.” Under the CDA,
by contrast, neither the parents’ consent—nor even their participation—in the
communication would avoid the application of the statute. Second, the New York statute
applied only to commercial transactions, whereas the CDA contains no such limitation.
Third, the New York statute cabined its definition of material that is harmful to minors
with the requirement that it be “utterly without redeeming social importance for minors.”
The CDA fails to provide us with any definition of the term “indecent” as used in § 223(a)(1)
and, importantly, omits any requirement that the “patently offensive” material covered by §
223(d) lack serious literary, artistic, political, or scientific value. Fourth, the New York
statute defined a minor as a person under the age of 17, whereas the CDA, in applying to
all those under 18 years, includes an additional year of those nearest majority.
In Pacifica, we upheld a declaratory order of the Federal Communications Commission,
holding that the broadcast of a recording of a 12-minute monologue entitled “Filthy Words”
that had previously been delivered to a live audience “could have been the subject of
administrative sanctions.” The Commission had found that the repetitive use of certain
words referring to excretory or sexual activities or organs “in an afternoon broadcast when
children are in the audience was patently offensive” and concluded that the monologue was
indecent “as broadcast.” The respondent did not quarrel with the finding that the afternoon
broadcast was patently offensive, but contended that it was not “indecent” within the
meaning of the relevant statutes because it contained no prurient appeal. After rejecting
respondent’s statutory arguments, we confronted its two constitutional arguments: (1) that
the Commission’s construction of its authority to ban indecent speech was so broad that its
order had to be set aside even if the broadcast at issue was unprotected; and (2) that since
the recording was not obscene, the First Amendment forbade any abridgment of the right to
broadcast it on the radio.
In the portion of the lead opinion not joined by Justices Powell and Blackmun, the plurality
stated that the First Amendment does not prohibit all governmental regulation that
depends on the content of speech. Accordingly, the availability of constitutional protection
for a vulgar and offensive monologue that was not obscene depended on the context of the
broadcast. Relying on the premise that “of all forms of communication” broadcasting had
received the most limited First Amendment protection, the Court concluded that the ease
with which children may obtain access to broadcasts, “coupled with the concerns recognized
in Ginsberg,” justified special treatment of indecent broadcasting.
As with the New York statute at issue in Ginsberg, there are significant differences
between the order upheld in Pacifica and the CDA. First, the order in Pacifica, issued by an
agency that had been regulating radio stations for decades, targeted a specific broadcast
that represented a rather dramatic departure from traditional program content in order to
designate when—rather than whether—it would be permissible to air such a program in
that particular medium. The CDA’s broad categorical prohibitions are not limited to
particular times and are not dependent on any evaluation by an agency familiar with the
unique characteristics of the Internet. Second, unlike the CDA, the Commission’s
255.
declaratory order was not punitive; we expressly refused to decide whether the indecent
broadcast “would justify a criminal prosecution.” Finally, the Commission’s order applied to
a medium which as a matter of history had “received the most limited First Amendment
protection,” in large part because warnings could not adequately protect the listener from
unexpected program content. The Internet, however, has no comparable history. Moreover,
the District Court found that the risk of encountering indecent material by accident is
remote because a series of affirmative steps is required to access specific material.
In Renton, we upheld a zoning ordinance that kept adult movie theaters out of residential
neighborhoods. The ordinance was aimed, not at the content of the films shown in the
theaters, but rather at the “secondary effects”—such as crime and deteriorating property
values—that these theaters fostered: “‘It is th[e] secondary effect which these zoning
ordinances attempt to avoid, not the dissemination of “offensive” speech.’” According to the
Government, the CDA is constitutional because it constitutes a sort of “cyberzoning” on the
Internet. But the CDA applies broadly to the entire universe of cyberspace. And the
purpose of the CDA is to protect children from the primary effects of “indecent” and
“patently offensive” speech, rather than any “secondary” effect of such speech. Thus, the
CDA is a content-based blanket restriction on speech, and, as such, cannot be “properly
analyzed as a form of time, place, and manner regulation.”
These precedents, then, surely do not require us to uphold the CDA and are fully consistent
with the application of the most stringent review of its provisions.
V
In Southeastern Promotions, Ltd. v. Conrad, 420 U.S. 546, 557 (1975), we observed that
“[e]ach medium of expression ... may present its own problems.” Thus, some of our cases
have recognized special justifications for regulation of the broadcast media that are not
applicable to other speakers. In these cases, the Court relied on the history of extensive
Government regulation of the broadcast medium; the scarcity of available frequencies at its
inception; and its “invasive” nature.
Those factors are not present in cyberspace. Neither before nor after the enactment of the
CDA have the vast democratic forums of the Internet been subject to the type of
government supervision and regulation that has attended the broadcast industry.
Moreover, the Internet is not as “invasive” as radio or television. The District Court
specifically found that “[c]ommunications over the Internet do not ‘invade’ an individual’s
home or appear on one’s computer screen unbidden. Users seldom encounter content ‘by
accident.’” It also found that “[a]lmost all sexually explicit images are preceded by warnings
as to the content,” and cited testimony that “‘odds are slim’ that a user would come across a
sexually explicit sight by accident.”
We distinguished Pacifica in Sable, 492 U.S., at 128, on just this basis. In Sable, a company
engaged in the business of offering sexually oriented prerecorded telephone messages
(popularly known as “dial-a-porn”) challenged the constitutionality of an amendment to the
Communications Act of 1934 that imposed a blanket prohibition on indecent as well as
obscene interstate commercial telephone messages. We held that the statute was
constitutional insofar as it applied to obscene messages but invalid as applied to indecent
messages. In attempting to justify the complete ban and criminalization of indecent
256.
commercial telephone messages, the Government relied on Pacifica, arguing that the ban
was necessary to prevent children from gaining access to such messages. We agreed that
“there is a compelling interest in protecting the physical and psychological well-being of
minors” which extended to shielding them from indecent messages that are not obscene by
adult standards, but distinguished our “emphatically narrow holding” in Pacifica because it
did not involve a complete ban and because it involved a different medium of
communication. We explained that “the dial-it medium requires the listener to take
affirmative steps to receive the communication.” “Placing a telephone call,” we continued,
“is not the same as turning on a radio and being taken by surprise by an indecent message.”
Finally, unlike the conditions that prevailed when Congress first authorized regulation of
the broadcast spectrum, the Internet can hardly be considered a “scarce” expressive
commodity. It provides relatively unlimited, low-cost capacity for communication of all
kinds. The Government estimates that “[a]s many as 40 million people use the Internet
today, and that figure is expected to grow to 200 million by 1999.” This dynamic,
multifaceted category of communication includes not only traditional print and news
services, but also audio, video, and still images, as well as interactive, real-time dialogue.
Through the use of chat rooms, any person with a phone line can become a town crier with
a voice that resonates farther than it could from any soapbox. Through the use of Web
pages, mail exploders, and newsgroups, the same individual can become a pamphleteer. As
the District Court found, “the content on the Internet is as diverse as human thought.” We
agree with its conclusion that our cases provide no basis for qualifying the level of First
Amendment scrutiny that should be applied to this medium.
VI
Regardless of whether the CDA is so vague that it violates the Fifth Amendment, the many
ambiguities concerning the scope of its coverage render it problematic for purposes of the
First Amendment. For instance, each of the two parts of the CDA uses a different linguistic
form. The first uses the word “indecent,” while the second speaks of material that “in
context, depicts or describes, in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or organs.” Given the absence of a
definition of either term, this difference in language will provoke uncertainty among
speakers about how the two standards relate to each other and just what they mean. Could
a speaker confidently assume that a serious discussion about birth control practices,
homosexuality, the First Amendment issues raised by the Appendix to our Pacifica opinion,
or the consequences of prison rape would not violate the CDA? This uncertainty
undermines the likelihood that the CDA has been carefully tailored to the congressional
goal of protecting minors from potentially harmful materials.
The vagueness of the CDA is a matter of special concern for two reasons. First, the CDA is a
content-based regulation of speech. The vagueness of such a regulation raises special First
Amendment concerns because of its obvious chilling effect on free speech. Second, the CDA
is a criminal statute. In addition to the opprobrium and stigma of a criminal conviction, the
CDA threatens violators with penalties including up to two years in prison for each act of
violation. The severity of criminal sanctions may well cause speakers to remain silent
rather than communicate even arguably unlawful words, ideas, and images. As a practical
matter, this increased deterrent effect, coupled with the “risk of discriminatory
enforcement” of vague regulations, poses greater First Amendment concerns than those
257.
implicated by the civil regulation reviewed in Denver Area Ed. Telecommunications
Consortium, Inc. v. FCC, 518 U.S. 727 (1996).
The Government argues that the statute is no more vague than the obscenity standard this
Court established in Miller v. California, 413 U.S. 15 (1973). But that is not so. In Miller,
this Court reviewed a criminal conviction against a commercial vendor who mailed
brochures containing pictures of sexually explicit activities to individuals who had not
requested such materials. Having struggled for some time to establish a definition of
obscenity, we set forth in Miller the test for obscenity that controls to this day:
“(a) whether the average person, applying contemporary community
standards would find that the work, taken as a whole, appeals to the prurient
interest; (b) whether the work depicts or describes, in a patently offensive
way, sexual conduct specifically defined by the applicable state law; and (c)
whether the work, taken as a whole, lacks serious literary, artistic, political,
or scientific value.”
Because the CDA’s “patently offensive” standard (and, we assume, arguendo, its
synonymous “indecent” standard) is one part of the three-prong Miller test, the Government
reasons, it cannot be unconstitutionally vague.
The Government’s assertion is incorrect as a matter of fact. The second prong of the Miller
test—the purportedly analogous standard—contains a critical requirement that is omitted
from the CDA: that the proscribed material be “specifically defined by the applicable state
law.” This requirement reduces the vagueness inherent in the open-ended term “patently
offensive” as used in the CDA. Moreover, the Miller definition is limited to “sexual conduct,”
whereas the CDA extends also to include (1) “excretory activities” as well as (2) “organs” of
both a sexual and excretory nature.
The Government’s reasoning is also flawed. Just because a definition including three
limitations is not vague, it does not follow that one of those limitations, standing by itself, is
not vague. Each of Miller’s additional two prongs—(1) that, taken as a whole, the material
appeal to the “prurient” interest, and (2) that it “lac[k] serious literary, artistic, political, or
scientific value”—critically limits the uncertain sweep of the obscenity definition. The
second requirement is particularly important because, unlike the “patently offensive” and
“prurient interest” criteria, it is not judged by contemporary community standards. This
“societal value” requirement, absent in the CDA, allows appellate courts to impose some
limitations and regularity on the definition by setting, as a matter of law, a national floor
for socially redeeming value. The Government’s contention that courts will be able to give
such legal limitations to the CDA’s standards is belied by Miller’s own rationale for having
juries determine whether material is “patently offensive” according to community
standards: that such questions are essentially ones of fact.
In contrast to Miller and our other previous cases, the CDA thus presents a greater threat
of censoring speech that, in fact, falls outside the statute’s scope. Given the vague contours
of the coverage of the statute, it unquestionably silences some speakers whose messages
would be entitled to constitutional protection. That danger provides further reason for
insisting that the statute not be overly broad. The CDA’s burden on protected speech cannot
be justified if it could be avoided by a more carefully drafted statute.
258.
VII
We are persuaded that the CDA lacks the precision that the First Amendment requires
when a statute regulates the content of speech. In order to deny minors access to
potentially harmful speech, the CDA effectively suppresses a large amount of speech that
adults have a constitutional right to receive and to address to one another. That burden on
adult speech is unacceptable if less restrictive alternatives would be at least as effective in
achieving the legitimate purpose that the statute was enacted to serve.
In evaluating the free speech rights of adults, we have made it perfectly clear that “[s]exual
expression which is indecent but not obscene is protected by the First Amendment.” Indeed,
Pacifica itself admonished that “the fact that society may find speech offensive is not a
sufficient reason for suppressing it.”
It is true that we have repeatedly recognized the governmental interest in protecting
children from harmful materials. But that interest does not justify an unnecessarily broad
suppression of speech addressed to adults. As we have explained, the Government may not
“reduc[e] the adult population ... to ... only what is fit for children.” “[R]egardless of the
strength of the government’s interest” in protecting children, “[t]he level of discourse
reaching a mailbox simply cannot be limited to that which would be suitable for a sandbox.”
The District Court was correct to conclude that the CDA effectively resembles the ban on
“dial-a-porn” invalidated in Sable. In Sable, this Court rejected the argument that we
should defer to the congressional judgment that nothing less than a total ban would be
effective in preventing enterprising youngsters from gaining access to indecent
communications. Sable thus made clear that the mere fact that a statutory regulation of
speech was enacted for the important purpose of protecting children from exposure to
sexually explicit material does not foreclose inquiry into its validity. As we pointed out last
Term, that inquiry embodies an “overarching commitment” to make sure that Congress has
designed its statute to accomplish its purpose “without imposing an unnecessarily great
restriction on speech.”
In arguing that the CDA does not so diminish adult communication, the Government relies
on the incorrect factual premise that prohibiting a transmission whenever it is known that
one of its recipients is a minor would not interfere with adult-to-adult communication. The
findings of the District Court make clear that this premise is untenable. Given the size of
the potential audience for most messages, in the absence of a viable age verification
process, the sender must be charged with knowing that one or more minors will likely view
it. Knowledge that, for instance, one or more members of a 100-person chat group will be a
minor—and therefore that it would be a crime to send the group an indecent message—
would surely burden communication among adults.
The District Court found that at the time of trial existing technology did not include any
effective method for a sender to prevent minors from obtaining access to its communications
on the Internet without also denying access to adults. The Court found no effective way to
determine the age of a user who is accessing material through e-mail, mail exploders,
newsgroups, or chat rooms. As a practical matter, the Court also found that it would be
prohibitively expensive for noncommercial—as well as some commercial—speakers who
259.
have Web sites to verify that their users are adults. These limitations must inevitably
curtail a significant amount of adult communication on the Internet. By contrast, the
District Court found that “[d]espite its limitations, currently available user-based software
suggests that a reasonably effective method by which parents can prevent their children
from accessing sexually explicit and other material which parents may believe is
inappropriate for their children will soon be widely available.” (emphases added).
The breadth of the CDA’s coverage is wholly unprecedented. Unlike the regulations upheld
in Ginsberg and Pacifica, the scope of the CDA is not limited to commercial speech or
commercial entities. Its open-ended prohibitions embrace all nonprofit entities and
individuals posting indecent messages or displaying them on their own computers in the
presence of minors. The general, undefined terms “indecent” and “patently offensive” cover
large amounts of nonpornographic material with serious educational or other value.
Moreover, the “community standards” criterion as applied to the Internet means that any
communication available to a nation wide audience will be judged by the standards of the
community most likely to be offended by the message. The regulated subject matter
includes any of the seven “dirty words” used in the Pacifica monologue, the use of which the
Government’s expert acknowledged could constitute a felony. It may also extend to
discussions about prison rape or safe sexual practices, artistic images that include nude
subjects, and arguably the card catalog of the Carnegie Library.
For the purposes of our decision, we need neither accept nor reject the Government’s
submission that the First Amendment does not forbid a blanket prohibition on all
“indecent” and “patently offensive” messages communicated to a 17-year-old—no matter
how much value the message may contain and regardless of parental approval. It is at least
clear that the strength of the Government’s interest in protecting minors is not equally
strong throughout the coverage of this broad statute. Under the CDA, a parent allowing her
17-year-old to use the family computer to obtain information on the Internet that she, in
her parental judgment, deems appropriate could face a lengthy prison term. Similarly, a
parent who sent his 17-year-old college freshman information on birth control via e-mail
could be incarcerated even though neither he, his child, nor anyone in their home
community found the material “indecent” or “patently offensive,” if the college town’s
community thought otherwise.
The breadth of this content-based restriction of speech imposes an especially heavy burden
on the Government to explain why a less restrictive provision would not be as effective as
the CDA. It has not done so. The arguments in this Court have referred to possible
alternatives such as requiring that indecent material be “tagged” in a way that facilitates
parental control of material coming into their homes, making exceptions for messages with
artistic or educational value, providing some tolerance for parental choice, and regulating
some portions of the Internet—such as commercial Web sites—differently from others, such
as chat rooms. Particularly in the light of the absence of any detailed findings by the
Congress, or even hearings addressing the special problems of the CDA, we are persuaded
that the CDA is not narrowly tailored if that requirement has any meaning at all.
VIII
In an attempt to curtail the CDA’s facial overbreadth, the Government advances three
additional arguments for sustaining the Act’s affirmative prohibitions: (1) that the CDA is
260.
constitutional because it leaves open ample “alternative channels” of communication; (2)
that the plain meaning of the CDA’s “knowledge” and “specific person” requirement
significantly restricts its permissible applications; and (3) that the CDA’s prohibitions are
“almost always” limited to material lacking redeeming social value.
The Government first contends that, even though the CDA effectively censors discourse on
many of the Internet’s modalities—such as chat groups, newsgroups, and mail exploders—
it is nonetheless constitutional because it provides a “reasonable opportunity” for speakers
to engage in the restricted speech on the World Wide Web. This argument is unpersuasive
because the CDA regulates speech on the basis of its content. A “time, place, and manner”
analysis is therefore inapplicable. It is thus immaterial whether such speech would be
feasible on the Web (which, as the Government’s own expert acknowledged, would cost up
to $10,000 if the speaker’s interests were not accommodated by an existing Web site, not
including costs for data base management and age verification). The Government’s position
is equivalent to arguing that a statute could ban leaflets on certain subjects as long as
individuals are free to publish books. In invalidating a number of laws that banned
leafletting on the streets regardless of their content, we explained that “one is not to have
the exercise of his liberty of expression in appropriate places abridged on the plea that it
may be exercised in some other place.”
The Government also asserts that the “knowledge” requirement of both §§ 223(a) and (d),
especially when coupled with the “specific child” element found in § 223(d), saves the CDA
from overbreadth. Because both sections prohibit the dissemination of indecent messages
only to persons known to be under 18, the Government argues, it does not require
transmitters to “refrain from communicating indecent material to adults; they need only
refrain from disseminating such materials to persons they know to be under 18.” This
argument ignores the fact that most Internet forums—including chat rooms, newsgroups,
mail exploders, and the Web—are open to all comers. The Government’s assertion that the
knowledge requirement somehow protects the communications of adults is therefore
untenable. Even the strongest reading of the “specific person” requirement of § 223(d)
cannot save the statute. It would confer broad powers of censorship, in the form of a
“heckler’s veto,” upon any opponent of indecent speech who might simply log on and inform
the would-be discoursers that his 17-year-old child—a “specific person ... under 18 years of
age”—would be present.
Finally, we find no textual support for the Government’s submission that material having
scientific, educational, or other redeeming social value will necessarily fall outside the
CDA’s “patently offensive” and “indecent” prohibitions.
IX
The Government’s three remaining arguments focus on the defenses provided in § 223(e)(5).
First, relying on the “good faith, reasonable, effective, and appropriate actions” provision,
the Government suggests that “tagging” provides a defense that saves the constitutionality
of the CDA. The suggestion assumes that transmitters may encode their indecent
communications in a way that would indicate their contents, thus permitting recipients to
block their reception with appropriate software. It is the requirement that the good-faith
action must be “effective” that makes this defense illusory. The Government recognizes that
its proposed screening software does not currently exist. Even if it did, there is no way to
261.
know whether a potential recipient will actually block the encoded material. Without the
impossible knowledge that every guardian in America is screening for the “tag,” the
transmitter could not reasonably rely on its action to be “effective.”
For its second and third arguments concerning defenses—which we can consider together—
the Government relies on the latter half of § 223(e)(5), which applies when the transmitter
has restricted access by requiring use of a verified credit card or adult identification. Such
verification is not only technologically available but actually is used by commercial
providers of sexually explicit material. These providers, therefore, would be protected by
the defense. Under the findings of the District Court, however, it is not economically
feasible for most noncommercial speakers to employ such verification. Accordingly, this
defense would not significantly narrow the statute’s burden on noncommercial speech. Even
with respect to the commercial pornographers that would be protected by the defense, the
Government failed to adduce any evidence that these verification techniques actually
preclude minors from posing as adults. Given that the risk of criminal sanctions “hovers
over each content provider, like the proverbial sword of Damocles,” the District Court
correctly refused to rely on unproven future technology to save the statute. The
Government thus failed to prove that the proffered defense would significantly reduce the
heavy burden on adult speech produced by the prohibition on offensive displays.
We agree with the District Court’s conclusion that the CDA places an unacceptably heavy
burden on protected speech, and that the defenses do not constitute the sort of “narrow
tailoring” that will save an otherwise patently invalid unconstitutional provision. In Sable,
492 U.S., at 127, we remarked that the speech restriction at issue there amounted to
“‘burn[ing] the house to roast the pig.’” The CDA, casting a far darker shadow over free
speech, threatens to torch a large segment of the Internet community.
X
At oral argument, the Government relied heavily on its ultimate fall-back position: If this
Court should conclude that the CDA is insufficiently tailored, it urged, we should save the
statute’s constitutionality by honoring the severability clause, and construing nonseverable
terms narrowly. In only one respect is this argument acceptable.
A severability clause requires textual provisions that can be severed. We will follow § 608’s
guidance by leaving constitutional textual elements of the statute intact in the one place
where they are, in fact, severable. The “indecency” provision, applies to “any comment,
request, suggestion, proposal, image, or other communication which is obscene or indecent.”
(Emphasis added.) Appellees do not challenge the application of the statute to obscene
speech, which, they acknowledge, can be banned totally because it enjoys no First
Amendment protection. As set forth by the statute, the restriction of “obscene” material
enjoys a textual manifestation separate from that for “indecent” material, which we have
held unconstitutional. Therefore, we will sever the term “or indecent” from the statute,
leaving the rest of § 223(a) standing. In no other respect, however, can § 223(a) or § 223(d)
be saved by such a textual surgery….
262.
XI
In this Court, though not in the District Court, the Government asserts that—in addition to
its interest in protecting children—its “[e]qually significant” interest in fostering the
growth of the Internet provides an independent basis for upholding the constitutionality of
the CDA. The Government apparently assumes that the unregulated availability of
“indecent” and “patently offensive” material on the Internet is driving countless citizens
away from the medium because of the risk of exposing themselves or their children to
harmful material.
We find this argument singularly unpersuasive. The dramatic expansion of this new
marketplace of ideas contradicts the factual basis of this contention. The record
demonstrates that the growth of the Internet has been and continues to be phenomenal. As
a matter of constitutional tradition, in the absence of evidence to the contrary, we presume
that governmental regulation of the content of speech is more likely to interfere with the
free exchange of ideas than to encourage it. The interest in encouraging freedom of
expression in a democratic society outweighs any theoretical but unproven benefit of
censorship.
For the foregoing reasons, the judgment of the District Court is affirmed.
Justice O’CONNOR, with whom THE CHIEF JUSTICE joins, concurring in the judgment
in part and dissenting in part.
I write separately to explain why I view the Communications Decency Act of 1996 (CDA) as
little more than an attempt by Congress to create “adult zones” on the Internet. Our
precedent indicates that the creation of such zones can be constitutionally sound. Despite
the soundness of its purpose, however, portions of the CDA are unconstitutional because
they stray from the blueprint our prior cases have developed for constructing a “zoning law”
that passes constitutional muster.
Appellees bring a facial challenge to three provisions of the CDA. The first, which the Court
describes as the “indecency transmission” provision, makes it a crime to knowingly
transmit an obscene or indecent message or image to a person the sender knows is under 18
years old. What the Court classifies as a single “‘patently offensive display’” provision is in
reality two separate provisions. The first of these makes it a crime to knowingly send a
patently offensive message or image to a specific person under the age of 18 (“specific
person” provision). The second criminalizes the display of patently offensive messages or
images “in a[ny] manner available” to minors (“display” provision). None of these provisions
purports to keep indecent (or patently offensive) material away from adults, who have a
First Amendment right to obtain this speech. Thus, the undeniable purpose of the CDA is
to segregate indecent material on the Internet into certain areas that minors cannot access.
See S. Conf. Rep. No. 104-230, p. 189 (1996) (CDA imposes “access restrictions ... to protect
minors from exposure to indecent material”).
The creation of “adult zones” is by no means a novel concept. States have long denied
minors access to certain establishments frequented by adults. States have also denied
minors access to speech deemed to be “harmful to minors.” The Court has previously
sustained such zoning laws, but only if they respect the First Amendment rights of adults
263.
and minors. That is to say, a zoning law is valid if (i) it does not unduly restrict adult access
to the material; and (ii) minors have no First Amendment right to read or view the banned
material. As applied to the Internet as it exists in 1997, the “display” provision and some
applications of the “indecency transmission” and “specific person” provisions fail to adhere
to the first of these limiting principles by restricting adults’ access to protected materials in
certain circumstances. Unlike the Court, however, I would invalidate the provisions only in
those circumstances.
I
Our cases make clear that a “zoning” law is valid only if adults are still able to obtain the
regulated speech. If they cannot, the law does more than simply keep children away from
speech they have no right to obtain—it interferes with the rights of adults to obtain
constitutionally protected speech and effectively “reduce[s] the adult population ... to
reading only what is fit for children.” The First Amendment does not tolerate such
interference. If the law does not unduly restrict adults’ access to constitutionally protected
speech, however, it may be valid. In Ginsberg v. New York, 390 U.S. 629, 634 (1968), for
example, the Court sustained a New York law that barred store owners from selling
pornographic magazines to minors in part because adults could still buy those magazines.
The Court in Ginsberg concluded that the New York law created a constitutionally
adequate adult zone simply because, on its face, it denied access only to minors. The Court
did not question—and therefore necessarily assumed—that an adult zone, once created,
would succeed in preserving adults’ access while denying minors’ access to the regulated
speech. Before today, there was no reason to question this assumption, for the Court has
previously only considered laws that operated in the physical world, a world that with two
characteristics that make it possible to create “adult zones”: geography and identity. A
minor can see an adult dance show only if he enters an establishment that provides such
entertainment. And should he attempt to do so, the minor will not be able to conceal
completely his identity (or, consequently, his age). Thus, the twin characteristics of
geography and identity enable the establishment’s proprietor to prevent children from
entering the establishment, but to let adults inside.
The electronic world is fundamentally different. Because it is no more than the
interconnection of electronic pathways, cyberspace allows speakers and listeners to mask
their identities. Cyberspace undeniably reflects some form of geography; chat rooms and
Web sites, for example, exist at fixed “locations” on the Internet. Since users can transmit
and receive messages on the Internet without revealing anything about their identities or
ages, however, it is not currently possible to exclude persons from accessing certain
messages on the basis of their identity.
Cyberspace differs from the physical world in another basic way: Cyberspace is malleable.
Thus, it is possible to construct barriers in cyberspace and use them to screen for identity,
making cyberspace more like the physical world and, consequently, more amenable to
zoning laws. This transformation of cyberspace is already underway. Internet speakers
(users who post material on the Internet) have begun to zone cyberspace itself through the
use of “gateway” technology. Such technology requires Internet users to enter information
about themselves—perhaps an adult identification number or a credit card number—before
they can access certain areas of cyberspace, much like a bouncer checks a person’s driver’s
264.
license before admitting him to a nightclub. Internet users who access information have not
attempted to zone cyberspace itself, but have tried to limit their own power to access
information in cyberspace, much as a parent controls what her children watch on television
by installing a lock box. This user-based zoning is accomplished through the use of
screening software (such as Cyber Patrol or SurfWatch) or browsers with screening
capabilities, both of which search addresses and text for keywords that are associated with
“adult” sites and, if the user wishes, blocks access to such sites. The Platform for Internet
Content Selection project is designed to facilitate user-based zoning by encouraging
Internet speakers to rate the content of their speech using codes recognized by all screening
programs.
Despite this progress, the transformation of cyberspace is not complete. Although gateway
technology has been available on the World Wide Web for some time now, it is not available
to all Web speakers, and is just now becoming technologically feasible for chat rooms and
USENET newsgroups. Gateway technology is not ubiquitous in cyberspace, and because
without it “there is no means of age verification,” cyberspace still remains largely
unzoned—and unzoneable. User-based zoning is also in its infancy. For it to be effective, (i)
an agreed-upon code (or “tag”) would have to exist; (ii) screening software or browsers with
screening capabilities would have to be able to recognize the “tag”; and (iii) those programs
would have to be widely available—and widely used—by Internet users. At present, none of
these conditions is true. Screening software “is not in wide use today” and “only a handful
of browsers have screening capabilities.” There is, moreover, no agreed-upon “tag” for those
programs to recognize.
Although the prospects for the eventual zoning of the Internet appear promising, I agree
with the Court that we must evaluate the constitutionality of the CDA as it applies to the
Internet as it exists today. Given the present state of cyberspace, I agree with the Court
that the “display” provision cannot pass muster. Until gateway technology is available
throughout cyberspace, and it is not in 1997, a speaker cannot be reasonably assured that
the speech he displays will reach only adults because it is impossible to confine speech to an
“adult zone.” Thus, the only way for a speaker to avoid liability under the CDA is to refrain
completely from using indecent speech. But this forced silence impinges on the First
Amendment right of adults to make and obtain this speech and, for all intents and
purposes, “reduce[s] the adult population [on the Internet] to reading only what is fit for
children.” As a result, the “display” provision cannot withstand scrutiny.
The “indecency transmission” and “specific person” provisions present a closer issue, for
they are not unconstitutional in all of their applications. As discussed above, the “indecency
transmission” provision makes it a crime to transmit knowingly an indecent message to a
person the sender knows is under 18 years of age. The “specific person” provision proscribes
the same conduct, although it does not as explicitly require the sender to know that the
intended recipient of his indecent message is a minor. The Government urges the Court to
construe the provision to impose such a knowledge requirement, and I would do so.
So construed, both provisions are constitutional as applied to a conversation involving only
an adult and one or more minors—e.g., when an adult speaker sends an e-mail knowing the
addressee is a minor, or when an adult and minor converse by themselves or with other
minors in a chat room. In this context, these provisions are no different from the law we
sustained in Ginsberg. Restricting what the adult may say to the minors in no way restricts
265.
the adult’s ability to communicate with other adults. He is not prevented from speaking
indecently to other adults in a chat room (because there are no other adults participating in
the conversation) and he remains free to send indecent e-mails to other adults. The relevant
universe contains only one adult, and the adult in that universe has the power to refrain
from using indecent speech and consequently to keep all such speech within the room in an
“adult” zone.
The analogy to Ginsberg breaks down, however, when more than one adult is a party to the
conversation. If a minor enters a chat room otherwise occupied by adults, the CDA
effectively requires the adults in the room to stop using indecent speech. If they did not,
they could be prosecuted under the “indecency transmission” and “specific person”
provisions for any indecent statements they make to the group, since they would be
transmitting an indecent message to specific persons, one of whom is a minor. The CDA is
therefore akin to a law that makes it a crime for a bookstore owner to sell pornographic
magazines to anyone once a minor enters his store. Even assuming such a law might be
constitutional in the physical world as a reasonable alternative to excluding minors
completely from the store, the absence of any means of excluding minors from chat rooms in
cyberspace restricts the rights of adults to engage in indecent speech in those rooms. The
“indecency transmission” and “specific person” provisions share this defect.
But these two provisions do not infringe on adults’ speech in all situations. And as
discussed below, I do not find that the provisions are overbroad in the sense that they
restrict minors’ access to a substantial amount of speech that minors have the right to read
and view. Accordingly, the CDA can be applied constitutionally in some situations.
Normally, this fact would require the Court to reject a direct facial challenge. Appellees’
claim arises under the First Amendment, however, and they argue that the CDA is facially
invalid because it is “substantially overbroad”—that is, it “sweeps too broadly ... [and]
penaliz[es] a substantial amount of speech that is constitutionally protected.” I agree with
the Court that the provisions are overbroad in that they cover any and all communications
between adults and minors, regardless of how many adults might be part of the audience to
the communication.
This conclusion does not end the matter, however. Where, as here, “the parties challenging
the statute are those who desire to engage in protected speech that the overbroad statute
purports to punish, ... [t]he statute may forthwith be declared invalid to the extent that it
reaches too far, but otherwise left intact.” There is no question that Congress intended to
prohibit certain communications between one adult and one or more minors. There is also
no question that Congress would have enacted a narrower version of these provisions had it
known a broader version would be declared unconstitutional. I would therefore sustain the
“indecency transmission” and “specific person” provisions to the extent they apply to the
transmission of Internet communications where the party initiating the communication
knows that all of the recipients are minors.
II
Whether the CDA substantially interferes with the First Amendment rights of minors, and
thereby runs afoul of the second characteristic of valid zoning laws, presents a closer
question. In Ginsberg, the New York law we sustained prohibited the sale to minors of
magazines that were “harmful to minors.” Under that law, a magazine was “harmful to
266.
minors” only if it was obscene as to minors. Noting that obscene speech is not protected by
the First Amendment, and that New York was constitutionally free to adjust the definition
of obscenity for minors, the Court concluded that the law did not “invad[e] the area of
freedom of expression constitutionally secured to minors.” New York therefore did not
infringe upon the First Amendment rights of minors.
The Court neither “accept[s] nor reject[s]” the argument that the CDA is facially overbroad
because it substantially interferes with the First Amendment rights of minors. I would
reject it. Ginsberg established that minors may constitutionally be denied access to material
that is obscene as to minors. As Ginsberg explained, material is obscene as to minors if it (i)
is “patently offensive to prevailing standards in the adult community as a whole with
respect to what is suitable ... for minors”; (ii) appeals to the prurient interest of minors; and
(iii) is “utterly without redeeming social importance for minors.” Because the CDA denies
minors the right to obtain material that is “patently offensive”—even if it has some
redeeming value for minors and even if it does not appeal to their prurient interests—
Congress’ rejection of the Ginsberg “harmful to minors” standard means that the CDA could
ban some speech that is “indecent” (i.e., “patently offensive”) but that is not obscene as to
minors.
I do not deny this possibility, but to prevail in a facial challenge, it is not enough for a
plaintiff to show “some” overbreadth. Our cases require a proof of “real” and “substantial”
overbreadth, and appellees have not carried their burden in this case. In my view, the
universe of speech constitutionally protected as to minors but banned by the CDA—i.e., the
universe of material that is “patently offensive,” but which nonetheless has some redeeming
value for minors or does not appeal to their prurient interest—is a very small one.
Appellees cite no examples of speech falling within this universe and do not attempt to
explain why that universe is substantial “in relation to the statute’s plainly legitimate
sweep.” That the CDA might deny minors the right to obtain material that has some
“value” is largely beside the point. While discussions about prison rape or nude art may
have some redeeming educational value for adults, they do not necessarily have any such
value for minors, and under Ginsberg, minors only have a First Amendment right to obtain
patently offensive material that has “redeeming social importance for minors.” There is also
no evidence in the record to support the contention that “many e-mail transmissions from
an adult to a minor are conversations between family members,” and no support for the
legal proposition that such speech is absolutely immune from regulation. Accordingly, in my
view, the CDA does not burden a substantial amount of minors’ constitutionally protected
speech.
Thus, the constitutionality of the CDA as a zoning law hinges on the extent to which it
substantially interferes with the First Amendment rights of adults. Because the rights of
adults are infringed only by the “display” provision and by the “indecency transmission”
and “specific person” provisions as applied to communications involving more than one
adult, I would invalidate the CDA only to that extent. Insofar as the “indecency
transmission” and “specific person” provisions prohibit the use of indecent speech in
communications between an adult and one or more minors, however, they can and should
be sustained. The Court reaches a contrary conclusion, and from that holding that I
respectfully dissent.
267.
After the Reno v. ACLU opinion struck down the main operative provision of the
Communications Decency Act, Congress promptly tried again with a new law, the Child
Online Protection Act (COPA). The constitutional challenge to that law made its way back
to the Supreme Court…
Ashcroft v. American Civil Liberties Union, 542 U.S. 656 (2004).
Kennedy, Justice.
This case presents a challenge to a statute enacted by Congress to protect minors from
exposure to sexually explicit materials on the Internet, the Child Online Protection Act
(COPA). We must decide whether the Court of Appeals was correct to affirm a ruling by the
District Court that enforcement of COPA should be enjoined because the statute likely
violates the First Amendment.
In enacting COPA, Congress gave consideration to our earlier decisions on this subject, in
particular the decision in Reno v. American Civil Liberties Union, 521 U.S. 844 (1997). For
that reason, “the Judiciary must proceed with caution and ... with care before invalidating
the Act.” The imperative of according respect to the Congress, however, does not permit us
to depart from well-established First Amendment principles. Instead, we must hold the
Government to its constitutional burden of proof.
Content-based prohibitions, enforced by severe criminal penalties, have the constant
potential to be a repressive force in the lives and thoughts of a free people. To guard against
that threat the Constitution demands that content-based restrictions on speech be
presumed invalid, and that the Government bear the burden of showing their
constitutionality. This is true even when Congress twice has attempted to find a
constitutional means to restrict, and punish, the speech in question….
I
A
COPA is the second attempt by Congress to make the Internet safe for minors by
criminalizing certain Internet speech. The first attempt was the Communications Decency
Act of 1996. The Court held the CDA unconstitutional because it was not narrowly tailored
to serve a compelling governmental interest and because less restrictive alternatives were
available.
In response to the Court’s decision in Reno, Congress passed COPA. COPA imposes
criminal penalties of a $50,000 fine and six months in prison for the knowing posting, for
“commercial purposes,” of World Wide Web content that is “harmful to minors.” Material
that is “harmful to minors” is defined as:
“any communication, picture, image, graphic image file, article, recording,
writing, or other matter of any kind that is obscene or that-
“(A) the average person, applying contemporary community standards, would
find, taking the material as a whole and with respect to minors, is designed
to appeal to, or is designed to pander to, the prurient interest;
268.
“(B) depicts, describes, or represents, in a manner patently offensive with
respect to minors, an actual or simulated sexual act or sexual contact, an
actual or simulated normal or perverted sexual act, or a lewd exhibition of
the genitals or post-pubescent female breast; and
“(C) taken as a whole, lacks serious literary, artistic, political, or scientific
value for minors.”
“Minor[s]” are defined as “any person under 17 years of age.” A person acts for “commercial
purposes only if such person is engaged in the business of making such communications.”
“Engaged in the business,” in turn,
“means that the person who makes a communication, or offers to make a
communication, by means of the World Wide Web, that includes any material
that is harmful to minors, devotes time, attention, or labor to such activities,
as a regular course of such person’s trade or business, with the objective of
earning a profit as a result of such activities (although it is not necessary that
the person make a profit or that the making or offering to make such
communications be the person’s sole or principal business or source of
income).”
While the statute labels all speech that falls within these definitions as criminal speech, it
also provides an affirmative defense to those who employ specified means to prevent minors
from gaining access to the prohibited materials on their Web site. A person may escape
conviction under the statute by demonstrating that he
“has restricted access by minors to material that is harmful to minors-
“(A) by requiring use of a credit card, debit account, adult access code, or
adult personal identification number;
“(B) by accepting a digital certificate that verifies age; or
“(C) by any other reasonable measures that are feasible under available
technology.”
Since the passage of COPA, Congress has enacted additional laws regulating the Internet
in an attempt to protect minors. For example, it has enacted a prohibition on misleading
Internet domain names, 18 U.S.C. § 2252B, in order to prevent Web site owners from
disguising pornographic Web sites in a way likely to cause uninterested persons to visit
them. It has also passed a statute creating a “Dot Kids” second-level Internet domain, the
content of which is restricted to that which is fit for minors under the age of 13.
B
Respondents, Internet content providers and others concerned with protecting the freedom
of speech, filed suit in the United States District Court for the Eastern District of
Pennsylvania. They sought a preliminary injunction against enforcement of the statute.
269.
After considering testimony from witnesses presented by both respondents and the
Government, the District Court issued an order granting the preliminary injunction….
The Government appealed the District Court’s decision to the United States Court of
Appeals for the Third Circuit. The Court of Appeals affirmed the preliminary injunction,
but on a different ground. The court concluded that the “community standards” language in
COPA by itself rendered the statute unconstitutionally overbroad. We granted certiorari
and reversed, holding that the community-standards language did not, standing alone,
make the statute unconstitutionally overbroad. We emphasized, however, that our decision
was limited to that narrow issue. We remanded the case to the Court of Appeals to
reconsider whether the District Court had been correct to grant the preliminary injunction.
On remand, the Court of Appeals again affirmed the District Court….
II
A…
The District Court, in deciding to grant the preliminary injunction, concentrated primarily
on the argument that there are plausible, less restrictive alternatives to COPA. A statute
that “effectively suppresses a large amount of speech that adults have a constitutional right
to receive and to address to one another ... is unacceptable if less restrictive alternatives
would be at least as effective in achieving the legitimate purpose that the statute was
enacted to serve.” When plaintiffs challenge a content-based speech restriction, the burden
is on the Government to prove that the proposed alternatives will not be as effective as the
challenged statute.
In considering this question, a court assumes that certain protected speech may be
regulated, and then asks what is the least restrictive alternative that can be used to
achieve that goal. The purpose of the test is not to consider whether the challenged
restriction has some effect in achieving Congress’ goal, regardless of the restriction it
imposes. The purpose of the test is to ensure that speech is restricted no further than
necessary to achieve the goal, for it is important to ensure that legitimate speech is not
chilled or punished. For that reason, the test does not begin with the status quo of existing
regulations, then ask whether the challenged restriction has some additional ability to
achieve Congress’ legitimate interest. Any restriction on speech could be justified under
that analysis. Instead, the court should ask whether the challenged regulation is the least
restrictive means among available, effective alternatives.
…As the Government bears the burden of proof on the ultimate question of COPA’s
constitutionality, respondents must be deemed likely to prevail unless the Government has
shown that respondents’ proposed less restrictive alternatives are less effective than COPA.
Applying that analysis, the District Court concluded that respondents were likely to
prevail. That conclusion was not an abuse of discretion, because on this record there are a
number of plausible, less restrictive alternatives to the statute.
The primary alternative considered by the District Court was blocking and filtering
software. Blocking and filtering software is an alternative that is less restrictive than
COPA, and, in addition, likely more effective as a means of restricting children’s access to
materials harmful to them. The District Court, in granting the preliminary injunction, did
so primarily because the plaintiffs had proposed that filters are a less restrictive alternative
270.
to COPA and the Government had not shown it would be likely to disprove the plaintiffs’
contention at trial.
Filters are less restrictive than COPA. They impose selective restrictions on speech at the
receiving end, not universal restrictions at the source. Under a filtering regime, adults
without children may gain access to speech they have a right to see without having to
identify themselves or provide their credit card information. Even adults with children may
obtain access to the same speech on the same terms simply by turning off the filter on their
home computers. Above all, promoting the use of filters does not condemn as criminal any
category of speech, and so the potential chilling effect is eliminated, or at least much
diminished. All of these things are true, moreover, regardless of how broadly or narrowly
the definitions in COPA are construed.
Filters also may well be more effective than COPA. First, a filter can prevent minors from
seeing all pornography, not just pornography posted to the Web from America. The District
Court noted in its factfindings that one witness estimated that 40% of harmful-to-minors
content comes from overseas. COPA does not prevent minors from having access to those
foreign harmful materials. That alone makes it possible that filtering software might be
more effective in serving Congress’ goals. Effectiveness is likely to diminish even further if
COPA is upheld, because the providers of the materials that would be covered by the
statute simply can move their operations overseas. It is not an answer to say that COPA
reaches some amount of materials that are harmful to minors; the question is whether it
would reach more of them than less restrictive alternatives. In addition, the District Court
found that verification systems may be subject to evasion and circumvention, for example,
by minors who have their own credit cards. Finally, filters also may be more effective
because they can be applied to all forms of Internet communication, including e-mail, not
just communications available via the World Wide Web.
That filtering software may well be more effective than COPA is confirmed by the findings
of the Commission on Child Online Protection, a blue-ribbon Commission created by
Congress in COPA itself. Congress directed the Commission to evaluate the relative merits
of different means of restricting minors’ ability to gain access to harmful materials on the
Internet. It unambiguously found that filters are more effective than age-verification
requirements. See Commission on Child Online Protection (COPA), Report to Congress, 19-
21, 23-25, 27 (Oct. 20, 2000) (assigning a score for “Effectiveness” of 7.4 for server-based
filters and 6.5 for client-based filters, as compared to 5.9 for independent adult-ID
verification, and 5.5 for credit card verification). Thus, not only has the Government failed
to carry its burden of showing the District Court that the proposed alternative is less
effective, but also a Government Commission appointed to consider the question has
concluded just the opposite. That finding supports our conclusion that the District Court
did not abuse its discretion in enjoining the statute.
Filtering software, of course, is not a perfect solution to the problem of children gaining
access to harmful-to-minors materials. It may block some materials that are not harmful to
minors and fail to catch some that are. Whatever the deficiencies of filters, however, the
Government failed to introduce specific evidence proving that existing technologies are less
effective than the restrictions in COPA. The District Court made a specific factfinding that
“[n]o evidence was presented to the Court as to the percentage of time that blocking and
filtering technology is over- or underinclusive.” In the absence of a showing as to the
271.
relative effectiveness of COPA and the alternatives proposed by respondents, it was not an
abuse of discretion for the District Court to grant the preliminary injunction. The
Government’s burden is not merely to show that a proposed less restrictive alternative has
some flaws; its burden is to show that it is less effective. It is not enough for the
Government to show that COPA has some effect. Nor do respondents bear a burden to
introduce, or offer to introduce, evidence that their proposed alternatives are more effective.
The Government has the burden to show they are less so. The Government having failed to
carry its burden, it was not an abuse of discretion for the District Court to grant the
preliminary injunction.
One argument to the contrary is worth mentioning—the argument that filtering software is
not an available alternative because Congress may not require it to be used. That argument
carries little weight, because Congress undoubtedly may act to encourage the use of filters.
We have held that Congress can give strong incentives to schools and libraries to use them.
United States v. American Library Assn., Inc., 539 U.S. 194 (2003). It could also take steps
to promote their development by industry, and their use by parents. It is incorrect, for that
reason, to say that filters are part of the current regulatory status quo. The need for
parental cooperation does not automatically disqualify a proposed less restrictive
alternative. In enacting COPA, Congress said its goal was to prevent the “widespread
availability of the Internet” from providing “opportunities for minors to access materials
through the World Wide Web in a manner that can frustrate parental supervision or
control.” COPA presumes that parents lack the ability, not the will, to monitor what their
children see. By enacting programs to promote use of filtering software, Congress could give
parents that ability without subjecting protected speech to severe penalties….
B
There are also important practical reasons to let the injunction stand pending a full trial on
the merits. First, the potential harms from reversing the injunction outweigh those of
leaving it in place by mistake. Where a prosecution is a likely possibility, yet only an
affirmative defense is available, speakers may self-censor rather than risk the perils of
trial. There is a potential for extraordinary harm and a serious chill upon protected speech.
The harm done from letting the injunction stand pending a trial on the merits, in contrast,
will not be extensive. No prosecutions have yet been undertaken under the law, so none will
be disrupted if the injunction stands. Further, if the injunction is upheld, the Government
in the interim can enforce obscenity laws already on the books.
Second, there are substantial factual disputes remaining in the case. As mentioned above,
there is a serious gap in the evidence as to the effectiveness of filtering software. For us to
assume, without proof, that filters are less effective than COPA would usurp the District
Court’s factfinding role. By allowing the preliminary injunction to stand and remanding for
trial, we require the Government to shoulder its full constitutional burden of proof
respecting the less restrictive alternative argument, rather than excuse it from doing so.
Third, and on a related point, the factual record does not reflect current technological
reality—a serious flaw in any case involving the Internet. The technology of the Internet
evolves at a rapid pace. Yet the factfindings of the District Court were entered in February
1999, over five years ago. Since then, certain facts about the Internet are known to have
changed. It is reasonable to assume that other technological developments important to the
272.
First Amendment analysis have also occurred during that time. More and better filtering
alternatives may exist than when the District Court entered its findings. Indeed, we know
that after the District Court entered its factfindings, a congressionally appointed
commission issued a report that found that filters are more effective than verification
screens.
Delay between the time that a district court makes factfindings and the time that a case
reaches this Court is inevitable, with the necessary consequence that there will be some
discrepancy between the facts as found and the facts at the time the appellate court takes
up the question. We do not mean, therefore, to set up an insuperable obstacle to fair review.
Here, however, the usual gap has doubled because the case has been through the Court of
Appeals twice. The additional two years might make a difference. By affirming the
preliminary injunction and remanding for trial, we allow the parties to update and
supplement the factual record to reflect current technological realities.
Remand will also permit the District Court to take account of a changed legal landscape.
Since the District Court made its factfindings, Congress has passed at least two further
statutes that might qualify as less restrictive alternatives to COPA—a prohibition on
misleading domain names, and a statute creating a minors-safe “Dot Kids” domain.
Remanding for trial will allow the District Court to take into account those additional
potential alternatives.
On a final point, it is important to note that this opinion does not hold that Congress is
incapable of enacting any regulation of the Internet designed to prevent minors from
gaining access to harmful materials. The parties, because of the conclusion of the Court of
Appeals that the statute’s definitions rendered it unconstitutional, did not devote their
attention to the question whether further evidence might be introduced on the relative
restrictiveness and effectiveness of alternatives to the statute. On remand, however, the
parties will be able to introduce further evidence on this point. This opinion does not
foreclose the District Court from concluding, upon a proper showing by the Government
that meets the Government’s constitutional burden as defined in this opinion, that COPA is
the least restrictive alternative available to accomplish Congress’ goal….
[Justice Stevens’ concurrence and Justice Scalia’s dissent omitted].
Justice BREYER, with whom THE CHIEF JUSTICE and Justice O’CONNOR join,
dissenting.
The Child Online Protection Act (Act) seeks to protect children from exposure to commercial
pornography placed on the Internet. It does so by requiring commercial providers to place
pornographic material behind Internet “screens” readily accessible to adults who produce
age verification. The Court recognizes that we should “‘proceed ... with care before
invalidating the Act,’” while pointing out that the “imperative of according respect to the
Congress ... does not permit us to depart from well-established First Amendment
principles.” I agree with these generalities. Like the Court, I would subject the Act to “the
most exacting scrutiny,” requiring the Government to show that any restriction of
nonobscene expression is “narrowly drawn” to further a “compelling interest” and that the
restriction amounts to the “least restrictive means” available to further that interest.
273.
Nonetheless, my examination of (1) the burdens the Act imposes on protected expression,
(2) the Act’s ability to further a compelling interest, and (3) the proposed “less restrictive
alternatives” convinces me that the Court is wrong. I cannot accept its conclusion that
Congress could have accomplished its statutory objective—protecting children from
commercial pornography on the Internet—in other, less restrictive ways.
I
Although the Court rests its conclusion upon the existence of less restrictive alternatives, I
must first examine the burdens that the Act imposes upon protected speech. That is
because the term “less restrictive alternative” is a comparative term. An “alternative” is
“less restrictive” only if it will work less First Amendment harm than the statute itself,
while at the same time similarly furthering the “compelling” interest that prompted
Congress to enact the statute. Unlike the majority, I do not see how it is possible to make
this comparative determination without examining both the extent to which the Act
regulates protected expression and the nature of the burdens it imposes on that expression.
That examination suggests that the Act, properly interpreted, imposes a burden on
protected speech that is no more than modest.
A
The Act’s definitions limit the material it regulates to material that does not enjoy First
Amendment protection, namely, legally obscene material, and very little more. A
comparison of this Court’s definition of unprotected, “legally obscene,” material with the
Act’s definitions makes this clear.
Material is legally obscene if
“(a) ... ‘the average person, applying contemporary community standards’
would find that the work, taken as a whole, appeals to the prurient interest
...; (b) ... the work depicts or describes, in a patently offensive way, sexual
conduct specifically defined by the applicable state law; and (c) ... the work,
taken as a whole, lacks serious literary, artistic, political, or scientific value.”
The present statute defines the material that it regulates as material that meets all of the
following criteria:
“(A) the average person, applying contemporary community standards, would
find, taking the material as a whole and with respect to minors, [that the
material] is designed to appeal to, or is designed to pander to, the prurient
interest;
“(B) [the material] depicts, describes, or represents, in a manner patently
offensive with respect to minors, an actual or simulated sexual act or sexual
contact, an actual or simulated normal or perverted sexual act, or a lewd
exhibition of the genitals or post-pubescent female breast; and
“(C) [the material] taken as a whole, lacks serious literary, artistic, political,
or scientific value for minors.” (emphasis added).
274.
Both definitions define the relevant material through use of the critical terms “prurient
interest” and “lacks serious literary, artistic, political, or scientific value.” Insofar as
material appeals to, or panders to, “the prurient interest,” it simply seeks a sexual
response. Insofar as “patently offensive” material with “no serious value” simply seeks that
response, it does not seek to educate, it does not seek to elucidate views about sex, it is not
artistic, and it is not literary. That is why this Court, in Miller, held that the First
Amendment did not protect material that fit its definition.
The only significant difference between the present statute and Miller’s definition consists
of the addition of the words “with respect to minors” and “for minors.” But the addition of
these words to a definition that would otherwise cover only obscenity expands the statute’s
scope only slightly. That is because the material in question (while potentially harmful to
young children) must, first, appeal to the “prurient interest” of, i.e., seek a sexual response
from, some group of adolescents or postadolescents (since young children normally do not so
respond). And material that appeals to the “prurient interest[s]” of some group of
adolescents or postadolescents will almost inevitably appeal to the “prurient interest[s]” of
some group of adults as well.
The “lack of serious value” requirement narrows the statute yet further—despite the
presence of the qualification “for minors.” That is because one cannot easily imagine
material that has serious literary, artistic, political, or scientific value for a significant
group of adults, but lacks such value for any significant group of minors. Thus, the statute,
read literally, insofar as it extends beyond the legally obscene, could reach only borderline
cases. And to take the words of the statute literally is consistent with Congress’ avowed
objective in enacting this law; namely, putting material produced by professional
pornographers behind screens that will verify the age of the viewer. See S. Rep. No. 105-
225, p. 3 (1998) (hereinafter S. Rep.) (“The bill seeks to restrict access to commercial
pornography on the Web by requiring those engaged in the business of the commercial
distribution of material that is harmful to minors to take certain prescribed steps to restrict
access to such material by minors ...”); H.R. Rep. No. 105-775, pp. 5, 14 (1998) (hereinafter
H.R. Rep.) (explaining that the bill is aimed at the sale of pornographic materials and
provides a defense for the “commercial purveyors of pornography” that the bill seeks to
regulate).
These limitations on the statute’s scope answer many of the concerns raised by those who
attack its constitutionality. Respondents fear prosecution for the Internet posting of
material that does not fall within the statute’s ambit as limited by the “prurient interest”
and “no serious value” requirements; for example: an essay about a young man’s experience
with masturbation and sexual shame; “a serious discussion about birth control practices,
homosexuality, ... or the consequences of prison rape”; an account by a 15-year-old, written
for therapeutic purposes, of being raped when she was 13; a guide to self-examination for
testicular cancer; a graphic illustration of how to use a condom; or any of the other postings
of modern literary or artistic works or discussions of sexual identity, homosexuality,
sexually transmitted diseases, sex education, or safe sex, let alone Aldous Huxley’s Brave
New World, J.D. Salinger’s Catcher in the Rye, or, as the complaint would have it, “Ken
Starr’s report on the Clinton-Lewinsky scandal.”
275.
These materials are not both (1) “designed to appeal to, or ... pander to, the prurient
interest” of significant groups of minors and (2) lacking in “serious literary, artistic,
political, or scientific value” for significant groups of minors. Thus, they fall outside the
statute’s definition of the material that it restricts, a fact the Government acknowledged at
oral argument.
I have found nothing elsewhere in the statute’s language that broadens its scope. Other
qualifying phrases, such as “taking the material as a whole,” and “for commercial
purposes,” limit the statute’s scope still more, requiring, for example, that individual
images be considered in context. In sum, the Act’s definitions limit the statute’s scope to
commercial pornography. It affects unprotected obscene material. Given the inevitable
uncertainty about how to characterize close-to-obscene material, it could apply to (or chill
the production of) a limited class of borderline material that courts might ultimately find is
protected. But the examples I have just given fall outside that class.
B
The Act does not censor the material it covers. Rather, it requires providers of the “harmful
to minors” material to restrict minors’ access to it by verifying age. They can do so by
inserting screens that verify age using a credit card, adult personal identification number,
or other similar technology. In this way, the Act requires creation of an Internet screen that
minors, but not adults, will find difficult to bypass.
I recognize that the screening requirement imposes some burden on adults who seek access
to the regulated material, as well as on its providers. The cost is, in part, monetary. The
parties agreed that a Web site could store card numbers or passwords at between 15 and 20
cents per number. And verification services provide free verification to Web site operators,
while charging users less than $20 per year. According to the trade association for the
commercial pornographers who are the statute’s target, use of such verification procedures
is “standard practice” in their online operations.
In addition to the monetary cost, and despite strict requirements that identifying
information be kept confidential, the identification requirements inherent in age screening
may lead some users to fear embarrassment. Both monetary costs and potential
embarrassment can deter potential viewers and, in that sense, the statute’s requirements
may restrict access to a site. But this Court has held that in the context of congressional
efforts to protect children, restrictions of this kind do not automatically violate the
Constitution. And the Court has approved their use.
In sum, the Act at most imposes a modest additional burden on adult access to legally
obscene material, perhaps imposing a similar burden on access to some protected borderline
obscene material as well.
II
I turn next to the question of “compelling interest,” that of protecting minors from exposure
to commercial pornography. No one denies that such an interest is “compelling.” Rather, the
question here is whether the Act, given its restrictions on adult access, significantly
advances that interest. In other words, is the game worth the candle?
276.
The majority argues that it is not, because of the existence of “blocking and filtering
software.” The majority refers to the presence of that software as a “less restrictive
alternative.” But that is a misnomer—a misnomer that may lead the reader to believe that
all we need do is look to see if the blocking and filtering software is less restrictive; and to
believe that, because in one sense it is (one can turn off the software), that is the end of the
constitutional matter.
But such reasoning has no place here. Conceptually speaking, the presence of filtering
software is not an alternative legislative approach to the problem of protecting children
from exposure to commercial pornography. Rather, it is part of the status quo, i.e., the
backdrop against which Congress enacted the present statute. It is always true, by
definition, that the status quo is less restrictive than a new regulatory law. It is always less
restrictive to do nothing than to do something. But “doing nothing” does not address the
problem Congress sought to address—namely, that, despite the availability of filtering
software, children were still being exposed to harmful material on the Internet.
Thus, the relevant constitutional question is not the question the Court asks: Would it be
less restrictive to do nothing? Of course it would be. Rather, the relevant question posits a
comparison of (a) a status quo that includes filtering software with (b) a change in that
status quo that adds to it an age-verification screen requirement. Given the existence of
filtering software, does the problem Congress identified remain significant? Does the Act
help to address it? These are questions about the relation of the Act to the compelling
interest. Does the Act, compared to the status quo, significantly advance the ball? (An
affirmative answer to these questions will not justify “[a]ny restriction on speech,” as the
Court claims, for a final answer in respect to constitutionality must take account of burdens
and alternatives as well.)
The answers to these intermediate questions are clear: Filtering software, as presently
available, does not solve the “child protection” problem. It suffers from four serious
inadequacies that prompted Congress to pass legislation instead of relying on its voluntary
use. First, its filtering is faulty, allowing some pornographic material to pass through
without hindrance. Just last year, in American Library Assn., Justice STEVENS described
“fundamental defects in the filtering software that is now available or that will be available
in the foreseeable future.” He pointed to the problem of underblocking: “Because the
software relies on key words or phrases to block undesirable sites, it does not have the
capacity to exclude a precisely defined category of images.” That is to say, in the absence of
words, the software alone cannot distinguish between the most obscene pictorial image and
the Venus de Milo. No Member of this Court disagreed.
Second, filtering software costs money. Not every family has the $40 or so necessary to
install it. By way of contrast, age screening costs less. See supra, at 2800 (citing costs of up
to 20 cents per password or $20 per user for an identification number).
Third, filtering software depends upon parents willing to decide where their children will
surf the Web and able to enforce that decision. As to millions of American families, that is
not a reasonable possibility. More than 28 million school age children have both parents or
their sole parent in the work force, at least 5 million children are left alone at home without
277.
supervision each week, and many of those children will spend afternoons and evenings with
friends who may well have access to computers and more lenient parents.
Fourth, software blocking lacks precision, with the result that those who wish to use it to
screen out pornography find that it blocks a great deal of material that is valuable. As
Justice STEVENS pointed out, “the software’s reliance on words to identify undesirable
sites necessarily results in the blocking of thousands of pages that contain content that is
completely innocuous for both adults and minors, and that no rational person could
conclude matches the filtering companies’ category definitions, such as pornography or sex.”
Indeed, the American Civil Liberties Union (ACLU), one of the respondents here, told
Congress that filtering software “block[s] out valuable and protected information, such as
information about the Quaker religion, and web sites including those of the American
Association of University Women, the AIDS Quilt, the Town Hall Political Site (run by the
Family Resource Center, Christian Coalition and other conservative groups).” The software
“is simply incapable of discerning between constitutionally protected and unprotected
speech.” It “inappropriately blocks valuable, protected speech, and does not effectively block
the sites [it is] intended to block.”
Nothing in the District Court record suggests the contrary. No respondent has offered to
produce evidence at trial to the contrary. No party has suggested, for example, that
technology allowing filters to interpret and discern among images has suddenly become, or
is about to become, widely available. Indeed, the Court concedes that “[f]iltering software, of
course, is not a perfect solution to the problem.”
In sum, a “filtering software status quo” means filtering that underblocks, imposes a cost
upon each family that uses it, fails to screen outside the home, and lacks precision. Thus,
Congress could reasonably conclude that a system that relies entirely upon the use of such
software is not an effective system. And a law that adds to that system an age-verification
screen requirement significantly increases the system’s efficacy. That is to say, at a modest
additional cost to those adults who wish to obtain access to a screened program, that law
will bring about better, more precise blocking, both inside and outside the home.
The Court’s response—that 40% of all pornographic material may be of foreign origin—is
beside the point. Even assuming (I believe unrealistically) that all foreign originators will
refuse to use screening, the Act would make a difference in respect to 60% of the Internet’s
commercial pornography. I cannot call that difference insignificant.
The upshot is that Congress could reasonably conclude that, despite the current availability
of filtering software, a child protection problem exists. It also could conclude that a
precisely targeted regulatory statute, adding an age-verification requirement for a narrow
range of material, would more effectively shield children from commercial pornography.
Is this justification sufficient? The lower courts thought not. But that is because those
courts interpreted the Act as imposing far more than a modest burden. They assumed an
interpretation of the statute in which it reached far beyond legally obscene and borderline
obscene material, affecting material that, given the interpretation set forth above, would
fall well outside the Act’s scope. But we must interpret the Act to save it, not to destroy it.
So interpreted, the Act imposes a far lesser burden on access to protected material. Given
the modest nature of that burden and the likelihood that the Act will significantly further
278.
Congress’ compelling objective, the Act may well satisfy the First Amendment’s stringent
tests. Indeed, it does satisfy the First Amendment unless, of course, there is a genuine
alternative, “less restrictive” way similarly to further that objective.
III
I turn, then, to the actual “less restrictive alternatives” that the Court proposes. The Court
proposes two real alternatives, i.e., two potentially less restrictive ways in which Congress
might alter the status quo in order to achieve its “compelling” objective.
First, the Government might “act to encourage” the use of blocking and filtering software.
The problem is that any argument that rests upon this alternative proves too much. If one
imagines enough Government resources devoted to the problem and perhaps additional
scientific advances, then, of course, the use of software might become as effective and less
restrictive. Obviously, the Government could give all parents, schools, and Internet cafes
free computers with filtering programs already installed, hire federal employees to train
parents and teachers on their use, and devote millions of dollars to the development of
better software. The result might be an alternative that is extremely effective.
But the Constitution does not, because it cannot, require the Government to disprove the
existence of magic solutions, i.e., solutions that, put in general terms, will solve any
problem less restrictively but with equal effectiveness. Otherwise, “the undoubted ability of
lawyers and judges,” who are not constrained by the budgetary worries and other practical
parameters within which Congress must operate, “to imagine some kind of slightly less
drastic or restrictive an approach would make it impossible to write laws that deal with the
harm that called the statute into being.” As Justice Blackmun recognized, a “judge would be
unimaginative indeed if he could not come up with something a little less ‘drastic’ or a little
less ‘restrictive’ in almost any situation, and thereby enable himself to vote to strike
legislation down.” Perhaps that is why no party has argued seriously that additional
expenditure of government funds to encourage the use of screening is a “less restrictive
alternative.”
Second, the majority suggests decriminalizing the statute, noting the “chilling effect” of
criminalizing a category of speech. To remove a major sanction, however, would make the
statute less effective, virtually by definition.
IV
My conclusion is that the Act, as properly interpreted, risks imposition of minor burdens on
some protected material—burdens that adults wishing to view the material may overcome
at modest cost. At the same time, it significantly helps to achieve a compelling
congressional goal, protecting children from exposure to commercial pornography. There is
no serious, practically available “less restrictive” way similarly to further this compelling
interest. Hence the Act is constitutional.
V
The Court’s holding raises two more general questions. First, what has happened to the
“constructive discourse between our courts and our legislatures” that “is an integral and
279.
admirable part of the constitutional design”? After eight years of legislative effort, two
statutes, and three Supreme Court cases the Court sends this case back to the District
Court for further proceedings. What proceedings? I have found no offer by either party to
present more relevant evidence. What remains to be litigated? I know the Court says that
the parties may “introduce further evidence” as to the “relative restrictiveness and
effectiveness of alternatives to the statute.” But I do not understand what that new
evidence might consist of.
Moreover, Congress passed the current statute “[i]n response to the Court’s decision in
Reno” striking down an earlier statutory effort to deal with the same problem. Congress
read Reno with care. It dedicated itself to the task of drafting a statute that would meet
each and every criticism of the predecessor statute that this Court set forth in Reno. It
incorporated language from the Court’s precedents, particularly the Miller standard,
virtually verbatim. And it created what it believed was a statute that would protect
children from exposure to obscene professional pornography without obstructing adult
access to material that the First Amendment protects. See H.R. Rep., at 5 (explaining that
the bill was “carefully drafted to respond to the Supreme Court’s decision in Reno”); S. Rep.,
at 2 (same). What else was Congress supposed to do?
I recognize that some Members of the Court, now or in the past, have taken the view that
the First Amendment simply does not permit Congress to legislate in this area. Others
believe that the Amendment does not permit Congress to legislate in certain ways, e.g.,
through the imposition of criminal penalties for obscenity. There are strong constitutional
arguments favoring these views. But the Court itself does not adopt those views. Instead, it
finds that the Government has not proved the nonexistence of “less restrictive alternatives.”
That finding, if appropriate here, is universally appropriate. And if universally appropriate,
it denies to Congress, in practice, the legislative leeway that the Court’s language seems to
promise. If this statute does not pass the Court’s “less restrictive alternative” test, what
does? If nothing does, then the Court should say so clearly.
As I have explained, I believe the First Amendment permits an alternative holding. We
could construe the statute narrowly—as I have tried to do—removing nearly all protected
material from its scope. By doing so, we could reconcile its language with the First
Amendment’s demands. We would “save” the statute, “not ... destroy” it. And in the process,
we would permit Congress to achieve its basic child-protecting objectives.
Second, will the majority’s holding in practice mean greater or lesser protection for
expression? I do not find the answer to this question obvious. The Court’s decision removes
an important weapon from the prosecutorial arsenal. That weapon would have given the
Government a choice—a choice other than “ban totally or do nothing at all.” The Act tells
the Government that, instead of prosecuting bans on obscenity to the maximum extent
possible (as respondents have urged as yet another “alternative”), it can insist that those
who make available material that is obscene or close to obscene keep that material under
wraps, making it readily available to adults who wish to see it, while restricting access to
children. By providing this third option—a “middle way”—the Act avoids the need for
potentially speech-suppressing prosecutions.
That matters in a world where the obscene and the nonobscene do not come tied neatly into
separate, easily distinguishable, packages. In that real world, this middle way might well
280.
have furthered First Amendment interests by tempering the prosecutorial instinct in
borderline cases. At least, Congress might have so believed. And this likelihood, from a
First Amendment perspective, might ultimately have proved more protective of the rights
of viewers to retain access to expression than the all-or-nothing choice available to
prosecutors in the wake of the majority’s opinion.
For these reasons, I dissent.
NOTES AND QUESTIONS
Following this ruling, the case proceeded to a month-long trial, after which the district
court reaffirmed the statute’s deficiencies and issued a permanent injunction. American
Civil Liberties Union v. Gonzales, 478 F. Supp. 2d 775 (E.D. Pa. 2007), aff’d, American Civil
Liberties Union v. Mukasey, 534 F.3d 181 (3d Cir. 2008). In 2009, the case reached the
Supreme Court a third time. It denied certiorari and finally ended the decade-long
litigation. The case ran so long that four different Attorneys General were named in the
case captions (Reno, Ashcroft, Gonzales, and Mukasey). Does the slow pace of
Constitutional litigation provide any insights into the challenges of regulating the Internet?
If a court ruling had resurrected a 1990s-era content regulation statute on the Internet
circa 2010s, it would have shocked everyone.
As Chapter 1 indicated, online age verification remains a challenge even today. Does that
affect your assessment of the dissent’s analysis?
When you were a minor, did your parents or your school install blocking/filtering software
on your computers? Was it effective?
The majority cites the “Dot Kids” domain as an effort by Congress to create a kid-safe zone
on the Internet. If you’ve never heard of that effort, don’t feel bad. The Dot Kids domain
was a complete failure. See https://www.about.us/policies/ustld-stakeholder-
council/suspension-of-kids-us-namespace:
the kids.us namespace saw few and declining registrations and active
websites, despite discounts on registrations and efforts to promote the
namespace to children’s content providers. By 2011, the number of
registrations was down to 651, with only six active websites, all of which were
by providers with a more robust presence on another top-level domain. In
aggregate, these sites garnered only 470 unique visitors per year.
In light of these conditions, in 2012 Neustar requested and was granted by
the Department of Commerce a temporary suspension of the namespace; new
registrations were halted, and existing registrations were either allowed to
lapse or terminated with refund.
The majority cites 18 U.S.C. § 2252B as another law that protects children online. I am
aware of only one prosecution of this crime. John Zuccarini, a well-known “typosquatter”
who registered thousands of typographical error versions of domain names hoping to
capture the attention of bad spellers and folks with fat fingers, was convicted for
typosquatting on names like Disneyland, Teletubbies, and Britney Spears and sending the
281.
traffic to pornographic websites. If, in fact, there has been only one prosecution, would that
have any relevance to the majority’s analysis?
How should we respond when minors produce their own pornography and share it with
their peers? See Hanna Rosin, Why Kids Sext, THE ATLANTIC, Nov. 2014,
http://www.theatlantic.com/magazine/archive/2014/11/why-kids-
sext/380798/?single_page=true.
282.
VIII. Defamation and Information Torts
47 U.S.C. § 230. Protection for private blocking and screening of offensive
material.
(a) Findings. The Congress finds the following:
(1) The rapidly developing array of Internet and other interactive computer
services available to individual Americans represent an extraordinary
advance in the availability of educational and informational resources to our
citizens.
(2) These services offer users a great degree of control over the information
that they receive, as well as the potential for even greater control in the
future as technology develops.
(3) The Internet and other interactive computer services offer a forum for a
true diversity of political discourse, unique opportunities for cultural
development, and myriad avenues for intellectual activity.
(4) The Internet and other interactive computer services have flourished, to
the benefit of all Americans, with a minimum of government regulation.
(5) Increasingly Americans are relying on interactive media for a variety of
political, educational, cultural, and entertainment services.
(b) Policy. It is the policy of the United States—
(1) to promote the continued development of the Internet and other
interactive computer services and other interactive media;
(2) to preserve the vibrant and competitive free market that presently exists
for the Internet and other interactive computer services, unfettered by
Federal or State regulation;
(3) to encourage the development of technologies which maximize user control
over what information is received by individuals, families, and schools who
use the Internet and other interactive computer services;
(4) to remove disincentives for the development and utilization of blocking
and filtering technologies that empower parents to restrict their children’s
access to objectionable or inappropriate online material; and
(5) to ensure vigorous enforcement of Federal criminal laws to deter and
punish trafficking in obscenity, stalking, and harassment by means of
computer.
(c) Protection for “Good Samaritan” blocking and screening of offensive material
(1) Treatment of publisher or speaker
No provider or user of an interactive computer service shall be treated as the
publisher or speaker of any information provided by another information
content provider.
(2) Civil liability
No provider or user of an interactive computer service shall be held liable on
account of—
283.
(A) any action voluntarily taken in good faith to restrict access
to or availability of material that the provider or user considers
to be obscene, lewd, lascivious, filthy, excessively violent,
harassing, or otherwise objectionable, whether or not such
material is constitutionally protected; or
(B) any action taken to enable or make available to information
content providers or others the technical means to restrict
access to material described in paragraph (A).
(d) Obligations of interactive computer service
A provider of interactive computer service shall, at the time of entering an agreement with
a customer for the provision of interactive computer service and in a manner deemed
appropriate by the provider, notify such customer that parental control protections (such as
computer hardware, software, or filtering services) are commercially available that may
assist the customer in limiting access to material that is harmful to minors. Such notice
shall identify, or provide the customer with access to information identifying, current
providers of such protections.
(e) Effect on other laws
(1) No effect on criminal law. Nothing in this section shall be construed to
impair the enforcement of section 223 or 231 of this title, chapter 71 (relating
to obscenity) or 110 (relating to sexual exploitation of children) of title 18, or
any other Federal criminal statute.
(2) No effect on intellectual property law. Nothing in this section shall be
construed to limit or expand any law pertaining to intellectual property.
(3) State law. Nothing in this section shall be construed to prevent any State
from enforcing any State law that is consistent with this section. No cause of
action may be brought and no liability may be imposed under any State or
local law that is inconsistent with this section.
(4) No effect on communications privacy law. Nothing in this section shall be
construed to limit the application of the Electronic Communications Privacy
Act of 1986 or any of the amendments made by such Act, or any similar State
law.
(5) No effect on sex trafficking law. Nothing in this section (other than
subsection (c)(2)(A)) shall be construed to impair or limit—
(A) any claim in a civil action brought under section 1595 of
title 18, United States Code, if the conduct underlying the
claim constitutes a violation of section 1591 of that title;
(B) any charge in a criminal prosecution brought under State
law if the conduct underlying the charge would constitute a
violation of section 1591 of title 18, United States Code; or
(C) any charge in a criminal prosecution brought under State
law if the conduct underlying the charge would constitute a
violation of section 2421A of title 18, United States Code, and
promotion or facilitation of prostitution is illegal in the
jurisdiction where the defendant’s promotion or facilitation of
prostitution was targeted.
284.
(f) Definitions. As used in this section:
(1) Internet. The term “Internet” means the international computer network
of both Federal and non-Federal interoperable packet switched data
networks.
(2) Interactive computer service. The term “interactive computer service”
means any information service, system, or access software provider that
provides or enables computer access by multiple users to a computer server,
including specifically a service or system that provides access to the Internet
and such systems operated or services offered by libraries or educational
institutions.
(3) Information content provider. The term “information content provider”
means any person or entity that is responsible, in whole or in part, for the
creation or development of information provided through the Internet or any
other interactive computer service.
(4) Access software provider. The term “access software provider” means a
provider of software (including client or server software), or enabling tools
that do any one or more of the following:
(A) filter, screen, allow, or disallow content;
(B) pick, choose, analyze, or digest content; or
(C) transmit, receive, display, forward, cache, search, subset,
organize, reorganize, or translate content.
285.
An Introduction to Section 230
47 U.S.C. § 230 says that websites and other online services aren’t liable for third party
content. This legal policy is simple and elegant, but it’s hardly intuitive, and it has had
extraordinary consequences for the Internet and our society. This note provides the
background behind Section 230, an overview of the law, and some thoughts about its
importance.
Pre-Section 230 Law
In general, liability for third party content attaches where the disseminator has the
discretion to publish it or not. Where a disseminator cannot exercise editorial control—such
as telephone service providers functioning in their legal status as common carriers—the
disseminator isn’t legally responsible for third party content it had to disseminate. In
contrast, where the disseminator can exercise editorial control over what to disseminate—
such as traditional publishers—the disseminator accepts legal liability for the decisions it
makes. Thus, generally, traditional publishers are liable for all of the content they, in their
editorial discretion, choose to publish.
When it comes to third party content, many online intermediaries don’t neatly fit into
either the common carrier or traditional publisher models. It is often difficult or impossible
to have humans prescreen content before disseminating it. In some cases, the volume of
content makes prescreening too expensive or too slow. Where content is meant for real-time
dissemination, such as live-streaming video or chatrooms, prescreening is effectively
impossible. At the same time, most online intermediaries aren’t legally defined as common
carriers, and indeed society benefits when these intermediaries refuse service to customers
that engage in abusive, objectionable, or criminal activities.
Before Congress enacted Section 230, two cases addressed this issue.
The first was Cubby v. CompuServe, a 1991 case from the Southern District of New York.
At the time, CompuServe provided its subscribers dial-up connectivity to its network plus
“walled garden” access to content resources and databases that they could browse.
CompuServe charged subscribers per-minute they were online, and CompuServe shared a
portion of those subscriber charges as license fees to content publishers.
CompuServe had a licensing arrangement to carry a third party newsletter called
Rumorville. Rumorville periodically uploaded its content electronically to CompuServe’s
servers. CompuServe employees did not prescreen these uploads.
Perhaps not surprisingly (given its name), Rumorville was accused of defamation. The
plaintiff sued CompuServe and others. The court dismissed CompuServe, holding that for
defamation purposes, CompuServe acted as the “distributor” of Rumorville, not the
publisher, and therefore could be liable only if it knew or had reason to know of the
defamatory content. Due to Rumorville’s automated uploads, CompuServe lacked such
scienter.
Though CompuServe won the ruling, the court’s legal standard was not a clear win for the
industry. Following the judge’s approach, liability for third party content could attach
286.
whenever the online intermediary knew, or should have known, of the defamation. At
minimum, this created a notice-and-takedown standard for defamation; and the possibility
of a “heckler’s veto” where it would be easy to get content removed by submitting
illegitimate allegations of defamation. This ruling also didn’t address liability for claims
other than defamation, nor did it address services where humans prescreened third party
content before publication.
Nevertheless, the Cubby ruling provided some guidance to the nascent industry. Many
online intermediaries took a light-handed approach to moderating or removing third party
content with the hopes that they would characterized, like CompuServe, as not having
reason to know of problematic third party content.
The second pre-Section 230 ruling shook up that practice. The 1995 New York state court
case of Stratton Oakmont v. Prodigy involved the online message boards of Prodigy, a
CompuServe competitor. A user allegedly posted defamatory remarks about Stratton
Oakmont, an investment bank that was depicted unfavorably in the movie Wolf of Wall
Street. The investment bank sued Prodigy for $100 million. The court held that Prodigy
could be liable for the user’s defamatory message board posts because Prodigy had
marketed itself as a family-friendly service and had taken steps to remove objectionable
content from its message board. The court said that collectively, these efforts had turned
Prodigy into a “publisher” of the user-supplied message board content and exposed it to
liability.
The Moderator’s Dilemma
As you recall from the Reno v. ACLU case, 1995 was also the time of a techno-panic about
children having access to online pornography. Congress wanted and expected online
intermediaries to aggressively screen out pornography and other objectionable content. It
would be counterproductive if a legal rule deterred online intermediaries from taking these
socially valuable steps.
Arguably, the Stratton Oakmont ruling did exactly that. According to Stratton Oakmont,
trying to remove objectionable content, but failing to do that job perfectly, left the online
intermediary legally exposed for everything it missed—with potentially business-ending
legal exposure for each and every missed item.
This dynamic creates “The Moderator’s Dilemma.” The moderator/online intermediary must
choose between two principal options: (1) moderate or remove user content to promote a
safe or family-friendly environment and accept legal responsibility for anything it misses,
in which case the moderator will aggressively screen/remove third party content to reduce
that liability (or not permit third party content at all), or (2) do as little as possible to
manage user content, in which case it can argue that it does not “know or have reason to
know” about any legally problematic content, which may allow it to escape legal exposure
for that content. The second strategy is exactly what Congress didn’t want online
intermediaries to do, because weak moderation would lead to more children being exposed
to pornography online. However, following the Cubby and Stratton Oakmont cases, many
online intermediaries were likely to pursue the second strategy and reduce their efforts to
screen out objectionable content.
287.
Section 230 was designed to eliminate the Moderator’s Dilemma. As the legislative history
explains, Section 230 was intended to overrule Stratton Oakmont “and any other similar
decisions which have treated providers and users as publishers or speakers of content that
is not their own because they have restricted access to objectionable material.”
Section 230’s Protections for Defendants
Section 230(c)(1) says: “No provider or user of an interactive computer service shall be
treated as the publisher or speaker of any information provided by another information
content provider.” Typically, courts require defendants to establish three prima facie
elements to obtain the immunity:
(1) The immunity applies to a “provider or user of an interactive computer service.” The
statutory definition of “interactive computer service” describes how CompuServe, Prodigy,
America Online, and other mid-1990 services offered customers a subscription to dial-up
Internet/server access plus walled-garden content. However, courts have interpreted
“providers” expansively to include virtually any software or service available through the
Internet. Furthermore, “users” of interactive computer services should, in theory, describe
everyone with Internet access. This means, in practice, that everyone online should satisfy
this first element. It is not just limited to websites.
(2) The immunity applies to any claims that treat the defendant as a “publisher or
speaker.” This standard makes sense in the context of defamation, where “publication” is an
express element of the plaintiff’s prima facie case. However, courts usually read this
element more broadly to apply when a claim’s prima facie elements do not contain the term
“publisher” or “speaker.” Typically, courts find this element satisfied whenever the plaintiff
seeks to hold the defendant responsible for third party content—unless the claim fits into
one of the statutory exceptions (discussed below).
(3) The immunity applies when the plaintiff’s claim is based on information “provided by
another information content provider.” This element seeks to distinguish first-party content
from third-party content; defendants are immunized only for the latter. Sometimes, the
division between first-party and third-party content is obvious. Employee-authored content
should normally qualify as first-party content; user-submitted content should normally
qualify as third-party content. However, plaintiffs have deployed a vast array of legal
theories—some more successful than others—to muddy the distinction and hold defendants
liable for what is otherwise fairly obviously third party content.
To recap these three prima facie elements: typically, Section 230(c)(1) applies to anyone
connected to the Internet for any claim (other than the statutorily excluded claims) that is
based on third party content. In other words, websites and online services aren’t liable for
third party content.
Notice that Section 230(c)(1) says nothing about the defendant’s scienter. As a result, a
defendant can have scienter about problematic content—for example, they can “know” that
they are publishing tortious or illegal third-party content—and still avoid liability for that
content. E.g., Marshall’s Locksmith Service Inc. v. Google LLC, 925 F.3d 1263 (D.C. Cir.
2019) (“it is ‘well established that notice of the unlawful nature of the information provided
is not enough to make it the service provider’s own speech’”). For that reason, we have not
288.
seen the same tendentious philosophical inquiries into when an online service “knows”
about user content that we’ve seen in the copyright context with the DMCA’s online safe
harbor. Furthermore, Section 230(c)(1) applies even if the defendant does human
prescreening, or post-hoc reviews of, third-party content. Section 230(c)(1) is equally
available to a service that exercises the same level of editorial control as a traditional
publisher or exercises zero editorial control.
Thus, Section 230 remarkably collapses the legal distinctions between traditional
publishers and common carriers. Section 230(c)(1) says that online intermediaries can
function like traditional publishers but receive the favorable legal treatment of common
carriers. As you can imagine, this is a counterintuitive result that frequently baffles
plaintiffs and occasionally baffles judges.
Section 230(c)(2) provides two additional protections for online intermediaries. Section
230(c)(2)(A) protects good faith decisions to block or remove content the intermediary
considers “to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise
objectionable.” Section 230(c)(2)(B) protects providing the “technical means to restrict
access to [objectionable] material,” such as the filtering instructions provided by anti-spam
or anti-spyware software.
Compared to Section 230(c)(1), Section 230(c)(2) comes up in litigation relatively rarely.
Section 230(c)(2)(B) applies mostly to the filtering software context, and a key Ninth Circuit
ruling in 2009 has largely eliminated lawsuits against anti-spam and anti-spyware vendors
from entities (though that may be in jeopardy due to a 2019 ruling, Enigma Software Group
USA, LLC v. Malwarebytes, Inc., 946 F.3d 1040 (9th Cir. 2019)).
Otherwise, the most likely plaintiffs that would implicate Section 230(c)(2)(A) are a
service’s content uploaders who are unhappy that the service removed their content. In
many cases, any particular content item won’t be significant enough for an aggrieved
uploader to sue, but there are exceptions. For example, if a record label puts a lot of money
behind marketing the URL of a YouTube video, and then YouTube removes the video, the
marketing investments may be wasted. We’re also seeing a spike of cases from
“conservatives” who believe that their content was removed due to the service’s bias against
them. However, these plaintiffs—the content uploaders—almost always agree to the
service’s user agreement, which will contain many protective provisions like termination for
convenience, a disclaimer of any obligation to publish (or a reservation of the service’s
unrestricted editorial discretion), limitations of liability, and more. Section 230(c)(2) can
supplement the contract protections, but it may merely reinforce the legal conclusion that
contract law would reach anyways.
In addition, courts are now resolving many cases by blocked/filtered users on Section
230(c)(1) grounds by treating the plaintiff-user’s removed content as third-party content to
the defendant-online service.
Defendants prefer relying on Section 230(c)(1) over Section 230(c)(1)(A) if possible because
Section 230(c)(2) depends on whether the defendant acted in “good faith.” Plaintiffs can
easily allege bad faith removal or blocking by the defendant, even when the plaintiff doesn’t
have evidence to back up the allegation. These unsupported allegations increase the odds
that the case will survive a motion to dismiss and advance to discovery and summary
289.
judgment—a more expensive and time-consuming proposition. If defendants can find a way
to defeat the lawsuit on a motion to dismiss using some other legal theory, Section
230(c)(2)’s delayed resolution isn’t that helpful.
Section 230(c)(1) provides substantial immunity for defendants, but its procedural benefits
are also critical to defendants. See Eric Goldman, Why Section 230 is Better than the First
Amendment, NOTRE DAME L. REV. ONLINE (forthcoming 2019),
https://ssrn.com/abstract=3351323. Many defendants win Section 230(c)(1) cases on a
motion to dismiss (recall, as just discussed, that Section 230(c)(2) lacks this feature in
practice). In those situations, the case is over quickly and at relatively no cost, without
expensive discovery or summary judgment motions. Furthermore, because of its broad
scope, plaintiffs’ attempts to plead around Section 230(c)(1) often doesn’t work, meaning
that creative plaintiffs can’t innovate a way past a motion to dismiss. Contrast the quick
and easy Section 230(c)(1) dismissals with the often-arduous defense wins in Section 512
cases like Veoh. The procedural benefits make a huge substantive difference to defendants.
Section 230’s Statutory Exclusions
Section 230 has four statutory exclusions, where Section 230 is categorically unavailable.
Due to these exceptions, it is blatantly wrong to characterize Section 230 as a “blanket”
immunity or a “get-out-of-jail-free card”—characterizations that are all-too-frequent in
court opinions and policy-making circles.
#1: ECPA/State Law Equivalents. Section 230 does not apply to plaintiffs’ claims based on
the Electronic Communications Privacy Act or state law equivalents. This exception has
been rarely litigated because it’s almost impossible for an ECPA prima facie claim to
implicate Section 230.
#2: Intellectual Property Claims. Section 230 does not apply to “intellectual property”
claims. “Intellectual property” isn’t defined in the statute, and this exception is more
complicated than it might appear.
In Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102 (9th Cir. 2007), the Ninth Circuit held that
Section 230’s IP exclusion only applied to federal intellectual property claims, so Section
230 preempted all state intellectual property claims. State IP claims can include state
trademark claims, state copyright claims, trade secret claims, publicity right claims and
possibly others. Thus, in the Ninth Circuit, the CCBill precedent has been used numerous
times in lawsuits predicated on third party state IP claims. Courts outside the Ninth
Circuit typically do not agree with the CCBill ruling, so state intellectual property claims
may be viable in those jurisdictions despite Section 230. But see Hepp v. Facebook, Inc.,
2020 WL 3034815 (E.D. Pa. June 5, 2020) (applying CCBill outside the Ninth Circuit to a
state publicity rights claim).
All courts agree that federal intellectual property claims, such as federal copyright and
federal trademark claims, based on third party content are clearly excluded from Section
230. However, Congress expressly said the Defend Trade Secrets Act, the federal trade
secret law, is not an intellectual property law, so any DTSA claims based on third party
content are immunized by Section 230. See Craft Beer Stellar, LLC v. Glassdoor, Inc., 2018
290.
WL 5084837 (D. Mass. 2018) (“The DTSA claim is thus subject to the immunity provisions
of § 230”); Eric Goldman, The Defend Trade Secrets Act Isn’t an Intellectual Property Law,
33 SANTA CLARA HIGH TECH. L.J. 541 (2017).
#3: Federal Criminal Prosecutions. Prosecutions of federal crimes are not immunized by
Section 230. The U.S. Department of Justice rarely pursues websites for third-party
content, but the exceptions are noteworthy. For example, in 2007, Google, Yahoo and
Microsoft paid a total of $31.5 million to settle complaints about running illegal gambling
ads. In 2011, Google paid $500 million to settle complaints about running ads for illegal
pharmacies. In the DOJ’s prosecution of the purported operator of the Silk Road
marketplace for illegal items, Ross Ulbricht got a lifetime sentence.
While federal criminal enforcement is excluded from Section 230, civil claims based on
federal criminal law are preempted. See Doe v. Bates, 2006 WL 3813758 (E.D. Tex. 2006);
Jane Doe No. 1 v. Backpage.com, LLC, 817 F.3d 12 (1st Cir. 2016). State criminal
prosecutions are also preempted, other than FOSTA. See Eric Goldman, The Implications of
Excluding State Crimes from 47 U.S.C. § 230’s Immunity, July 2013,
http://ssrn.com/abstract=2287622.
#4: FOSTA. In 2018, Congress created several new exceptions to Section 230 in the Fight
Online Sex Trafficking Act. We’ll discuss that law later.
Section 230’s Implications
Section 230 is an exceptionalist statute: it treats the Internet differently than other media.
Indeed, Section 230 is the quintessential exceptionalist statute from the Internet
exceptionalism peak in the mid-1990s. To demonstrate Section 230’s exceptionalist nature,
consider this example:
Scenario A: An author submits a “letter to the editor” to her local newspaper. The letter
contains defamatory statements. The newspaper publishes the letter in its “dead trees”
edition. The newspaper will be equally liable for defamation with the letter author.
Scenario B: The same author submits the same letter to her local newspaper, but the local
newspaper only publishes the letter in its online edition, not in its “dead trees” edition. The
author will still be liable, but Section 230 protects the newspaper from liability.
It’s counterintuitive that Scenarios A and B lead to different outcomes. It’s the exact same
content, by the exact same author, disseminated by the exact same publisher, yet the
liability results are completely opposite. As the maxim goes, the medium matters.
We could describe Section 230 as a type of legal privilege. Section 230 “privileges” online
publishers over offline publishers by giving online publishers more favorable legal
protection. This produces a financial benefit by reducing online publishers’ pre-publication
costs and post-publication financial exposure. These legal and financial benefits make sense
in the 1990s context, where most major newspapers were de facto monopolies in their local
communities and most online publishers of third-party content were small hobbyists. But in
the modern era, where Internet giants like Google and Facebook are among the most highly
291.
valued companies ever to exist and most newspapers are struggling to survive, this
allocation of privileges might seem even more counterintuitive.
However, focusing on Section 230’s benefit to the Internet giants fundamentally
misunderstands Section 230’s immunity. Section 230 allows companies to dial up or down
their level of editorial control to reflect the needs of their community. Other services can
adopt different editorial practices than Google or Facebook, so there can be a wider array of
options for authors and readers. More importantly, new marketplace entrants don’t need to
make the same upfront investments into content moderation that Google and Facebook
make. If new entrants had to develop industrial-grade content moderation procedures from
day one, we’d see far fewer new entrants. Thus, Section 230’s benefit to Google and
Facebook is a small piece of the equation. Section 230’s real payoff comes from enabling
new entrants that compete with—and perhaps ultimately dethrone—Google and Facebook.
Thus, Section 230 helps keep the Internet market open. In contrast, regulators often think
curtailing Section 230 will be a good way to hurt the Internet giants like Google and
Facebook. They are completely mistaken. Google and Facebook can afford to accommodate
new regulatory obligations in ways that new entrants cannot. Thus, reducing Section 230’s
immunity would reinforce Google and Facebook’s marketplace position by making it more
difficult for new entrants to emerge and compete. Sometimes people say that “the Internet”
no longer needs Section 230’s 1990s-style exceptionalist privilege, but this makes sense only
by equating “the Internet” with “Google and Facebook.” Unless we’re at the end of the
innovation curve for new Internet services based on third party content—and likely we’re
still closer to the beginning than to the end—Section 230’s immunity fosters and
encourages the yet-to-be-born services that we’ll all benefit from.
Another common complaint about Section 230 is that services can receive the legal
protection even if they do nothing to moderate content, and services will choose that option
to minimize their costs. Accordingly, the critics believe Section 230 facilitates the creation
of “cyber cesspools,” i.e., services that affirmatively want and intend to profit from anti-
social content.
It’s true that Section 230 protects all services from liability from third party content, even
services that do not moderate content and therefore become hotbeds of anti-social content.
However, there are two major problems with the arguments that Section 230 encourages
services to cut corners on content moderation.
First, cyber cesspools tend to quickly fail in the market, despite Section 230’s protection. In
the late 2000s, for example, there was a lot of angst about gossip-focused services like
JuicyCampus, People’s Dirt and AutoAdmit. All of them are gone. More recently, Yik Yak’s
anonymous local service garnered substantial criticism. It, too, is gone. It turns out that
“cyber cesspools” develop terrible reputations and become a poor business investment.
People will always keep trying to build them, but Section 230 won’t ensure their survival
for very long.
In contrast, every reputable service undertakes substantial and expensive content
moderation efforts as part of building trust with their users and (if applicable) keeping
advertisers happy. These services won’t just do the “minimum.” Accordingly, it is
292.
demonstrably false to claim that Section 230 means online services will “do nothing” about
bad content.
Second, Section 230 critics often assume that reducing the immunity will reduce the total
incidence of anti-social content, but this is almost certainly not true. All legitimate services
voluntarily undertake socially valuable policing work against anti-social content—just as
the designers of Section 230 had hoped they would. If revisions to Section 230 have the
effect of reinstating the moderator’s dilemma, some of those services will turn off or reduce
their voluntary policing efforts, and we could counterintuitively see a net society-wide
increase in anti-social behavior due to the services that opt for the do-nothing approach.
Stated differently, even if some rogue services temporarily abuse Section 230’s immunity,
Section 230’s immunity might still produce the lowest net level of anti-social content of any
policy option.
There is another alternative: we could restore the offline publishers’ liability rule to all
online services and hold online services liable for all third party content they publish. This
would likely force online services to prescreen all third party content.
Prescreening would dramatically reduce the level of anti-social content, but it also
eliminate many of the Internet’s best aspects. For example, imagine how Twitter might
work with human-prescreened tweets. If Twitter could even afford to stay in business due
to the labor costs, all tweets would have a delay of minutes, hours, or longer. There might
still be some social role for a time-delayed Twitter, but more likely, it would lose most of its
value. Can you think of other services you enjoy daily that wouldn’t make any sense
financially or functionally if humans had to prescreen each item of content, with a
substantial time delay to publication?
Section 230 creates winners and losers, but so does every other policy alternative. Section
230 strikes a balance between promoting innovation and motivating industry players to
voluntarily undertake socially valuable screening efforts. Its results are stunning: aided in
large part by Section 230, the Internet has grown into an integral part of our society,
companies have created trillions of dollars of economic wealth and millions of new jobs, and
we have benefited from the emergence of new services and content that never would have
emerged with a different liability regime. Think about your own online routines: you almost
certainly benefit from Section 230-protected Internet services on an hour-by-hour or even
minute-by-minute basis.
293.
A Note About FOSTA*
In 2018, Congress passed the first major reduction in the scope of Section 230’s immunity.
This note explains what happened.
Background on Online Commercial Sex Ads
People have advertised commercial sex online for a long time. In the 2000s, sex worker
advertising consolidated in Craigslist’s “erotic services” category. Not all “erotic services”
are illegal, but the bulk of the category’s listings were advertising for illegal prostitution.
This led to several lawsuits (and threats of lawsuits) against Craigslist, which it defeated
on Section 230 grounds, but the pressure grew so great that Craigslist finally abandoned
the category (which it had renamed “adult services”) in 2010.
After a short period of chaos, commercial sex advertising reconsolidated at another online
classified service, Backpage.com. Unlike Craigslist, which viewed such ads as an
unavoidable consequence of its open-door approach to classified ads, Backpage viewed these
advertisements as a profitable opportunity and made numerous moves to maximize its
profits. This naturally inflamed regulators, who viewed Backpage’s aggressiveness as
blatantly illegal and Section 230’s protection of Backpage as outrageous. Furthermore,
some ads for commercial sex promoted victims of sex trafficking. Backpage claimed it took
steps to find those ads and report them to law enforcement. However, many regulators felt
that Backpage wasn’t doing enough to protect sex trafficking victims and instead was
profiting from their victimization.
Nomenclature note: “sex trafficking” is a semantically confusing term, but legally, it means
paid sexual activity by (1) minors who cannot consent to such activity, or (2) someone
compelled to engage in such activity.
Despite Backpage’s encouragement of commercial sex advertising and possible complicity in
sex trafficking victimization, Backpage won a series of courtroom victories based on Section
* I testified against SESTA in the Senate Commerce Committee and against FOSTA in the House Commerce
Committee, and I blogged against SESTA/FOSTA about two dozen times, so it’s fair to say that I oppose FOSTA.
294.
230, the First Amendment and other grounds. This left regulators aghast—surely Section
230 did not make it impossible to shut down Backpage’s seemingly illegal activity?
Congress Responds to Backpage
Every session of Congress sees the introduction of an extensive list of legislative proposals
to fight sex trafficking. See, e.g., Cary Glynn, An Overview of Congress’ Pending Legislation
on Sex Trafficking (Guest Blog Post), TECH. & MKTG. L. BLOG, Oct. 2, 2017,
https://blog.ericgoldman.org/archives/2017/10/an-overview-of-congress-pending-legislation-
on-sex-trafficking-guest-blog-post.htm. As you can imagine, these legislative proposals
routinely garner substantial Congressional support given the horrors of sex trafficking.
Thus, the Backpage situation virtually ensured there would be a Congressional collision
between some anti-sex trafficking advocates and Section 230.
In 2015, Congress enacted the SAVE Act, expressly targeting Backpage. (It was passed as
part of a larger anti-sex trafficking bill, the Justice for Victims of Trafficking Act of 2015).
The law extended the existing federal sex trafficking crime to include knowingly
advertising sex trafficking victims. Though the SAVE Act didn’t amend Section 230
directly, it fit into Section 230’s exclusion for federal criminal prosecutions.
Backpage unsuccessfully challenged the law preemptively. The court dismissed the
challenge on procedural grounds, but along the way, it flatly declared that the First
Amendment does not protect ads for illegal sex trafficking. Backpage.com, LLC v. Lynch,
216 F. Supp. 3d 96 (D.D.C. 2016).
Despite the SAVE Act’s targeting of Backpage, it appears the new SAVE Act crime has
never been asserted against Backpage or anyone else.
In 2017, despite (or because of?) the SAVE Act’s apparent failure to eradicate Backpage,
Congress revisited the Backpage problem. In Spring, Rep. Wagner (who had sponsored the
SAVE Act) introduced a complex and harsh House bill acronymed FOSTA. In Summer, the
Senate introduced a similar, but slightly less harsh, bill acronymed SESTA.
The Senate moved more quickly than the House. After a Senate Commerce Committee
hearing in September 2017, SESTA’s sponsors introduced a slightly revised version. The
then-leading Internet trade association, the Internet Association, dropped its opposition
and endorsed the revised SESTA. Other Internet company advocates still objected, but the
bill passed the Senate Commerce Committee.
In the House, the House Judiciary Committee introduced and passed a substitute version of
FOSTA that focused on commercial sex advertising, not sex trafficking. The substitute
FOSTA version was intended as a policy alternative to SESTA, and SESTA opponents
viewed it as less harmful to the Internet. However, after some backroom negotiations, a
compromise was struck: instead of picking between SESTA and the substitute FOSTA, the
two disparate policy solutions were combined into a new version of FOSTA that I dubbed
“the worst of both worlds.” This “Worst of Both Worlds” FOSTA passed both chambers by
overwhelming margins—the House in February 2018, the Senate in March 2018. President
Trump signed the bill on April 11, 2018.
295.
What FOSTA Does
The combination of revised SESTA and substitute FOSTA into a single bill resulted in an
extremely complex bill with six main provisions (this is a very stylized summary; as usual,
there’s no substitute for reading the actual statute!):
1) FOSTA creates a new federal crime, 2421A, for anyone who “owns, manages, or operates
an interactive computer service” (or conspiring/attempting to do so) with the “intent to
promote or facilitate” prostitution. There are steep enhanced penalties if the prostitution
involves sex trafficking.
2) FOSTA also expands the existing federal sex trafficking crime, 1591, to include
“knowingly assisting, supporting, or facilitating” sex trafficking. Like the SAVE Act, both
the new 2421A and the revised 1591, as changes to federal criminal law, take advantage of
Section 230’s inapplicability to federal criminal prosecution.
3) FOSTA adds a new Section 230 exclusion for state criminal prosecutions of activity that
violates 1591. (In other words, state crimes that are coextensive with 1591 are now
prosecutable without a Section 230 defense).
4) FOSTA adds a new Section 230 exclusion for state criminal prosecutions of activity that
violates 2421A.
5) FOSTA adds a new Section 230 exclusion for civil causes of action based on behavior that
violates 1591. Note: as an artifact of the SESTA/FOSTA combination, civil causes of action
for behavior that violates 2421A apparently are not subject to this exclusion, even though
that seems inconsistent with FOSTA’s purposes.
6) FOSTA authorizes state attorneys general to bring “parens patriae” civil claim for
residents affected by violations of 1591.
Despite FOSTA’s addition of a new Section 230 exclusion, FOSTA retained Section
230(c)(2)(A) applicability to items #3-5. Section 230(c)(2)(A) protects good faith content
removals, but this defense doesn’t make sense because services principally face FOSTA-
related liability for content they publish, not content they remove. See Eric Goldman, How
SESTA Undermines Section 230’s Good Samaritan Provisions, TECH. & MKTG. L. BLOG,
Nov. 7, 2017, https://blog.ericgoldman.org/archives/2017/11/how-sesta-undermines-section-
230s-good-samaritan-provisions.htm. Defendants could try to argue that Section 230(c)(2)
protects them from FOSTA liability for items they missed so long as they made good faith
efforts to remove problematic content, but this argument is untested.
If you’re confused by all of this or what it means in practice, you definitely are not alone! At
best, only a small handful of legislators who voted for the Worst of Both Worlds FOSTA
fully understood its provisions or implications.
FOSTA’s Denouement
FOSTA’s story is still being written, but within the first few months of its enactment,
several developments of note took place.
296.
Backpage’s Seizure and Prosecution. On April 6, 2018—after Congress passed FOSTA but
before Pres. Trump signed it—the FBI raided Backpage, seized all of its assets, and shut
down the website.
Along with the seizure, the U.S. Department of Justice and several state attorneys general
filed criminal charges against Backpage and several principals, alleging Travel Act (18
U.S.C. §1952) violations (based on prostitution crimes) and money laundering. In
conjunction with the seizure—again, before Pres. Trump signed FOSTA on April 11—the
Backpage corporate entity and its CEO, Carl Ferrer, pleaded guilty to the charges. Ferrer
took a plea deal to testify against his collaborators in exchange for a more favorable jail
sentence, and both Ferrer and Backpage agreed to make restitution of up to $500 million.
Obviously the seizure and prosecution didn’t happen overnight. Indeed, a federal grand jury
in Phoenix had been investigating Backpage for about 18 months. Yet, the exact timing was
curious. Congress had passed the SAVE Act and FOSTA as anti-Backpage measures, yet
the DOJ and state AGs shut down Backpage and obtained a guilty plea from its CEO
297.
without using either of the new crimes that Congress had specially designed to target
Backpage. Instead, the successful seizure and prosecution was based on crimes that had
been on the books from the beginning. So why did Congress need to enact the SAVE Act or
FOSTA? And why didn’t the DOJ bring an enforcement action earlier? Had the enforcement
taken place a couple weeks earlier, the Senate might have decided not to pass FOSTA. And
with Backpage already out of the market by April 6, which mooted the proponents’
principal justification for FOSTA, why did Pres. Trump sign the law on April 11?*
All along, FOSTA’s opponents told Congress that FOSTA wasn’t needed because existing
crimes already covered Backpage, so Congress should wait until the FBI and DOJ had
completed their work. In a sense, the seizure and prosecution proved that the opponents
were 100% correct; Backpage was gone and its CEO destined for jail before FOSTA even
became law.
Now that understand the sequence of events, please don’t perpetuate the myth, frequently
advanced by the media and FOSTA’s supporters, that FOSTA eliminated Backpage. That
ahistorical assertion signals ignorance—or propaganda.
Civil Claims Against Backpage. FOSTA was also intended to provide financial justice for
sex trafficking victims. If Backpage had profited on their victimization, shouldn’t it pay for
this? However, Section 230 had made such lawsuits challenging, including the First
Circuit’s Doe v. Backpage ruling in 2016 that emphatically held Section 230 prevented the
victims’ civil claims. Thus, to FOSTA supporters, it seemed like Section 230 needed a
change to let victims obtain financial recourse.
(1591 has a mandatory victim restitution provision, so if the DOJ successfully prosecuted
Backpage pursuant to 1591, victims would be compensated. Also, the restitution promises
by Ferrer and Backpage.com—based on pre-FOSTA law—will provide victim compensation
without any further lawsuits by victims).
Throughout 2017, new evidence emerged about Backpage’s involvement with its
advertisements that raised increased doubts that Backpage could continue to rely on
Section 230 to avoid liability. Thus, FOSTA opponents argued that Section 230 didn’t need
amendment because victims were likely to use this evidence to get around Section 230 in
future litigation.
On March 29, 2018 and March 31, 2018—after the Senate’s passage of FOSTA and before
Pres. Trump’s signing—two different federal district courts issued opinions holding that
victim claims against Backpage survived Backpage’s Section 230-based motion to dismiss.
While these rulings don’t ensure financial judgments for the victims, they proved—before
FOSTA became law—that Section 230 did not prevent civil lawsuits against Backpage.
To recap: before Pres. Trump signed FOSTA, Backpage was gone, its CEO was convicted,
victim restitution was guaranteed, and two different courts held that Section 230 didn’t
prevent victims’ civil claims. Yet, FOSTA became law anyway.
* Proponents claimed also they wanted to reach “the next Backpage” that would emerge after Backpage’s
demise, though proponents could only speculate about what that service might look like, whether it would even
emerge, and whether the statutory changes would reach it.
298.
The Internet Shrank. Because FOSTA imposes criminal liability based on what online
services “know” about third party content, FOSTA effectively resurrects the “moderator’s
dilemma” discussed earlier that Section 230 had been designed to eliminate. Services that
might let third parties promote commercial sex now face the possibility that they will be
deemed to “know” of these promotions and face extreme criminal liability. As a result,
services have three primary options:
1) Perfectly implement content moderation efforts to ensure no such promotions appear on
the service, and if any slip through despite these efforts, hope that the service has done
enough to satisfy prosecutors and the courts that they didn’t “know” of the rogue
promotions.
2) Turn off content moderation efforts to negate the possibility of “knowing” about the
content.
3) Exit the industry.
Most of the brand-name players, such as Google, Facebook, and the major dating services,
apparently adopted the first strategy. They expanded their content moderation operations,
eliminate any content that looks dubious, and pray that they can convince prosecutors and
judges that they should not be liable for whatever they missed. For these services, FOSTA
increases their legal and business risk and their costs, but it will have only a modest effect
on their day-to-day operations.
In contrast, several smaller services chose the third option and shut down. The most
prominent was Craigslist, which turned off its personals section entirely.
Dozens of other services that enabled dating or catered to the sex worker community shut
down as well. In addition, there were reports that Microsoft and Google took a number of
steps to shut down more content on their services in response to FOSTA’s threat, including
deleting private files from Google Drive.
Will FOSTA Help Sex Trafficking Victims? FOSTA’s many flaws become less troubling if
the law actually helps ameliorate sex trafficking. Unfortunately, there are many good
reasons to believe that FOSTA doesn’t help anyone—and has hurt several communities.
299.
There have been numerous reports of how FOSTA has been devastating to voluntary sex
workers. By advertising on Backpage.com, sex workers were able to develop their own
customer base without relying on pimps (and the associated physical coercion and financial
control exercised by pimps), and sex workers could vet prospective customers for safety
concerns before agreeing to meet with them. Furthermore, making arrangements online
with customers allowed sex workers to pick safe venues for their meetings, which markedly
differs from the physical safety concerns posed by “walking the streets.” By eliminating
online advertising by sex workers, FOSTA pushed sex workers back to the streets, where
they once again become subject to the dominion of pimps, and where they lose some of the
physical safety protections they had gained through online negotiations.
Worse, post-FOSTA, there have been reports that arrests for sex trafficking have gone
down, while arrests for prostitution have increased. The likely explanation is that pursuing
sex trafficking cases have become harder because law enforcement cannot find potential
criminals or victims by perusing Backpage.com or setting up sting operations at
Backpage.com or Craigslist. Because they now lack the best evidence to help identify and
rescue sex trafficking victims, law enforcement has redirected its resources away from sex
trafficking enforcement and towards more traditional enforcement against sex workers and
their customers.
Sex trafficking is a horrific crime, and we should all support legislative efforts to combat it.
FOSTA was not that solution, however. Instead, the in-the-field outcomes of FOSTA include
increased physical violence against sex workers, fewer prosecutions against sex trafficking
criminals, and lower odds that law enforcement will rescue sex trafficking victims.
Especially in light of the fact that FOSTA wasn’t needed to “take down” Backpage.com
(assuming that was a good policy goal in the first place), FOSTA appears to have caused
more misery for sex workers and sex trafficking victims with zero offsetting policy benefits.
See Eric Goldman, Who Benefited from FOSTA? (Spoiler: Probably No One), TECH. & MKTG.
L. BLOG, Jan. 29, 2019, https://blog.ericgoldman.org/archives/2019/01/who-benefited-from-
fosta-spoiler-probably-no-one.htm. Accordingly, FOSTA may be one of Congress’ worst
achievements in Internet regulatory policy.
What’s Next for Section 230?
For its first twenty years, Section 230 seemed politically untouchable. Everyone loved the
Internet, no one wanted to undermine its potential, and Google and Facebook spent a lot on
lobbying and posed a formidable challenge to potential opponents.
In what felt like an instant, the political calculus changed completely. Some factions of the
anti-sex trafficking advocacy community proved to be far more effective at lobbying than
the Internet community, and lots of people have fallen out of love with the Internet—and
especially with Google and Facebook, who many regulators and consumers think have
acquired too much power and therefore require regulatory intervention.
So what happens to Section 230 post-FOSTA? One scenario is that some anti-sex trafficking
advocates were uniquely effective at lobbying due to the extreme sympathy they engender.
If so, other victim advocacy groups or anti-Google/Facebook lobbying efforts may find it
hard to achieve the same outcome.
300.
Another scenario is that FOSTA is just the first of a string of new statutory exceptions to
Section 230, as every victims’ group queues up to ask their exception, and every regulator
thinks that amending Section 230 is a good way to stick it to Google and Facebook. (In fact,
as discussed before, amendments to Section 230 are far more likely to hurt Google/Facebook
rivals and entrench the incumbents’ dominant position). If the latter scenario comes to
pass, the cumulative effect of the amendments could easily undermine Section 230’s
integrity, so that plaintiffs can maneuver into one of the amendments and Section 230 ends
up being functionally worthless.
It will be interesting to see if regulators, and the general population, can fall back in love
with the Internet. The Internet enables truly miraculous activity, along with acting as a
“mirror” for the anti-social elements that have always existed in our society. To the extent
we focus on the anti-social behavior, and ignore the Internet’s remarkable aspects, further
amendments to Section 230 seem inevitable. Or, if we keep in mind the Internet’s stunning
contributions to society, we might be more amenable to preserving Section 230. In that
sense, future battles over Section 230 will be a proxy for our overall optimism or cynicism
about the Internet’s impact on society generally.
301.
The next case, Zeran v. AOL, is one of the most influential and best-known Internet law
opinions, and it is the most important Section 230 opinion to date. For more about the
case’s background and implications, see Eric Goldman & Jeff Kosseff, Commemorating the
20th Anniversary of Internet Law’s Most Important Judicial Decision, LAW.COM, Nov. 10,
2017 and the 20+ associated essays. See
https://blog.ericgoldman.org/archives/2017/11/commemorating-the-20-year-anniversary-of-
zeran-v-aol.htm.
Zeran v. AOL was the first federal appellate ruling interpreting Section 230. It interpreted
the immunity quite broadly, laying the legal foundation for the modern Internet.
Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997).
Kenneth Zeran brought this action against America Online, Inc. (“AOL”), arguing that AOL
unreasonably delayed in removing defamatory messages posted by an unidentified third
party, refused to post retractions of those messages, and failed to screen for similar postings
thereafter. The district court granted judgment for AOL on the grounds that the
Communications Decency Act of 1996 (“CDA”)—47 U.S.C. § 230—bars Zeran’s claims.
Zeran appeals, arguing that § 230 leaves intact liability for interactive computer service
providers who possess notice of defamatory material posted through their services. He also
contends that § 230 does not apply here because his claims arise from AOL’s alleged
negligence prior to the CDA’s enactment. Section 230, however, plainly immunizes
computer service providers like AOL from liability for information that originates with
third parties….Accordingly, we affirm the judgment of the district court.
I.
“The Internet is an international network of interconnected computers,” currently used by
approximately 40 million people worldwide. One of the many means by which individuals
access the Internet is through an interactive computer service. These services offer not only
a connection to the Internet as a whole, but also allow their subscribers to access
information communicated and stored only on each computer service’s individual
proprietary network. AOL is just such an interactive computer service. Much of the
information transmitted over its network originates with the company’s millions of
subscribers. They may transmit information privately via electronic mail, or they may
communicate publicly by posting messages on AOL bulletin boards, where the messages
may be read by any AOL subscriber.
The instant case comes before us on a motion for judgment on the pleadings, so we accept
the facts alleged in the complaint as true. On April 25, 1995, an unidentified person posted
a message on an AOL bulletin board advertising “Naughty Oklahoma T-Shirts.” The
posting described the sale of shirts featuring offensive and tasteless slogans related to the
April 19, 1995, bombing of the Alfred P. Murrah Federal Building in Oklahoma City. Those
interested in purchasing the shirts were instructed to call “Ken” at Zeran’s home phone
number in Seattle, Washington. As a result of this anonymously perpetrated prank, Zeran
received a high volume of calls, comprised primarily of angry and derogatory messages, but
also including death threats. Zeran could not change his phone number because he relied on
its availability to the public in running his business out of his home. Later that day, Zeran
called AOL and informed a company representative of his predicament. The employee
302.
assured Zeran that the posting would be removed from AOL’s bulletin board but explained
that as a matter of policy AOL would not post a retraction. The parties dispute the date
that AOL removed this original posting from its bulletin board.
On April 26, the next day, an unknown person posted another message advertising
additional shirts with new tasteless slogans related to the Oklahoma City bombing. Again,
interested buyers were told to call Zeran’s phone number, to ask for “Ken,” and to “please
call back if busy” due to high demand. The angry, threatening phone calls intensified. Over
the next four days, an unidentified party continued to post messages on AOL’s bulletin
board, advertising additional items including bumper stickers and key chains with still
more offensive slogans. During this time period, Zeran called AOL repeatedly and was told
by company representatives that the individual account from which the messages were
posted would soon be closed. Zeran also reported his case to Seattle FBI agents. By April
30, Zeran was receiving an abusive phone call approximately every two minutes.
[editor’s note: a screenshot of the April 26 posting that wasn’t included in the opinion]
303.
Meanwhile, an announcer for Oklahoma City radio station KRXO received a copy of the
first AOL posting. On May 1, the announcer related the message’s contents on the air,
attributed them to “Ken” at Zeran’s phone number, and urged the listening audience to call
the number. After this radio broadcast, Zeran was inundated with death threats and other
violent calls from Oklahoma City residents. Over the next few days, Zeran talked to both
KRXO and AOL representatives. He also spoke to his local police, who subsequently
surveilled his home to protect his safety. By May 14, after an Oklahoma City newspaper
published a story exposing the shirt advertisements as a hoax and after KRXO made an on-
air apology, the number of calls to Zeran’s residence finally subsided to fifteen per day.
Zeran first filed suit on January 4, 1996, against radio station KRXO in the United States
District Court for the Western District of Oklahoma. On April 23, 1996, he filed this
separate suit against AOL in the same court. Zeran did not bring any action against the
party who posted the offensive messages.1 After Zeran’s suit against AOL was transferred
to the Eastern District of Virginia pursuant to 28 U.S.C. § 1404(a), AOL answered Zeran’s
complaint and interposed 47 U.S.C. § 230 as an affirmative defense. AOL then moved for
judgment on the pleadings pursuant to Fed. R. Civ. P. 12(c). The district court granted
AOL’s motion, and Zeran filed this appeal.
II.
A.
Because § 230 was successfully advanced by AOL in the district court as a defense to
Zeran’s claims, we shall briefly examine its operation here. Zeran seeks to hold AOL liable
for defamatory speech initiated by a third party. He argued to the district court that once
he notified AOL of the unidentified third party’s hoax, AOL had a duty to remove the
defamatory posting promptly, to notify its subscribers of the message’s false nature, and to
effectively screen future defamatory material. Section 230 entered this litigation as an
affirmative defense pled by AOL. The company claimed that Congress immunized
interactive computer service providers from claims based on information posted by a third
party.
The relevant portion of § 230 states: “No provider or user of an interactive computer service
shall be treated as the publisher or speaker of any information provided by another
information content provider.”2 By its plain language, § 230 creates a federal immunity to
any cause of action that would make service providers liable for information originating
with a third-party user of the service. Specifically, § 230 precludes courts from entertaining
claims that would place a computer service provider in a publisher’s role. Thus, lawsuits
seeking to hold a service provider liable for its exercise of a publisher’s traditional editorial
functions—such as deciding whether to publish, withdraw, postpone or alter content—are
barred.
1 Zeran maintains that AOL made it impossible to identify the original party by failing to maintain adequate
records of its users. The issue of AOL’s record keeping practices, however, is not presented by this appeal. 2 …The parties do not dispute that AOL falls within the CDA’s “interactive computer service” definition and
that the unidentified third party who posted the offensive messages here fits the definition of an “information
content provider.”
304.
The purpose of this statutory immunity is not difficult to discern. Congress recognized the
threat that tort-based lawsuits pose to freedom of speech in the new and burgeoning
Internet medium. The imposition of tort liability on service providers for the
communications of others represented, for Congress, simply another form of intrusive
government regulation of speech. Section 230 was enacted, in part, to maintain the robust
nature of Internet communication and, accordingly, to keep government interference in the
medium to a minimum. In specific statutory findings, Congress recognized the Internet and
interactive computer services as offering “a forum for a true diversity of political discourse,
unique opportunities for cultural development, and myriad avenues for intellectual
activity.” It also found that the Internet and interactive computer services “have flourished,
to the benefit of all Americans, with a minimum of government regulation.” (emphasis
added). Congress further stated that it is “the policy of the United States ... to preserve the
vibrant and competitive free market that presently exists for the Internet and other
interactive computer services, unfettered by Federal or State regulation.” (emphasis added).
None of this means, of course, that the original culpable party who posts defamatory
messages would escape accountability. While Congress acted to keep government
regulation of the Internet to a minimum, it also found it to be the policy of the United
States “to ensure vigorous enforcement of Federal criminal laws to deter and punish
trafficking in obscenity, stalking, and harassment by means of computer.” Congress made a
policy choice, however, not to deter harmful online speech through the separate route of
imposing tort liability on companies that serve as intermediaries for other parties’
potentially injurious messages.
Congress’ purpose in providing the § 230 immunity was thus evident. Interactive computer
services have millions of users. The amount of information communicated via interactive
computer services is therefore staggering. The specter of tort liability in an area of such
prolific speech would have an obvious chilling effect. It would be impossible for service
providers to screen each of their millions of postings for possible problems. Faced with
potential liability for each message republished by their services, interactive computer
service providers might choose to severely restrict the number and type of messages posted.
Congress considered the weight of the speech interests implicated and chose to immunize
service providers to avoid any such restrictive effect.
Another important purpose of § 230 was to encourage service providers to self-regulate the
dissemination of offensive material over their services. In this respect, § 230 responded to a
New York state court decision, Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 WL
323710 (N.Y. Sup. Ct. May 24, 1995). There, the plaintiffs sued Prodigy—an interactive
computer service like AOL—for defamatory comments made by an unidentified party on
one of Prodigy’s bulletin boards. The court held Prodigy to the strict liability standard
normally applied to original publishers of defamatory statements, rejecting Prodigy’s claims
that it should be held only to the lower “knowledge” standard usually reserved for
distributors. The court reasoned that Prodigy acted more like an original publisher than a
distributor both because it advertised its practice of controlling content on its service and
because it actively screened and edited messages posted on its bulletin boards.
Congress enacted § 230 to remove the disincentives to self-regulation created by the
Stratton Oakmont decision. Under that court’s holding, computer service providers who
regulated the dissemination of offensive material on their services risked subjecting
305.
themselves to liability, because such regulation cast the service provider in the role of a
publisher. Fearing that the specter of liability would therefore deter service providers from
blocking and screening offensive material, Congress enacted § 230’s broad immunity “to
remove disincentives for the development and utilization of blocking and filtering
technologies that empower parents to restrict their children’s access to objectionable or
inappropriate online material.” In line with this purpose, § 230 forbids the imposition of
publisher liability on a service provider for the exercise of its editorial and self-regulatory
functions.
B.
Zeran argues, however, that the § 230 immunity eliminates only publisher liability, leaving
distributor liability intact. Publishers can be held liable for defamatory statements
contained in their works even absent proof that they had specific knowledge of the
statement’s inclusion. W. Page Keeton et al., Prosser and Keeton on the Law of Torts § 113,
at 810 (5th ed. 1984). According to Zeran, interactive computer service providers like AOL
are normally considered instead to be distributors, like traditional news vendors or book
sellers. Distributors cannot be held liable for defamatory statements contained in the
materials they distribute unless it is proven at a minimum that they have actual knowledge
of the defamatory statements upon which liability is predicated. Id. at 811 (explaining that
distributors are not liable “in the absence of proof that they knew or had reason to know of
the existence of defamatory matter contained in matter published”). Zeran contends that he
provided AOL with sufficient notice of the defamatory statements appearing on the
company’s bulletin board. This notice is significant, says Zeran, because AOL could be held
liable as a distributor only if it acquired knowledge of the defamatory statements’ existence.
Because of the difference between these two forms of liability, Zeran contends that the term
“distributor” carries a legally distinct meaning from the term “publisher.” Accordingly, he
asserts that Congress’ use of only the term “publisher” in § 230 indicates a purpose to
immunize service providers only from publisher liability. He argues that distributors are
left unprotected by § 230 and, therefore, his suit should be permitted to proceed against
AOL. We disagree. Assuming arguendo that Zeran has satisfied the requirements for
imposition of distributor liability, this theory of liability is merely a subset, or a species, of
publisher liability, and is therefore also foreclosed by § 230.
The terms “publisher” and “distributor” derive their legal significance from the context of
defamation law. Although Zeran attempts to artfully plead his claims as ones of negligence,
they are indistinguishable from a garden variety defamation action. Because the
publication of a statement is a necessary element in a defamation action, only one who
publishes can be subject to this form of tort liability. Restatement (Second) of Torts § 558(b)
(1977); Keeton et al., supra, § 113, at 802. Publication does not only describe the choice by
an author to include certain information. In addition, both the negligent communication of
a defamatory statement and the failure to remove such a statement when first
communicated by another party—each alleged by Zeran here under a negligence label—
constitute publication. Restatement (Second) of Torts § 577. In fact, every repetition of a
defamatory statement is considered a publication. Keeton et al., supra, § 113, at 799.
306.
In this case, AOL is legally considered to be a publisher. “[E]very one who takes part in the
publication ... is charged with publication.” Id. Even distributors are considered to be
publishers for purposes of defamation law:
Those who are in the business of making their facilities available to
disseminate the writings composed, the speeches made, and the information
gathered by others may also be regarded as participating to such an extent in
making the books, newspapers, magazines, and information available to
others as to be regarded as publishers. They are intentionally making the
contents available to others, sometimes without knowing all of the contents—
including the defamatory content—and sometimes without any opportunity
to ascertain, in advance, that any defamatory matter was to be included in
the matter published.
Id. at 803. AOL falls squarely within this traditional definition of a publisher and,
therefore, is clearly protected by § 230’s immunity.
Zeran contends that decisions like Stratton Oakmont and Cubby, Inc. v. CompuServe Inc.,
776 F. Supp. 135 (S.D.N.Y. 1991), recognize a legal distinction between publishers and
distributors. He misapprehends, however, the significance of that distinction for the legal
issue we consider here. It is undoubtedly true that mere conduits, or distributors, are
subject to a different standard of liability. As explained above, distributors must at a
minimum have knowledge of the existence of a defamatory statement as a prerequisite to
liability. But this distinction signifies only that different standards of liability may be
applied within the larger publisher category, depending on the specific type of publisher
concerned. See Keeton et al., supra, § 113, at 799-800 (explaining that every party involved
is charged with publication, although degrees of legal responsibility differ). To the extent
that decisions like Stratton and Cubby utilize the terms “publisher” and “distributor”
separately, the decisions correctly describe two different standards of liability. Stratton and
Cubby do not, however, suggest that distributors are not also a type of publisher for
purposes of defamation law.
Zeran simply attaches too much importance to the presence of the distinct notice element in
distributor liability. The simple fact of notice surely cannot transform one from an original
publisher to a distributor in the eyes of the law. To the contrary, once a computer service
provider receives notice of a potentially defamatory posting, it is thrust into the role of a
traditional publisher. The computer service provider must decide whether to publish, edit,
or withdraw the posting. In this respect, Zeran seeks to impose liability on AOL for
assuming the role for which § 230 specifically proscribes liability—the publisher role.
Our view that Zeran’s complaint treats AOL as a publisher is reinforced because AOL is
cast in the same position as the party who originally posted the offensive messages.
According to Zeran’s logic, AOL is legally at fault because it communicated to third parties
an allegedly defamatory statement. This is precisely the theory under which the original
poster of the offensive messages would be found liable. If the original party is considered a
publisher of the offensive messages, Zeran certainly cannot attach liability to AOL under
the same theory without conceding that AOL too must be treated as a publisher of the
statements.
307.
Zeran next contends that interpreting § 230 to impose liability on service providers with
knowledge of defamatory content on their services is consistent with the statutory purposes
outlined in Part IIA. Zeran fails, however, to understand the practical implications of notice
liability in the interactive computer service context. Liability upon notice would defeat the
dual purposes advanced by § 230 of the CDA. Like the strict liability imposed by the
Stratton Oakmont court, liability upon notice reinforces service providers’ incentives to
restrict speech and abstain from self-regulation.
If computer service providers were subject to distributor liability, they would face potential
liability each time they receive notice of a potentially defamatory statement—from any
party, concerning any message. Each notification would require a careful yet rapid
investigation of the circumstances surrounding the posted information, a legal judgment
concerning the information’s defamatory character, and an on-the-spot editorial decision
whether to risk liability by allowing the continued publication of that information.
Although this might be feasible for the traditional print publisher, the sheer number of
postings on interactive computer services would create an impossible burden in the
Internet context. Cf. Auvil v. CBS 60 Minutes, 800 F. Supp. 928, 931 (E.D. Wash. 1992)
(recognizing that it is unrealistic for network affiliates to “monitor incoming transmissions
and exercise on-the-spot discretionary calls”). Because service providers would be subject to
liability only for the publication of information, and not for its removal, they would have a
natural incentive simply to remove messages upon notification, whether the contents were
defamatory or not. Thus, like strict liability, liability upon notice has a chilling effect on the
freedom of Internet speech.
Similarly, notice-based liability would deter service providers from regulating the
dissemination of offensive material over their own services. Any efforts by a service
provider to investigate and screen material posted on its service would only lead to notice of
potentially defamatory material more frequently and thereby create a stronger basis for
liability. Instead of subjecting themselves to further possible lawsuits, service providers
would likely eschew any attempts at self-regulation.
More generally, notice-based liability for interactive computer service providers would
provide third parties with a no-cost means to create the basis for future lawsuits. Whenever
one was displeased with the speech of another party conducted over an interactive
computer service, the offended party could simply “notify” the relevant service provider,
claiming the information to be legally defamatory. In light of the vast amount of speech
communicated through interactive computer services, these notices could produce an
impossible burden for service providers, who would be faced with ceaseless choices of
suppressing controversial speech or sustaining prohibitive liability. Because the probable
effects of distributor liability on the vigor of Internet speech and on service provider self-
regulation are directly contrary to § 230’s statutory purposes, we will not assume that
Congress intended to leave liability upon notice intact….
NOTES AND QUESTIONS
Denouement. The U.S. Supreme Court denied certiorari.
Zeran also sued KRXO, the Oklahoma City radio station. That lawsuit failed because an
Oklahoma audience wouldn’t recognize that the name “Ken” and his Seattle phone number
308.
referenced Ken Zeran. Zeran v. Diamond Broadcasting, Inc., 203 F. 3d 714 (10th Cir. 2000);
see also Robert Nelon, Zeran’s Failed Lawsuit Against an Oklahoma Radio Station,
LAW.COM, Nov. 10, 2017,
http://www.law.com/therecorder/sites/therecorder/2017/11/10/zerans-failed-lawsuit-against-
an-oklahoma-radio-station/.
Whodunit? Although the vocabulary didn’t exist in 1997, we might now call the incident a
cyber-harassment attack or an “e-personation.” Who committed this attack on Zeran? In
one of the greatest unsolved mysteries of Internet Law, the perpetrator still has never been
found. Zeran repeatedly claimed that he was chosen to be a victim at random. Other
suspects include business competitors and former romantic partners. See Eric Goldman,
Who Cyber-Attacked Ken Zeran, and Why?, LAW.COM, Nov. 10, 2017,
https://ssrn.com/abstract=3079234.
Online Defamation Exceptionalism. Online defamation cases can differ doctrinally from
offline defamation cases in at least three ways:
1) Section 230 circumscribes the list of potential defendants.
2) When an author hyperlinks to sources, courts may treat fact-like statements as if they
are opinions characterizing the facts in the linked sources.
3) Courts routinely think Internet readers are more likely to evaluate fact-like statements
online as rhetorical hyperbole or venting and thus treat those statements as opinions, not
facts.
Speech-Enhancing Statutes. When most people think about the legal protection for “free
speech,” they usually think about the First Amendment. The Constitution does play an
important role in protecting free speech, but it only sets a limit on speech regulation.
Legislatures can, and do, enact laws that enhance free speech as a supplement to the First
Amendment. Section 230 is a good example of a speech-enhancing statute.
Anti-SLAPP laws are another example. “SLAPP” is an acronym for “strategic lawsuits
against public participation,” including lawsuits designed to suppress or discourage various
types of socially beneficial speech. If a lawsuit is deemed a SLAPP, an anti-SLAPP law
typically requires the court to dismiss the case early and award attorneys’ fees to the
defendant. About 30 states have passed an anti-SLAPP law, though they vary in scope
widely; and Congress has considered federal anti-SLAPP bills several times.
Where an anti-SLAPP law is available, defendants in Section 230 cases may choose to file
an anti-SLAPP motion to strike instead of a motion to dismiss or answer. Section 230 can
provide a legal basis for why the lawsuit against the defendant is meritless, which supports
a motion to strike. When available by applicable statute, anti-SLAPP motions are also
common in ordinary defamation cases not implicating Section 230.
Another set of speech-enhancing statutes are the Consumer Review Fairness Act and its
state law analogues, including laws passed in California (Civil Code § 1670.8), Illinois, and
Maryland (§ 14–1325), which prohibit businesses from using contract provisions to ban
their customers from writing online reviews about them. See Eric Goldman Understanding
the Consumer Review Fairness Act, 24 MICH. TELECOMM. & TECH. L. REV. 1 (2017).
309.
The “Streisand Effect.” Putting aside the legal merits of a plaintiff’s defamation or privacy
claims, a lawsuit may not be in the plaintiff’s best interest. If the goal is to suppress a
content item, a court case can counterproductively call greater attention to the item and
stoke public curiosity about what the content item contains. This counterproductive
consequence is called the “Streisand Effect” (for the singer Barbra Streisand after she tried
to suppress photos of her backyard), and it’s a major risk for any plaintiff considering a
defamation or privacy lawsuit.
One court wryly observed:
In most respects, O’Kroley didn’t accomplish much in suing Google and the
other defendants. He didn’t win. He didn’t collect a dime. And the search
result about “indecency with a child” remains publicly available. All is not
lost, however. Since filing the case, Google users searching for “Colin
O’Kroley” no longer see the objectionable search result at the top of the list.
Now the top hits all involve this case (there is even a Wikipedia entry on it).
So: Even assuming two premises of this lawsuit are true—that there are
Internet users other than Colin O’Kroley searching “Colin O’Kroley” and that
they look only at the Google previews rather than clicking on and exploring
the links—it’s not likely that anyone will ever see the offending listing at the
root of this lawsuit. Each age has its own form of self-help.
O’Kroley v. Fastcase Inc., 831 F.3d 352 (6th Cir. 2016).
Section 230 and Neutrality. Section 230 has drawn highly partisan attacks from both sides.
In general, Democrats often want online services to do more content moderation or lose
Section 230, and Republicans often want online services to do less content moderation or
lose Section 230. Both critiques routinely misunderstand Section 230’s subtle doctrinal
mechanics. As a result, any proposed fixes to Section 230 almost certainly won’t accomplish
the critics’ desired outcomes.
While I’m anti-partisan and registered as “decline to state” a political party preference, I
find the Republican attacks on Section 230 especially egregious. Republican demagogues
routinely and falsely claim that Section 230 is predicated on “neutrality,” i.e., if an Internet
service exhibits any bias in its content moderation decisions, it loses Section 230’s
immunity. This false claim effectively seeks to impose “must-carry” obligations on Internet
services, because refusing or removing content demonstrates “bias.”
These attacks on Section 230 are frequently based on the afactual and empirically
disproven assertion that Internet services are biased against conservative voices. Among
other problems with the claim, it assumes Internet services uniquely discriminate against
conservatives. They do not. Instead, every community believes that Internet services are
biased against them, pointing to anecdotes where their content was moderated in ways they
disagree with. This reflects a more structural problem with content moderation: it
necessarily is a zero-sum game where someone gets what they want and someone else
doesn’t. The losers of this zero-sum game always believe that the decisions were biased
against them.
310.
Furthermore, in the Trump era, “conservative” voices have become increasingly correlated
with speakers evangelizing hate, racism, misogyny, anti-Semitism, anti-Muslim views, and
other types of exclusionary politics. See Joseph Cox & Jason Koebler, Why Won’t Twitter
Treat White Supremacy Like ISIS? Because It Would Mean Banning Some Republican
Politicians Too., MOTHERBOARD TECH BY VICE, Apr. 25, 2019,
https://www.vice.com/en_us/article/a3xgq5/why-wont-twitter-treat-white-supremacy-like-
isis-because-it-would-mean-banning-some-republican-politicians-too. It would be bizarre
(and quite troubling) to think that screening out that content constitutes “bias” against
“conservatives.” Instead, society expects Internet services to screen out such objectionable
content—especially the Democrats.
More generally, neutrality advocates misunderstand how Section 320 resolved the
Moderator’s Dilemma. Before Section 230, Internet services tried to avoid liability by
moderating as little as possible. Section 230 was designed to encourage online services to
undertake expensive content moderation endeavors rather than doing the minimum. It’s
illogical to suggest that Section 230’s immunity was predicated on not moderating content.
Plus, every publication is biased in the sense that it prioritizes some content and
deprioritizes other content. For example, newspapers decide what stories to cover (and
ignore), how many column-inches to give the story, and whether to put the story on the
front page, the back page or somewhere in between. In fact, we read editorially curated
publications because of these choices. If it weren’t, then it would be useless to us. The exact
same dynamics apply to Internet services.
To the extent content moderation decisions represent “editorial” judgments, they are fully
protected by the First Amendment’s free speech and free press clauses. Efforts to control or
restrict how Internet services perform content moderation limit their editorial discretion
and are thus unconstitutional censorship. Undoubtedly, publishers of third-party content
(both online and off) cannot be forced to publish content they would editorially decide not to.
E.g., Miami Herald Publishing Co. v. Tornillo, 418 U.S. 241 (1974); Manhattan Community
Access Corp. v. Halleck, 587 U.S. ___ (2019); Eric Goldman, Of Course the First Amendment
Protects Google and Facebook (and It’s Not a Close Question), Knight First Amendment
Institute’s Emerging Threats Series, Feb. 2018, https://ssrn.com/abstract=3133496.
Finally, mandating “neutrality” would prevent Internet services from policing their
premises. For example, Internet services wouldn’t be neutral if they treated content
differently from the Democratic Party, the Republican Party, the Communist Party, and
the American Nazi Party. That creates a false equivalency because, in fact, those parties
are not equally credible or legitimate. With mandatory neutrality, Internet services would
be flooded with the worst types of content, with little or no recourse to sort the good from
the bad. In short order, trolls would overwhelm the system. Thus, mandatory “neutrality”
would accelerate the Internet’s demise.
The “Platform” vs. “Publisher” Distinction. Many people assert that Section 230 protects
only platforms, not “publishers.” Unfortunately, this is a pernicious myth:
1) The myth is often advanced by people who don’t know (or seek to destroy) Section 230’s
exceptionalist roots. They argue that it’s not possible for publishers to avoid liability under
311.
traditional common law principles, so Section 230 couldn’t possibly immunize publishing
liability. As an exceptionalist law, that’s exactly what Section 230 does.
2) Section 230 protects all Internet services for making editorial and publication decisions.
The Zeran opinion plainly says “§ 230 forbids the imposition of publisher liability on a
service provider for the exercise of its editorial and self-regulatory functions.” So
“publishers” of third party content qualify for Section 230 protection—and have done so for
over 2 decades.
3) It’s not possible for online “platforms” to provide their services without publishing
content. As an essential part of their services, social media “platforms” and online
marketplaces must publish third-party content. As a result, the entire platform/publisher
distinction is illusory. Instead, the dichotomy often is a rhetorical move to avoid
constitutional problems with desired regulation. In theory, “platforms” should be regulable
without Constitutional limits because, per the platform-publisher distinction, they aren’t
publishing content. Because every “platform” necessarily publishes content, this rhetorical
move hurts the discourse.
My suggestion: don’t use the term “platform.” It is imprecise and easily misunderstood. Try
“Internet service” instead.
Section 230 and Account Termination. Section 230(c)(1) was designed to protect decisions to
publish or “leave up” third-party content, while Section 230(c)(2)(A) was designed to protect
decisions to filter or remove third-party content. To that end, 230(c)(1) and (c)(2)(A) have
different doctrinal requirements—especially Section 230(c)(2)(A)’s requirement that the
filtering/removal decisions be made “in good faith,” which 230(c)(1) lacks. As a result,
defendants prefer handling 230(c)(2)(A)-style cases using 230(c)(1) if possible.
This issue comes up frequently with lawsuits by social media users who have their content
blocked or removed or their accounts terminated or suspended. These lawsuits are
invariably doomed; the only questions are what grounds will end the lawsuit and how
quickly? See generally Eric Goldman, Online User Account Termination and 47 U.S.C.
§230(c)(2), 2 U.C. IRVINE L. REV. 659 (2012), https://ssrn.com/abstract=1934310.
Courts increasingly have accepted a 230(c)(1) defense in these circumstances, under the
theory that the plaintiff’s own content constitutes the “content by another information
content provider” sufficient to satisfy the Section 230(c)(1) prima facie defense elements.
See, e.g., Sikhs for Justice "SFJ", Inc. v. Facebook, Inc., 144 F. Supp. 3d 1088 (N.D. Cal.
2015), aff’d 697 Fed. Appx. 526 (9th Cir. 2017).
To get around this, some plaintiffs have tried to position the social media defendants as
“state actors” who cannot engage in unconstitutional censorship. These workaround
arguments overcome Section 230, but they are still unmeritorious. The Internet giants may
be powerful and have a commanding presence in our media ecology, but they are private
entities making constitutionally protected editorial decisions. See, e.g., Prager University v.
Google LLC, 951 F.3d 991 (9th Cir. 2020); Federal Agency of News LLC v. Facebook, Inc.,
395 F. Supp. 3d 1295 (N.D. Cal. 2019).
312.
The following case is the best-known and most-cited example of a plaintiff working around
Section 230’s immunity. As a result, plaintiffs routinely characterize this opinion as
evidence that Section 230 has limits and therefore should not apply in their case. Despite
its frequent invocation, the Section 230’s exceptions relate to the doctrinal edges, not its
core. As the D.C. Circuit said, the Roommates.com decision “marks an outer limit of CDA
immunity.” Bennett v. Google, LLC, 882 F.3d 1163 (D.C. Cir. 2018). Attempts to use
Roommates.com to get around Section 230 routinely fail; and courts often cite the
Roommates.com opinion in ruling for defendants.
Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d
1157 (9th Cir. 2008) (en banc)
Kozinski, Chief Judge.
We plumb the depths of the immunity provided by section 230 of the Communications
Decency Act of 1996 (“CDA”).
Facts1
Defendant Roommate.com, LLC (“Roommate”) operates a website designed to match people
renting out spare rooms with people looking for a place to live.2 At the time of the district
court’s disposition, Roommate’s website featured approximately 150,000 active listings and
received around a million page views a day. Roommate seeks to profit by collecting revenue
from advertisers and subscribers.
Before subscribers can search listings or post housing opportunities on Roommate’s
website, they must create profiles, a process that requires them to answer a series of
questions. In addition to requesting basic information—such as name, location and email
address—Roommate requires each subscriber to disclose his sex, sexual orientation and
whether he would bring children to a household. Each subscriber must also describe his
preferences in roommates with respect to the same three criteria: sex, sexual orientation
and whether they will bring children to the household. The site also encourages subscribers
to provide “Additional Comments” describing themselves and their desired roommate in an
open-ended essay. After a new subscriber completes the application, Roommate assembles
his answers into a “profile page.” The profile page displays the subscriber’s pseudonym, his
description and his preferences, as divulged through answers to Roommate’s questions.
1 This appeal is taken from the district court’s order granting defendant’s motion for summary judgment, so we
view contested facts in the light most favorable to plaintiffs. 2 For unknown reasons, the company goes by the singular name “Roommate.com, LLC” but pluralizes its
website’s URL, www.roommates.com.
313.
[Editor’s note: three screenshots from the Roommates.com website in 2008:]
314.
315.
Subscribers can choose between two levels of service: Those using the site’s free service
level can create their own personal profile page, search the profiles of others and send
personal email messages. They can also receive periodic emails from Roommate, informing
them of available housing opportunities matching their preferences. Subscribers who pay a
monthly fee also gain the ability to read emails from other users, and to view other
subscribers’ “Additional Comments.”
The Fair Housing Councils of the San Fernando Valley and San Diego (“Councils”) sued
Roommate in federal court, alleging that Roommate’s business violates the federal Fair
Housing Act (“FHA”) and California housing discrimination laws. Councils claim that
Roommate is effectively a housing broker doing online what it may not lawfully do off-line.
The district court held that Roommate is immune under section 230 of the CDA and
dismissed the federal claims without considering whether Roommate’s actions violated the
FHA. The court then declined to exercise supplemental jurisdiction over the state law
claims. Councils appeal the dismissal of the FHA claim and Roommate cross-appeals the
denial of attorneys’ fees.
316.
Analysis
Section 230 of the CDA immunizes providers of interactive computer services6 against
liability arising from content created by third parties: “No provider ... of an interactive
computer service shall be treated as the publisher or speaker of any information provided
by another information content provider.” This grant of immunity applies only if the
interactive computer service provider is not also an “information content provider,” which is
defined as someone who is “responsible, in whole or in part, for the creation or development
of” the offending content.
A website operator can be both a service provider and a content provider: If it passively
displays content that is created entirely by third parties, then it is only a service provider
with respect to that content. But as to content that it creates itself, or is “responsible, in
whole or in part” for creating or developing, the website is also a content provider. Thus, a
website may be immune from liability for some of the content it displays to the public but
be subject to liability for other content.
Section 230 was prompted by a state court case holding Prodigy responsible for a libelous
message posted on one of its financial message boards. See Stratton Oakmont, Inc. v.
Prodigy Servs. Co., 1995 WL 323710 (N.Y. Sup. Ct. May 24, 1995) (unpublished). The court
there found that Prodigy had become a “publisher” under state law because it voluntarily
deleted some messages from its message boards “on the basis of offensiveness and ‘bad
taste,’” and was therefore legally responsible for the content of defamatory messages that it
failed to delete. The Stratton Oakmont court reasoned that Prodigy’s decision to perform
some voluntary self-policing made it akin to a newspaper publisher, and thus responsible
for messages on its bulletin board that defamed third parties. The court distinguished
Prodigy from CompuServe, which had been released from liability in a similar defamation
case because CompuServe “had no opportunity to review the contents of the publication at
issue before it was uploaded into CompuServe’s computer banks.” Id.; see Cubby, Inc. v.
CompuServe, Inc., 776 F. Supp. 135, 140 (S.D.N.Y. 1991). Under the reasoning of Stratton
Oakmont, online service providers that voluntarily filter some messages become liable for
all messages transmitted, whereas providers that bury their heads in the sand and ignore
problematic posts altogether escape liability. Prodigy claimed that the “sheer volume” of
message board postings it received—at the time, over 60,000 a day—made manual review
of every message impossible; thus, if it were forced to choose between taking responsibility
for all messages and deleting no messages at all, it would have to choose the latter course.
In passing section 230, Congress sought to spare interactive computer services this grim
choice by allowing them to perform some editing on user-generated content without thereby
becoming liable for all defamatory or otherwise unlawful messages that they didn’t edit or
delete. In other words, Congress sought to immunize the removal of user-generated content,
not the creation of content: “[S]ection [230] provides ‘Good Samaritan’ protections from civil
liability for providers ... of an interactive computer service for actions to restrict ... access to
objectionable online material. One of the specific purposes of this section is to overrule
Stratton-Oakmont [sic] v. Prodigy and any other similar decisions which have treated such
6 … Today, the most common interactive computer services are websites. Councils do not dispute that
Roommate’s website is an interactive computer service.
317.
providers ... as publishers or speakers of content that is not their own because they have
restricted access to objectionable material.” H.R. Rep. No. 104-458 (1996) (emphasis added).
Indeed, the section is titled “Protection for ‘good samaritan’ blocking and screening of
offensive material” and, as the Seventh Circuit recently held, the substance of section
230(c) can and should be interpreted consistent with its caption. Chicago Lawyers’
Committee for Civil Rights Under Law, Inc. v. craigslist, Inc., 519 F.3d 666 (7th Cir. 2008).
With this backdrop in mind, we examine three specific functions performed by Roommate
that are alleged to violate the Fair Housing Act and California law.
1. Councils first argue that the questions Roommate poses to prospective subscribers during
the registration process violate the Fair Housing Act and the analogous California law.
Councils allege that requiring subscribers to disclose their sex, family status and sexual
orientation “indicates” an intent to discriminate against them, and thus runs afoul of both
the FHA and state law.13
Roommate created the questions and choice of answers, and designed its website
registration process around them. Therefore, Roommate is undoubtedly the “information
content provider” as to the questions and can claim no immunity for posting them on its
website, or for forcing subscribers to answer them as a condition of using its services.
Here, we must determine whether Roommate has immunity under the CDA because
Councils have at least a plausible claim that Roommate violated state and federal law by
merely posing the questions. We need not decide whether any of Roommate’s questions
actually violate the Fair Housing Act or California law, or whether they are protected by
the First Amendment or other constitutional guarantees; we leave those issues for the
district court on remand. Rather, we examine the scope of plaintiffs’ substantive claims only
insofar as necessary to determine whether section 230 immunity applies. However, we note
that asking questions certainly can violate the Fair Housing Act and analogous laws in the
physical world. For example, a real estate broker may not inquire as to the race of a
prospective buyer, and an employer may not inquire as to the religion of a prospective
employee. If such questions are unlawful when posed face-to-face or by telephone, they
don’t magically become lawful when asked electronically online. The Communications
Decency Act was not meant to create a lawless no-man’s-land on the Internet.15
Councils also claim that requiring subscribers to answer the questions as a condition of
using Roommate’s services unlawfully “cause[s]” subscribers to make a “statement ... with
respect to the sale or rental of a dwelling that indicates [a] preference, limitation, or
13 The Fair Housing Act prohibits any “statement ... with respect to the sale or rental of a dwelling that
indicates ... an intention to make [a] preference, limitation, or discrimination” on the basis of a protected
category. 42 U.S.C. § 3604(c) (emphasis added). California law prohibits “any written or oral inquiry concerning
the” protected status of a housing seeker. Cal. Gov. Code § 12955(b). 15 The dissent stresses the importance of the Internet to modern life and commerce, and we, of course, agree:
The Internet is no longer a fragile new means of communication that could easily be smothered in the cradle by
overzealous enforcement of laws and regulations applicable to brick-and-mortar businesses. Rather, it has
become a dominant—perhaps the preeminent—means through which commerce is conducted. And its vast reach
into the lives of millions is exactly why we must be careful not to exceed the scope of the immunity provided by
Congress and thus give online businesses an unfair advantage over their real-world counterparts, which must
comply with laws of general applicability.
318.
discrimination,” in violation of 42 U.S.C. § 3604(c). The CDA does not grant immunity for
inducing third parties to express illegal preferences. Roommate’s own acts—posting the
questionnaire and requiring answers to it—are entirely its doing and thus section 230 of
the CDA does not apply to them. Roommate is entitled to no immunity.
2. Councils also charge that Roommate’s development and display of subscribers’
discriminatory preferences is unlawful. Roommate publishes a “profile page” for each
subscriber on its website. The page describes the client’s personal information—such as his
sex, sexual orientation and whether he has children—as well as the attributes of the
housing situation he seeks. The content of these pages is drawn directly from the
registration process: For example, Roommate requires subscribers to specify, using a drop-
down menu provided by Roommate, whether they are “Male” or “Female” and then displays
that information on the profile page. Roommate also requires subscribers who are listing
available housing to disclose whether there are currently “Straight male(s),” “Gay male(s),”
“Straight female(s)” or “Lesbian(s)” living in the dwelling. Subscribers who are seeking
housing must make a selection from a drop-down menu, again provided by Roommate, to
indicate whether they are willing to live with “Straight or gay” males, only with “Straight”
males, only with “Gay” males or with “No males.” Similarly, Roommate requires subscribers
listing housing to disclose whether there are “Children present” or “Children not present”
and requires housing seekers to say “I will live with children” or “I will not live with
children.” Roommate then displays these answers, along with other information, on the
subscriber’s profile page. This information is obviously included to help subscribers decide
which housing opportunities to pursue and which to bypass. In addition, Roommate itself
uses this information to channel subscribers away from listings where the individual
offering housing has expressed preferences that aren’t compatible with the subscriber’s
answers.
The dissent tilts at windmills when it shows, quite convincingly, that Roommate’s
subscribers are information content providers who create the profiles by picking among
options and providing their own answers. There is no disagreement on this point. But, the
fact that users are information content providers does not preclude Roommate from also
being an information content provider by helping “develop” at least “in part” the
information in the profiles. As we explained in Batzel, the party responsible for putting
information online may be subject to liability, even if the information originated with a
user. See Batzel v. Smith, 333 F.3d 1018, 1033 (9th Cir. 2003).
Here, the part of the profile that is alleged to offend the Fair Housing Act and state housing
discrimination laws—the information about sex, family status and sexual orientation—is
provided by subscribers in response to Roommate’s questions, which they cannot refuse to
answer if they want to use defendant’s services. By requiring subscribers to provide the
information as a condition of accessing its service, and by providing a limited set of pre-
populated answers, Roommate becomes much more than a passive transmitter of
information provided by others; it becomes the developer, at least in part, of that
information. And section 230 provides immunity only if the interactive computer service
does not “creat[e] or develop[]” the information “in whole or in part.”
Our dissenting colleague takes a much narrower view of what it means to “develop”
information online, and concludes that Roommate does not develop the information because
“[a]ll Roommate does is to provide a form with options for standardized answers.” But
319.
Roommate does much more than provide options. To begin with, it asks discriminatory
questions that even the dissent grudgingly admits are not entitled to CDA immunity. The
FHA makes it unlawful to ask certain discriminatory questions for a very good reason:
Unlawful questions solicit (a.k.a. “develop”) unlawful answers. Not only does Roommate ask
these questions, Roommate makes answering the discriminatory questions a condition of
doing business. This is no different from a real estate broker in real life saying, “Tell me
whether you’re Jewish or you can find yourself another broker.” When a business enterprise
extracts such information from potential customers as a condition of accepting them as
clients, it is no stretch to say that the enterprise is responsible, at least in part, for
developing that information. For the dissent to claim that the information in such
circumstances is “created solely by” the customer, and that the business has not helped in
the least to develop it, strains both credulity and English.19
Roommate also argues that it is not responsible for the information on the profile page
because it is each subscriber’s action that leads to publication of his particular profile—in
other words, the user pushes the last button or takes the last act before publication. We are
not convinced that this is even true, but don’t see why it matters anyway. The projectionist
in the theater may push the last button before a film is displayed on the screen, but surely
this doesn’t make him the sole producer of the movie. By any reasonable use of the English
language, Roommate is “responsible” at least “in part” for each subscriber’s profile page,
because every such page is a collaborative effort between Roommate and the subscriber.
Similarly, Roommate is not entitled to CDA immunity for the operation of its search
system, which filters listings, or of its email notification system, which directs emails to
subscribers according to discriminatory criteria. Roommate designed its search system so it
would steer users based on the preferences and personal characteristics that Roommate
itself forces subscribers to disclose. If Roommate has no immunity for asking the
discriminatory questions, as we concluded above, it can certainly have no immunity for
using the answers to the unlawful questions to limit who has access to housing.
For example, a subscriber who self-identifies as a “Gay male” will not receive email
notifications of new housing opportunities supplied by owners who limit the universe of
acceptable tenants to “Straight male(s),” “Straight female(s)” and “Lesbian(s).” Similarly,
subscribers with children will not be notified of new listings where the owner specifies “no
children.” Councils charge that limiting the information a subscriber can access based on
that subscriber’s protected status violates the Fair Housing Act and state housing
discrimination laws. It is, Councils allege, no different from a real estate broker saying to a
client: “Sorry, sir, but I can’t show you any listings on this block because you are
[gay/female/black/a parent].” If such screening is prohibited when practiced in person or by
telephone, we see no reason why Congress would have wanted to make it lawful to profit
from it online.
19 The dissent may be laboring under a misapprehension as to how the Roommate website is alleged to operate.
For example, the dissent spends some time explaining that certain portions of the user profile application are
voluntary. We do not discuss these because plaintiffs do not base their claims on the voluntary portions of the
application, except the “Additional Comments” portion, discussed below. The dissent also soft-pedals
Roommate’s influence on the mandatory portions of the applications by referring to it with such words as
“encourage” or “encouragement” or “solicitation.” Roommate, of course, does much more than encourage or
solicit; it forces users to answer certain questions and thereby provide information that other clients can use to
discriminate unlawfully.
320.
Roommate’s search function is similarly designed to steer users based on discriminatory
criteria. Roommate’s search engine thus differs materially from generic search engines such
as Google, Yahoo! and MSN Live Search, in that Roommate designed its system to use
allegedly unlawful criteria so as to limit the results of each search, and to force users to
participate in its discriminatory process. In other words, Councils allege that Roommate’s
search is designed to make it more difficult or impossible for individuals with certain
protected characteristics to find housing—something the law prohibits. By contrast,
ordinary search engines do not use unlawful criteria to limit the scope of searches
conducted on them, nor are they designed to achieve illegal ends—as Roommate’s search
function is alleged to do here. Therefore, such search engines play no part in the
“development” of any unlawful searches.
It’s true that the broadest sense of the term “develop” could include the functions of an
ordinary search engine—indeed, just about any function performed by a website. But to
read the term so broadly would defeat the purposes of section 230 by swallowing up every
bit of the immunity that the section otherwise provides. At the same time, reading the
exception for co-developers as applying only to content that originates entirely with the
website—as the dissent would seem to suggest—ignores the words “development ... in part”
in the statutory passage “creation or development in whole or in part.” (emphasis added).
We believe that both the immunity for passive conduits and the exception for co-developers
must be given their proper scope and, to that end, we interpret the term “development” as
referring not merely to augmenting the content generally, but to materially contributing to
its alleged unlawfulness. In other words, a website helps to develop unlawful content, and
thus falls within the exception to section 230, if it contributes materially to the alleged
illegality of the conduct.
The dissent accuses us of “rac[ing] past the plain language of the statute,” but we clearly do
pay close attention to the statutory language, particularly the word “develop,” which we
spend many pages exploring. The dissent may disagree with our definition of the term,
which is entirely fair, but surely our dissenting colleague is mistaken in suggesting we
ignore the term. Nor is the statutory language quite as plain as the dissent would have it.
Quoting selectively from the dictionary, the dissent comes up with an exceedingly narrow
definition of this rather complex and multi faceted term.22 Dissent at 1184 (defining
development as “gradual advance or growth through progressive changes”) (quoting
Webster’s Third New International Dictionary 618 (2002)). The dissent does not pause to
consider how such a definition could apply to website content at all, as it excludes the kinds
of swift and disorderly changes that are the hallmark of growth on the Internet. Had our
dissenting colleague looked just a few lines lower on the same page of the same edition of
the same dictionary, she would have found another definition of “development” that is far
more suitable to the context in which we operate: “making usable or available.” The dissent
does not explain why the definition it has chosen reflects the statute’s “plain meaning,”
while the ones it bypasses do not.
22 Development, it will be recalled, has many meanings, which differ materially depending on context. Thus,
“development” when used as part of the phrase “research and development” means something quite different
than when referring to “mental development,” and something else again when referring to “real estate
development,” “musical development” or “economic development.”
321.
More fundamentally, the dissent does nothing at all to grapple with the difficult statutory
problem posed by the fact that section 230(c) uses both “create” and “develop” as separate
bases for loss of immunity. Everything that the dissent includes within its cramped
definition of “development” fits just as easily within the definition of “creation”—which
renders the term “development” superfluous. The dissent makes no attempt to explain or
offer examples as to how its interpretation of the statute leaves room for “development” as a
separate basis for a website to lose its immunity, yet we are advised by the Supreme Court
that we must give meaning to all statutory terms, avoiding redundancy or duplication
wherever possible.
While content to pluck the “plain meaning” of the statute from a dictionary definition that
predates the Internet by decades, compare Webster’s Third New International Dictionary
618 (1963) with Webster’s Third New International Dictionary 618 (2002) (both containing
“gradual advance or growth through progressive changes”), the dissent overlooks the far
more relevant definition of “[web] content development” in Wikipedia: “the process of
researching, writing, gathering, organizing and editing information for publication on web
sites.” Our interpretation of “development” is entirely in line with the context-appropriate
meaning of the term, and easily fits the activities Roommate engages in.
In an abundance of caution, and to avoid the kind of misunderstanding the dissent seems to
encourage, we offer a few examples to elucidate what does and does not amount to
“development” under section 230 of the Communications Decency Act: If an individual uses
an ordinary search engine to query for a “white roommate,” the search engine has not
contributed to any alleged unlawfulness in the individual’s conduct; providing neutral tools
to carry out what may be unlawful or illicit searches does not amount to “development” for
purposes of the immunity exception. A dating website that requires users to enter their sex,
race, religion and marital status through drop-down menus, and that provides means for
users to search along the same lines, retains its CDA immunity insofar as it does not
contribute to any alleged illegality;23 this immunity is retained even if the website is sued
for libel based on these characteristics because the website would not have contributed
materially to any alleged defamation. Similarly, a housing website that allows users to
specify whether they will or will not receive emails by means of user-defined criteria might
help some users exclude email from other users of a particular race or sex. However, that
website would be immune, so long as it does not require the use of discriminatory criteria. A
website operator who edits user-created content—such as by correcting spelling, removing
obscenity or trimming for length—retains his immunity for any illegality in the user-
created content, provided that the edits are unrelated to the illegality. However, a website
operator who edits in a manner that contributes to the alleged illegality—such as by
removing the word “not” from a user’s message reading “[Name] did not steal the artwork”
in order to transform an innocent message into a libelous one—is directly involved in the
alleged illegality and thus not immune.24
23 It is perfectly legal to discriminate along those lines in dating, and thus there can be no claim based solely on
the content of these questions. 24 Requiring website owners to refrain from taking affirmative acts that are unlawful does not strike us as an
undue burden. These are, after all, businesses that are being held responsible only for their own conduct; there
is no vicarious liability for the misconduct of their customers. Compliance with laws of general applicability
seems like an entirely justified burden for all businesses, whether they operate online or through quaint brick-
and-mortar facilities. Insofar, however, as a plaintiff would bring a claim under state or federal law based on a
website operator’s passive acquiescence in the misconduct of its users, the website operator would likely be
322.
Here, Roommate’s connection to the discriminatory filtering process is direct and palpable:
Roommate designed its search and email systems to limit the listings available to
subscribers based on sex, sexual orientation and presence of children.25 Roommate selected
the criteria used to hide listings, and Councils allege that the act of hiding certain listings
is itself unlawful under the Fair Housing Act, which prohibits brokers from steering clients
in accordance with discriminatory preferences.26 We need not decide the merits of Councils’
claim to hold that Roommate is sufficiently involved with the design and operation of the
search and email systems—which are engineered to limit access to housing on the basis of
the protected characteristics elicited by the registration process—so as to forfeit any
immunity to which it was otherwise entitled under section 230.
Roommate’s situation stands in stark contrast to Stratton Oakmont, the case Congress
sought to reverse through passage of section 230. There, defendant Prodigy was held liable
for a user’s unsolicited message because it attempted to remove some problematic content
from its website, but didn’t remove enough. Here, Roommate is not being sued for removing
some harmful messages while failing to remove others; instead, it is being sued for the
predictable consequences of creating a website designed to solicit and enforce housing
preferences that are alleged to be illegal.
We take this opportunity to clarify two of our previous rulings regarding the scope of
section 230 immunity. Today’s holding sheds additional light on Batzel v. Smith, 333 F.3d
1018 (9th Cir. 2003). There, the editor of an email newsletter received a tip about some
artwork, which the tipster falsely alleged to be stolen. The newsletter editor incorporated
the tipster’s email into the next issue of his newsletter and added a short headnote, which
he then emailed to his subscribers.27 The art owner sued for libel and a split panel held the
newsletter editor to be immune under section 230 of the CDA.28
Our opinion is entirely consistent with that part of Batzel which holds that an editor’s
minor changes to the spelling, grammar and length of third-party content do not strip him
of section 230 immunity. None of those changes contributed to the libelousness of the
message, so they do not add up to “development” as we interpret the term. Batzel went on
to hold that the editor could be liable for selecting the tipster’s email for inclusion in the
entitled to CDA immunity. This is true even if the users committed their misconduct using electronic tools of
general applicability provided by the website operator. 25 Of course, the logic of Roommate’s argument is not limited to discrimination based on these particular
criteria. If Roommate were free to discriminate in providing housing services based on sex, there is no reason
another website could not discriminate based on race, religion or national origin. Nor is its logic limited to
housing; it would apply equally to websites providing employment or educational opportunities—or anything
else, for that matter. 26 The dissent argues that Roommate is not liable because the decision to discriminate on these grounds does
not originate with Roommate; instead, “users have chosen to select characteristics that they find desirable.”
But, it is Roommate that forces users to express a preference and Roommate that forces users to disclose the
information that can form the basis of discrimination by others. Thus, Roommate makes discrimination both
possible and respectable. 27 Apparently, it was common practice for this editor to receive and forward tips from his subscribers. In effect,
the newsletter served as a heavily moderated discussion list. 28 As an initial matter, the Batzel panel held that the defendant newsletter editor was a “user” of an interactive
computer service within the definition provided by section 230. While we have our doubts, we express no view
on this issue because it is not presented to us. Thus, we assume that the editor fell within the scope of section
230’s coverage without endorsing Batzel’s analysis on this point.
323.
newsletter, depending on whether or not the tipster had tendered the piece to the editor for
posting online, and remanded for a determination of that issue.
The distinction drawn by Batzel anticipated the approach we take today. As Batzel
explained, if the tipster tendered the material for posting online, then the editor’s job was,
essentially, to determine whether or not to prevent its posting—precisely the kind of
activity for which section 230 was meant to provide immunity.29 And any activity that can
be boiled down to deciding whether to exclude material that third parties seek to post
online is perforce immune under section 230. But if the editor publishes material that he
does not believe was tendered to him for posting online, then he is the one making the
affirmative decision to publish, and so he contributes materially to its allegedly unlawful
dissemination. He is thus properly deemed a developer and not entitled to CDA immunity.30
We must also clarify the reasoning undergirding our holding in Carafano v.
Metrosplash.com, Inc., 339 F.3d 1119 (9th Cir. 2003), as we used language there that was
unduly broad. In Carafano, an unknown prankster impersonating actress Christianne
Carafano created a profile for her on an online dating site. The profile included Carafano’s
home address and suggested that she was looking for an unconventional liaison. When
Carafano received threatening phone calls, she sued the dating site for publishing the
unauthorized profile. The site asserted immunity under section 230. We correctly held that
the website was immune, but incorrectly suggested that it could never be liable because “no
[dating] profile has any content until a user actively creates it.” As we explain above, even if
the data are supplied by third parties, a website operator may still contribute to the
content’s illegality and thus be liable as a developer.31 Providing immunity every time a
website uses data initially obtained from third parties would eviscerate the exception to
section 230 for “develop[ing]” unlawful content “in whole or in part.”
We believe a more plausible rationale for the unquestionably correct result in Carafano is
this: The allegedly libelous content there—the false implication that Carafano was
unchaste—was created and developed entirely by the malevolent user, without prompting
or help from the website operator. To be sure, the website provided neutral tools, which the
anonymous dastard used to publish the libel, but the website did absolutely nothing to
encourage the posting of defamatory content—indeed, the defamatory posting was contrary
29 As Batzel pointed out, there can be no meaningful difference between an editor starting with a default rule of
publishing all submissions and then manually selecting material to be removed from publication, and a default
rule of publishing no submissions and manually selecting material to be published—they are flip sides of
precisely the same coin. Batzel, 333 F.3d at 1032 (“The scope of [section 230] immunity cannot turn on whether
the publisher approaches the selection process as one of inclusion or removal, as the difference is one of method
or degree, not substance.”). 30 The dissent scores a debater’s point by noting that the same activity might amount to “development” or not,
depending on whether it contributes materially to the illegality of the content. But we are not defining
“development” for all purposes; we are defining the term only for purposes of determining whether the
defendant is entitled to immunity for a particular act. This definition does not depend on finding substantive
liability, but merely requires analyzing the context in which a claim is brought. A finding that a defendant is
not immune is quite distinct from finding liability: On remand, Roommate may still assert other defenses to
liability under the Fair Housing Act, or argue that its actions do not violate the Fair Housing Act at all. Our
holding is limited to a determination that the CDA provides no immunity to Roommate’s actions in soliciting
and developing the content of its website; whether that content is in fact illegal is a question we leave to the
district court. 31 We disavow any suggestion that Carafano holds an information content provider automatically immune so
long as the content originated with another information content provider.
324.
to the website’s express policies. The claim against the website was, in effect, that it failed
to review each user-created profile to ensure that it wasn’t defamatory. That is precisely the
kind of activity for which Congress intended to grant absolution with the passage of section
230. With respect to the defamatory content, the website operator was merely a passive
conduit and thus could not be held liable for failing to detect and remove it.32
By contrast, Roommate both elicits the allegedly illegal content and makes aggressive use
of it in conducting its business. Roommate does not merely provide a framework that could
be utilized for proper or improper purposes; rather, Roommate’s work in developing the
discriminatory questions, discriminatory answers and discriminatory search mechanism is
directly related to the alleged illegality of the site. Unlike Carafano, where the website
operator had nothing to do with the user’s decision to enter a celebrity’s name and personal
information in an otherwise licit dating service, here, Roommate is directly involved with
developing and enforcing a system that subjects subscribers to allegedly discriminatory
housing practices.
Our ruling today also dovetails with another facet of Carafano: The mere fact that an
interactive computer service “classifies user characteristics ... does not transform [it] into a
‘developer’ of the ‘underlying misinformation.’” Carafano, like Batzel, correctly anticipated
our common-sense interpretation of the term “develop[]” in section 230. Of course, any
classification of information, like the sorting of dating profiles by the type of relationship
sought in Carafano, could be construed as “develop[ment]” under an unduly broad reading
of the term. But, once again, such a broad reading would sap section 230 of all meaning.
The salient fact in Carafano was that the website’s classifications of user characteristics did
absolutely nothing to enhance the defamatory sting of the message, to encourage
defamation or to make defamation easier: The site provided neutral tools specifically
designed to match romantic partners depending on their voluntary inputs. By sharp
contrast, Roommate’s website is designed to force subscribers to divulge protected
characteristics and discriminatory preferences, and to match those who have rooms with
those who are looking for rooms based on criteria that appear to be prohibited by the
FHA.33
32 Section 230 requires us to scrutinize particularly closely any claim that can be boiled down to the failure of an
interactive computer service to edit or block user-generated content that it believes was tendered for posting
online, as that is the very activity Congress sought to immunize by passing the section. 33 The dissent coyly suggests that our opinion “sets us apart from” other circuits, carefully avoiding the phrase
“inter-circuit conflict.” And with good reason: No other circuit has considered a case like ours and none has a
case that even arguably conflicts with our holding today. No case cited by the dissent involves active
participation by the defendant in the creation or development of the allegedly unlawful content; in each, the
interactive computer service provider passively relayed content generated by third parties, just as in Stratton
Oakmont, and did not design its system around the dissemination of unlawful content.
In Chicago Lawyers’ Committee for Civil Rights Under Law, Inc. v. craigslist, Inc., 519 F.3d 666 (7th Cir.
2008), the Seventh Circuit held the online classified website craigslist immune from liability for discriminatory
housing advertisements submitted by users. Craigslist’s service works very much like the “Additional
Comments” section of Roommate’s website, in that users are given an open text prompt in which to enter any
description of the rental property without any structure imposed on their content or any requirement to enter
discriminatory information: “Nothing in the service craigslist offers induces anyone to post any particular listing
or express a preference for discrimination....” We similarly hold the “Additional Comments” section of
Roommate’s site immune. Consistent with our opinion, the Seventh Circuit explained the limited scope of
section 230(c) immunity. More directly, the Seventh Circuit noted in dicta that “causing a particular statement
to be made, or perhaps [causing] the discriminatory content of a statement” might be sufficient to create liability
325.
3. Councils finally argue that Roommate should be held liable for the discriminatory
statements displayed in the “Additional Comments” section of profile pages. At the end of
the registration process, on a separate page from the other registration steps, Roommate
prompts subscribers to “tak[e] a moment to personalize your profile by writing a paragraph
or two describing yourself and what you are looking for in a roommate.” The subscriber is
presented with a blank text box, in which he can type as much or as little about himself as
he wishes. Such essays are visible only to paying subscribers.
Subscribers provide a variety of provocative, and often very revealing, answers. The
contents range from subscribers who “[p]ref[er] white Male roommates” or require that
“[t]he person applying for the room MUST be a BLACK GAY MALE” to those who are “NOT
looking for black muslims.” Some common themes are a desire to live without “drugs, kids
or animals” or “smokers, kids or druggies,” while a few subscribers express more particular
preferences, such as preferring to live in a home free of “psychos or anyone on mental
medication.” Some subscribers are just looking for someone who will get along with their
significant other34 or with their most significant Other.35
Roommate publishes these comments as written.36 It does not provide any specific guidance
as to what the essay should contain, nor does it urge subscribers to input discriminatory
preferences. Roommate is not responsible, in whole or in part, for the development of this
content, which comes entirely from subscribers and is passively displayed by Roommate.
Without reviewing every essay, Roommate would have no way to distinguish unlawful
discriminatory preferences from perfectly legitimate statements. Nor can there be any
for a website. (emphasis added). Despite the dissent’s attempt to imply the contrary, the Seventh Circuit’s
opinion is actually in line with our own.
In Universal Communication Systems v. Lycos, Inc., the First Circuit held a message board owner immune
under the CDA for defamatory comments posted on a message board. The allegedly defamatory comments were
made without any prompting or encouragement by defendant: “[T]here is not even a colorable argument that
any misinformation was prompted by Lycos’s registration process or its link structure.”
Green v. America Online, 318 F.3d 465 (3d Cir. 2003), falls yet farther from the mark. There, AOL was held
immune for derogatory comments and malicious software transmitted by other defendants through AOL’s
“Romance over 30” “chat room.” There was no allegation that AOL solicited the content, encouraged users to
post harmful content or otherwise had any involvement whatsoever with the harmful content, other than
through providing “chat rooms” for general use.
In Ben Ezra, Weinstein, and Co. v. America Online Inc., 206 F.3d 980 (10th Cir. 2000), the Tenth Circuit
held AOL immune for relaying inaccurate stock price information it received from other vendors. While AOL
undoubtedly participated in the decision to make stock quotations available to members, it did not cause the
errors in the stock data, nor did it encourage or solicit others to provide inaccurate data. AOL was immune
because “Plaintiff could not identify any evidence indicating Defendant [AOL] developed or created the stock
quotation information.”
And, finally, in Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997), the Fourth Circuit held AOL
immune for yet another set of defamatory and harassing message board postings. Again, AOL did not solicit the
harassing content, did not encourage others to post it, and had nothing to do with its creation other than
through AOL’s role as the provider of a generic message board for general discussions. 34 “The female we are looking for hopefully wont [sic] mind having a little sexual incounter [sic] with my
boyfriend and I [very sic].” 35 “We are 3 Christian females who Love our Lord Jesus Christ.... We have weekly bible studies and bi-weekly
times of fellowship.” 36 It is unclear whether Roommate performs any filtering for obscenity or “spam,” but even if it were to perform
this kind of minor editing and selection, the outcome would not change.
326.
doubt that this information was tendered to Roommate for publication online. This is
precisely the kind of situation for which section 230 was designed to provide immunity.
The fact that Roommate encourages subscribers to provide something in response to the
prompt is not enough to make it a “develop[er]” of the information under the common-sense
interpretation of the term we adopt today. It is entirely consistent with Roommate’s
business model to have subscribers disclose as much about themselves and their
preferences as they are willing to provide. But Roommate does not tell subscribers what
kind of information they should or must include as “Additional Comments,” and certainly
does not encourage or enhance any discriminatory content created by users. Its simple,
generic prompt does not make it a developer of the information posted.37
Councils argue that—given the context of the discriminatory questions presented earlier in
the registration process—the “Additional Comments” prompt impliedly suggests that
subscribers should make statements expressing a desire to discriminate on the basis of
protected classifications; in other words, Councils allege that, by encouraging some
discriminatory preferences, Roommate encourages other discriminatory preferences when it
gives subscribers a chance to describe themselves. But the encouragement that bleeds over
from one part of the registration process to another is extremely weak, if it exists at all.
Such weak encouragement cannot strip a website of its section 230 immunity, lest that
immunity be rendered meaningless as a practical matter.38
We must keep firmly in mind that this is an immunity statute we are expounding, a
provision enacted to protect websites against the evil of liability for failure to remove
offensive content. Websites are complicated enterprises, and there will always be close
cases where a clever lawyer could argue that something the website operator did
encouraged the illegality. Such close cases, we believe, must be resolved in favor of
immunity, lest we cut the heart out of section 230 by forcing websites to face death by ten
thousand duck-bites, fighting off claims that they promoted or encouraged—or at least
tacitly assented to—the illegality of third parties. Where it is very clear that the website
directly participates in developing the alleged illegality—as it is clear here with respect to
Roommate’s questions, answers and the resulting profile pages—immunity will be lost. But
in cases of enhancement by implication or development by inference—such as with respect
to the “Additional Comments” here—section 230 must be interpreted to protect websites not
merely from ultimate liability, but from having to fight costly and protracted legal battles.
The dissent prophesies doom and gloom for countless Internet services, but fails to
recognize that we hold part of Roommate’s service entirely immune from liability. The
search engines the dissent worries about closely resemble the “Additional Comments”
section of Roommate’s website. Both involve a generic text prompt with no direct
encouragement to perform illegal searches or to publish illegal content. We hold Roommate
37 Nor would Roommate be the developer of discriminatory content if it provided a free-text search that enabled
users to find keywords in the “Additional Comments” of others, even if users utilized it to search for
discriminatory keywords. Providing neutral tools for navigating websites is fully protected by CDA immunity,
absent substantial affirmative conduct on the part of the website creator promoting the use of such tools for
unlawful purposes. 38 It’s true that, under a pedantic interpretation of the term “develop,” any action by the website—including the
mere act of making a text box available to write in—could be seen as “develop[ing]” content. However, we have
already rejected such a broad reading of the term “develop” because it would defeat the purpose of section 230.
327.
immune and there is no reason to believe that future courts will have any difficulty
applying this principle.39 The message to website operators is clear: If you don’t encourage
illegal content, or design your website to require users to input illegal content, you will be
immune.
We believe that this distinction is consistent with the intent of Congress to preserve the
free-flowing nature of Internet speech and commerce without unduly prejudicing the
enforcement of other important state and federal laws. When Congress passed section 230
it didn’t intend to prevent the enforcement of all laws online; rather, it sought to encourage
interactive computer services that provide users neutral tools to post content online to
police that content without fear that through their “good samaritan ... screening of offensive
material,” they would become liable for every single message posted by third parties on
their website.
* * *
In light of our determination that the CDA does not provide immunity to Roommate for all
of the content of its website and email newsletters, we remand for the district court to
determine in the first instance whether the alleged actions for which Roommate is not
immune violate the Fair Housing Act, 42 U.S.C. § 3604(c).40 We vacate the dismissal of the
state law claims so that the district court may reconsider whether to exercise its
supplemental jurisdiction in light of our ruling on the federal claims. We deny Roommate’s
cross-appeal of the denial of attorneys’ fees and costs; Councils prevail on some of their
arguments before us so their case is perforce not frivolous.
REVERSED in part, VACATED in part, AFFIRMED in part and REMANDED. NO COSTS.
McKEOWN, Circuit Judge, with whom RYMER and BEA, Circuit Judges, join, concurring
in part and dissenting in part:
…The majority’s unprecedented expansion of liability for Internet service providers
threatens to chill the robust development of the Internet that Congress envisioned. The
majority condemns Roommate’s “search system,” a function that is the heart of interactive
service providers. My concern is not an empty Chicken Little “sky is falling” alert. By
39 The dissent also accuses us of creating uncertainty that will chill the continued growth of commerce on the
Internet. Even looking beyond the fact that the Internet has outgrown its swaddling clothes and no longer needs
to be so gently coddled, some degree of uncertainty is inevitable at the edge of any rule of law. Any immunity
provision, including section 230, has its limits and there will always be close cases. Our opinion extensively
clarifies where that edge lies, and gives far more guidance than our previous cases. While the dissent disagrees
about the scope of the immunity, there can be little doubt that website operators today know more about how to
conform their conduct to the law than they did yesterday.
However, a larger point remains about the scope of immunity provisions. It’s no surprise that defendants
want to extend immunity as broadly as possible. We have long dealt with immunity in different, and arguably
far more important, contexts—such as qualified immunity for police officers in the line of duty—and observed
many defendants argue that the risk of getting a close case wrong is a justification for broader immunity.
Accepting such an argument would inevitably lead to an endless broadening of immunity, as every new holding
creates its own borderline cases. 40 We do not address Roommate’s claim that its activities are protected by the First Amendment. The district
court based its decision entirely on the CDA and we refrain from deciding an issue that the district court has not
had the opportunity to evaluate.
328.
exposing every interactive service provider to liability for sorting, searching, and utilizing
the all too familiar drop-down menus, the majority has dramatically altered the landscape
of Internet liability. Instead of the “robust” immunity envisioned by Congress, interactive
service providers are left scratching their heads and wondering where immunity ends and
liability begins.
To promote the unfettered development of the Internet, Congress adopted the
Communications Decency Act of 1996 (“CDA”), which provides that interactive computer
service providers will not be held legally responsible for publishing information provided by
third parties. Even though traditional publishers retain liability for performing essentially
equivalent acts in the “non-virtual world,” Congress chose to treat interactive service
providers differently by immunizing them from liability stemming from sorting, searching,
and publishing third-party information. As we explained in Batzel v. Smith:
[Section] 230(c)(1)[] overrides the traditional treatment of publishers,
distributors, and speakers under statutory and common law. As a matter of
policy, “Congress decided not to treat providers of interactive computer
services like other information providers such as newspapers, magazines or
television and radio stations....” Congress ... has chosen to treat cyberspace
differently.
Now, with the stroke of a pen or, more accurately, a few strokes of the keyboard, the
majority upends the settled view that interactive service providers enjoy broad immunity
when publishing information provided by third parties. Instead, interactive service
providers are now joined at the hip with third-party users, and they rise and fall together in
liability for Internet sortings and postings.
To be sure, the statute, which was adopted just as the Internet was beginning a surge of
popular currency, is not a perfect match against today’s technology. The Web 2.0 version is
a far cry from web technology in the mid-1990s. Nonetheless, the basic message from
Congress has retained its traction, and there should be a high bar to liability for organizing
and searching third-party information. The bipartisan view in Congress was that the
Internet, as a new form of communication, should not be impeded by the transference of
regulations and principles developed from traditional modes of communication. The
majority repeatedly harps that if something is prohibited in the physical world, Congress
could not have intended it to be legal in cyberspace. Yet that is precisely the path Congress
took with the CDA: the anomaly that a webhost may be immunized for conducting activities
in cyberspace that would traditionally be cause for liability is exactly what Congress
intended by enacting the CDA.
In the end, the majority offers interactive computer service providers no bright lines and
little comfort in finding a home within § 230(c)(1). The result in this case is driven by the
distaste for housing discrimination, a laudable endgame were housing the real focus of this
appeal. But it is not. I share the majority’s view that housing discrimination is a troubling
issue. Nevertheless, we should be looking at the housing issue through the lens of the
Internet, not from the perspective of traditional publisher liability. Whether § 230(c)(1)
trumps the Fair Housing Act (“FHA”) is a policy decision for Congress, not us. Congress has
spoken: third-party content on the Internet should not be burdened with the traditional
legal framework.
329.
I respectfully part company with the majority as to Part 2 of the opinion because the
majority has misconstrued the statutory protection under the CDA for Roommate’s
publishing and sorting of user profiles. The plain language and structure of the CDA
unambiguously demonstrate that Congress intended these activities—the collection,
organizing, analyzing, searching, and transmitting of third-party content—to be beyond the
scope of traditional publisher liability. The majority’s decision, which sets us apart from
five circuits, contravenes congressional intent and violates the spirit and serendipity of the
Internet.
Specifically, the majority’s analysis is flawed for three reasons: (1) the opinion conflates the
questions of liability under the FHA and immunity under the CDA; (2) the majority
rewrites the statute with its definition of “information content provider,” labels the search
function “information development,” and strips interactive service providers of immunity;
and (3) the majority’s approach undermines the purpose of § 230(c)(1) and has far-reaching
practical consequences in the Internet world.
To begin, it is important to recognize what this appeal is not about. At this stage, there has
been no determination of liability under the FHA, nor has there been any determination
that the questions, answers or even the existence of Roommate’s website violate the FHA.
The FHA is a complicated statute and there may well be room for potential roommates to
select who they want to live with, e.g., a tidy accountant wanting a tidy professional
roommate, a collegiate male requesting a male roommate, an observant Jew needing a
house with a kosher kitchen, or a devout, single, religious female preferring not to have a
male housemate. It also bears noting that even if Roommate is immune under the CDA, the
issue of user liability for allegedly discriminatory preferences is a separate question.
By offering up inflammatory examples, the majority’s opinion screams “discrimination.”
The hazard is, of course, that the question of discrimination has not yet been litigated. In
dissenting, I do not condone housing discrimination or endorse unlawful discriminatory
roommate selection practices; I simply underscore that the merits of the FHA claim are not
before us. However, one would not divine this posture from the majority’s opinion, which is
infused with condemnation of Roommate’s users’ practices. To mix and match, as does the
majority, the alleged unlawfulness of the information with the question of webhost
immunity is to rewrite the statute….
The Statute…
We have characterized this immunity under § 230(c)(1) as “quite robust.” Five of our sister
circuits have similarly embraced this robust view of immunity by providing differential
treatment to interactive service providers….
Courts deciding the question of § 230(c)(1) immunity “do not write on a blank slate.” Even
though rapid developments in technology have made webhosts increasingly adept at
searching and displaying third-party information, reviewing courts have, in the twelve
years since the CDA’s enactment, “adopt[ed] a relatively expansive definition of ‘interactive
computer service’ and a relatively restrictive definition of ‘information content provider.’”
As long as information is provided by a third party, webhosts are immune from liability for
publishing “ads for housing, auctions of paintings that may have been stolen by Nazis,
330.
biting comments about steroids in baseball, efforts to verify the truth of politicians’
promises, and everything else that third parties may post on a web site.” We have
underscored that this broad grant of webhost immunity gives effect to Congress’s stated
goals “to promote the continued development of the Internet and other interactive computer
services” and “to preserve the vibrant and competitive free market that presently exists for
the Internet and other interactive computer services.”
Application of § 230(c)(1) to Roommate’s Website…
Roommate’s users are “information content providers” because they are responsible for
creating the information in their user profiles and, at their option—not the website’s
choice—in expressing preferences as to roommate characteristics. The critical question is
whether Roommate is itself an “information content provider,” such that it cannot claim
that the information at issue was “provided by another information content provider.” A
close reading of the statute leads to the conclusion that Roommate is not an information
content provider for two reasons: (1) providing a drop-down menu does not constitute
“creating” or “developing” information; and (2) the structure and text of the statute make
plain that Congress intended to immunize Roommate’s sorting, displaying, and
transmitting of third-party information.
Roommate neither “creates” nor “develops” the information that is challenged by the
Councils, i.e., the information provided by the users as to their protected characteristics
and the preferences expressed as to roommate characteristics. All Roommate does is to
provide a form with options for standardized answers. Listing categories such as geographic
location, cleanliness, gender and number of occupants, and transmitting to users profiles of
other users whose expressed information matches their expressed preferences, can hardly
be said to be creating or developing information. Even adding standardized options does not
“develop” information. Roommate, with its prompts, is merely “selecting material for
publication,” which we have stated does not constitute the “development” of information.
The profile is created solely by the user, not the provider of the interactive website. Indeed,
without user participation, there is no information at all. The drop-down menu is simply a
precategorization of user information before the electronic sorting and displaying that takes
place via an algorithm. If a user has identified herself as a non-smoker and another has
expressed a preference for a non-smoking roommate, Roommate’s sorting and matching of
user information are no different than that performed by a generic search engine.
Displaying the prompt “Gender” and offering the list of choices, “Straight male; Gay male;
Straight female; Gay female” does not develop the information, “I am a Gay male.” The user
has identified himself as such and provided that information to Roommate to publish. Thus,
the user is the sole creator of that information; no “development” has occurred. In the same
vein, presenting the user with a “Preferences” section and drop-down menus of options does
not “develop” a user’s preference for a non-smoking roommate. As we stated in Carafano,
the “actual profile ‘information’ consist[s] of the particular options chosen” by the user, such
that Roommate is not “responsible, even in part, for associating certain multiple choice
responses with a set of [] characteristics.”
The thrust of the majority’s proclamation that Roommate is “developing” the information
that it publishes, sorts, and transmits is as follows: “[W]e interpret the term ‘development’
as referring not merely to augmenting the content generally, but to materially contributing
331.
to its unlawfulness.” This definition is original to say the least and springs forth untethered
to anything in the statute.
The majority’s definition of “development” epitomizes its consistent collapse of substantive
liability with the issue of immunity. Where in the statute does Congress say anything about
unlawfulness? Whether Roommate is entitled to immunity for publishing and sorting
profiles is wholly distinct from whether Roommate may be liable for violations of the FHA.
Immunity has meaning only when there is something to be immune from, whether a
disease or the violation of a law. It would be nonsense to claim to be immune only from the
innocuous. But the majority’s immunity analysis is built on substantive liability: to the
majority, CDA immunity depends on whether a webhost materially contributed to the
unlawfulness of the information. Whether the information at issue is unlawful and whether
the webhost has contributed to its unlawfulness are issues analytically independent of the
determination of immunity. Grasping at straws to distinguish Roommate from other
interactive websites such as Google and Yahoo!, the majority repeatedly gestures to
Roommate’s potential substantive liability as sufficient reason to disturb its immunity. But
our task is to determine whether the question of substantive liability may be reached in the
first place.
Keep in mind that “unlawfulness” would include not only purported statutory violations but
also potential defamatory statements. The irony is that the majority would have us
determine “guilt” or liability in order to decide whether immunity is available. This upside-
down approach would knock out even the narrowest immunity offered under § 230(c)—
immunity for defamation as a publisher or speaker.
Another flaw in the majority’s approach is that it fails to account for all of the other
information allegedly developed by the webhost. For purposes of determining whether
Roommate is an information content provider vis-a-vis the profiles, the inquiry about
geography and the inquiry about gender should stand on the same footing. Both are single
word prompts followed by a drop-down menu of options. If a prompt about gender
constitutes development, then so too does the prompt about geography. And therein lies the
rub.
Millions of websites use prompts and drop-down menus. Inquiries range from what credit
card you want to use and consumer satisfaction surveys asking about age, sex and
household income, to dating sites, e.g., match.com, sites lambasting corporate practices,
e.g., ripoffreports.com, and sites that allow truckers to link up with available loads, e.g.,
getloaded.com. Some of these sites are innocuous while others may not be. Some may solicit
illegal information; others may not. But that is not the point. The majority’s definition of
“development” would transform every interactive site into an information content provider
and the result would render illusory any immunity under § 230(c). Virtually every site
could be responsible in part for developing content.
For example, the majority purports to carve out a place for Google and other search
engines. But the modern Google is more than a match engine: it ranks search results,
provides prompts beyond what the user enters, and answers questions. In contrast,
Roommate is a straight match service that searches information and criteria provided by
the user, not Roommate. It should be afforded no less protection than Google, Yahoo!, or
other search engines.
332.
The majority then argues that “providing neutral tools to carry out what may be unlawful
or illicit searches does not amount to ‘development.’” But this effort to distinguish Google,
Yahoo!, and other search engines from Roommate is unavailing. Under the majority’s
definition of “development,” these search engines are equivalent to Roommate. Google
“encourages” or “contributes” (the majority’s catch phrases) to the unlawfulness by offering
search tools that allow the user to perform an allegedly unlawful match. If a user types into
Google’s search box, “looking for a single, Christian, female roommate,” and Google displays
responsive listings, Google is surely “materially contributing to the alleged unlawfulness” of
information created by third parties, by publishing their intention to discriminate on the
basis of protected characteristics. In the defamation arena, a webhost’s publication of a
defamatory statement “materially contributes” to its unlawfulness, as publication to third
parties is an element of the offense. At bottom, the majority’s definition of “development”
can be tucked in, let out, or hemmed up to fit almost any search engine, creating
tremendous uncertainty in an area where Congress expected predictability.
“Development” is not without meaning. In Batzel, we hinted that the “development of
information” that transforms one into an “information content provider” is “something more
substantial than merely editing portions of an email and selecting material for publication.”
We did not flesh out further the meaning of “development” because the editor’s alterations
of an email message and decision to publish it did not constitute “development.”
Because the statute does not define “development,” we should give the term its ordinary
meaning. “Development” is defined in Webster’s Dictionary as a “gradual advance or growth
through progressive changes.” The multiple uses of “development” and “develop” in other
provisions of § 230 give texture to the definition of “development,” and further expose the
folly of the majority’s ungrounded definition. Defining “development” in this way keeps
intact the settled rule that the CDA immunizes a webhost who exercises a publisher’s
“traditional editorial functions—such as deciding whether to publish, withdraw, postpone,
or alter content.”11
Applying the plain meaning of “development” to Roommate’s sorting and transmitting of
third-party information demonstrates that it was not transformed into an “information
content provider.” In searching, sorting, and transmitting information, Roommate made no
changes to the information provided to it by users. Even having notice that users may be
11 The majority’s notion of using a different definition of “development” digs the majority into a deeper hole. For
example, adopting the Wikipedia definition of “content development”—“the process of researching, writing,
gathering, organizing and editing information for publication on web sites”—would run us smack into the
sphere of Congressionally conferred immunity. Both our circuit and others have steadfastly maintained that
activities such as organizing or editing information are traditional editorial functions that fall within the scope
of CDA immunity. Likewise, an alternative definition of “development” from Webster’s such as “a making usable
or available” sweeps too broadly, as “making usable or available” is precisely what Google and Craigslist do. In
an effort to cabin the reach of the opinion, the majority again goes back to whether the content is legal, i.e., a
dating website that requires sex, race, religion, or marital status is legal because it is legal to discriminate in
dating. Of course this approach ignores whether the claim may be one in tort, such as defamation, rather than a
statutory discrimination claim. And, this circularity also circumvents the plain language of the statute.
Interestingly, the majority has no problem offering up potentially suitable definitions of “development” by
turning to dictionaries, but it fails to explain why, and from where, it plucked its definition of “development” as
“materially contributing to [the] alleged unlawfulness” of content.
333.
using its site to make discriminatory statements is not sufficient to invade Roommate’s
immunity.
The majority blusters that Roommate develops information, because it “requir[es]
subscribers to provide the information as a condition of accessing its services,” and
“designed its search system so it would steer users based on the preferences and personal
characteristics that Roommate itself forces subscribers to disclose.” But the majority,
without looking back, races past the plain language of the statute. That Roommate requires
users to answer a set of prompts to identify characteristics about themselves does not
change the fact that the users have furnished this information to Roommate for Roommate
to publish in their profiles. Nor do Roommate’s prompts alter the fact that users have
chosen to select characteristics that they find desirable in potential roommates, and have
directed Roommate to search and compile results responsive to their requests. Moreover,
tagging Roommate with liability for the design of its search system is dangerous precedent
for analyzing future Internet cases.
Even if Roommate’s prompts and drop-down menus could be construed to seek out, or
encourage, information from users, the CDA does not withhold immunity for the
encouragement or solicitation of information. The CDA does not countenance an exception
for the solicitation or encouragement of information provided by users….
The structure of the statute also supports my view that Congress intended to immunize
Roommate’s sorting and publishing of user profiles. An “interactive computer service” is
defined to include an “access software provider.” The statute defines an “access software
provider” as one that provides “enabling tools” to “filter,” “screen,” “pick,” “choose,”
“analyze,” “digest,” “search,” “forward,” “organize,” and “reorganize” content.
By providing a definition for “access software provider” that is distinct from the definition of
an “information content provider,” and withholding immunity for “information content
providers,” the statute makes resoundingly clear that packaging, sorting, or publishing
third-party information are not the kind of activities that Congress associated with
“information content providers.” Yet these activities describe exactly what Roommate does
through the publication and distribution of user profiles: Roommate “receives,” “filters,”
“digests,” and “analyzes” the information provided by users in response to its registration
prompts, and then “transmits,” “organizes,” and “forwards” that information to users in the
form of uniformly organized profiles. Roommate is performing tasks that Congress
recognized as typical of entities that it intended to immunize….
Ramifications of the Majority Opinion
I am troubled by the consequences that the majority’s conclusion poses for the ever-
expanding Internet community. The unwise narrowing of our precedent, coupled with the
mixing and matching of CDA immunity with substantive liability, make it exceedingly
difficult for website providers to know whether their activities will be considered immune
under the CDA. We got it right in Carafano, that “[u]nder § 230(c) ... so long as a third
party willingly provides the essential published content, the interactive service provider
receives full immunity regardless of the specific editing or selection process.”
334.
Significantly, § 230(e) expressly exempts from its scope certain areas of law, such as
intellectual property law and federal criminal laws. Thus, for example, a webhost may still
be liable as a publisher or speaker of third-party information that is alleged to infringe a
copyright. Notably, the CDA does not exempt the FHA and a host of other federal statutes
from its scope. The FHA existed at the time of the CDA’s enactment, yet Congress did not
add it to the list of specifically enumerated laws for which publisher and speaker liability
was left intact. The absence of a statutory exemption suggests that Congress did not intend
to provide special case status to the FHA in connection with immunity under the CDA.
Anticipating the morphing of the Internet and the limits of creative genius and
entrepreneurship that fuel its development is virtually impossible. However, Congress
explicitly drafted the law to permit this unfettered development of the Internet. Had
Congress discovered that, over time, courts across the country have created more expansive
immunity than it originally envisioned under the CDA, Congress could have amended the
law. But it has not….
The consequences of the majority’s interpretation are far-reaching. Its position will chill
speech on the Internet and impede “the continued development of the Internet and other
interactive computer services and other interactive media.” To the extent the majority
strips immunity because of sorting, channeling, and categorizing functions, it guts the
heart of § 230(c)(1) immunity. Countless websites operate just like Roommate: they
organize information provided by their users into a standardized format, and provide
structured searches to help users find information. These sites, and their attendant display,
search, and inquiry tools, are an indispensable part of the Internet tool box. Putting a lid on
the sorting and searching functions of interactive websites stifles the core of their services.
To the extent the majority strips immunity because the information or query may be illegal
under some statute or federal law, this circumstance puts the webhost in the role of a
policeman for the laws of the fifty states and the federal system. There are not enough Net
Nannies in cyberspace to implement this restriction, and the burden of filtering content
would be unfathomable.
To the extent the majority strips immunity because a site solicits or actively encourages
content, the result is a direct restriction on the free exchange of ideas and information on
the Internet. As noted in the amici curiae brief of the news organizations, online news
organization routinely solicit third-party information. Were the websites to face host
liability for this content, they “would have no choice but to severely limit its use” and
“[s]heer economics would dictate that vast quantities of valuable information be eliminated
from websites.”
To the extent the majority strips immunity because a website “materially contributed” to
the content or output of a website by “specialization” of content, this approach would
essentially swallow the immunity provision. The combination of solicitation, sorting, and
potential for liability would put virtually every interactive website in this category. Having
a website directed to Christians, Muslims, gays, disabled veterans, or childless couples
could land the website provider in hot water.14
14 It is no surprise that there are countless specialized roommate sites. See, e.g.,
http://islam.tc/housing/index.php, http://christian-roommates.com, and http://prideroommates.com.
335.
Because the statute itself is cumbersome to interpret in light of today’s Internet
architecture, and because the decision today will ripple through the billions of web pages
already online, and the countless pages to come in the future, I would take a cautious,
careful, and precise approach to the restriction of immunity, not the broad swath cut by the
majority. I respectfully dissent and would affirm the district court’s judgment that
Roommate is entitled to immunity under § 230(c)(1) of the CDA, subject to examination of
whether the bare inquiry itself is unlawful.
NOTES AND QUESTIONS
What Is the Case’s Holding? Judge Kozinski’s opinion is dense and confusing, but its
greatest flaw is that, with respect to why Section 230 failed, it has multiple holdings…that
may be irreconcilable with each other. Three candidates for “the” holding:
Possible Holding #1: Roommates.com “developed in part” the users’ content because of how
it designed and operated the search and email systems.
Possible Holding #2: Roommates.com “developed in part” the users’ content by “materially
contributing to its alleged unlawfulness.”
Possible Holding #3: “If you don’t encourage illegal content, or design your website to
require users to input illegal content, you will be immune.”
As you can imagine, when subsequent judges interpret an opinion with three holdings that
may be inconsistent with each other, their interpretations can fracture. Holding #3 is
favorably cited far more often than holding #1 (about 3x as often), but each of the rulings
embracing holding #1 are often more significant because they create additional fractures in
Section 230’s immunity.
Internet Exceptionalism. Judges Kozinski repeatedly points to the regulation of offline
activities and says the Internet should be regulated the same. But Section 230 is an
unapologetically exceptionalist statute, so are offline analogies helpful?
“Neutral” Tools. We already discussed some problems with the term “neutrality” in the
notes after Zeran. In the Roommates.com opinion, Judge Kozinski uses the term “neutral
tools” five times but never defines the term. What exactly did he mean by “neutral tools”?
To the extent “tools” encode a designer’s judgment about how best to help users, are they
ever really “neutral”? See Eric Goldman, Search Engine Bias and the Demise of Search
Engine Utopianism, 8 YALE J. L. & TECH. 188 (2006), http://ssrn.com/abstract=893892.
The D.C. Circuit concluded that Google Map’s location algorithm was “neutral”:
Those algorithms are “neutral means” that do not distinguish between legitimate
and scam locksmiths in the translation process…its algorithm neutrally translates
both legitimate and scam information in the same manner.
336.
Marshall’s Locksmith Service Inc. v. Google LLC, 925 F.3d 1263 (D.C. Cir. 2019). This
definition is quite defense-favorable. It suggests that so long as automated tools handle
legal and illegal content identically, the tools qualify as “neutral.”
Product Configuration Choices and Section 230. Jane Doe No. 1 v. Backpage.com, LLC, 817
F.3d 12 (1st Cir. 2016) says:
claims that a website facilitates illegal conduct through its posting rules
necessarily treat the website as a publisher or speaker of content provided by
third parties and, thus, are precluded by section 230(c)(1). This holding is
consistent with, and reaffirms, the principle that a website operator’s
decisions in structuring its website and posting requirements are publisher
functions entitled to section 230(c)(1) protection
The Doe v. Backpage ruling has emerged as a powerful defense rebuttal to the
Roommates.com opinion. Several other appellate courts—including the Ninth Circuit—have
adopted rulings in line with Doe v. Backpage, including Herrick v. Grindr LLC, 765 Fed.
Appx. 586 (2d Cir. 2019); Daniel v. Armslist LLC, 386 Wis.2d 449 (2019); Dyroff v. The
Ultimate Software Group, Inc., 934 F.3d 1093 (9th Cir. 2019); and Marshall’s Locksmith
Service Inc. v. Google LLC, 925 F.3d 1263 (D.C. Cir. 2019). Though these rulings may not
expressly reject the Roommates.com opinion, their holdings may be implicitly incompatible
with it.
For example, in the Dyroff case, the court opined (emphasis added):
Ultimate Software’s functions on Experience Project most resemble the
“Additional Comments” features in Roommates.com in that Experience
Project users, including Wesley Greer, were not required to disclose that they
were looking for heroin or other illegal drugs. Rather, users were given
something along the lines of blank text boxes in which they could post and
share experiences, questions, and answers. The recommendation and
notification functions helped facilitate this user-to-user communication, but it
did not materially contribute, as Plaintiff argues, to the alleged unlawfulness
of the content….
Plaintiff is unable to allege that Ultimate Software materially contributed to
the content posted on Experience Project that led to Greer’s death. Plaintiff
cannot and does not plead that Ultimate Software required users to post
specific content, made suggestions regarding the content of potential user
posts, or contributed to making unlawful or objectionable user posts.
It is likely that Roommates.com’s influence as anti-Section 230 precedent is well-past its
high-water mark.
Is the Internet an “Infant”? Judge Kozinski says the “Internet is no longer a fragile new
means of communication that could easily be smothered in the cradle by overzealous
enforcement of laws and regulations applicable to brick-and-mortar businesses” and “the
337.
Internet has outgrown its swaddling clothes and no longer needs to be so gently coddled.”
This may be true for Google and Facebook, but is it true for the rest of the Internet?
Compare Justice Kennedy’s perspective in 2017: “While we now may be coming to the
realization that the Cyber Age is a revolution of historic proportions, we cannot appreciate
yet its full dimensions and vast potential to alter how we think, express ourselves, and
define who we want to be. The forces and directions of the Internet are so new, so protean,
and so far reaching that courts must be conscious that what they say today might be
obsolete tomorrow.” Packingham v. North Carolina, 137 S. Ct. 1730 (2017).
Other Common Law Exceptions to Section 230. In addition to Roommates.com, some other
potential common law workarounds to Section 230:
False Advertising (which can be pled as a wide variety of causes of action). We saw a
variation of this in the Noah case, where Noah unsuccessfully claimed that AOL
promised in its TOS to clean up harassing content and failing to do so. These claims
depend a lot on exactly what the defendant advertised, and often the language
doesn’t support the plaintiff’s claims.
Promissory Estoppel. In Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009), the
Ninth Circuit held that Section 230 did not immunize against promissory estoppel
claims. However, plaintiffs rarely meet the prima facie requirements of a promissory
estoppel claim, so this workaround isn’t likely to help plaintiffs win their cases. See,
e.g., Yue v. Miao, 2019 WL 6130473 (D.S.C. 2019).
Failure to Warn. In Jane Doe No. 14 v. Internet Brands, Inc., 824 F.3d 846 (9th Cir.
2016), the Ninth Circuit held that Section 230 did not immunize against failure-to-
warn claims—in that case, failing to warn users that the service knew sexual
predators were targeting other users. While it’s easy for plaintiffs to make failure-to-
warn arguments, it’s difficult for plaintiffs to show that the services had a duty to
warn them. For example, on remand, Jane Doe No. 14 lost the case because Internet
Brands lacked such a duty. As a result, like promissory estoppel, the duty-to-warn
Section 230 workaround doesn’t increase the likelihood of a plaintiff win. See also
Dyroff v. The Ultimate Software Group, Inc., 934 F.3d 1093 (9th Cir. 2019) (“No
website could function if a duty of care was created when a website facilitates
communication, in a content-neutral fashion, of its users’ content.”).
Increasing Regulation of Marketplaces? Online marketplaces, such as eBay and Amazon
Marketplace, have routinely been protected by Section 230. Plaintiffs have been chipping
away at this coverage, however. For example, the Third Circuit held that Amazon could be
strictly liable as the “seller” of items sold by third-party vendors in its online marketplace,
and Section 230 didn’t apply in those circumstances. Oberdorf v. Amazon.com, Inc., 2019
WL 2849153 (3d Cir. 2019) (currently pending en banc review by the Third Circuit); see also
State Farm Fire & Casualty Company v. Amazon.com, Inc., 390 F. Supp. 3d 964 (W.D. Wis.
2019). Separately, the Ninth Circuit has held that Section 230 doesn’t protect Airbnb when
it books third-party transactions. HomeAway.com, Inc. v. City of Santa Monica, 918 F.3d
676 (9th Cir. 2019). These opinions theoretically open up all online marketplaces to
unlimited federal, state and local regulations of “booking services” without any Section 230
protection.
338.
Roommates.com Denouement. In 2012, nine years after the case started, the Ninth Circuit
(via Judge Kozinski, writing his third opinion in the case) ruled that Roommates.com
hadn’t violated the Fair Housing Act because the law didn’t apply to shared dwellings. Fair
Housing Council of San Fernando Valley v. Roommate.com, LLC, 666 F.3d 1216 (9th Cir.
2012). So even though Roommates.com partially lost its the Section 230 battle, it won the
war.
Did Judge Kozinski fall into the trap predicted by Judge McKeown? Recall Judge Kozinski’s
pronouncement:
If you don’t encourage illegal content, or design your website to require users
to input illegal content, you will be immune.
The Ninth Circuit partially denied Roommates.com the Section 230 immunity because
allegedly it violated this standard; but as Judge Kozinski himself concluded in his third
opinion, Roommates.com had never encouraged illegal content nor designed its website to
require users to input illegal content. According to Judge Kozinski, Roommates.com should
have qualified for Section 230’s immunity all along. Note that if we have to adjudicate the
defendant’s substantive liability to determine if the immunity applies, and the immunity
only applies if there’s no substantive liability, the immunity is effectively worthless.
Section 230 can make a difference by expediting the dismissal of immunized cases, e.g.,
enabling cases to be terminated on a motion to dismiss rather than getting to summary
judgment or trial. In fact, many Section 230 cases end on a Rule 12(b)(6) motion to dismiss.
The Roommates.com case was a great example of a case that would have benefited from
early dismissal, because the litigants spent a lot of time and money litigating over nine
years and two trips to the Ninth Circuit (plus an en banc Ninth Circuit hearing)—only to
conclude that Roommates.com was in the clear all along. Judge Kozinski himself hints at
the virtue of early dismissal of immunized cases when he frets about “death by ten
thousand duck-bites.” Did he let Roommates.com get duck-bitten here?
Trump’s Anti-Section 230 Executive Order. In May 2020, President Trump signed Executive
Order 13925 (May 28, 2020), entitled “Preventing Online Censorship.” At a high level, the
EO took the following actions:
The EO made various statements about how to interpret Section 230 and purported
to make those interpretations the binding law of the executive branch. As just one
example, the EO said it’s the policy of the executive branch that “large” online
platforms shouldn’t restrict free speech.
It directed the Commerce Department to ask the FCC to do a rulemaking procedure
to interpret Section 230.
It directed federal agencies to provide reports on their online advertising.
It directed that 16,000+ user reports generated from a 2019 effort called “Tech Bias
Reporting” should be sent to the DOJ and FTC for their perusal.
It encouraged the FTC to bring enforcement actions against Internet companies for
false marketing statements.
It told AG Barr to form a working group of state AGs to investigate how state laws
can be used against Internet services; to develop model state legislation; and gather
339.
information on specified topics. It also told the AG to draft federal legislation to
advance the EO.
Although the EO purports to be a binding legal document about Section 230, it was
intended, and functions, as empty propaganda more than a legally effective document. The
White House cannot direct the FCC, FTC, or DOJ to do anything; though the DOJ will
honor the EO, at least in part. Shortly after the EO, the DOJ issued its own anti-Section
230 report, which indicated the DOJ is drafting reform legislation. The EO’s various policy
statements and Section 230 interpretations are almost certainly meaningless. Congress
writes laws and the court system interprets them; and unless Congress delegates
interpretative authority to the executive branch, the executive branch’s interpretations of
laws aren’t binding on either Congress or the courts. If an executive agency acts on the EO’s
legal interpretations of Section 230, those actions can be challenged in courts that will not
be bound by the EO’s legal interpretations—meaning those agency actions are likely to be
struck down if they don’t conform to existing Section 230 jurisprudence.
While the EO has no real bearing on the law of Section 230, it would be excellent exam
preparation to read its policy statements and purported legal interpretations and explain
the (possibly multiple) reasons why they are wrong.
230 v. 512. Compare the operation and coverage of 47 U.S.C. § 230 and 17 U.S.C. § 512:
CHAPTER 8 REVIEW QUESTION #1
In which of the following circumstances can the bolded party successfully assert a Section
230 immunity?
a) A Twitter user “retweets” another user’s defamatory tweet
340.
b) YouTube publishes a user-submitted video showing a person doing a stupid stunt that
inspires copycats who injure themselves
c) An online magazine pays for, copy-edits and publishes a freelancer’s story that contains
defamatory statements
d) PayPal processes the payment for an eBay transaction for fake sports memorabilia
e) A blogger links to a third party’s article that is defamatory
f) A Facebook user “likes” a defamatory post made by another user
CHAPTER 8 REVIEW QUESTION #2
Federal law provides civil remedies to victims of terrorist activity (including their families)
against anyone who provides “material support to terrorists.” This law might make sense in
the case of an arms dealer who knowingly profits from selling weapons to terrorists.
Known terrorist organizations such as ISIS create social media accounts at sites like
Twitter and YouTube and use the accounts to distribute propaganda. ISIS terrorist victims
and their families sue these social media services for providing material support to
terrorists. Does Section 230 immunize the social media services from these claims?
341.
There is a lot of discussion about reforming Section 230, much of it premised on the
assumption that Internet companies aren’t moderating content correctly and regulatory
reform would change that. This short essay explains why those assumptions are misguided
and no amount of regulatory reform will “fix” content moderation.
* * *
Top Myths About Content Moderation
Posted by Eric Goldman to the Technology & Marketing Law Blog, October 15, 2019
How Internet companies decide which user-submitted content to keep and which to
remove—a process called “content moderation”—is getting lots of attention lately, for good
reason. Under-moderation can lead to major social problems, like foreign agents
manipulating our elections. Over-moderation can suppress socially beneficial content, like
negative but true reviews by consumers.
Due to these high stakes, regulators across the globe increasingly seek to tell Internet
companies how to moderate content. European regulators are requiring Internet services to
remove extremist content within an hour and to install upload filters to prospectively block
copyright infringement; and U.S. legislators have proposed to ban Internet services from
moderating content at all.
Unfortunately, many of these regulatory efforts are predicated on myths about content
moderation, such as:
Myth: Content moderation can be done perfectly.
Reality: Regulators routinely assume Internet services can remove all bad content without
suppressing any good content. Unfortunately, they can’t. First, mistakes occur when the
service lacks key contextual information about the content—such as details about the
author’s identity, other online and offline activities, and cultural references. Second, any
line-drawing exercise creates mistake-prone border cases because users routinely submit
“edgy” content. Third, a high-volume service will make many mistakes, even if it’s highly
accurate—1 billion submissions a day at 99.9% accuracy still yields a million mistakes a
day.
Myth: Bad content is easy to find and remove.
Reality: Regulators often assume every item of bad content has an impossible-to-miss
flashing neon sign saying “REMOVE THIS CONTENT,” but that’s rare. Content is often
obviously bad only in hindsight or with context unavailable to the service. Regulators’
cherry-picked anecdotes don’t prove otherwise.
Myth: Technologists just need to “nerd harder.”
Reality: Filtering and artificial intelligence play important roles in content moderation.
However, technology alone cannot magically solve the problem. “Edgy” and contextless
content vexes the machines, too.
342.
Myth: Internet services should hire more humans to review content.
Reality: Humans have biases and make mistakes too, so adding human reviewers won’t
lead to perfection. Furthermore, human reviewers sometimes experience an unrelenting
onslaught of horrible content to protect the rest of us.
Myth: Internet companies have no incentive to moderate content.
Reality: In 1996, Congress passed 47 U.S.C. 230, which says Internet services generally
aren’t liable for third-party content. Due to this legal protection, critics often assume
Internet services won’t invest in content moderation; and some companies have stoked that
perception by publicly positioning themselves as “neutral” technology platforms. Yet,
virtually every Internet service moderates content, and major services like Facebook and
YouTube employ many thousands of content reviewers. Why? The services have their own
reputation to manage, and they care about how content can affect their users (e.g.,
Pinterest combats content that promotes eating disorders). Furthermore, advertisers won’t
let their ads appear on bad content, which provides additional financial incentives to
moderate.
Myth: Content moderation, if done right, will make everyone happy.
Reality: By definition, content moderation is a zero-sum game. Someone gets their desired
outcome, and someone else doesn’t—and those folks won’t be happy with the result.
Myth: There is a one-size-fits-all approach to content moderation.
Reality: Internet services cater to diverse audiences that have different moderation needs.
For example, an online crowdsourced encyclopedia like Wikipedia, an open-source software
repository like GitHub, and a payment service for content publishers like Patreon all solve
different problems for their communities. These services shouldn’t have identical content
moderation rules.
Myth: Imposing content moderation requirements will stick it to Google and Facebook.
Reality: Google and Facebook have enough money to handle virtually any requirement
imposed by regulators. Startup enterprises do not. Increased content moderation burdens
are more likely to block new entrants than to punish Google and Facebook.
Myth: Poor content moderation causes anti-social behavior.
Reality: Poorly executed content moderation can accelerate bad behavior, but often the
Internet simply mirrors existing anti-social behavior or tendencies. Better content
moderation can’t fix problems that are endemic in the human condition.
Regulators are right to identify content moderation as a critically important topic. However,
until regulators overcome these myths, regulatory interventions will cause more problems
than they solve.
343.
International Approaches to Liability for Third-Party Content
Section 230 is a globally unique policy solution. No other country favors intermediaries as
much.* This module analyzes a few other jurisdictions’ rules.
European Union “Right to Be Forgotten”
The “right to be forgotten” (RTBF) is a weird term. We cannot make people “forget” things,
but we can require content publishers to delete content or reduce its visibility.
Europe did exactly that. In Google Spain SL, Google Inc. v Agencia Española de Protección
de Datos, Mario Costeja González, Case No. C-131/12 (2014), the European Court of Justice
(ECJ) reached four important conclusions.
1) Privacy Directive Applies. The ECJ concluded that “the activity of a search engine
consisting in finding information published or placed on the internet by third parties,
indexing it automatically, storing it temporarily and, finally, making it available to internet
users according to a particular order of preference” constituted “the processing of personal
data.” As data “controllers,” search engines are required to comply with the 1995 European
Data Privacy Directive (95/46/EC).
This conclusion represents search engine exceptionalism. Search engines are subject to the
RTBF, but other online media enterprises typically aren’t. The court made this ruling after
Google argued it wasn’t a media enterprise (to avoid other unwanted regulatory
consequences). Still, a legal distinction between search engines and other media enterprises
is indefensible. See Eric Goldman, Search Engine Bias and the Demise of Search Engine
Utopianism, 8 YALE J. L. & TECH. 188 (2006).
2) Sales Office Confers Jurisdiction. The ECJ concluded that Google’s advertising sales
office in Spain meant that Google was processing personal data (its search database) within
the European Union and therefore was subject to European law.
3) Search Results De-Indexing. The ECJ concluded that search engines must “remove from
the list of results displayed following a search made on the basis of a person’s name links to
web pages, published by third parties and containing information relating to that person,”
even if that information remains on the third party website, and even if the third party
lawfully published the information.
4) Limit to De-Indexing Right. The right of people to erase search results about them
“override[s]…not only the economic interest of the operator of the search engine but also
the interest of the general public in having access to that information upon a search
relating to the data subject’s name.” However, the erasure right can be trumped by a
“preponderant interest of the general public in having, on account of its inclusion in the list
of results, access to the information in question,” such as the person’s role “in public life.”
* Article 19.17 of the USMCA, signed in 2020, requires Canada and Mexico to conform to Section 230-like
principles; and a trade agreement with Japan does as well. It remains unclear if these trade agreements will
actually change those countries’ laws to more closely resemble Section 230.
344.
The court failed to specify the exact grounds on which a person may request erasure of
search results, putting the burden on search engines, and the data protection authorities
with enforcement authority, to figure it out. Google* decided to remove links to “irrelevant,
outdated, or otherwise objectionable” information from search results for the individual’s
name; but Google won’t de-index a search result if “there’s a public interest in the
information,” such as information “about financial scams, professional malpractice,
criminal convictions, or public conduct of government officials.”
As interpreted by Google, a de-indexing request only affects results when the person’s name
is searched. Searches for other search keywords could still display those search results.
Meanwhile, even if Google de-indexes the search result, the original source material will
remain online. Thus, if an online newspaper article is subject to a de-indexing request,
Google might remove the search result from the name search but the original article is still
available at the online newspaper. This is one reason the “right to be forgotten” is a
misnomer—the newspaper doesn’t “forget” the article. Only the search engine does, and
only for specific searches.
Google’s de-indexing standards—“irrelevant, outdated, or otherwise objectionable” content
that’s not “in the public interest”—are obviously problematic. For example, if 99% of
searchers would find an information item irrelevant, but 1% of searchers would find it
exceptionally relevant, what should Google do?
Similarly, how can Google determine when information becomes outdated, “otherwise
objectionable,” or not in the public interest? It’s not easy to figure out what information has
historical significance, and information’s historical significance might change over time
(i.e., something that appears irrelevant at one point in time might emerge as essential
information at a different time). For example, for decades, Justice Kavanaugh’s high school
calendar from 1982 was not historically significant…until it became the subject of
international news and Congressional hearings during his confirmation to the U.S.
Supreme Court. If Google had “forgotten” that calendar because the document didn’t seem
that important when a removal request was made, it would have reached a decision that in
retrospect (with the benefit of historical hindsight) would be clearly wrong.
Indeed, in a perhaps inevitable ironic twist, we saw how the value of information changed
in Costeja’s own case. Because of the high public interest in his case, in 2015 the Spanish
Data Protection Authority ruled
(http://www.agpd.es/portalwebAGPD/resoluciones/tutela_derechos/tutela_derechos_2015/co
mmon/pdfs/TD-00568-2015_Resolucion-de-fecha-14-09-2015_Art-ii-culo-16-LOPD.pdf) that
Costeja no longer had the right to de-index stories discussing the facts that initially
prompted his lawsuit. Oops.
The ECJ made it clear that it doesn’t want search engines to rely on third party publishers’
judgments of what’s relevant or important. In Costeja’s case, he complained about an article
referencing him that was published in a traditional newspaper. By definition, a newspaper
only publishes items of “public interest” to its audience. Yet, the ECJ said that level of
public interest wasn’t enough.
* We’ll focus on Google’s responses because it lost the case and Google has 90%+ market share in most European
countries. Google also receives the vast bulk of de-indexing requests submitted to all search engines.
345.
Thus, the ECJ concluded that a for-profit enterprise must evaluate and depublish content
using inherently subjective legal standards and without any knowledge about the
underlying facts. Furthermore, Google makes its depublication decisions on an ex parte
basis, based solely on the representations of requesting individuals. The de-indexed
publisher does not get to plead its case before Google makes its decision; nor can the de-
indexed publisher or public interest advocates effectively protest Google’s decisions after
the fact.
If Google denies an individual’s de-indexing request, the individual can “appeal” Google’s
decision to a data protection authority. Given Google’s incentives when evaluating de-
indexing requests—potential punishment for denying a de-indexing request, no immediate
complaints for accepting a de-indexing request—Google has incentives to err on the side of
de-indexing. Nevertheless, Google has rejected a majority of de-indexing requests, perhaps
suggesting that it has been flooded with bogus or weak requests.
The ECJ ruling shocked many Americans because American law would not permit a similar
result. As an online content publisher, Google is protected by the First Amendment’s free
speech and free press clauses. Thus, any regulatory mandate that Google include or exclude
information in its search index is almost certainly unconstitutional. See, e.g., Search King,
Inc. v. Google Technology, Inc., 2003 WL 21464568 (W.D. Okla. 2003); Langdon v. Google,
Inc., 474 F. Supp. 2d 622 (D. Del. 2007); Zhang v. Baidu.com, Inc., 10 F. Supp. 3d 433
(S.D.N.Y. 2014); Google, Inc. v. Hood, 96 F. Supp. 3d 584 (S.D. Miss. 2015) (vacated on
other grounds); e-ventures Worldwide v. Google, Inc., 2017 WL 2210029 (M.D. Fla. 2017);
Eugene Volokh & Donald M. Falk, First Amendment Protection For Search Engine Search
Results, April 20, 2012; see also Martin v. Hearst Corporation, 777 F.3d 546 (2d Cir. 2015)
(publication cannot be obligated to remove article about an expunged arrest).
Furthermore, Section 230 (both (c)(1) and (c)(2)) statutorily immunize search engines for
their indexing decisions, including their refusal to de-index content (even if that content is
tortious). See, e.g., Maughan v. Google Technology, Inc., 143 Cal. App. 4th 1242 (Cal. App.
Ct. 2006); Murawski v. Pataki, 514 F. Supp. 2d 577 (S.D.N.Y. 2007); Shah v. MyLife.Com,
Inc., 2012 WL 4863696 (D. Or. 2012); Merritt v. Lexis Nexis, 2012 WL 6725882 (E.D. Mich.
2012); Nieman v. Versuslaw, Inc., 2012 WL 3201931 (C.D. Ill. 2012); Getachew v. Google,
Inc., 491 Fed. Appx. 923 (10th Cir. 2012); Mmubango v. Google, Inc., 2013 WL 664231 (E.D.
Pa. 2013); O’Kroley v. Fastcase Inc., 831 F.3d 352 (6th Cir. 2016); Fakhrian v. Google Inc.,
2016 WL 1650705 (Cal. App. Ct. 2016); Despot v. Baltimore Life Insurance Co., 2016 WL
4148085 (W.D. Pa. 2016); Manchanda v. Google, Inc., 2016 WL 6806250 (S.D.N.Y. 2016);
Mosha v. Yandex Inc., 2019 WL 5595037 (S.D.N.Y. 2019); see also Yeager v. Innovus
Pharmaceuticals, Inc., 2019 WL 447743 n.6 (N.D. Ill. 2019) (“no ‘right to be forgotten’ exists
under United States law”).
Collectively, U.S. law makes it clear that search engines, including Google.com, cannot be
legally compelled to implement a right to be forgotten.* So the U.S. and European
* In 2013, California passed an “online eraser” law that requires user-generated content websites to let minors
remove posts they made. This law has not been subject to a constitutional challenge (indeed, it has been widely
ignored), but the law likely violates the websites’ First Amendment interests. See Eric Goldman, California's
New ‘Online Eraser’ Law Should Be Erased, FORBES TERTIUM QUID BLOG, Sept. 24, 2013,
346.
regulatory schemes for search engines have diverged widely, and as we’ll discuss in a
moment, are on a collision course.
Putting the legal issues aside, the “right to be forgotten” sounds quite appealing as a policy
solution (at least superficially). After all, who wouldn’t want greater control over his or her
public identity and reputation? As one study found, “74% of U.S. adults would delete
themselves from search results if they could.” Greg Sterling, Survey: 74% Of U.S. Adults
Would Delete Themselves From Search Results If They Could, MARKETING LAND, July 16,
2014, http://marketingland.com/74-percent-adults-delete-from-search-results-91158.
Furthermore, why would Google want to keep “irrelevant” or “outdated” information in its
database? We expect Google to deliver relevant results, so perhaps the ECJ ruling just
requires Google to do what it voluntarily strives to do anyways.
Still, Google might rationally conclude that information is rarely irrelevant or outdated, at
least to some of its users, or that it doesn’t want to make such nuanced and ill-informed
decisions. Assuming Google wants to continue displaying the search results that it is forced
to remove due to de-indexing requests, the right to be forgotten might be viewed as a
regulatory effort to make search engine content dumber than is dictated by technical
ability.
Will searchers notice this deliberate dumbing-down of search engine capabilities? If de-
indexed results are truly irrelevant or outdated, then searchers won’t notice or care about
their absence. On the other hand, if de-indexed results were in fact relevant, then searchers
may notice the degradation of Google search result quality, and they will start looking for
alternative tools that do a better job meeting their needs. We’ll revisit that issue in a
moment.
Even though the right to be forgotten might be inconsistent with American norms about
free speech, it’s proving to be a popular policy solution globally. For example, in 2015,
Russia adopted a variation of RTBF even more censorial than the EU policy. Under the
Russian rule, search engines must remove offending content from its search database
entirely, so it will not appear in response to any search query. In contrast, in the EU,
search engines only need to suppress the search result for the offended individual’s name,
but the search result can appear in response to other search queries.
EU Electronic Commerce Directive, the United Kingdom Defamation Act and the Germany
Network Enforcement Law
In 2000, the European Union enacted the Electronic Commerce Directive, Directive
2000/31/EC, including safe harbors for “mere conduits” (Article 12), caching (Article 13) and
hosting (Article 14). The provisions are similar to the DMCA online safe harbors, which
served as a model. Thus, like 512(a)’s safe harbor for Internet access providers, conduits
aren’t liable for third party content, and the caching provisions resemble 512(b).
Like 512(c), the hosting safe harbor is based on a notice-and-takedown scheme:
http://www.forbes.com/sites/ericgoldman/2013/09/24/californias-new-online-eraser-law-should-be-erased/.
Furthermore, in contrast to Europe’s RTBF, California’s law only applies to content posted by the minor; the
statute explicitly says that the minor cannot remove any third-party content about the minor.
347.
Article 14: Hosting
1. Where an information society service is provided that consists of the
storage of information provided by a recipient of the service, Member States
shall ensure that the service provider is not liable for the information stored
at the request of a recipient of the service, on condition that:
(a) the provider does not have actual knowledge of illegal activity or
information and, as regards claims for damages, is not aware of facts or
circumstances from which the illegal activity or information is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts
expeditiously to remove or to disable access to the information.
2. Paragraph 1 shall not apply when the recipient of the service is acting
under the authority or the control of the provider.
3. This Article shall not affect the possibility for a court or administrative
authority, in accordance with Member States' legal systems, of requiring the
service provider to terminate or prevent an infringement, nor does it affect
the possibility for Member States of establishing procedures governing the
removal or disabling of access to information.
This provision differs from the DMCA’s § 512(c) hosting safe harbor in several key ways.
First, the Directive requires European Union member states to enact a law consistent with
the Directive, but member states do not have to copy the provision identically. As a result,
there are national differences in the Directive’s enactment. Second, the Directive’s hosting
provision governs all claims related to user-generated content, not just copyright. Thus, the
Directive’s notice-and-takedown system applies to all legal doctrines, including those
covered by Section 230 in the United States. Third, the Directive contemplates that hosts
may be liable without ever receiving a takedown notice. In practice, European courts find
hosts liable in the absence of takedown notices more frequently than we see with Section
512(c) cases. Fourth, unlike Section 512(c)(3), the Directive doesn’t define what constitutes
a proper takedown notice, so web hosts are more likely to take action in response to any
notice submitted by anyone.
As you can see, Section 230 provides more protection for web hosts in the United States
than the Electronic Commerce Directive provides for European hosts. Accordingly, US user-
generated content websites launching localized services for European users typically
remove third party content in Europe that would be untouched in the United States.
The UK Defamation Law. The United Kingdom Defamation Act of 2013 highlights the
differences between the United States and Europe. Section 5 provides a safe harbor for
user-generated defamatory content. In general, the web host can avoid liability either by (1)
providing enough identifying information about the user to facilitate a lawsuit against
him/her, or (2) removing the content promptly after a takedown notice. Further, a web host
can’t qualify for the safe harbor if it “has acted with malice” towards the offending post,
348.
setting potential fights about web host scienter pre-takedown notice (similar to the Section
512(c) scienter problems we saw in Veoh).
For web hosts, the logical solution is to authenticate users before allowing them to post, so
that it will be possible to turn over the identifying information if demanded. As a result, the
UK Defamation Act undermines unattributed content. This rule deviates from Section 230,
which protects intermediaries for third-party content even if the poster cannot be identified.
Germany’s Network Enforcement Law (NetzDG). In 2017, Germany enacted the
Netzwerkdurchsetzungsgesetz (NetzDG). The law requires sites to maintain procedures to
remove “unlawful” user content, to remove “manifestly unlawful” user content within 24
hours of getting complaints about it (and within 7 days for merely “unlawful” user content),
and to make various public reports about content removals. The law imposes substantial
fines of up to €50 million for noncompliance. The law nominally targeted social media
platforms, but it applies to any online services with 2+ million registered users in Germany.
“Unlawful” content includes a wide range of content, including “public incitement to crime,”
“violation of intimate privacy by taking photographs,” defamation, “treasonous forgery”,
forming criminal or terrorist organizations, and “dissemination of depictions of violence.”
The NetzDG law supplements the EU Directive in important ways. First, it provides a
specific turnaround time for takedowns. Second, it starts to creep into regulating the
mechanics of a service’s content moderation/removal operations. Third, it requires the
production of “transparency” reports about complaints received and the service’s responses,
which may spur further regulatory oversight. Finally, the statute specifies penalties that
can be punitive in practice, which has spurred the regulated services to over-remove
content.
Brazil’s Internet Bill of Rights
In 2014, Brazil enacted an “Internet Bill of Rights.” An unofficial translation of some key
parts:
Art. 18 The provider of connection to internet shall not be liable for civil
damages resulting from content generated by third parties.
Art. 19 In order to ensure freedom of expression and prevent censorship, the
provider of internet applications can only be subject to civil liability for
damages resulting from content generated by third parties if, after an specific
court order, it does not take any steps to, within the framework of their
service and within the time stated in the order, make unavailable the content
that was identified as being unlawful, unless otherwise provided by law.
§ 1º The referred court order must include, under penalty of being null, clear
identification of the specific content identified as infringing, allowing the
unquestionable location of the material.
§ 2º The implementation of the provisions of this article for infringement of
copyright or related rights is subject to a specific legal provision, which must
respect freedom of speech and other guarantees provided for in Art. 5º of the
Federal Constitution.
349.
§ 3º The compensation disputes for damages arising from content made
available on the internet related to the honor, reputation or personality
rights, as well as the removal of related contents by internet application
providers, can be presented to special small causes courts.
§ 4º The judge, including within the proceeding set forth in § 3º, can
anticipate, partially or in full, the effects of the request contained in the
initial petition, to the extent that undisputable proof exists of the fact,
considering society’s collective interest in the availability of the content on
the internet, as long as the requisites of truthiness of the author’s claims, the
reasonable concern of irreparable damage, or damage that is difficult to
repair are met.
Art. 20 Whenever the contact information of the user directly responsible for
the content, referred to in Art. 19, is available, the provider of internet
applications shall have the obligation to inform the user about the execution
of the court order with information that allows the user to legally contest and
submit a defense in court, unless otherwise provided by law or in a court
order.
Sole Paragraph. When requested by the user, who provided the content made
unavailable, the provider of internet applications that carries out this activity
in an organized, professional manner and for economic purposes, shall
replace the content made unavailable for a note of explanation or with the
text of the court order that gave grounds to the unavailability of such content.
Art. 21 The internet application provider that makes third party generated
content available shall be held liable for the breach of privacy arising from
the disclosure of images, videos and other materials containing nudity or
sexual activities of a private nature, without the authorization of the
participants, when, after receipt of notice by the participant or his/hers legal
representative, refrains from removing, in a diligent manner, within its own
technical limitations, such content.
Sole Paragraph. The notice set forth above must contain sufficient elements
that allow the specific identification of the material said to violate the right to
privacy of the participant-user and the confirmation of the legitimacy of the
party presenting the request.
It’s hard to properly evaluate this text without reading it in its original language
(“truthiness”?) and thoroughly understanding Brazilian law, which differs from U.S. law in
many significant ways. Still, we can infer from Article 19 that “providers of internet
applications”—presumably including both websites and mobile apps—generally aren’t
civilly liable for user-generated content until a court orders its removal. To understand how
useful this safe harbor is, we’d need to know how broad Brazilian criminal law is (many
countries define more activity as criminal than the United States does) and how hard it is
to get a court order (which is easier in many countries than in the United States).
The bill of rights treats several types of claims specially. Copyright claims apparently are
covered by another provision. Claims related to “honor, reputation or personality rights”
can be fast-tracked to a small claims court. Claims related to non-consensual pornography
are subject to a notice-and-takedown regime.
350.
By generally deferring intermediary liability until a court order, Article 19 more closely
resembles Section 230 than the European notice-and-takedown rules. Still, Section 230 goes
further. A court can’t order a U.S. web host to remove user-generated content; any lawsuit
directly against the web host is preempted by Section 230, and a court order in any other
lawsuit can’t reach the web host due to Federal Rules of Civil Procedure 65(d)(2). See, e.g.,
Blockowicz v. Williams, 630 F.3d 563 (7th Cir. 2010); Giordano v. Romeo, 76 So.3d 1100
(Fla. Dist. App. Ct. 2011); see also Hassell v. Bird, 5 Cal. 5th 522 (Cal. 2018) (Yelp can’t be
compelled to honor a removal injunction).
Section 230 and Foreign Judgments
In 2010, Congress enacted the SPEECH Act, codified at 28 USC §§ 4101-05. Among other
provisions, the law says that a foreign court judgment for defamation cannot be enforced in
the United States if the result would have violated Section 230 if litigated in a U.S. court;
and unsuccessful plaintiffs must pay the attorneys’ fees of the Section 230-immunized
entity. Thus, even if foreign laws are less protective of web hosts or other intermediaries
than Section 230, a foreign court’s defamation judgment will not work in U.S. courts if it
violates Section 230. See, e.g., Trout Point Lodge, Ltd. v. Handshoe, 729 F.3d 481 (5th Cir.
2013).
Global Removals Based on Local Violations
From the Internet’s earliest days, the tension between a global communication network and
local geography-based laws has been obvious. One scenario is that every jurisdiction’s local
laws apply to the Internet globally, meaning that the country (or sub-national regulator)
with the most restrictive law for any content category sets the global standard for that
content. If this scenario comes to pass, the Internet will only contain content that is legal in
every jurisdiction in the world—a small fraction of the content we as Americans might
enjoy, because many countries broadly restrict content that is clearly legal in the U.S.
Perhaps surprisingly, we’ve generally avoided this dystopian scenario—so far. In part, this
is because many major Internet services create localized versions of their offerings that
conform to local laws, which allows the services to make country-by-country removals of
locally impermissible content. Thus, the content on google.de might vary pretty
substantially from the content on google.com. This localization undermines the 1990s
utopian vision that the Internet would enable a single global content database that
everyone in the world could uniformly enjoy. However, service localization has also
forestalled more dire regulatory crises. So long as google.de complies with local German
laws and google.com complies with local U.S. laws, regulators in the U.S. and Germany
should be OK…right?
Maybe. In a long-running battle over the Right to Be Forgotten, the French regulator CNIL
took the position that any RTBF removal applies to all of Google’s indexes worldwide, not
just those in Europe. Google made numerous accommodations to appease CNIL, including
filtering the search results from a non-EU search index when accessed by someone in the
EU. Despite these accommodations, CNIL took the issue to the European Court of Justice,
which mostly sided with Google. Google LLC v. Commission Nationale de L’Informatique et
des Libertés (CNIL), Case C‑507/17 (ECJ 2019). The ECJ said “a search engine operator
351.
cannot be required…to carry out a de-referencing on all the versions of its search engine.”
However, the court said the law potentially could be changed to impose such a duty.
Furthermore, search engines can be required to try to block European users from reaching
search indexes not subject to the RTBF.
Will territorial limits be found in other cases? Maybe not. The CNIL case interpreted the
GDPR. A couple of weeks later, the ECJ interpreted the E-Commerce Directive and held
that Facebook could be required to remove defamatory content worldwide. Glawischnig-
Piesczek v. Facebook Ireland Ltd, Case C-18/18 (ECJ 2019).
Another case from Canada illustrates the challenges in these cases. In 2017, the Canada
Supreme Court ordered Google to globally remove search results based on alleged Canadian
legal violations. Google Inc. v. Equustek Solutions Inc., 2017 SCC 34.
In that case, Datalink, a competitor of Equustek, sold products that allegedly infringed
Equustek’s intellectual property rights. After Equustek sued Datalink, Datalink relocated
to an unknown location outside of Canada, putting it beyond the reach of Canadian courts.
Equustek asked Google to deindex Datalink’s website. Google partially deindexed the site
from google.ca, but Equustek sought more relief. The Canada Supreme Court ordered
global deindexing of Datalink’s website:
The problem in this case is occurring online and globally. The Internet has no
borders — its natural habitat is global. The only way to ensure that the
interlocutory injunction attained its objective was to have it apply where
Google operates — globally. As Fenlon J. found, the majority of Datalink’s
sales take place outside Canada. If the injunction were restricted to Canada
alone or to google.ca, as Google suggests it should have been, the remedy
would be deprived of its intended ability to prevent irreparable harm.
Purchasers outside Canada could easily continue purchasing from Datalink’s
websites, and Canadian purchasers could easily find Datalink’s websites even
if those websites were de-indexed on google.ca. Google would still be
facilitating Datalink’s breach of the court’s order which had prohibited it
from carrying on business on the Internet….
The order does not require that Google take any steps around the world, it
requires it to take steps only where its search engine is controlled….
This is not an order to remove speech that, on its face, engages freedom of
expression values, it is an order to de-index websites that are in violation of
several court orders….
This does not make Google liable for this harm. It does, however, make
Google the determinative player in allowing the harm to occur.
The court noted that Google admitted it would be easy to deindex Datalink’s domain name,
and the court noted that Google regularly deindexes content for other reasons, such as the
DMCA online safe harbor.
352.
The court dismissed the risk of international conflicts-of-laws because everyone apparently
accepted that Datalink would violate Equustek’s IP rights under other countries’ laws.
However, the court was surprisingly unspecific about the alleged IP violations, which
apparently included trademarks and trade secrets. Thus, the court avoided some subtle IP
issues, such as the scope of Equustek’s trademark rights (usually trademark rights don’t
reach beyond a country’s borders, so a Canadian court cannot order a defendant to stop
infringing trademark rights in other countries) and the likelihood that Canadian trade
secret laws and remedies differ from the laws and remedies of other countries. See Ariel
Katz, Google v. Equustek: Unnecessarily Hard Cases Make Unnecessarily Bad Law,
ArielKatz.org, June 29, 2017, https://arielkatz.org/google-v-equustek-unnecessarily-hard-
cases-make-unnecessarily-bad-law/.
In a subsequent proceeding not contested by Equustek, Google successfully obtained a U.S.
court order declaring that “the Canadian court’s order cannot be enforced in the United
States and enjoining its enforcement.” Google LLC v. Equustek Solutions Inc., 2017 WL
5000834 (N.D. Cal. 2017). The court explained: “The Canadian order would eliminate
Section 230 immunity for service providers that link to third-party websites. By forcing
intermediaries to remove links to third-party material, the Canadian order undermines the
policy goals of Section 230 and threatens free speech on the global internet.”
This seemingly sets up an international conflicts-of-law: Google now has conflicting
injunctions in two different countries. Yet, so long as Google is subject to Canadian
jurisdiction, the U.S. order doesn’t change its legal exposure in Canada. When presented
with the U.S. order, the British Columbia Supreme Court shrugged its shoulders: “The
effect of the U.S. order is that no action can be taken against Google to enforce the
injunction in U.S. courts. That does not restrict the ability of this Court to protect the
integrity of its own process through orders directed to parties over whom it has personal
jurisdiction.” Equustek Solutions Inc. v. Jack, 2018 BCSC 610.
In response to the Canadian Supreme Court opinion, Canadian law professor Michael Geist
wrote:
what happens if a Chinese court orders it to remove Taiwanese sites from the
index? Or if an Iranian court orders it to remove gay and lesbian sites from
the index? Since local content laws differ from country to country, there is a
great likelihood of conflicts. That leaves two possible problematic outcomes:
local courts deciding what others can access online or companies such as
Google selectively deciding which rules they wish to follow. The Supreme
Court of Canada did not address the broader implications of the decision,
content to limit its reasoning to the need to address the harm being sustained
by a Canadian company, the limited harm or burden to Google, and the ease
with which potential conflicts could be addressed by adjusting the global
takedown order. In doing so, it invites more global takedowns without
requiring those seeking takedowns to identify potential conflicts or assess the
implications in other countries.
Michael Geist, Global Internet Takedown Orders Come to Canada: Supreme Court Upholds
International Removal of Google Search Results, MichaelGeist.ca, June 28, 2017,
353.
http://www.michaelgeist.ca/2017/06/global-internet-takedown-orders-come-canada-
supreme-court-upholds-international-removal-google-search-results/.
Note that Equustek ruling (as well as its CNIL dispute) avoid an underlying jurisdictional
issue because Google has substantial physical presence in both Canada and Europe. Would
Canada or Europe have jurisdiction over an Internet service that operates exclusively from
the United States?
CHAPTER 8 REVIEW QUESTION #3
Under which of these circumstances can a U.S. resident compel Google to remove search
results from its Google.com search index?
a) If the search result contains the plaintiff’s social security number
b) If the search result displays an unflattering photo of the plaintiff
c) If the search result contains factual assertions that a foreign court has declared
defamatory
d) If the search result contains factual assertions that a U.S. court has declared defamatory
e) If the search result contains an outdated version of the plaintiff’s resume that the
plaintiff posted to his personal website and subsequently replaced with an updated version
354.
IX. Privacy
From xkcd, http://xkcd.com/1269/
355.
The Children’s Online Privacy Protection Act (COPPA) is an Internet exceptionalist law
that protects children’s personal information online. Most general-purpose websites and
online apps easily fall outside its scope (can you parse the statute to see why?).
Excerpts from 16 C.F.R. Part 312, the Children’s Online Privacy Protection Act’s
Regulations
16 C.F.R. § 312.3. General requirements. It shall be unlawful for any operator of a Web site
or online service directed to children, or any operator that has actual knowledge that it is
collecting or maintaining personal information from a child, to collect personal information
from a child in a manner that violates the regulations prescribed under this part.
Generally, under this part, an operator must:
(a) Provide notice on the Web site or online service of what information it collects from
children, how it uses such information, and its disclosure practices for such information (§
312.4(b));
(b) Obtain verifiable parental consent prior to any collection, use, and/or disclosure of
personal information from children (§ 312.5);
(c) Provide a reasonable means for a parent to review the personal information collected
from a child and to refuse to permit its further use or maintenance (§ 312.6);
(d) Not condition a child’s participation in a game, the offering of a prize, or another activity
on the child disclosing more personal information than is reasonably necessary to
participate in such activity (§ 312.7); and
(e) Establish and maintain reasonable procedures to protect the confidentiality, security,
and integrity of personal information collected from children (§ 312.8).
Definitions from 16 C.F.R. § 312.2:
Personal information means individually identifiable information about an individual
collected online, including:
(1) A first and last name;
(2) A home or other physical address including street name and name of a city or town;
(3) Online contact information as defined in this section;
(4) A screen or user name where it functions in the same manner as online contact
information, as defined in this section;
(5) A telephone number;
(6) A Social Security number;
(7) A persistent identifier that can be used to recognize a user over time and across
different Web sites or online services. Such persistent identifier includes, but is not limited
to, a customer number held in a cookie, an Internet Protocol (IP) address, a processor or
device serial number, or unique device identifier;
(8) A photograph, video, or audio file where such file contains a child’s image or voice;
(9) Geolocation information sufficient to identify street name and name of a city or town; or
356.
(10) Information concerning the child or the parents of that child that the operator collects
online from the child and combines with an identifier described in this definition.
Collects or collection means the gathering of any personal information from a child by any
means, including but not limited to:
(1) Requesting, prompting, or encouraging a child to submit personal information online;
(2) Enabling a child to make personal information publicly available in identifiable form.
An operator shall not be considered to have collected personal information under this
paragraph if it takes reasonable measures to delete all or virtually all personal information
from a child’s postings before they are made public and also to delete such information from
its records; or
(3) Passive tracking of a child online.
Web site or online service directed to children means a commercial Web site or online
service, or portion thereof, that is targeted to children.
(1) In determining whether a Web site or online service, or a portion thereof, is directed to
children, the Commission will consider its subject matter, visual content, use of animated
characters or child-oriented activities and incentives, music or other audio content, age of
models, presence of child celebrities or celebrities who appeal to children, language or other
characteristics of the Web site or online service, as well as whether advertising promoting
or appearing on the Web site or online service is directed to children. The Commission will
also consider competent and reliable empirical evidence regarding audience composition,
and evidence regarding the intended audience.
(2) A Web site or online service shall be deemed directed to children when it has actual
knowledge that it is collecting personal information directly from users of another Web site
or online service directed to children.
(3) A Web site or online service that is directed to children under the criteria set forth in
paragraph (1) of this definition, but that does not target children as its primary audience,
shall not be deemed directed to children if it:
(i) Does not collect personal information from any visitor prior to collecting
age information; and
(ii) Prevents the collection, use, or disclosure of personal information from
visitors who identify themselves as under age 13 without first complying with
the notice and parental consent provisions of this part.
(4) A Web site or online service shall not be deemed directed to children solely because it
refers or links to a commercial Web site or online service directed to children by using
information location tools, including a directory, index, reference, pointer, or hypertext link.
357.
Note About The E.U.’s General Data Protection Regulation (GDPR)
This book primarily focuses on U.S. law, but we have to address a key piece of European
law because of its importance to U.S. Internet law.
The European Union’s General Data Protection Regulation, or GDPR, came into effect in
May 2018. The GDPR has many implications for businesses both in Europe and
internationally. The GDPR will affect many Internet companies for the foreseeable future,
so odds are high that you will have to navigate the GDPR—whether you want to or not.
This part gives you just a broad sketch of the GDPR. The actual text (https://eur-
lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN) is 88 pages
of dense and impenetrable legalese (much of it in the passive voice). Each EU country is
required to implement the GDPR in its own laws, which creates country-by-country
variations in implementation, and the GDPR is supplemented by rulings from the
European Court of Justice, official and unofficial guidance from the European Data
Protection Board, national Supervisory Authorities, and others. If you’re actually making a
business decision governed by the GDPR, you’ll need to consult with an expert in EU data
protection law. For more on why Americans struggle to understand the GDPR, see Meg
Leta Jones & Margot E. Kaminski, An American’s Guide to the GDPR, 98 DENV. L. REV. __
(2020).
European companies must also comply with the ePrivacy Directive (Directive 2002/58/EC,
as modified by Directive 2009/136/EC), sometimes called the “Cookie Directive.” The
ePrivacy Directive regulates communication privacy in numerous ways, including requiring
consent for:
any direct marketing by phone, fax, email, text, or other electronic message.
Individuals must affirmatively opt-in—i.e., the checkbox must be presented as
unchecked—to receive these marketing materials (with limited exceptions).
placing or reading cookies or other client-side persistent identifiers. Individual
consent usually is sought in a web banner. This is why you often see websites asking
for permission to place cookies.
The GDPR and ePrivacy Directive may overlap, in which case they both apply.
Who Must Comply with the GDPR?
The GDPR applies to anyone who “processes” personal data, defined as “any operation or
set of operations which is performed on personal data or on sets of personal data, whether
or not by automated means.”
The GDPR defines two roles: data “controllers” and “processors.” The GDPR places a
heavier compliance burden on controllers, so the distinction between the two is critical.
A controller “determines the purposes and means of processing personal data.” A processor
“processes personal data on behalf of a controller.” In some cases, this will be fairly clear.
An example:
358.
A brewery has many employees. It signs a contract with a payroll company to pay
the wages. The brewery tells the payroll company when the wages should be paid,
when an employee leaves or has a pay rise, and provides all other details for the
salary slip and payment. The payroll company provides the IT system and stores the
employees’ data. The brewery is the data controller and the payroll company is the
data processor.
In some cases, an advertiser who collects information directly from consumers would be the
controller; and third party vendors who help the advertiser communicate with those
consumers would be processors. (The GDPR applies to all individuals, not just consumers,
but this note focuses on the consumer context).
However, because the GDPR’s definitions are flexible, it will not always be clear who is a
controller and who is a processor. The GDPR also contemplates that entities working
together can be “joint controllers,” making the classification decision even more difficult. As
one commentator wrote, “deciding who is a data controller and who a data processor in
complicated areas like modern targeted advertising is maddeningly difficult.” Lilian
Edwards, Data Protection: Enter the General Data Protection Regulation, in LAW, POLICY
AND THE INTERNET (2018).
What Data Does the GDPR Cover?
The GDPR defines “personal data” as “any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier such as a name,
an identification number, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural or social identity
of that natural person.”
Like most privacy laws, this definition attempts to distinguish personal data from non-
personal data, but even very general data about a person can become identifiable when
combined with enough other data. Some items are categorically personal data, like names,
telephone numbers and email addresses, and other items, like IP addresses or a unique
identifier in a browser cookie, likely qualify as well.
However, the definition could be read much more broadly to cover virtually every scrap of
data about any person. The GDPR only excludes truly “anonymous” data, if such a thing
even exists.
The GDPR provides extra protections for “sensitive” personal data. The GDPR prohibits
processing data “revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs, or trade union membership, and the processing of genetic data,
biometric data for the purpose of uniquely identifying a natural person, data concerning
health or data concerning a natural person's sex life or sexual orientation,” subject to many
exclusions. There are also extra protections for information about criminal convictions and
offenses.
359.
GDPR’s Rights and Obligations
The GDPR creates a wide range of rights for consumers and requirements on controllers
and processors.
GDPR Article 5 enumerates six “principles” that apply to all processing of personal data:
Lawfulness, Fairness and Transparency. Personal data shall be “processed lawfully,
fairly and in a transparent manner.”
Purpose Limitation. Personal data shall be “collected for specified, explicit and
legitimate purposes and not further processed in a manner that is incompatible with
those purposes” (subject to some public interest exceptions).
Data Minimization. Personal data shall be “adequate, relevant and limited to what
is necessary in relation to the purposes for which they are processed.”
Accuracy. Personal data shall be “accurate and, where necessary, kept up to date.”
Storage Limitation. Personal data shall be “kept in a form which permits
identification of data subjects for no longer than is necessary for the purposes for
which the personal data are processed” (subject to some public interest exceptions).
Integrity and Confidentiality (a/k/a Security). Personal data shall be “processed in a
manner that ensures appropriate security of the personal data.”
As you can see, these vaguely worded principles are more aspirational than prescriptive.
This reflects the GDPR’s general regulatory approach. The GDPR wants companies to
comply both with the letter of the law and its spirit, and it creates the possibility of
enforcement when the spirit of the law isn’t honored. As Jones and Kaminski explain, the
“GDPR is often vague because it tasks companies with figuring out how to best implement
its aspirations.” The GDPR’s aspirational approach to regulation conflicts with American
jurisprudential norms that favor bright-line rules that provide more legal certainty.
The GDPR prohibits the processing of personal data unless permitted by one of six “lawful”
bases, which includes consumer consent. However, the GDPR substantially raises the bar
for what constitutes proper consent. The GDPR requires that consumers opt-in, with
granular consent options, for different processing operations. Consent cannot be obtained
via pre-checked boxes or in the terms of service, and consent generally shouldn’t be a
precondition of registration. Because of the complexities associated with obtaining proper
consent from consumers, controllers often will find it more expedient or less risky to rely on
one of the five other lawful bases for processing. As Jones and Kaminski state bluntly: “The
GDPR is not primarily based on consent.”
In addition to the Article 5 principles, Chapter III of the GDPR describes 8 consumer rights:
Right to Be Informed. Consumers have the right to know when their data is being
collected and why. Articles 13 and 14 enumerate minimum requirements of privacy
disclosures.
Right of Access. Consumers have the right to see their data.
Right to Rectification. Consumers have the right to correct erroneous information
about them.
360.
Right of Erasure (also called the “right to be forgotten”). Consumers have the right
to delete personal data about them in many circumstances.
Right to Restrict Processing. Consumers have the right to restrict processing of their
personal data in many circumstances.
Right to Data Portability. Consumers have the right to obtain and reuse personal
data about them for their own purposes across different services in certain cases.
Right to Object. Consumers have the right to object to and prevent their data from
being used for specified purposes, including an absolute right to stop their data
being used for direct marketing purposes.
Rights Related to Automated Decision-Making. A decision with legal effects may be
made solely by a machine, and consumers may be profiled, only with consumers’
explicit consent, or where necessary for the contract, or as otherwise legally
authorized.
The GDPR also requires various operational procedures that make companies more
proactive about data protection rather than treating it like a “check-the-box” compliance
function. For example, it expects companies to implement “data protection by design and by
default,” companies are required to conduct “data protection impact assessments” before
undertaking significant actions, and some companies must designate a “Data Protection
Officer.” The GDPR also requires companies to report data breaches to government
regulators and, in some cases, directly to consumers.
As mentioned earlier, data processors have fewer obligations than data controllers. A data
processor must comply with its contracts with data controllers and:
not use a sub-processor without the controller’s permission;
cooperate with regulators;
ensure the security of its processing;
keep records of processing activities;
notify the data controller of any personal data breaches;
employ a Data Protection Officer (in some cases); and
appoint a representative within the European Union (if the processor isn’t
established in the EU).
Damages
The GDPR authorizes direct consumer lawsuits for violations, either individually or
through public interest organizations. Violations also can be enforced by government
agencies, which can seek fines of up to €20M or 4% of a company’s global annual revenue
(and, in the case of a group of companies, 4% of the group’s global annual revenue),
whichever is greater.
Jurisdictional Reach
The GDPR applies to:
(1) Companies established in the EU, regardless of whether data processing takes place
inside or outside the EU or the data relates to EU residents. Thus, a U.S. company
361.
with a physical presence in the EU may be subject to GDPR both for EU consumer
data and non-EU consumer data.
(2) Companies not established in the EU that process EU residents’ data where the
processing is (a) related to offering goods or services to individuals in the EU, or (b)
related to monitoring behavior by individuals in the EU. These companies must
appoint a representative in the EU.
Thus, the GDPR purports to govern the processing of EU consumer data by companies that
have no physical presence in the EU at all. So, a Silicon Valley-based Internet startup with
a globally available website might need to comply with the GDPR from day one. However,
the GDPR’s potentially global reach raises many complex issues about transborder
conflicts-of-laws and enforcements, so the GDPR’s actual application to non-EU companies
may not be as broad as the GDPR claims. As a practical matter, EU-based regulators will
prioritize their enforcement efforts, and for the foreseeable future, the regulators are likely
to have higher-value targets than small U.S. start-up companies with offices exclusively in
the U.S. Still, E.U. regulators inevitably will bring cases that test this geographic issue.
So the legally conservative approach would be for all consumer-facing Internet services to
comply with the GDPR unless they have no EU offices and never touch EU consumer data.
Indeed, many U.S.-only companies have chosen to do just that. This is a reason why every
Internet law professional must be familiar with the GDPR. However, compliance with the
GDPR is quite expensive and demanding than complying with just U.S. law. Therefore,
many U.S. Internet companies will choose to ignore the GDPR unless/until they have
physical offices in the EU. See Kurt Wimmer, Free Expression and EU Privacy Regulation:
Can the GDPR Reach U.S. Publishers?, 68 SYR. L. REV. 547 (2018).
Even if a U.S. company never directly collects EU consumer data, it might still encounter
the GDPR if it receives transborder data transfers of EU consumer data from its business
partners. For example, the GDPR regulates when a European company hires a U.S.-based
advertising agency to help with ad buys, and the company wants to share consumer data
with the agency. In this situation, the company is the data controller and the ad agency is a
data processor; and the company must legally impose GDPR-based restrictions on the
agency to satisfy its own GDPR obligations.* Thus, a U.S.-only company might still need to
comply with the GDPR, at least in part, to facilitate such business arrangements.
A Third Option to Address Jurisdiction: Opt Out of Europe
To bypass the comply-or-not decision, non-EU companies may rationally decide to turn off
their services in Europe altogether. This could be as simple as setting up IP address blocks
for EU-based IP addresses. Indeed, a number of companies have blocked EU users, such as
this site displaying a “451” error code:
* There is a separate issue about whether EU data can be transferred to the U.S. at all. Such transborder
movements of data to non-EU countries are permitted only when adequate/appropriate safeguards are in place
to protect consumer privacy. The U.S. as a country has not received an adequacy determination.
362.
(The 451 error code is a not-subtle reference to dystopian novel, Fahrenheit 451, about
censorship).
Some major media outlets, like the Chicago Tribune, took a similar approach:
See U.S. News Outlets Block European Readers Over New Privacy Rules, N.Y. TIMES, May
25, 2018, https://www.nytimes.com/2018/05/25/business/media/europe-privacy-gdpr-
us.html; Jeff South, More Than 1,000 U.S. News Sites Are Still Unavailable in Europe, Two
Months After GDPR Took Effect, NIEMAN LABS, Aug. 7, 2018,
http://www.niemanlab.org/2018/08/more-than-1000-u-s-news-sites-are-still-unavailable-in-
europe-two-months-after-gdpr-took-effect/.
363.
Other services have reduced their offerings in Europe. For example, LinkedIn dropped its
“Mentioned in the News” feature in Europe due to privacy concerns. David Cohen, LinkedIn
Put Its Mentioned in the News Feature on Hold in the EU, ADWEEK, Feb. 28, 2019,
https://www.adweek.com/digital/linkedin-put-its-mentioned-in-the-news-feature-on-hold-in-
the-eu/.
The Washington Post took yet a different approach, charging an extra fee for GDPR-
compliant services to compensate for the lost ad revenue and increased compliance costs:
(The California’s Consumer Privacy Act, discussed below, may restrict price discrimination
like this).
These examples show how the GDPR effectively shrank the Internet for EU consumers—
the Internet is less functional and robust for them. (Of course, EU residents can try to use
VPNs to get around geoblocks, but many won’t bother to do so). These virtual geographic
walls further hinder trans-border understanding of different cultures and reduce cross-
border pollination of ideas.
Thus, the GDPR significantly contributes to and accelerates the splintering of the Internet
into many “Internets,” where the Internet available to people in one geographic location
increasingly looks different than the Internet available to people in other places. Perhaps
geographically distinct Internets were inevitable, but they represent a limitation of the
Internet imposed wholly by regulation, not technology.
Star Trek’s vision for the future is that our globe overcomes national borders to unite into a
single government. The Internet could contribute to that future, but splintered Internets—
364.
fueled by well-intentioned privacy laws—seemingly makes that vision of the future feel
impossible.
GDPR’s Effects on Competition
Costly and cumbersome privacy regulations (like the GDPR and CCPA) have significant,
and often unwanted, effects on marketplace competition. For example, numerous studies
have documented that GDPR hurt Google and Facebook less than their smaller
competitors—or even helped reinforce their market dominance. E.g., Jessica Davies, The
Impact of GDPR, in 5 Charts, DIGIDAY, Aug. 24, 2018, https://digiday.com/media/impact-
gdpr-5-charts/; Mark Scott et al, How Silicon Valley Gamed Europe’s Privacy Rules,
POLITICO, May 22, 2019, https://www.politico.eu/article/europe-data-protection-gdpr-
general-data-protection-regulation-facebook-google/; Alec Stapp, GDPR After One Year:
Costs and Unintended Consequences, TRUTH ON THE MARKET, May 24, 2019,
https://truthonthemarket.com/2019/05/24/gdpr-after-one-year-costs-and-unintended-
consequences/; Leonid Bershidsky, Europe’s Privacy Rules Hurt Small Firms, Not Tech
Giants, BLOOMBERG, July 25, 2019, https://www.bloomberg.com/opinion/articles/2019-07-
26/europe-s-privacy-rules-hurt-small-firms-not-google-and-facebook. Frustratingly, these
unwanted competitive effects were widely predicted in advance.
365.
An Introduction to the California Consumer Privacy Act (CCPA)
(current as of July 1, 2020)
By spending about $3M of his personal fortune, a California real estate developer with a
yen for privacy and money to burn qualified a privacy initiative for the November 2018
California statewide ballot. If passed by voters, the initiative’s language—which contained
numerous provisions that were toxic to the business community—would have been
exceptionally difficult to amend, functionally locking in problematic policy permanently.
Following the ballot certification, the developer offered the California legislature a “deal”: if
it immediately passed a law substantially similar to the initiative, he would withdraw the
initiative from the ballot. This deal was attractive to all sides. The developer would get his
desired policy outcome without spending millions more to sway voters. Meanwhile, for
opponents and the legislature, passing a bill would retain the legislature’s power to improve
and superintend the law over time, plus the opponents would avoid spending an estimated
$100M to fight the initiative.
In a chaotic 7 day period in June 2018, the California legislature introduced, amended, and
enacted AB 375, the California Consumer Privacy Act (“CCPA”). The legislature didn’t hold
any hearings on the law and, behind closed doors, got minimal input from affected
stakeholders. This is how California got a sweeping, lengthy, insanely complicated, and
poorly drafted privacy law that governs the world’s fifth largest economy (and beyond).
Following passage of the CCPA, the California legislature made numerous, but mostly
cleanup or minor, amendments in 2019. The legislature will likely adopt a few more (mostly
minor) amendments in 2020.
In parallel, the law required the California Attorney General’s Office (the “DOJ”) to develop
regulations, a process that took two years. The DOJ issued its final regulations in June
2020, just a few weeks before the DOJ could start enforcing the law.
Collectively, the CCPA and regulations create a 21,000+ word unreadable mess. This note
provides a roadmap to the law, but bonne chance if you ever have the misfortune of reading
the law yourself.
Who Has to Comply With the Law?
The law applies to any business that “collects consumers’ personal information, or on the
behalf of which such information is collected and that alone, or jointly with others,
determines the purposes and means of the processing of consumers’ personal information,
that does business in the State of California” and satisfies one of these three requirements:
1) has $25M+ in annual revenues (from anywhere, not just California), or
2) derives 50%+ of its revenues from selling consumer data, or
3) “annually buys, receives for the business’ commercial purposes, sells, or shares for
commercial purposes, alone or in combination, the personal information of 50,000 or more
consumers, households, or devices” (1798.140(c)).
366.
The law excludes the collection or sale of “a consumer’s personal information if every aspect
of that commercial conduct takes place wholly outside of California[, i.e.,] if the business
collected that information while the consumer was outside of California, no part of the sale
of the consumer’s personal information occurred in California, and no personal information
collected while the consumer was in California is sold” (1798.145(a)(6)). Despite this
apparent overreach into activity occurring in other states (which raises significant
Constitutional problems), the law only applies to companies “doing business in California.”
Due to the ambiguity of what qualifies as “doing business” in a state, many out-of-state
businesses have reluctantly complied with the law despite not having any employees or
property in California.
The law expressly says it is “not limited to information collected electronically or over the
Internet[; the law applies] to the collection and sale of all personal information collected by
a business from consumers” (1798.175). Thus, the law applies equally to online and offline
businesses that collect personal information. The DOJ estimated that the CCPA applies to
up to 400,000 businesses in California, including many small- and medium-sized
businesses. See https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-std399.pdf.
The law reaches so many small businesses because it covers any business that
“receives…the personal information of” 50k+ consumers, including the “receipt” of credit
cards and IP addresses. A business can clear that threshold with an average of 137 unique
credit card sales per day (14 sales/hour over a 10-hour business day)—which describes
many restaurants, coffee shops, pizzerias, frozen yogurt shops, and other low-revenue
retailers. Similarly, the law applies to any ad-supported website that “receives” an average
of 137 unique IP addresses per day, a tiny amount of traffic. While the ballot initiative
really targeted the data practices of Google and Facebook, the law counterintuitively treats
a local pizza shop the same as it treats Internet giants.
What is “Personal Information”?
The law applies to consumers’ “personal information.” “Consumers” are natural persons
who are California residents (1798.140(g)), including customers, prospective customers,
employees/contractors, and business contacts (like vendor salespeople). In 2019, the
California legislature excluded employees/business contacts from the law for a year; it may
temporarily renew this extension in 2020.
As with the GDPR, attempts to distinguish personal information from non-personal
information are likely to be under- or over-inclusive. The CCPA took the overinclusive
route. The law defines “personal information” as information that “identifies, relates to,
describes, is reasonably capable of being associated with, or could reasonably be linked,
directly or indirectly, with a particular consumer or household” (1798.140(o)). The statute
specifies many examples of personal information, including geolocation data, biometric
information, and olfactory information. The reference to “household,” an undefined term not
in the GDPR, creates numerous potential problems, but the regulations mostly ameliorated
those concerns.
Because computer scientists are clever about reidentification and combining datasets, what
data isn’t reasonably capable of being associated with a particular consumer? For example,
standing alone, a person’s gender isn’t a unique identifier; it only narrows the potential pool
367.
of people who might be that individual by roughly half. However, knowing a person’s
birthdate, zip code and gender allows the accurate unique identification of 87% of the
population. So the CCPA likely treats gender information—standing alone—as “personal
information” because it is “reasonably capable of being associated with” a particular
consumer when combined with other datasets. Applying the same logic to other data types,
it’s likely that all data about individuals possessed by a business qualifies as “personal
information.”
“Personal information” excludes “information that is lawfully made available from federal,
state, or local government records” (1798.140(o)(2)) and “consumer information that is
deidentified or in the aggregate consumer information” (1798.145(a)(5)). However, it’s
unclear if data can be sufficiently deidentified or aggregated to satisfy the statutory
standards; and the scope of the government records exception also remains unclear.
The CCPA categorically does not apply when other specified privacy laws apply, such as
information covered by Health Insurance Portability and Accountability Act of 1996
(1798.145(c)(1)), Fair Credit Reporting Act (1798.145(d)), Gramm-Leach-Bliley Act
(1798.145(e)), Driver’s Privacy Protection Act of 1994 (1798.145(f)), and more.
Consumer Rights Created by the Law
The CCPA provides six consumer rights:
1) and 2) “Right to Know” and Right of Data Portability
The CCPA lets consumers learn about businesses’ data practices (both online and offline).
Businesses are required to make disclosures about their generic collection practices
(1798.100) and their data sales or transfers (1798.115). Upon request, businesses must also
disclose the specific categories of personal information they have collected from the
consumer and the “specific pieces of personal information it has collected about that
consumer,” in a portable format (1798.110). The CCPA has detailed requirements for
privacy policies (especially 1798.130(a)(5)), and the regulations add many more
requirements. For example, web pages containing the statutory disclosures must comply
with W3C accessibility standards.
These rights create mechanisms that could help malefactors illegitimately obtain highly
valuable consumer data. To prevent this outcome, the CCPA required the DOJ to define
what constitutes a “verifiable consumer request.” (1798.140(y)). The DOJ mostly told
businesses to figure it out, saying that “determining the appropriate verification standard
is fact- and scenario-specific” and providing a multi-factor test for businesses to ponder. As
a result, businesses often must individually assess each verification request, a process that
is not scalable for businesses receiving many requests.
To ease the burden slightly, the DOJ provided some categorical rules:
A business can decline a request when it can’t reasonably verify the consumer.
Password-protected accounts often qualify as reliable verifiers.
368.
For consumers’ requests to know the categories of information collected about them,
businesses may match “at least two data points provided by the consumer with data
points maintained by the business.”
For consumers’ requests to know their specific data, businesses may match 3 data
points with their records and require consumers to sign a declaration of identity
under penalty of perjury. The “penalty of perjury” sounds serious, but unless the
DOJ actually prosecutes perjured declarations, it’s an empty threat. For deletion
requests (as opposed to right to know requests), the DOJ says businesses should
decide between requiring 2- or 3-data point matches depending “on the sensitivity of
the personal information and the risk of harm to the consumer posed by
unauthorized deletion.”
In commentary, the DOJ said that businesses can require consumers to obtain
notarization only if the business covers the notary costs.
3) Erasure Right (1798.105). Upon a consumer’s request, a business shall delete any
personal information about the consumer that the business collected from the consumer.
Businesses can refuse deletion requests when it “is necessary for the business or service
provider to maintain the consumer’s personal information” to: (1) complete the transaction
or a reasonably anticipated transaction, (2) find, prevent, or prosecute security breaches or
illegal activity, (3) “Debug to identify and repair errors that impair existing intended
functionality,” (4) exercise free speech (of the business or a third party) or “exercise another
right provided for by law,” (5) comply with the California ECPA, (6) engage in certain types
of research in limited cases, (7) “enable solely internal uses that are reasonably aligned
with the expectations of the consumer based on the consumer’s relationship with the
business,” (8) comply with a legal obligation, or (9) “Otherwise use the consumer’s personal
information, internally, in a lawful manner that is compatible with the context in which the
consumer provided the information.”
4) Right to Say “No” to Data Sales
Consumers can control businesses’ ability to sell their data:
Opt-Out of Data Sales (1798.120(a)). Consumers can opt-out of sales of their
personal information, and the business can’t ask them to reconsider for at least 12
months (1798.135(a)(5)) with limited exceptions specified in the regulations.
Opt-In for Data Sales Related to Minors (1798.120(d)). A business that knows (or
“willfully disregards” the consumer’s age) personal information related to consumers
under 16 may not sell the personal information unless the consumer (ages 13-15) or
parent/guardian (under 13) opts-in.
Opt-Out of Third-Party Data Resales (1798.115(d)). “A third party shall not sell
personal information about a consumer that has been sold to the third party by a
business unless the consumer has received explicit notice and is provided an
opportunity to exercise the right to opt out.”
Specifications for Disclosing Opt-Out of Data Sales (1798.135). If a business sells
personal information, then it must “[p]rovide a clear and conspicuous link on the
business’ Internet homepage, titled ‘Do Not Sell My Personal Information,’ to an
369.
Internet Web page that enables a consumer, or a person authorized by the
consumer, to opt out of the sale of the consumer’s personal information.”
The CCPA defines “sale” broadly to include any disclosure from one business to another “for
monetary or other valuable consideration” (1798.140(t)(1)). Due to the ambiguous meaning
of “other valuable consideration,” the law potentially applies to many legitimate activities
and data transfers that are not straight cash-for-data.
5) Non-Discrimination Provisions (1798.125).
“A business shall not discriminate against a consumer because the consumer exercised any
of the consumer’s rights under this title,” though a business may charge “a consumer a
different price or rate, or [provide] a different level or quality of goods or services to the
consumer, if that difference is reasonably related to the value provided to the consumer by
the consumer’s data.” Businesses may offer “financial incentives” (circularly defined as “a
program, benefit, or other offering, including payments to consumers, related to the
collection, retention, or sale of personal information”) to compensate for the collection, sale
or deletion of data, but not if the financial incentives are “unjust, unreasonable, coercive, or
usurious in nature.” The regulations provide numerous formulas to value data for justifying
any price or service discrimination.
6) Private Right of Action for Data Breaches.
The law creates a private cause of action when “nonencrypted or nonredacted personal
information…is subject to an unauthorized access and exfiltration, theft, or disclosure as a
result of the business’ violation of the duty to implement and maintain reasonable security
procedures and practices appropriate to the nature of the information to protect the
personal information” (1798.150). In those cases, consumers may obtain the greater of
actual damages or statutory damages within a range of $100-$750 “per consumer per
incident.” To proceed with the private cause of action, consumers must first give the
defendant a 30 day cure period; and if the business is able to cure the problem (whatever
“cure” means in the context of a data theft), statutory damages become unavailable.
”User-Enabled Global Privacy Controls”
The regulations added a provision (not in the statute) requiring businesses to honor “user-
enabled global privacy controls,” defined as signals communicated through browser
software or plug-ins indicating that consumers want to opt-out of data sales. This
technology does not exist today; the DOJ speculated that it might emerge in the future.
This provision has numerous serious unresolved issues:
How to interpret the signals when multiple consumers share the same browser
software.
How businesses can determine that new technology constitutes user-enabled privacy
controls. The DOJ does not certify software as satisfying the legal standard, so
businesses are supposed to figure it out themselves. There may be thousands of
software programs and apps that might qualify, and monitoring all of them—on the
370.
off-chance that they suddenly became a “user-enabled global privacy control”—will
be costly and overwhelming for even technologically sophisticated businesses.
How the technology will be granular enough to effectuate the consumer’s opt-out
intent. If a consumer globally sends the opt-out signal to all websites, this will likely
lead (due to the overinclusive definition of data sales) to unexpected consequences,
such as losing access to key services the consumer actually wants.
Because the technology does not currently exist, most businesses are likely to ignore this
provision until the DOJ makes further public announcements.
Transparency Reports
In another provision newly added in the regulations, a business that “buys, receives for the
business’s commercial purposes, sells, or shares for commercial purposes” personal
information for 10+ million California consumers in a calendar year must publish a
transparency report about certain types of consumer requests and their processing times
and decisions. The DOJ claimed that these transparency reports will help it with
enforcement priorities and provide valuable data to researchers, though those benefits
remain highly speculative and come at a substantial cost to complying businesses.
Who Can Enforce the CCPA?
Other than consumers’ private right of action for data breaches, the law does not allow for
private causes of action (1798.150(c)), either directly or through indirect means like
California Business & Professions Code § 17200, which ordinarily creates a civil claim for
legal violations. Plaintiffs are testing this restriction in court.
Except for data breaches, the law can be enforced only by the California Attorney General’s
office (1798.155), and only after giving businesses a 30 day cure period (1798.155(b)). Civil
penalties can run up to $2,500 “per violation,” though if violations are intentional, the cap
increases to $7,500 per violation (1798.155(b)).
The Future
The CCPA continues to evolve dynamically. The California legislature will likely enact
additional amendments in 2020. The DOJ will begin enforcing the law, which will signal its
enforcement priorities. Some of those enforcements may spill over into court, though
contested enforcements will be rare because most businesses will correct violations in the
30-day cure period or strike a deal with the DOJ. There could also be prospective challenges
to the law, but that seems unlikely.
The November 2020 ballot will include a new ballot initiative, the California Privacy Rights
Act of 2020 (CPRA), from the same team that funded the CCPA ballot initiative. Yes, before
we know how the CCPA works, and while we are in the middle of a pandemic and a related
economic depression that is already devastating small- and medium-sized businesses and
the California economy, and while we are focusing on a presidential election with massive
stakes for our country, the ballot proponents think it’s a great time to abandon the CCPA
“experiment,” waste a ton of investments that have been already made by both
371.
governments and businesses to accommodate the CCPA, create a brand new government
agency from scratch, and make significant parts of consumer privacy law impossible to
superintend except through additional ballot initiatives. This decision to pursue a new
initiative before the CCPA even became effective is a profound rejection of legislative
governance. It also disrespects the hard work and significant expense that businesses
invested to jump through the CCPA’s onerous hoops.
Whether or not CPRA passes, the future of privacy regulation seems more dystopian than
promising. The CCPA is problematic on its own. When other legislatures clone-and-revise
it, the ensuing multi-state regulatory thicket will be overwhelming. Plus, there could be
further privacy-related California ballot initiatives post-CPRA–which could create a
perpetually moving target and a usurpation of legislative governance.
As a result, preemptive federal legislation is the only remaining path to achieve sensible
consumer privacy regulation. Unfortunately, Congress has a full docket of structural
problems to address, so it’s likely we’ll see more terrible privacy regulatory outcomes before
Congress prioritizes solving the privacy regulatory challenge for the country.
372.
There are thousands of online privacy cases, and this book includes only one. Obviously the
Pharmatrak case is not everything you need to know about online privacy. Indeed, the
specific legal holding involving the Electronic Communications Privacy Act isn’t especially
crucial.
Although the technology discussed in this case has evolved some, the tracking
methodologies described are still commonly used. See Winston Smith v. Facebook, Inc.,
5:16-cv-01282-EJD (N.D. Cal. May 9, 2017),
http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=2481&context=historical
(granting Facebook’s motion to dismiss in a lawsuit very similar to the Pharmatrak case).
If you’re not an expert on cookies, before you read this case, take a look at what cookies are
on your computer. If you don’t know how to do that, this URL can help:
http://www.wikihow.com/View-Cookies. If you’ve never reviewed your cookies before, you
are almost certainly in for a surprise!
In re Pharmatrak, Inc., 329 F.3d 9 (1st Cir. 2003).
This case raises important questions about the scope of privacy protection afforded internet
users under the Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. §§ 2511,
2520.
In sum, pharmaceutical companies invited users to visit their websites to learn about their
drugs and to obtain rebates. An enterprising company, Pharmatrak, sold a service, called
“NETcompare,” to these pharmaceutical companies. That service accessed information
about the internet users and collected certain information meant to permit the
pharmaceutical companies to do intra-industry comparisons of website traffic and usage.
Most of the pharmaceutical companies were emphatic that they did not want personal or
identifying data about their web site users to be collected. In connection with their
contracting to use NETcompare, they sought and received assurances from Pharmatrak
that such data collection would not occur. As it turned out, some such personal and
identifying data was found, using easily customized search programs, on Pharmatrak’s
computers. Plaintiffs, on behalf of the purported class of internet users whose data
Pharmatrak collected, sued both Pharmatrak and the pharmaceutical companies asserting,
inter alia, that they intercepted electronic communications without consent, in violation of
the ECPA.
The district court entered summary judgment for defendants on the basis that
Pharmatrak’s activities fell within an exception to the statute where one party consents to
an interception. The court found the client pharmaceutical companies had consented by
contracting with Pharmatrak and so this protected Pharmatrak. The plaintiffs dismissed
all ECPA claims as to the pharmaceutical companies. This appeal concerns only the claim
that Pharmatrak violated Title I of the ECPA.
We hold that the district court incorrectly interpreted the “consent” exception to the ECPA;
we also hold that Pharmatrak “intercepted” the communication under the statute. We
reverse and remand for further proceedings. This does not mean that plaintiffs’ case will
prevail: there remain issues which should be addressed on remand, particularly as to
whether defendant’s conduct was intentional within the meaning of the ECPA.
373.
I.
Pharmatrak provided its NETcompare service to pharmaceutical companies including
American Home Products, Pharmacia, SmithKline Beecham, Pfizer, and Novartis from
approximately June 1998 to November 2000. The pharmaceutical clients terminated their
contracts with Pharmatrak shortly after this lawsuit was filed in August 2000. As a result,
Pharmatrak was forced to cease its operations by December 1, 2000.
NETcompare was marketed as a tool that would allow a company to compare traffic on and
usage of different parts of its website with the same information from its competitors’
websites. The key advantage of NETcompare over off-the-shelf software was its capacity to
allow each client to compare its performance with that of other clients from the same
industry.
NETcompare was designed to record the webpages a user viewed at clients’ websites; how
long the user spent on each webpage; the visitor’s path through the site (including her
points of entry and exit); the visitor’s IP address; and, for later versions, the webpage the
user viewed immediately before arriving at the client’s site (i.e., the “referrer URL”). This
information-gathering was not visible to users of the pharmaceutical clients’ websites.
According to Wes Sonnenreich, former Chief Technology Officer of Pharmatrak, and
Timothy W. Macinta, former Managing Director for Technology of Pharmatrak,
NETcompare was not designed to collect any personal information whatsoever.
NETcompare operated as follows. A pharmaceutical client installed NETcompare by adding
five to ten lines of HTML code to each webpage it wished to track and configuring the pages
to interface with Pharmatrak’s technology. When a user visited the website of a
Pharmatrak client, Pharmatrak’s HTML code instructed the user’s computer to contact
Pharmatrak’s web server and retrieve from it a tiny, invisible graphic image known as a
“clear GIF” (or a “web bug”). The purpose of the clear GIF was to cause the user’s computer
to communicate directly with Pharmatrak’s web server. When the user’s computer
requested the clear GIF, Pharmatrak’s web servers responded by either placing or accessing
a “persistent cookie” on the user’s computer. On a user’s first visit to a webpage monitored
by NETcompare, Pharmatrak’s servers would plant a cookie on the user’s computer. If the
user had already visited a NETcompare webpage, then Pharmatrak’s servers would access
the information on the existing cookie.
A cookie is a piece of information sent by a web server to a web browser that the browser
software is expected to save and to send back whenever the browser makes additional
requests of the server (such as when the user visits additional webpages at the same or
related sites). A persistent cookie is one that does not expire at the end of an online session.
Cookies are widely used on the internet by reputable websites to promote convenience and
customization. Cookies often store user preferences, login and registration information, or
information related to an online “shopping cart.” Cookies may also contain unique
identifiers that allow a website to differentiate among users.
Each Pharmatrak cookie contained a unique alphanumeric identifier that allowed
Pharmatrak to track a user as she navigated through a client’s site and to identify a repeat
user each time she visited clients’ sites. If a person visited www.pfizer.com in June 2000
374.
and www.pharmacia.com in July 2000, for example, then the persistent cookie on her
computer would indicate to Pharmatrak that the same computer had been used to visit both
sites.5 As NETcompare tracked a user through a website, it used JavaScript and a
JavaApplet to record information such as the URLs the user visited. This data was recorded
on the access logs of Pharmatrak’s web servers.
[Editor’s note: consider if the following diagram helps you visualize the interactions:]
Pharmatrak sent monthly reports to its clients juxtaposing the data collected by
NETcompare about all pharmaceutical clients. These reports covered topics such as the
most heavily used parts of a particular site; which site was receiving the most hits in
particular areas such as investor or media relations; and the most important links to a site.
The monthly reports did not contain any personally identifiable information about users.
The only information provided by Pharmatrak to clients about their users and traffic was
contained in the reports (and executive summaries thereof). Slides from a Pharmatrak
marketing presentation did say the company would break data out into categories and
provide “user profiles.” In practice, the aggregate demographic information in the reports
was limited to the percentages of users from different countries; the percentages of users
with different domain extensions (i.e., the percentages of users originating from for-profit,
government, academic, or other not-for-profit organizations); and the percentages of first-
time versus repeat users. An example of a NETcompare “user profile” is: “The average
Novartis visitor is a first-time visitor from the U.S., visiting from a .com domain.”
5 Pharmatrak’s cookies expired after ninety days.
Customers PharmatrakHTML code
Data
Data
Clear GIF Cookie
Javascript
HTML/ Content
Web users
First Access
Customers PharmatrakHTML codeCustomers PharmatrakHTML code
Data
Data
Data
Data
Clear GIF Cookie
Javascript
HTML/ Content
Clear GIF Cookie
Javascript
HTML/ Content
Web users
First Access
Web users
First Access
375.
While it was marketing NETcompare to prospective pharmaceutical clients, Pharmatrak
repeatedly told them that NETcompare did not collect personally identifiable information.
It said its technology could not collect personal information, and specifically provided that
the information it gathered could not be used to identify particular users by name. In their
affidavits and depositions, executives of Pharmatrak clients consistently said that they
believed NETcompare did not collect personal information, and that they did not learn
otherwise until the onset of litigation. Some, if not all, pharmaceutical clients explicitly
conditioned their purchase of NETcompare on Pharmatrak’s guarantees that it would not
collect users’ personal information. For example, Pharmacia’s April 2000 contract with
Pharmatrak provided that NETcompare would not collect personally identifiable
information from users. Michael Sonnenreich, Chief Executive Officer of Pharmatrak,
stated unequivocally at his deposition that none of his company’s clients consented to the
collection of personally identifiable information.
Pharmatrak nevertheless collected some personal information on a small number of users.
Pharmatrak distributed approximately 18.7 million persistent cookies through
NETcompare. The number of unique cookies provides a rough estimate of the number of
users Pharmatrak monitored.9 Plaintiffs’ expert was able to develop individual profiles for
just 232 users.
The following personal information was found on Pharmatrak servers: names, addresses,
telephone numbers, email addresses, dates of birth, genders, insurance statuses, education
levels, occupations, medical conditions, medications, and reasons for visiting the particular
website. Pharmatrak also occasionally recorded the subject, sender, and date of the web-
based email message a user was reading immediately prior to visiting the website of a
Pharmatrak client. Most of the individual profiles assembled by plaintiffs’ expert contain
some but not all of this information.
The personal information in 197 of the 232 user profiles was recorded due to an interaction
between NETcompare and computer code written by one pharmaceutical client, Pharmacia,
for one of its webpages. Starting on or before August 18, 2000 and ending sometime
between December 2, 2000 and February 6, 2001, the client Pharmacia used the “get”
method to transmit information from a rebate form on its Detrol website; the webpage was
subsequently modified to use the “post” method of transmission. This was the source of the
personal information collected by Pharmatrak from users of the Detrol website.
Web servers use two methods to transmit information entered into online forms: the get
method and the post method. The get method is generally used for short forms such as the
“Search” box at Yahoo! and other online search engines. The post method is normally used
for longer forms and forms soliciting private information. When a server uses the get
method, the information entered into the online form becomes appended to the next URL.
For example, if a user enters “respiratory problems” into the query box at a search engine,
and the search engine transmits this information using the get method, then the words
“respiratory” and “problems” will be appended to the query string at the end of the URL of
the webpage showing the search results. By contrast, if a website transmits information via
9 Different users might have the same cookie (if, say, family members shared a computer and browser) or one
user might have multiple cookies (if, for example, he used separate work and home computers to visit sites
employing NETcompare, or if he revisited a NETcompare site after his first cookie expired).
376.
the post method, then that information does not appear in the URL. Since NETcompare
was designed to record the full URLs of the webpages a user viewed immediately before and
during a visit to a client’s site, Pharmatrak recorded personal information transmitted
using the get method.
There is no evidence Pharmatrak instructed its clients not to use the get method. The
detailed installation instructions Pharmatrak provided to pharmaceutical clients ignore
entirely the issue of the different transmission methods.
In addition to the problem at the Detrol website, there was also another instance in which a
pharmaceutical client used the get method to transmit personal information entered into an
online form. The other personal information on Pharmatrak’s servers was recorded as a
result of software errors. These errors were a bug in a popular email program (reported in
May 2001 and subsequently fixed) and an aberrant web browser.
II.
On June 28, 2001, plaintiffs filed an amended consolidated class action complaint13 against
Pharmatrak; its parent company, Glocal Communications, Ltd.; and five pharmaceutical
companies: American Home Products Corp., Glaxo Wellcome, Inc., Pfizer, Inc., Pharmacia
Corp., and SmithKline Beecham Corp. Plaintiffs alleged nine counts including violation of
Title I of the ECPA, 18 U.S.C. § 2510 et seq.; violation of Title II of the ECPA, 18 U.S.C.
2701 et seq.; violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030; violation of
Mass. Gen. Laws ch. 272, § 99; violation of Mass. Gen. Laws ch. 93A; invasion of privacy;
trespass to chattels and conversion; and unjust enrichment….
The plaintiffs employed computer scientist C. Matthew Curtin and his company, Interhack,
to analyze Pharmatrak’s servers between December 17, 2001 and January 18, 2002. In
about an hour, Curtin wrote three custom computer programs, including “getneedle.pl,” to
extract and organize personal information on Pharmatrak’s web server access logs, which
he “colloquially termed ‘haystacks.’” Curtin then cross-referenced the information he
extracted with other sources such as internet telephone books….
III….
B. Elements of the ECPA Cause of Action
ECPA amended the Federal Wiretap Act by extending to data and electronic transmissions
the same protection already afforded to oral and wire communications. The paramount
objective of the Wiretap Act is to protect effectively the privacy of communications.
The post-ECPA Wiretap Act provides a private right of action against one who
“intentionally intercepts, endeavors to intercept, or procures any other person to intercept
13 Originally, eight lawsuits were filed in the District of Massachusetts and the Southern District of New York.
The two lawsuits in the District of Massachusetts were filed on August 18, 2000. On April 18, 2001, the Judicial
Panel on Multi-District Litigation issued an order transferring the six New York cases to the District of
Massachusetts. The purported class, which has never been certified, consists of all persons who visited one of
the defendants’ websites “and who, as a result thereof, have had Pharmatrak ‘cookies’ placed upon their
computers and have had information about them gathered by Pharmatrak.”
377.
or endeavor to intercept, any wire, oral, or electronic communication.” The Wiretap Act
defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic,
or oral communication through the use of any electronic, mechanical, or other device.”
Thus, plaintiffs must show five elements to make their claim under Title I of the ECPA:
that a defendant (1) intentionally (2) intercepted, endeavored to intercept or procured
another person to intercept or endeavor to intercept (3) the contents of (4) an electronic
communication (5) using a device. This showing is subject to certain statutory exceptions,
such as consent.
In its trial and appellate court briefs, Pharmatrak sought summary judgment on only one
element of § 2511(1)(a), interception, as well as on the statutory consent exception. We
address these issues below. Pharmatrak has not contested whether it used a device or
obtained the contents of an electronic communication. This is appropriate. The ECPA
adopts a “broad, functional” definition of an electronic communication. This definition
includes “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any
nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric, or
photooptical system that affects interstate or foreign commerce,” with certain exceptions
unrelated to this case. Transmissions of completed online forms, such as the one at
Pharmacia’s Detrol website, to the pharmaceutical defendants constitute electronic
communications.
The ECPA also says that “‘contents,’ when used with respect to any wire, oral, or electronic
communication, includes any information concerning the substance, purport, or meaning of
that communication.” This definition encompasses personally identifiable information such
as a party’s name, date of birth, and medical condition. Finally, it is clear that Pharmatrak
relied on devices such as its web servers to capture information from users.
C. Consent Exception
There is a pertinent statutory exception to § 2511(1)(a) “where one of the parties to the
communication has given prior consent to such interception unless such communication is
intercepted for the purpose of committing any criminal or tortious act....” Plaintiffs, of
course, bear the burden of establishing a violation of the ECPA. Our case law is unclear as
to who has the burden of showing the statutory exception for consent….We think, at least
for the consent exception under the ECPA in civil cases, that it makes more sense to place
the burden of showing consent on the party seeking the benefit of the exception, and so
hold. That party is more likely to have evidence pertinent to the issue of consent. Plaintiffs
do not allege that Pharmatrak acted with a criminal or tortious purpose. Therefore, the
question under the exception is limited to whether the pharmaceutical defendants gave
consent to the interception. Because the district court disposed of the case on the grounds
that Pharmatrak’s conduct fell within the consent exception, we start there.
The district court adopted Pharmatrak’s argument that the only relevant inquiry is
whether the pharmaceutical companies consented to use Pharmatrak’s NETcompare
service, regardless of how the service eventually operated. In doing so, the district court did
not apply this circuit’s general standards for consent under the Wiretap Act and the ECPA
set forth in Griggs-Ryan, 904 F.2d 112. It also misread two district court opinions on which
it purported to rely.
378.
This court addressed the issue of consent under the Wiretap Act in Griggs-Ryan. A party
may consent to the interception of only part of a communication or to the interception of
only a subset of its communications. “Thus, ‘a reviewing court must inquire into the
dimensions of the consent and then ascertain whether the interception exceeded those
boundaries.’” Consent may be explicit or implied, but it must be actual consent rather than
constructive consent. Pharmatrak argues that it had implied consent from the
pharmaceutical companies.
Consent “should not casually be inferred.” “Without actual notice, consent can only be
implied when the surrounding circumstances convincingly show that the party knew about
and consented to the interception.”
The district court made an error of law, urged on it by Pharmatrak, as to what constitutes
consent. It did not apply the standards of this circuit. Moreover, DoubleClick and Avenue A
do not set up a rule, contrary to the district court’s reading of them, that a consent to
interception can be inferred from the mere purchase of a service, regardless of
circumstances. If these cases did so hold, they would be contrary to the rule of this circuit
established in Griggs-Ryan. DoubleClick and Avenue A, rather, were concerned with
situations in which the defendant companies’ clients purchased their services for the
precise purpose of creating individual user profiles in order to target those users for
particular advertisements. This very purpose was announced by DoubleClick and Avenue A
publicly, as well as being self-evident. These decisions found it would be unreasonable to
infer that the clients had not consented merely because they might not understand
precisely how the user demographics were collected. The facts in our case are the mirror
image of those in DoubleClick and Avenue A: the pharmaceutical clients insisted there be
no collection of personal data and the circumstances permit no reasonable inference that
they did consent.
On the undisputed facts, the client pharmaceutical companies did not give the requisite
consent. The pharmaceutical clients sought and received assurances from Pharmatrak that
its NETcompare service did not and could not collect personally identifiable information.
Far from consenting to the collection of personally identifiable information, the
pharmaceutical clients explicitly conditioned their purchase of NETcompare on the fact
that it would not collect such information.
The interpretation urged by Pharmatrak would, we think, lead to results inconsistent with
the statutory intent. It would undercut efforts by one party to a contract to require that the
privacy interests of those who electronically communicate with it be protected by the other
party to the contract. It also would lead to irrational results. Suppose Pharmatrak, for
example, had intentionally designed its software, contrary to its representations and its
clients’ expectations, to redirect all possible personal information to Pharmatrak servers,
which collected and mined the data. Under the district court’s approach, Pharmatrak would
nevertheless be insulated against liability under the ECPA on the theory that the
pharmaceutical companies had “consented” by simply buying Pharmatrak’s product. Or
suppose an internet service provider received a parent’s consent solely to monitor a child’s
internet usage for attempts to access sexually explicit sites—but the ISP installed code that
monitored, recorded and cataloged all internet usage by parent and child alike. Under the
theory we have rejected, the ISP would not be liable under the ECPA.
379.
Nor did the users consent. On the undisputed facts, it is clear that the internet user did not
consent to Pharmatrak’s accessing his or her communication with the pharmaceutical
companies. The pharmaceutical companies’ websites gave no indication that use meant
consent to collection of personal information by a third party. Rather, Pharmatrak’s
involvement was meant to be invisible to the user, and it was. Deficient notice will almost
always defeat a claim of implied consent. Pharmatrak makes a frivolous argument that the
internet users visiting client Pharmacia’s webpage for rebates on Detrol thereby consented
to Pharmatrak’s intercepting their personal information. On that theory, every online
communication would provide consent to interception by a third party.
D. Interception Requirement
The parties briefed to the district court the question of whether Pharmatrak had
“intercepted” electronic communications. If this question could be resolved in Pharmatrak’s
favor, that would provide a ground for affirmance of the summary judgment. It cannot be
answered in favor of Pharmatrak.
The ECPA prohibits only “interceptions” of electronic communications. “Intercept” is
defined as “the aural or other acquisition of the contents of any wire, electronic, or oral
communication through the use of any electronic, mechanical, or other device.”
Before enactment of the ECPA, some courts had narrowed the Wiretap Act’s definition of
interception to include only acquisitions of a communication contemporaneous with
transmission. There was a resulting debate about whether the ECPA should be similarly
restricted….Other circuits have invoked the contemporaneous, or “real-time,” requirement
to exclude acquisitions apparently made a substantial amount of time after material was
put into electronic storage. These circuits have distinguished between materials acquired in
transit, which are interceptions, and those acquired from storage, which purportedly are
not.
We share the concern of the Ninth and Eleventh Circuits about the judicial interpretation
of a statute written prior to the widespread usage of the internet and the World Wide Web
in a case involving purported interceptions of online communications. In particular, the
storage-transit dichotomy adopted by earlier courts may be less than apt to address current
problems. As one court recently observed, “[T]echnology has, to some extent, overtaken
language. Traveling the internet, electronic communications are often—perhaps
constantly—both ‘in transit’ and ‘in storage’ simultaneously, a linguistic but not a
technological paradox.”
The facts here do not require us to enter the debate over the existence of a real-time
requirement. The acquisition by Pharmatrak was contemporaneous with the transmission
by the internet users to the pharmaceutical companies. Both Curtin, the plaintiffs’ expert,
and Wes Sonnenreich, Pharmatrak’s former CTO, observed that users communicated
simultaneously with the pharmaceutical client’s web server and with Pharmatrak’s web
server. After the user’s personal information was transmitted using the get method, both
the pharmaceutical client’s server and Pharmatrak’s server contributed content for the
succeeding webpage; as both Curtin and Wes Sonnenreich acknowledged, Pharmatrak’s
content (the clear GIF that enabled the interception) sometimes arrived before the content
delivered by the pharmaceutical clients.
380.
Even those courts that narrowly read “interception” would find that Pharmatrak’s
acquisition was an interception. For example, Steiger observes:
[U]nder the narrow reading of the Wiretap Act we adopt ..., very few seizures
of electronic communications from computers will constitute ‘interceptions.’ ...
‘Therefore, unless some type of automatic routing software is used (for
example, a duplicate of all of an employee’s messages are automatically sent
to the employee’s boss), interception of E-mail within the prohibition of [the
Wiretap Act] is virtually impossible.’
NETcompare was effectively an automatic routing program. It was code that automatically
duplicated part of the communication between a user and a pharmaceutical client and sent
this information to a third party (Pharmatrak).
Pharmatrak argues that there was no interception because “there were always two
separate communications: one between the Web user and the Pharmaceutical Client, and
the other between the Web user and Pharmatrak.” This argument fails for two reasons.
First, as a matter of law, even the circuits adopting a narrow reading of the Wiretap Act
merely require that the acquisition occur at the same time as the transmission; they do not
require that the acquisition somehow constitute the same communication as the
transmission. Second, Pharmatrak acquired the same URL query string (sometimes
containing personal information) exchanged as part of the communication between the
pharmaceutical client and the user. Separate, but simultaneous and identical,
communications satisfy even the strictest real-time requirement.
E. Intent Requirement
At oral argument this court questioned the parties about whether the “intent” requirement
under § 2511(a)(1) had been met.
We remand this issue because it was not squarely addressed by both parties before the
district court. When Pharmatrak moved for summary judgment, it did not do so on the
grounds that the statutory requirement of intent was unmet. At most, it raised the issue in
passing at the hearing on the cross-motions for summary judgment.
Plaintiffs, in their motion for summary judgment, did raise the issue and argued that any
interception was intentional; but the district court neither granted the motion nor
addressed the issue. In its opposition to plaintiffs’ motion, Pharmatrak relied on its own
motion for summary judgment, and so did not address intent. The issue has not been
briefed to us.
While it is true that we can affirm the grant of summary judgment on any ground
presented by the record, we will usually do so only when the issue has been fairly presented
to the trial court. Here it was not, and we are reluctant to determine ourselves whether
there was adequate opportunity for discovery on this issue and whether there are material
facts in dispute, and to resolve an issue without briefing.
381.
Still, we wish to avoid uncertainty about the legal standard for intent under the ECPA on
remand, and so we address that point. Congress amended 18 U.S.C. § 2511 in 1986 to
change the state of mind requirement from “willful” to “intentional”. Since “intentional”
itself may have different glosses put on it, we refer to the legislative history, which states:
As used in the Electronic Communications Privacy Act, the term “intentional”
is narrower than the dictionary definition of “intentional.” “Intentional”
means more than that one voluntarily engaged in conduct or caused a result.
Such conduct or the causing of the result must have been the person’s
conscious objective. An “intentional” state of mind means that one’s state of
mind is intentional as to one’s conduct or the result of one’s conduct if such
conduct or result is one’s conscious objective. The intentional state of mind is
applicable only to conduct and results. Since one has no control over the
existence of circumstances, one cannot “intend” them.
S.Rep. No. 99-541, at 23 (1986). Congress made clear that the purpose of the amendment
was to underscore that inadvertent interceptions are not a basis for criminal or civil
liability under the ECPA. An act is not intentional if it is the product of inadvertence or
mistake. There is also authority suggesting that liability for intentionally engaging in
prohibited conduct does not turn on an assessment of the merit of a party’s motive. That is
not to say motive is entirely irrelevant in assessing intent. An interception may be more
likely to be intentional when it serves a party’s self-interest to engage in such conduct.
F. Conclusion
We reverse and remand for further proceedings consistent with this opinion.
NOTES AND QUESTIONS
What Went Wrong? Despite Pharmatrak’s technical efforts, it made the mistakes it tried
hard to avoid. If you had been Pharmatrak’s lawyer, what would you have done differently
to change the outcome?
Analytics Services. Today, the term “analytics” refers to the service of generating and
reporting user activity statistics. Pharmatrak was an analytics service. Because they
typically lack direct relationships with the users whose activities they measure, analytics
services continue to face legal exposure. See, e.g., Yershov v. Gannett Satellite Information
Network, Inc., 820 F.3d 482 (1st Cir. 2016) (suggesting that third party analytics for online
video content may violate the Video Privacy Protection Act).
Reidentification. “Reidentification” refers to the process of uniquely identifying individuals
based on combining seemingly anonymous bits of data. Reidentification is a well-known and
well-studied process in computer science, and the Pharmatrak plaintiffs’ expert engaged in
a fairly standard reidentification process.
Reidentification becomes easier as datasets grow in size. As the amount of data publicly
available on the Internet grows, keeping datasets anonymized becomes more challenging.
This is a primary reason why legal rules premised on distinguishing between “personally
identifiable” and “non-personally identifiable” information are doomed to collapse.
382.
What Would User Consent Look Like? How does the consent required to waive the ECPA’s
application differ from consent required to form a binding contract as discussed in Chapter
3? For example, if Pharmacia’s privacy policy indicated that it was using Pharmatrak’s
services, but the privacy policy wasn’t presented as a mandatory non-leaky clickthrough
agreement, would users have “consented” to Pharmatrak’s operations for ECPA purposes?
Consumer Harm? What harm, if any, was suffered by the 232 consumers whose data
Pharmatrak intercepted? See Eric Goldman, The Irony of Privacy Class Action Litigation,
10 J. TELECOMM. & HIGH TECH. L. 309 (2012), http://ssrn.com/abstract=2045909.
Consider this discussion involving a data security breach at Zappos.com:
Zappos’s servers were breached in January 2012. Plaintiffs allege that the
personal information of 24 million Zappos’s customers was stolen. Of those 24
million customers, only twelve are before the Court seeking damages against
Zappos. Of those twelve, only three determined that the increased threat of
identity theft and fraud was sufficiently severe to purchase credit monitoring
services. Of those three, not one alleges to have detected any irregularity
whatsoever in regards to unauthorized purchases or other manifestations
that their personal information has been misused. Yet Plaintiffs still claim
that the threat they face is immediate, though there is no indication when or
if that threat will materialize.
Given the stipulated stays and other delays in this case, the Court must
decide whether the alleged threat of future harm is properly considered
certainly impending three-and-a-half years after the breach occurred. Even if
Plaintiffs’ risk of identity theft and fraud was substantial and immediate in
2012, the passage of time without a single report from Plaintiffs that they in
fact suffered the harm they fear must mean something….
The Court therefore finds that the increased threat of identity theft and fraud
stemming from the Zappos’s security breach does not constitute an injury-in-
fact sufficient to confer standing. The years that have passed without
Plaintiffs making a single allegation of theft or fraud demonstrate that the
risk is not immediate.
In re Zappos.Com, Inc., Customer Data Security Breach Litigation, 108 F.Supp.3d 949 (D.
Nev. 2015). The Ninth Circuit reversed this ruling because standing is measured when the
complaint is filed. In re Zappos.com, Inc. Customer Data Security Breach Litigation, 888
F.3d 1020 (9th Cir. 2018). Nevertheless, if none of the 24 million class members actually
suffered any loss from the breach, why were the plaintiffs still pursuing this lawsuit years
later?
More on Article III Standing. In general, allegation of a statutory violation often
automatically creates Article III standing. Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016);
Campbell v. Facebook, 951 F.3d 1106 (9th Cir. 2020).
383.
In re Facebook, Inc., Internet Tracking Litigation, 956 F.3d 589 (9th Cir. 2020), extended
the Campbell ruling by holding that a plaintiff may satisfy Article III standing by showing
the consumer’s potential loss of control over his or her personal data or the defendant’s
commercialization of personal data.
Content v. Metadata. In In re Zynga Privacy Litigation, 750 F.3d 1098 (9th Cir. 2014), the
Ninth Circuit distinguished Pharmatrak:
the complaints here do not plausibly allege that Facebook and Zynga
divulged a user’s communications to a website; rather, they allege that
Facebook and Zynga divulged identification and address information
contained in a referer header automatically generated by the web browser.
Unlike the information disclosed in Pharmatrak, the information allegedly
disclosed by Facebook and Zynga is record information about a user’s
communication, not the communication itself. ECPA does not apply to such
disclosures.
The Ninth Circuit distinguished Zynga in In re Facebook, Inc., Internet Tracking
Litigation, 956 F.3d 589 (9th Cir. 2020):
Unlike the URLs in Zynga, which revealed only that a Facebook user had
clicked on a link to a gaming website, Plaintiffs allege that the URLs in the
instant case could emanate from search terms inputted into a third-party
search engine. These terms and the resulting URLs could divulge a user’s
personal interests, queries, and habits on third-party websites operating
outside of Facebook’s platform.
Denouement. On remand, the district court again dismissed the ECPA lawsuit because
Pharmatrak lacked the requisite intent. While Pharmatrak nominally won in court, it
faltered in the marketplace. As the court recounts, shortly after the plaintiffs sued
Pharmatrak, all of its customers dropped it and Pharmatrak went out of business. Even if
Pharmatrak could legally survive an ECPA challenge, its technological design remained a
“bet-your-business” issue for the company. What should Pharmatrak and its attorneys have
done differently? What should Pharmacia and its attorneys have done differently?
384.
X. Spam
Eric Goldman, Where’s the Beef? Dissecting Spam’s Purported Harms, 22 J.
MARSHALL J. COMPUTER & INFO. L. 13 (2003)
I. INTRODUCTION
[In 2003, Congress enacted] enacted a law regulating unsolicited commercial emails, the
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the
“CAN-SPAM Act” or “CAN-SPAM”). CAN-SPAM follows significant state-based efforts to
regulate spam; from 1997 to 2003, nearly three quarters of the states adopted some spam
regulation, most of which are now preempted by CAN-SPAM.
CAN-SPAM, like the state laws preceding it, takes a multi-faceted approach to regulating
spam. Among other provisions, CAN-SPAM contains provisions that regulate the email
content, restrict specific notorious spammer practices, give spam recipients the ability to
opt-out, and attack the spammer’s funding by creating advertiser liability.
The diversity of regulatory approaches inherent in CAN-SPAM (and, before that, the
superseded state statutes) prompts a fundamental question: exactly what harms are caused
by spam that these regulations attempt to redress? There is no consensus answer to this
question. Just about everyone seems to agree that spam is a problem that needs to be
addressed, but no one seems to agree on why. Without clearly understanding the targeted
harms, policy-makers cannot craft regulations designed to fix them.
This Essay examines the purported harms caused by spam in an effort to isolate bona fide
areas needing legislative intervention. However, few such needs exist. Instead, most
purported harms are illusory, already adequately addressed by existing laws or best left to
market solutions. This analysis thus undercuts many of the purported justifications for
regulating spam.
II. DEFINING THE HARMS OF SPAM
A. Defining Spam
Any attempt to intelligently discuss spam is immediately hampered by the word’s
imprecision. Simply put, the term “spam” lacks a single well-accepted definition. Usually
“spam” refers to some form of unwanted email, although some users generalize the term to
describe all forms of unwanted advertising, both in email and other media. CAN-SPAM
defines “commercial electronic mail message” as “any electronic mail message the primary
purpose of which is the commercial advertisement or promotion of a commercial product or
service.” Building on this definition, this Essay refers to “spam” as unsolicited “commercial
electronic mail messages.” However, this definition is both under- and over-inclusive
because the definition includes emails recipients want and does not include all emails not
wanted by recipients, and thus it may not track recipient expectations.
385.
B. Spam is Annoying
1. Distinguishing Wanted and Unwanted Content
Many email recipients castigate spam as annoying, but the reasons why are less clear.
Some annoyance is attributable to the objectionable content in spam, a point addressed
infra in subsection II(D). Otherwise, the annoyance is based (among other factors) on the
unsolicited, high-volume, time-consuming or unpreventable nature of spam.
I believe these concerns all derive from the same source: spam is unwanted. A simple
example may illustrate this. Assume Jane is ready to purchase a Canon PowerShot S400
digital camera. An unsolicited email arrives in Jane’s in-box from a trustworthy retailer
that she has never transacted with. The retailer offers to sell her the camera for $100 less
than any other retailer. Is this spam?
Some recipients would say “yes” because the email is unsolicited or otherwise invades their
privacy. However, most email recipients would consider this email valuable instead of
annoying, in which case they would want this email because it will save them time and
money.
Perhaps this example gives us an important insight on the nature of spam. Email recipients
want email that saves money, saves time, educates on matters of interest, or is otherwise
relevant and helpful. Thus, many email recipients gladly would receive unsolicited emails
that meet those specifications. In contrast, email recipients are annoyed to receive a high
volume of irrelevant and unhelpful emails.
Unfortunately, frequently spam is irrelevant and unhelpful to recipients because it is
relatively untargeted. Like any other marketers, spam advertisers will pay for targeted
email lists that are more likely to yield higher results. However, the negligible marginal
cost of sending spam lowers the optimal level of targeting for spammers. Thus, spammers
can profitably use low-yield and untargeted practices such as email harvesting and
dictionary attacks.
Even though spammers can profitably send very-low relevance emails to lots of recipients,
not all spam is bad. Inevitably, some recipients will find a particular spam email helpful
and relevant. More specifically, recipients’ perceptions about each spam’s relevance usually
sort into a bell curve: some will find the email completely irrelevant, some will find the
email very relevant, and others will find the email somewhat relevant.
Some empirical data supports this analysis. Several recent surveys show that seven to eight
percent of those surveyed have purchased a product or service in response to spam and
approximately thirty percent of those surveyed have responded to spam to get more
information about the advertised product or service. While not high percentages, the
statistics seemingly contradict spam’s abysmal reputation. For recipients who responded to
spam (plus those who were educated but did not respond), the spam was relevant. For those
who purchased in response to a particular spam, that email helped the consumer find a
desired product or service at an acceptable price.
386.
We should not trivialize these consequences. Spam plays an important role in the
marketplace of ideas, perhaps filling gaps left by other media, and can contribute to
efficiently functioning economic markets. In some cases, spam creates transaction
opportunities that otherwise would not occur due to prohibitive search costs or lack of
consumer awareness about products available to solve their needs.
Of course, these conclusions do not change the fact that most spam is unwanted by most
recipients. However, it is unclear why individuals seem less tolerant of irrelevant spam
than irrelevant ads in other media. Consumers routinely tolerate irrelevant ads in other
media with less annoyance than they feel towards spam.
Let us consider ad relevancy in a few media, starting with billboards. Billboard ads target
viewers only by geography (if that), so they are fairly low-relevancy advertising tools,
meaning that most billboard ads will be irrelevant to most viewers.
The broadcast and newspaper media use differentiated content to segment consumers.
Thus, a TV show will appeal to a certain demographic, and newspapers divide their content
into topical sections (e.g. sports, business, metro) that are read by only some readers. This
segmentation means that ads can be targeted to consumers attracted by the surrounding
content. Nevertheless, even the most targeted content will appeal to multiple
demographics, so the associated ads will be less relevant to non-majority audience
segments.
In these other media like billboards, broadcasting and newspapers, consumers do not
vociferously demand regulation to minimize the irrelevancy of ads delivered through them.
Why do consumers feel differently about spam?
2. Sorting Spam Wastes Time
Perhaps recipients penalize spam because it takes time to sort irrelevant spam from
wanted emails. Sorting also creates the risk of Type I and Type II errors (i.e., legitimate
email gets tossed or blocked as spam, and objectionable spam gets through the sorting).
But once again, spam is not different from other media. Every medium that contains ads
requires consumers to sort ads from content and wanted ads from unwanted ads. For
example, sorting postal mail requires the recipient to evaluate the envelope’s exterior and,
in some cases, open and review the contents. Broadcast ads are even more difficult to sort,
because ads are interspersed with content and the viewer cannot reorder or skip the ads.
So while spam does require sorting time, recipients can manually sort email relatively
efficiently by reviewing subject lines, and many recipients develop good skills doing so.
Spam can also be automatically blocked without any manual sorting using email filters. As
a result, the amount of time “wasted” on the email sorting process may very well be less
than the time wasted in other media.
All media containing ads demand sorting time and create some risk of erroneous sorting,
and no regulatory scheme—other than banning a medium altogether—can eliminate that.
Instead, time lost to sorting is unavoidable in a media-based society, and spam is just one of
387.
many manifestations of that phenomenon. Thus, the explanation for recipients’ antipathy
towards spam must lie elsewhere.
3. Spam Causes Recipients to Lose Control of Their In-Boxes
Evidence suggests that many recipients are bothered by their inability to stop spam and
feel that spam is a loss of privacy. This suggests that recipient frustration with spam may
be the result of a feeling that recipients have lost control over their in-boxes.
However, once again this problem arises with other media. Recipients cannot stop spam
except by eliminating their email account altogether, but consumers of other media are
similarly powerless to change what ads are delivered in that medium except by
discontinuing use of that medium. For example, a newspaper or magazine reader cannot
control what ads are published; the reader’s only choices are to ignore unwanted ads or stop
reading the publication altogether. This argument holds true for broadcast media,
billboards, and junk mail as well.
Perhaps email can be distinguished from other media because it delivers more important
personal content to recipients than other media. Recipients seem to develop a special and
personal relationship with their in-box, and this explanation might offer an insight about
why telemarketing is so reviled. But this explanation is not totally satisfactory because it
does not explain the seeming dichotomy between the outrage over spam and comparative
tolerance of junk mail.
A more satisfying explanation can be found by considering the relative adoption curves of
spam and other media. We have had many years to develop ways to cope with ads in other
media, but we are still developing ways to cope with email ads. It seems likely that users
will improve their ability to manage email with more experience, at which point user
frustration should decrease. Meanwhile, new generations who grow up using email should
be more tolerant of spam because they will develop coping strategies for spam (and media
inputs generally) from an early age.
Thus, current annoyance with spam could merely reflect that user experience with email is
evolving. Robust email management tools also should reduce annoyance, and the current
annoyance may also reflect that those tools are not yet adequately deployed.
4. Conclusion on Annoyance
Unwanted emails are annoying, but minor annoyances are a fact of life, and no law can
eliminate them—from email or otherwise. Email recipients’ annoyance at spam appears to
be an overreaction when compared to their reactions to other forms of annoying ads.
Meanwhile, regulation of spam creates significant risk that some relevant emails will be
blocked from recipients who want them. It is troubling to regulate content to protect the
majority from minor annoyances if the consequence is preventing minority interests from
exchanging relevant content.
388.
C. Spammers Impose Costs on Third Parties
As it moves from sender to recipient, spam generates bandwidth and server processing
costs for the spammer’s IAP, the recipient and the recipient’s IAP. Depending on a
spammer’s practices, they can also impose some costs on unsuspecting third parties, such
as server operators with open mail relays and or whose domains are forged. We consider
each cost in turn.
1. The Spammer’s IAP
The spammer and its IAP have contractual privity, and the IAP can technologically
constrain the spammer’s activities (i.e. capping the quantity of emails sent). As a result, a
spammer’s IAP has the capacity to charge spammers for any spam-related costs, and there
are no obvious market failures that require regulatory protection for the spammer’s IAP.
2. Recipients and Their IAPs
It is frequently claimed that recipients pay to receive spam, and sometimes spam is likened
to junk mail sent with postage due. With respect to individuals with a consumer IAP
account, this claim is no longer accurate. It was true prior to the mid-1990s, when many
IAPs charged customers a time-based fee for Internet connectivity. Because each email took
some time to download, recipients paid a small fee for each email they received. Today,
consumer IAPs almost universally charge flat-rate pricing for unlimited usage, so consumer
recipients do not pay for each email received.
However, recipient IAPs bear some bandwidth and server processing costs for each email
they process, plus preventative costs (like filtering) and remediation costs (like blocking or
database repair) associated with pernicious email. Unlike the spammer’s IAP, the
recipient’s IAP has no contractual privity or technological relationship with the spammer.
And where corporations provide Internet connectivity to their employees, they incur these
costs as a recipient directly. As a result, recipient IAPs and corporations may benefit from
legal systems that allow them to pass those costs back to spammers or avoid the costs
altogether.
Until recently, common law trespass to chattels was an important legal mechanism to
accomplish that objective. However, in Intel Corp. v. Hamidi, the California Supreme Court
recently scaled the doctrine back, rejecting trespass to chattels when a low-volume
spammer’s emails did not threaten to impair (or actually impair) the functioning of Intel’s
systems. It remains unclear how subsequent courts will interpret Intel, but in all likelihood
some future spammers will avoid liability for trespass to chattels.
Irrespective of trespass to chattels, corporations and recipient IAPs can use, and have
successfully used, the Computer Fraud and Abuse Act (“CFAA”) to combat spam. CAN-
SPAM supplements the CFAA (and whatever is left of common law trespass to chattels) by
providing recipient IAPs a direct cause of action when the IAP is “adversely affected” by a
spammer who fails to comply with selected other provisions of CAN-SPAM. Depending on
how broadly courts interpret the words “adversely affected,” this provision may moot
Hamidi’s common law analysis by providing a statutory cause of action. At minimum, CAN-
SPAM expedites recipient IAP causes of action by providing statutory damages and
389.
attorneys’ fees and by providing another basis (in addition to the CFAA) for federal court
jurisdiction. As a result, CAN-SPAM should help recipient IAPs control some of the email
processing costs that are externalized to them.
In addition to bandwidth, server, preventative and maintenance costs, some companies
have sought legal recognition for the time employees waste on spam. Indeed, analysts claim
that this lost time creates enormous costs. However, as discussed in Section II supra, time
spent sorting or reading spam is not necessarily wasted, nor is it unique compared to the
many other ways that employees waste time (e.g. personal email, junk mail and personal
telephone calls). Therefore, lost productivity due to spam is a poor policy basis for
regulating spam.
3. Open Mail Relays
Spammers can offload costs to third party computers who have open mail relays, which can
cause those server operators to incur some costs like any other recipient IAP. Of course,
operators wishing to avoid those costs can simply close their mail relays, and interestingly
these operators are often considered part of the problem, not victims. Thus, forcing them to
internalize the spam-created costs (rather than pushing those costs to a spammer) may
motivate them to close the relays.
4. Targets of Forged Headers
Spammers also can offload costs to third parties using forged headers. A forged header
occurs when a spammer manipulates an email to make it look like the spam originated
from X.com when it is really being sent from Y.com. The X.com domain name operator (or
its IAP) incurs costs when undeliverable messages and recipient complaints are directed to
the operator.
The operator of a forged domain name lacks any contractual or technological way to prevent
this activity, so regulatory protection is appropriate. Indeed, thirty states prohibited forged
headers, and these state laws may not be preempted by CAN-SPAM. Meanwhile, CAN-
SPAM criminalizes forged headers and potentially sets up a private cause of action for some
victims (“providers of Internet access services” who are “adversely affected”). The
robustness of this private cause of action remains to be seen, but this CAN-SPAM provision,
plus any coverage under non-preempted state laws and other existing doctrines like
trademark law and the CFAA, should provide substantial protection to the victims of forged
headers.
5. Conclusion on Costs
Far too much rhetoric is directed to the costs borne by individual spam recipients. These
individuals no longer bear a financial cost to receive spam, and any “costs” associated with
the consumption of their attention makes unsupportable assumptions about the email’s
relevancy to the recipient. Similarly, although sending IAPs may find it desirable to obtain
regulatory protection against spam, they can control their financial exposure to spammers’
behavior through pricing and technology.
390.
Focusing on the costs borne by individual recipients and sending IAPs detracts from the
parties who incur uncontrollable costs from spam, such as recipient IAPs, operators of open
mail relays and victims of forged headers. CAN-SPAM provides some useful legal tools to
protect these parties, although those tools may be incomplete. A crisper understanding of
the real costs borne by these parties would have likely produced a more thoughtful legal
solution.
D. Spam Contains or Promotes Objectionable Content
Many spam recipients complain about objectionable content of spam, especially
pornographic spam. Due to deep feelings towards pornographic spam, Congress specifically
targeted it in CAN-SPAM by requiring warning labels. But to understand the harms
pornographic spam causes, it is useful to consider adults and minors separately.
For adults, pornographic spam is no different from any other form of unwanted content
discussed in Section II(B) supra. Nevertheless, Congress has tried to help adults avoid
unwanted pornographic spam by requiring special labeling of pornographic spam in the
subject line. When implemented, this requirement can help recipients who automatically
filter email using the appropriate words because the spam will automatically be routed
outside the recipient’s ordinary view. Until spammers regularly comply with this law,
however, filtering will not be helpful.
The mandatory labeling law may be even less helpful to recipients who manually sort
email. These recipients may still see objectionable content if the subject line contains
objectionable terms or the recipient’s email software “previews” a message and the
previewed content is objectionable.
So how can regulatory intervention help recipients avoid objectionable emails? With widely
varying perceptions of what constitutes objectionable content, regulating objectionable ads
is no more feasible than regulating irrelevant ads. Thus, the only “solution” may be for
recipients to manage their exposures themselves, either through technological measures or
by looking elsewhere when something offends.
Putting the burden on recipients to avoid pornographic spam is less satisfactory when
recipients are minors. In that case, society may be harmed when minors view this
inappropriate material.
However, minors’ exposure to pornographic spam is a microcosm of a much greater
problem: minors with email accounts. This is a major social development because
historically minors had few communication media that readily bypassed parental oversight.
Today, minors can use email, instant messenger, and cell phones to communicate with third
parties without any parental oversight and knowledge. With this additional autonomy,
minors can get into inappropriate and potentially very dangerous situations, such as
interactions with sexual predators.
Because of these risks, some parents restrict minors’ access to the Internet altogether, and
other parents permit only supervised Internet use. The former prevents any risk of
exposure to pornographic spam, and the latter approach gives parents the ability to pre-
screen pornographic spam or counsel the minor when seeing such spam.
391.
Otherwise, parents who let minors have unsupervised email use make a huge decision, and
it is not made lightly. Because these parents accept the risk that their children will engage
in dangerous online behavior, the problem of pornographic spam seems almost trivial by
comparison. If the parents trust their children enough to give them that autonomy, perhaps
we should infer that the parents deem their children responsible enough to cope with
pornographic spam.
Regulation cannot easily solve these problems. Efforts to specifically ban pornographic
spam are likely unconstitutional and do not affect emails from foreign jurisdictions. Lesser
efforts, like mandatory labeling, have low efficacy. Ultimately, there can be no substitute
for parental involvement in their children’s use of email.
III. CONCLUSION
Society is still evolving ways to cope with media saturation. Spam contributes to this
problem, but so do other media. Yet, many recipients hate spam more than other ads. As
explored by this Essay, this dichotomous attitude is hard to explain. Nevertheless, the
anger has caused anti-spam rhetoric to reach hyperbolic levels. But, while many spam
opponents decry spam as a system breakdown, the breakdown has been more political than
technological. Most state-based attempts to regulate spam, a product of political
grandstanding or legislator rage instead of rational policy-making, were ineffectual,
reflecting their weak policy underpinnings. Early feedback on CAN-SPAM suggests the
federal law will not be any more effective.
Even if CAN-SPAM beneficially affects the flow of unwanted emails, any legislative
solution seems inherently empty. Without legislative intervention, society will find ways to
cope with spam, just as we have with other media. Meanwhile, entrepreneurs will continue
to develop better tools to sort wanted and unwanted communications. Thus, more patience
with the spam “problem” might have facilitated the development of superior results
organically.
NOTES AND QUESTIONS
Did CAN-SPAM Work? If you were to make a list of your top Internet annoyances today,
where would unwanted email rank? If you had surveyed Internet users in the late 1990s, it
would have easily ranked in the top 3, and probably #1. If it ranks well below that now, is
that because, or in spite, of CAN-SPAM? In other words, if spam isn’t one of the major
Internet Law issues of the 21st century, what factors contributed to that outcome?
What is an “Email”? CAN-SPAM is an email exceptionalist statute. But what is an “email,”
and how do we distinguish it from other forms of electronic communication? CAN-SPAM
defines “electronic mail address” as
a destination, commonly expressed as a string of characters, consisting of a
unique user name or mailbox (commonly referred to as the ‘local part’) and a
reference to an Internet domain (commonly referred to as the ‘domain part’),
whether or not displayed, to which an electronic mail message can be sent or
delivered
392.
Based on this definition, is a Facebook instant message an “email”? A Facebook notification
alert? An SMS message/“text”? An appointment added to Google calendar without consent?
What is Commercial Email? CAN-SPAM applies to emails with a primary purpose of “the
commercial advertisement or promotion of a commercial product or service.” This limitation
reflects Congress’ effort to stay within its Commerce Clause authorization, but the
boundaries of commerciality are no clearer in this context than other contexts. Which of the
following might be a commercial email for CAN-SPAM purposes?
A job seeker sends an unsolicited email to a potential employer attaching a resume
and asking for an interview.
An elected politician sends an unsolicited email to constituents asking them to
contribute funds to her reelection campaign.
A law firm sends an unsolicited email “newsletter” to non-clients describing a new
legal ruling and saying that its attorneys have further expertise helping clients
navigate the ruling.
An Uber user sends an affiliate code to his friends saying that both the sender and
recipient will save $20 on their next Uber rides if the friend creates a new Uber
account using the affiliate code
A person sends an email to her friends saying that she is doing a bike ride for
charity and asking recipients to donate to her team’s fundraising page.
If you have done any of these activities, did you consider the possibility that you may need
to comply with CAN-SPAM?
State Law Preemption. CAN-SPAM preempted state anti-spam laws except laws restricting
“falsity or deception” in commercial email. After CAN-SPAM, many states adopted laws
seeking to fit into that non-preempted space. Given that heterogeneous state laws still are
in effect, what did CAN-SPAM’s preemption clause accomplish?
393.
XI. Blogs and Social Networking Sites
The Third Wave of Internet Exceptionalism
By Eric Goldman
Posted March 11, 2009 to http://blog.ericgoldman.org/archives/2009/03/the_third_wave.htm
From the beginning, the Internet has been viewed as something special and “unique.” For
example, in 1996, a judge called the Internet “a unique and wholly new medium of
worldwide human communication.”
The Internet’s perceived novelty has prompted regulators to engage in “Internet
exceptionalism,” crafting Internet-specific laws that diverge from regulatory precedents in
other media. Internet exceptionalism has come in three distinct waves:
The First Wave: Internet Utopianism
In the mid-1990s, some people fantasized about an Internet “utopia” that would overcome
the problems inherent in other media. Some regulators, fearing disruption of this possible
utopia, sought to treat the Internet more favorably than other media.
47 U.S.C. §230 (a law still on the books) is a flagship example of mid-1990s efforts to
preserve Internet utopianism. The statute categorically immunizes online providers from
liability for publishing most types of third party content. It was enacted (in part) “to
preserve the vibrant and competitive free market that presently exists for the Internet and
other interactive computer services, unfettered by Federal or State regulation.” The statute
is clearly exceptionalist because it treats online providers more favorably than offline
publishers—even when they publish identical content.
The Second Wave: Internet Paranoia
Later in the 1990s, the regulatory pendulum swung in the other direction. Regulators still
embraced Internet exceptionalism, but instead of favoring the Internet, regulators treated
the Internet more harshly than analogous offline activity.
For example, in 2005, a Texas website called Live-shot.com announced that it would offer
“Internet hunting.” The website allowed paying customers to control, via the Internet, a
gun on its game farm. An employee manually monitored the gun and could override the
customer’s instructions. The website wanted to give people who could not otherwise hunt,
such as paraplegics, the opportunity to enjoy the hunting experience.
The regulatory reaction to Internet hunting was swift and severe. Over 3 dozen states
banned Internet hunting. California also banned Internet fishing for good measure.
However, regulators never explained how Internet hunting is more objectionable than
physical space hunting.
For example, California Sen. Debra Bowen criticized Internet hunting because it “isn’t
hunting; it’s an inhumane, over the top, pay-per-view video game using live animals for
target practice….Shooting live animals over the Internet takes absolutely zero hunting
skills, and it ought to be offensive to every legitimate hunter.”
394.
Sen. Bowen’s remarks reflect numerous unexpressed assumptions about the nature of
“hunting” and what constitutes fair play. In the end, however, hunting may just be
“hunting,” in which case the response to Internet hunting may just be a typical example of
adverse Internet exceptionalism.
The Third Wave: Exceptionalism Proliferation
The past few years have brought a new regulatory trend. Regulators are still engaged in
Internet exceptionalism, but each new advance in Internet technology has prompted
exceptionalist regulations towards that technology.
For example, the emergence of blogs and virtual worlds has helped initiate a push towards
blog-specific and virtual world-specific regulation. In effect, Internet exceptionalism has
splintered into pockets of smaller exceptionalist efforts.
Regulatory responses to social networking sites like Facebook and MySpace are a prime
example of Internet exceptionalism splintering. Rather than regulating these sites like
other websites, regulators have sought social networking site-specific laws, such as
requirements to verify users’ age, combat sexual predators and suppress content that
promotes violence. The result is that the regulation of social networking sites differs not
only from offline enterprises but from other websites as well.
Implications
Internet exceptionalism is not inherently bad. In some cases, the Internet truly is unique,
special or different and should be regulated accordingly. Unfortunately, more typically,
exceptionalism cannot be analytically justified and instead reflects regulatory panic.
In these cases, regulatory exceptionalism can be harmful, especially to Internet
entrepreneurs and their investors. It can distort the marketplace between web enterprises
and their offline competition—occasionally advantaging the website (such as 47 U.S.C.
230), but typically hindering the web business’ ability to compete. In extreme cases, such as
Internet hunting, unjustified regulatory intervention may put companies out of business.
Accordingly, before enacting exceptionalist Internet regulation, regulators should articulate
how the Internet is unique, special or different and explain why these differences support
exceptionalism. Unfortunately, emotional overreactions to perceived Internet threats or
harms typically trump such a rational regulatory process. Knowing this tendency, perhaps
we can better resist that temptation.
395.
People v. Lopez, 2016 WL 297942 (Cal. App. Ct. 2016)
Defendant Hector Salvador Lopez…challenges two of the imposed probation conditions.
First, he argues that the probation condition requiring him to give his probation officer
passwords to any “social media sites” is unreasonable and unconstitutionally vague….
Defendant argues that the term “social media site” is vague, because it has “neither a clear
legal definition or any obvious contours in common sense.” Defendant maintains that, for
example, certain Web sites like Facebook are commonly accepted as a social media site.
However, he claims that due to the inherent ambiguity in the term “social media site,” it is
unclear whether other, less typical Web sites would be considered a “social media site.” In
support of this argument, defendant brings up the example of a newspaper Web site where
individuals are able to create accounts and comment on news stories. These Web sites
involve a degree of social interaction with other users, and is a way for users to share and
promote content with each other. Defendant insists that it is unclear whether these Web
sites would be considered social media sites under the imposed condition….
…the [lower] court here provided context by listing certain examples of social media sites
covered by the probation condition, including Facebook, Instagram, Myspace, Mocospace, or
anything similar. Further, the probation condition was imposed as part of a standard set of
gang orders. Accordingly, the condition’s purpose—to deter criminal activities associated
with gangs and to prevent future criminality by disassociating defendant from other gang
members—provides guidance to the probationer and clarifies which “social media sites” the
condition intends to target.
Defendant maintains that the term “social media sites” remains ambiguous on its face. We
agree with defendant’s assessment that at first blush the definition of the term “social
media” appears murky, because it lacks a clear definition in California law. Our Legislature
has attempted to define the term “social media” in other codes, but the crafted definitions
have been sweeping. For example, in a footnote in their reply brief, the People point out
that the term “social media” has been defined in the Education Code as “an electronic
service or account, or electronic content, including, but not limited to, videos or still
photographs, blogs, video blogs, podcasts, instant and text messages, email, online services
or accounts, or Internet Web site profiles or locations.” (Educ. Code, § 99120.) A similar
definition is also found in Labor Code section 980, subdivision (a).
The People do not attempt to argue that these definitions apply to defendant’s probation
condition. Nor do we believe application of this definition is appropriate, since the broad
definitions found in the Education Code and Labor Code, which include “online services or
accounts” or “Internet Web site profiles or locations,” would encompass almost anything
that can be found on the Internet, including online bank accounts and e-mail accounts. This
definition likely encompasses a larger swath of defendant’s online presence that the
probation condition did not intend to reach.
However, a practical, acceptable, and common-sense definition of the term does exist. And
that is what the condition needs in order to pass constitutional muster. According to the
Oxford English Dictionary, “social media” constitutes “websites and applications which
enable users to create and share content or to participate in social networking.” In turn,
“social networking” is defined as “the use or establishment of social networks or
396.
connections; (now esp.) the use of websites which enable users to interact with one another,
find and contact people with common interest, etc.” And, “social network” is defined as “a
system of social interactions and relationships; a group of people who are socially connected
to one another; (now also) a social networking website; the users of such a website
collectively.”…
Here, the term “social media,” although not mathematically precise, has a reasonably
certain definition: Web sites where users are able to share and generate content, and find
and connect with other users of common interests. And, the term was made sufficiently
specific by the trial court when it clarified that the probation condition covered social media
sites including Facebook, Instagram, Myspace, Mocospace, or anything similar.
Accordingly, for the aforementioned reasons, we do not find that the term “social media
sites” to be unconstitutionally vague and reject defendant’s conjecture that the condition
could be interpreted to include news Web sites.
Lastly, defendant posits that the condition is also vague because it covers social media
“sites.” Defendant claims that it is unclear whether, based on this language, social media
applications (i.e., applications that only have an interface accessible on a cell phone or
tablet device) that do not have a Web site component would be covered by the probation
condition. We disagree that the condition is vague in this regard. Although the term
references “sites,” we believe it is reasonably clear that the probation condition intends to
include all social media that has an online component. Read this way, there is no vagueness
in the condition’s use of the term “sites.”…
NOTES AND QUESTIONS
What is a “Social Media Site”? As Justice Alito declared, “it is not easy to provide a precise
definition of a ‘social media’ site.” Packingham v. North Carolina, 137 S. Ct. 1730 (2017)
(concurrence n. 16).
Notice how the Lopez court used a sleight-of-hand to get around this. In order to find that
the meaning of the term “social media sites” is “reasonably certain,” the court had to (a)
ignore a statutory definition of the exact same term adopted by the California legislature
(albeit in a different context), and (b) collapse the definition of three different words from
the Oxford English Dictionary Online.
The Lopez court defines a “social media site” as “Web sites where users are able to share
and generate content, and find and connect with other users of common interests.” Assume
for a moment that we don’t have the ejusdem generis examples that the lower court
included in the probation conditions. Which of the following should constitute a “social
media site” according to the Lopez court?
online banks. No, because the court expressly says it’s not included.
an e-commerce site. Normally no if the site is purely transactional. However, what if
the e-commerce site includes consumer review functionality, like Amazon does?
newspaper message boards. Unclear. The court’s definition implies users must be
able to “connect” to each other, which older message board functions don’t normally
397.
allow. But if the term “connect” is metaphorical and not technological, then every
user-generated content function enables like-minded folks to gather and discuss.
online dating apps like Tinder or Grindr. Definitely yes even if they are purely
mobile apps.
online video games like massively multi-player online role playing games
(MMORPGs). Probably yes.
Photo and video sharing sites like YouTube and Flickr. Probably yes. Note that a
person’s YouTube and Gmail accounts may share the same login credentials. So if
the probationer turns over the YouTube passwords, the probation officer also should
be able to log into the probationer’s Gmail account, even though the court expressly
says email accounts are excluded.
Given the definition’s murkiness, if you’re the probationer, aren’t you likely to turn over
every online login credentials, including online banking and email accounts, because it’s not
worth risking jailtime? The court rejected the probationer’s overbreadth argument, but if
you conclude that the probationer’s most rational choice is to overdisclose login credentials,
perhaps the overbreadth argument deserved more credit.
The California Social Media Privacy Laws. California Education Code § 99120 restricts
schools’ access to students’ social media accounts. California Labor Code § 980 restricts
employers’ access to employees’ social media accounts. A majority of the other states have
similar laws, though the actual wording varies substantially from state to state.
The California laws define “social media” as
an electronic service or account, or electronic content, including, but not
limited to, videos, still photographs, blogs, video blogs, podcasts, instant and
text messages, email, online services or accounts, or Internet Web site
profiles or locations.
By including “electronic content,” the laws don’t just apply to “social media”—they apply to
all digital content and activity, both online and offline.
Furthermore, Labor Code § 980 restricts employers’ access to “personal” social media,
presumably in contradistinction to “business-related” accounts that aren’t restricted. Yet,
the law doesn’t define when a social media account is “personal.” While some social media
accounts are clearly “personal” and others are clearly “business-related,” many employee
social media accounts could represent a mix of the two. Indeed, employers and employees
routinely disagree about whether or not a social media account was personal or business-
related.
This puts employers in an obvious squeeze: employers may not know which employee
accounts are purely personal and which are a mix of personal and business-related; the
statute doesn’t expressly allow employers to access mixed account; and the statute doesn’t
give employers a defense if they demand the login credentials because they reasonably but
mistakenly thought the account was all or partially business-related.
398.
It might seem odd to question the value of social media password protection laws, but for an
extended critique of the state-by-state enactments, see Eric Goldman, The Spectacular
Failure of Employee Social Media Privacy Laws, Tech. & Marketing L. Blog, May 31, 2014,
http://blog.ericgoldman.org/archives/2014/05/state_laws_to_p.htm.
Implications. Do you draw any regulatory lessons from the difficulties defining “social
media” as a subset of the Internet (or, in the case of the California laws, as a subset of
electronic data)?
399.
The next case shows how Section 230 applies in the context of social media. Notice how the
case extends Section 230’s immunity to offline injuries.
Doe v. MySpace, Inc., 528 F.3d 413 (5th Cir. 2008).
Jane and Julie Doe (“the Does”) appeal the district court’s dismissal of their claims for
negligence and gross negligence, and its finding that the claims were barred by the
Communications Decency Act (“CDA”), 47 U.S.C § 230, and Texas common law. For the
following reasons, we affirm the decision of the district court.
I. FACTS AND PROCEEDINGS
MySpace.com is a Web-based social network. Online social networking is the practice of
using a Web site or other interactive computer service to expand one’s business or social
network. Social networking on MySpace.com begins with a member’s creation of an online
profile that serves as a medium for personal expression, and can contain such items as
photographs, videos, and other information about the member that he or she chooses to
share with other MySpace.com users. Members have complete discretion regarding the
amount and type of information that is included in a personal profile. Members over the age
of sixteen can choose the degree of privacy they desire regarding their profile; that is, they
determine who among the MySpace.com membership is allowed to view their profile. Once
a profile has been created, the member can use it to extend “invitations” to existing friends
who are also MySpace.com users and to communicate with those friends online by linking
to their profiles, or using e-mail, instant messaging, and blogs, all of which are hosted
through the MySpace.com platform.
Members can also meet new people at MySpace.com through user groups focused on
common interests such as film, travel, music, or politics. MySpace.com has a browser
feature that allows members to search the Web site’s membership using criteria such as
geographic location or specific interests. MySpace.com members can also become online
“friends” with celebrities, musicians, or politicians who have created MySpace.com profiles
to publicize their work and to interface with fans and supporters.
MySpace.com membership is free to all who agree to the Terms of Use. To establish a
profile, users must represent that they are at least fourteen years of age. The profiles of
members who are aged fourteen and fifteen are automatically set to “private” by default, in
order to limit the amount of personal information that can be seen on the member’s profile
by MySpace.com users who are not in their existing friends network and to prevent younger
teens from being contacted by users they do not know. Although MySpace.com employs a
computer program designed to search for clues that underage members have lied about
their age to create a profile on the Web site, no current technology is foolproof. All members
are cautioned regarding the type of information they release to other users on the Web site,
including a specific prohibition against posting personal information such as telephone
numbers, street addresses, last names, or e-mail addresses. MySpace.com members are also
encouraged to report inaccurate, inappropriate, or obscene material to the Web site’s
administrators.
In the summer of 2005, at age thirteen, Julie Doe (“Julie”) lied about her age, represented
that she was eighteen years old, and created a profile on MySpace.com. This action allowed
400.
her to circumvent all safety features of the Web site and resulted in her profile being made
public; nineteen-year-old Pete Solis (“Solis”) was able to initiate contact with Julie in April
2006 when she was fourteen. The two communicated offline on several occasions after Julie
provided her telephone number. They met in person in May 2006, and, at this meeting,
Solis sexually assaulted Julie.2…
III. DISCUSSION
In October 1998*, Congress recognized the rapid development of the Internet and the
benefits generated by Web-based service providers to the public. In light of its findings,
Congress enacted the CDA for several policy reasons, including “to remove disincentives for
the development and utilization of blocking and filtering technologies that empower parents
to restrict their children’s access to objectionable or inappropriate online material.” To
achieve that policy goal, Congress provided broad immunity under the CDA to Web-based
service providers for all claims stemming from their publication of information created by
third parties, referred to as the “Good Samaritan” provision. Indeed, “[n]o cause of action
may be brought and no liability may be imposed under any State or local law that is
inconsistent with this section.”
Courts have construed the immunity provisions in § 230 broadly in all cases arising from
the publication of user-generated content. For example, the Ninth Circuit [in Carafano]
held that a Web-based dating-service provider was not liable when an unidentified party
posted a false online personal profile for a popular actress, causing her to receive sexually
explicit phone calls, letters, and faxes at her home. Acknowledging that the immunity
provision in § 230(c)(1) of the CDA causes “Internet publishers [to be] treated differently
from corresponding publishers in print, television and radio,” the Ninth Circuit held that
“[u]nder § 230(c), ... so long as a third party willingly provides the essential published
content, the interactive service provider receives full immunity regardless of the specific
editing or selection process.”
Similarly, the Fourth Circuit dismissed a plaintiff’s claims on the pleadings, holding that
the CDA protects Web-based service providers from liability even after the provider is
notified of objectionable content on its site. The plaintiff in Zeran sued an Internet service
provider for failing to remove upon notice a false advertisement offering shirts featuring
tasteless slogans relating to the 1995 bombing of the Oklahoma City Federal Building and
instructing interested buyers to call the plaintiff to place orders. After analyzing the
immunity provision of § 230, the Fourth Circuit wrote:
If computer service providers were subject to distributor liability, they would
face potential liability each time they receive notice of a potentially
defamatory statement—from any party, concerning any message.... Because
service providers would be subject to liability only for the publication of
information, and not for its removal, they would have a natural incentive
simply to remove messages upon notification, whether the contents were
2 Julie’s mother reported the assault to Austin, Texas police, who arrested Solis and charged him with second-
degree sexual assault. * [Editor’s note: this date appears to be an error. The DMCA was enacted in October 1998. The CDA was
enacted in February 1996.]
401.
defamatory or not. Thus, like strict liability, liability upon notice has a
chilling effect on the freedom of Internet speech.... Because the probable
effects of distributor liability on the vigor of Internet speech and on service
provider self-regulation are directly contrary to § 230’s statutory purposes,
we will not assume that Congress intended to leave liability upon notice
intact.
Parties complaining that they were harmed by a Web site’s publication of user-generated
content have recourse; they may sue the third-party user who generated the content, but
not the interactive computer service that enabled them to publish the content online.
The Does appear to agree with the consensus among courts regarding the liability
provisions in § 230(c)(1). They argue, however, that their claims against MySpace do not
attempt to treat it as a “publisher” of information; therefore, they argue that § 230 does not
immunize MySpace from their claims and state tort law applies in full effect. The Does
attempt to distinguish their case from Carafano, Zeran, and other contrary authority by
claiming that this case is predicated solely on MySpace’s failure to implement basic safety
measures to protect minors. The district court rejected the Does’ argument, stating:
The Court, however, finds this artful pleading to be disingenuous. It is quite
obvious the underlying basis of Plaintiffs’ claims is that, through postings on
MySpace, Pete Solis and Julie Doe met and exchanged personal information
which eventually led to an in-person meeting and the sexual assault of Julie
Doe. If MySpace had not published communications between Julie Doe and
Solis, including personal contact information, Plaintiffs assert they never
would have met and the sexual assault never would have occurred. No matter
how artfully Plaintiffs seek to plead their claims, the Court views Plaintiffs’
claims as directed toward MySpace in its publishing, editorial, and/or
screening capacities.
The Does do not present any caselaw to support their argument. In fact, they rely upon the
same line of cases listed above but point to § 230(c)(1)’s grant of immunity to publishers of
third-party content as evidence that their claims are somehow different. Other courts,
however, have examined pleadings similar to the Does’ and have reached the same
conclusion as the district court. For example, in Green, the plaintiff sued a Web-based
service provider after he received a computer virus from a third party and endured
derogatory comments directed at him by others in an online “chat room.” He made a failure-
to-protect argument similar to the Does’, claiming that “AOL waived its immunity under [§]
230 by the terms of its membership contract with him and because AOL’s Community
Guidelines outline standards for online speech and conduct and contain promises that AOL
would protect [him] from other subscribers.” The Third Circuit, however, dismissed the
claims as barred by § 230, after recharacterizing the plaintiff’s claims:
There is no real dispute that Green’s fundamental tort claim is that AOL was
negligent in promulgating harmful content and in failing to address certain
harmful content on its network. Green thus attempts to hold AOL liable for
decisions relating to the monitoring, screening, and deletion of content from
its network—actions quintessentially related to a publisher’s role. Section
230 “specifically proscribes liability” in such circumstances.
402.
Green demonstrates the fallacy of the Does’ argument. Their claims are barred by the CDA,
notwithstanding their assertion that they only seek to hold MySpace liable for its failure to
implement measures that would have prevented Julie Doe from communicating with Solis.
Their allegations are merely another way of claiming that MySpace was liable for
publishing the communications and they speak to MySpace’s role as a publisher of online
third-party-generated content.
The Does further argue for the first time on appeal that MySpace is not immune under the
CDA because it partially created the content at issue, alleging that it facilitates its
members’ creation of personal profiles and chooses the information they will share with the
public through an online questionnaire. The Does also contend that MySpace’s search
features qualify it as an “information content provider”, as defined in the CDA: “The term
‘information content provider’ means any person or entity that is responsible, in whole or in
part, for the creation or development of information provided through the Internet or any
other interactive computer service.”
Nothing in the record, however, supports such a claim; indeed, Julie admitted that she lied
about her age to create the profile and exchanged personal information with Solis. In the
February 1, 2007 hearing before the district court, the Does admitted that Julie created the
content, disclosing personal information that ultimately led to the sexual assault, but
stressed that their cause of action was rooted in the fact that MySpace should have
implemented safety technologies to prevent Julie and her attacker from meeting:
THE COURT: I want to get this straight. You have a 13-year-old girl who
lies, disobeys all of the instructions, later on disobeys the warning not to give
personal information, obviously, [and] does not communicate with the parent.
More important, the parent does not exercise the parental control over the
minor. The minor gets sexually abused, and you want somebody else to pay
for it? This is the lawsuit that you filed?
MR. ITKIN [Counsel for the Does]: Yes, your Honor.
....
MR. ITKIN: The first point is we’re not complaining about any of the content
that was transmitted between Julie Doe and Pete Solis. Our complaint is
[that] the two of them never should have been able to meet because MySpace
could have implemented technology very simple and technologically—not
simple but technologically and inexpensive age verification software that has
been asked for by attorneys general before the lawsuit happened, or even
done the things they did right after the filing of the lawsuit that would have
prevented these two people from ever meeting. We wanted to keep the foxes
out of the hen house. That’s the first thing, your Honor, is that we’re not
complaining about the content.
Throughout the hearing, the Does stated they had one argument—that MySpace was
negligent for not taking more precautions:
403.
MR. ITKIN: Pete Solis is liable for an assault. But what we’re trying to hold
MySpace liable for isn’t the publishing of a phone number but, rather, we’re
trying to hold MySpace responsible for not putting in the safety precautions
to keep the two of them separated.
....
THE COURT: Now, I’ve heard all of your arguments on the negligence and
the duty. Now the duty is something that’s bothering me and that’s my next
question to you. But as I read your pleadings, they are just wholly
inapplicable to the Federal Rules of Procedure on fraud. You’ve got no specific
fraud here. And on your negligent misrepresentation, that’s just a rehash of
what you’re already doing. So we’re really talking about one cause of action,
and that is a negligence cause of action. You keep nodding. Do you agree with
that?
MR. ITKIN: I think that is a fair recommendation, a fair statement.
....
MR. ITKIN: Thank you. Your Honor we are not—and I want to be very clear
about this. We are not complaining about any of the content that was
exchanged between Julie Doe and Pete Solis. We understand that that is
something we cannot complain about. Our complaint is only that these two
should have never been allowed to find each other, anyways, if reasonable
safety precautions were put in place. And under congressional law and, we
believe, Texas common law, that’s enough to state a claim.
Although the Does’ complaint alleged that MySpace allowed or encouraged members to post
information after a member’s profile had been created, counsel for the Does reiterated in
the hearing time and again that they had no complaints or allegations regarding the
content of the information posted by Julie or exchanged between Julie and Solis. It appears
that the reference to MySpace’s solicitation of information was solely used to set up the
Does’ argument that MySpace failed to protect Julie by declining to implement age-
verification software:
THE COURT: But your client violated every single thing that MySpace says
to do.
MR. ITKIN: Which is your Honor—and true. That is correct, your Honor. But
I will say that that’s a known risk to MySpace. And that’s not just me saying
it, that’s the Attorney General saying it.
THE COURT: Everyone knows people lie. So therefore, should you be liable?
MR. ITKIN: No, your Honor. But when you know of the risk and you know
that the people—there’s potential for lying, all you need to do is put some
basic safety mechanisms in place to prevent—or to circumvent the lying.
404.
THE COURT: So you’ve got the Attorney General of the United States saying
... don’t put your credit card on the internet, but you want them to do it to get
a free space. That’s one of the things.
MR. ITKIN: That’s one of the things.
THE COURT: Then a driver’s license. Do you know how many people I
sentence here every Friday that have a fake driver’s license?
MR. ITKIN: I can imagine a lot, your Honor.
....
MR. ITKIN: What we really want, your Honor, is there’s a company out
there—I’ll give you an example of one of the companies out there called
Aristotle. Aristotle through public databases if you enter your name, your zip
code, and your birth year can come back with, hey, this person’s real; or you
can enter an e-mail and have verification. So there’s some things to do that
are less intrusive as far as giving people your driver’s license or your Social
Security number.
....
MR. ITKIN: Your Honor, because if [MySpace] had the age verification
software in place, [Julie and Solis] never would have talked in the first place.
They never would have known about each other.
At no time before filing their appeal in this Court did the Does argue that the CDA should
not apply to MySpace because it was partially responsible for creating information
exchanged between Julie and Solis. Because the Does failed to present this argument to the
district court, they are barred from making this argument on appeal. We therefore hold,
without considering the Does’ content-creation argument, that their negligence and gross
negligence claims are barred by the CDA, which prohibits claims against Web-based
interactive computer services based on their publication of third-party content. Because we
affirm the district court based upon the application of § 230(c)(1), there is no need to apply §
230(c)(2), or to assess the viability of the Does’ claims under Texas common law in the
absence of the CDA….
NOTES AND QUESTIONS
Age Verification Redux. As we’ve repeatedly discussed, plaintiffs and regulators keep
agitating for age verification, but the technology challenge has proven tougher than
anticipated. See Nicole Perlroth, Verifying Ages Online Is a Daunting Task, Even for
Experts, N.Y. TIMES, June 17, 2012.
In 2008, following coercive “coaxing” by dozens of state Attorneys General, MySpace and
Facebook undertook greater efforts to protect 13 and 14 year old site users. Yet, Facebook
has millions of under-13 users, and in many cases parents help their pre-teens work around
the site’s technological efforts to screen them out. danah boyd et al, Why Parents Help Their
Children Lie to Facebook About Age: Unintended Consequences of the ‘Children’s Online
Privacy Protection Act’, FIRST MONDAY, Nov. 7, 2011,
405.
http://www.firstmonday.org/ojs/index.php/fm/article/view/3850; Matt Richtel & Miguel
Helft, Facebook Users Who Are Under Age Raise Concerns, N.Y. TIMES, Mar. 11, 2011.
Allocation of Responsibility. Consider the list of parties who might bear responsibility for
the sexual assaults:
Pete Solis, the sexual predator. Solis pleaded guilty to criminal charges and was
sentenced to 90 days in jail. From MySpace’s perspective, Solis was an intervening
tortfeasor.
the teenage victim, who lied to MySpace and made risky choices.
the victim’s parents. Arguably, they did not supervise the victim’s online or offline
activities.
the school. Note that Solis allegedly picked the victim up from school.
the parking lot operator where Solis and the victim went to have sex.
MySpace, which allowed the victim to lie, allowed Solis to find her, and enabled Solis
and the victim to communicate.
Which, if any, of these parties should bear responsibility for the sexual assault? All of
them? None of them? Some subset?
“But For” and Proximate Causation. When so many parties are “but for” causal contributors
to a tragedy, how should we allocate proximate causation? Section 230 normally moots that
question, but Vesely v. Armslist LLC, 762 F.3d 661 (7th Cir. 2014) considered the
underlying tort principles without relying on Section 230.
Armslist runs a classified advertising website for guns. A buyer and seller met through
Armslist and arranged a transaction that violated federal law. The buyer used the gun to
murder a woman who had spurned his romantic overtures. The deceased’s family sued
Armslist for negligence in allowing the illegal gun sale to take place.
The court rejected the claim on ordinary tort principles, without mentioning Section 230 at
all. First, the court held that Armslist didn’t owe the deceased a duty. The court says that
“when an intervening criminal act by a third person arises,” the defendant has a duty to
prevent negligence that attaches only when the defendant has a “special relationship” with
the victim. In this case, Armslist didn’t have a special relationship with the victim; in fact,
it had no relationship at all. Second, the court held that Armslist didn’t impermissibly
facilitate the gun buyer’s crime:
simply enabling consumers to use a legal service is far removed from
encouraging them to commit an illegal act. Armslist permitted Ladera to
place an advertisement on its website and nothing more. It did not invite
Ladera or Smirnov to break the law.
See also Fields v. Twitter, Inc., 881 F.3d 739 (9th Cir. 2018) (Twitter isn’t liable for
terrorist-caused deaths, even though terrorists use Twitter).
406.
E-Discovery is a critical part of every litigator’s practice, and social networking accounts
can be a treasure trove of rich and juicy evidence that every litigator craves. Is everything
stored by a social networking site fair game in litigation? The next two opinions address
that question.
Zimmerman v. Weis Markets, 2011 WL 2065410 (Penn. Ct. Common Pleas 2011)
…The case at bar involves an accident that occurred on April 21, 2008 while Zimmerman
was operating a forklift at Weis Markets’ warehouse located in Milton, Pennsylvania.
Zimmerman seeks damages for the injuries caused to his left leg as a result of the accident,
including lost wages, lost future earning capacity, pain and suffering, scarring and
“embarrassment.” He avers that “his health in general has been seriously and permanently
impaired and compromised” and, that “he has sustained a permanent diminution in the
ability to enjoy life and life’s pleasures.” Weis Markets, upon review of the public portion of
Zimmerman’s Facebook page, discovered that his interests included “ridin” and “bike
stunts” and his MySpace page contains more recent photographs depicting Zimmerman
with a black eye and his motorcycle before and after an accident. Additionally, there are
photographs of Zimmerman wearing shorts, and his scar from this accident is clearly
visible. Weis Markets argues that this is relevant because at his deposition, Zimmerman
claimed he never wears shorts because he is embarrassed by his scar. Based on what was
observed on the publicly available portions of Zimmerman’s Facebook and MySpace pages,
Weis Markets believes there may be other relevant information as to Zimmerman’s damage
claims on the non-public portions of his Facebook and MySpace pages.
Zimmerman argues that his privacy interests outweigh the need to obtain the discovery
material.2…
I…
[The court discussed an analogous precedent, Romano v. Steelcase, Inc., 907 N.Y.S.2d 650
(Suffolk Co. 2010), which said:]
Thus, it is reasonable to infer from the limited postings on Plaintiff’s public
Facebook and MySpace profile pages, that her private pages may contain
materials and information that are relevant to her claims or that may lead to
the disclosure of admissible evidence. To deny Defendant an opportunity [to]
access to these sites not only would go against the liberal discovery policies of
New York favoring pre-trial disclosure, but would condone Plaintiff’s attempt
to hide relevant information behind self-regulated privacy settings.
2 In the alternative, Zimmerman also argued that the Court should conduct an in-camera review and decide
what materials should be provided to Weis Markets. This argument is flatly rejected as an unfair burden to
place on the Court, which would not only require the time and resources necessary to complete a thorough
search of these sites, but also would require the Court to guess as to what is germane to defenses which may be
raised at trial.
407.
II
The plaintiff in Romano contended that production of her entries on Facebook and MySpace
would violate her right to privacy, which outweighed the defendant’s need for the
information. However, as Romano aptly noted, “[t]he Fourth Amendment’s right to privacy,
protects people, not places” citing Katz v. United States, 389 U.S. 347 (1967) and the
reasonableness standard imposed thereunder (i.e. a reasonable expectation of privacy). As
noted by Romano, it was stated by the United States District Court of New Jersey in Beye
v. Horizon Blue Cross Blue Shield of New Jersey, 06-5337 (D.N.J. December 14, 2007):
“[t]he privacy concerns are far less where the beneficiary herself chose to disclose the
information.” Further, Romano found both California and Ohio courts that rejected the
notion of a reasonable expectation of privacy as to MySpace postings. See Moreno v.
Hanford Sentinel Inc., 172 Cal. App. 4th 1125 (Cal. App. 5 Dist. 2009) and Dexter v. Dexter,
2007 WL 1532084 (Ohio App. 11 Dist. 2007). All the authorities recognize that Facebook
and MySpace do not guarantee complete privacy. Facebook’s privacy policy explains that
users post any content on the site at their own risk and informs users that this information
may become publicly available.6 The Romano court therefore concluded:
Thus, when Plaintiff created her Facebook and MySpace accounts, she
consented to the fact that her personal information would be shared with
others, notwithstanding her privacy settings…Since Plaintiff knew that her
information may become publicly available, she cannot now claim that she
had a reasonable expectation of privacy.
In view of the sound, logical approach of the court in Romano, this Court is likewise
persuaded that the argument of Zimmerman that his privacy interests outweigh the
discovery requests is unavailing.
It is well recognized that the Pennsylvania Rules of Civil Procedure, like New York, provide
for liberal discovery: “Generally, discovery is liberally allowed with respect to any matter,
not privileged, which is relevant to the cause being tried.” Zimmerman placed his physical
condition in issue, and Weis Markets is entitled to discovery thereon. Based on a review of
the publicly accessible portions of his Facebook and MySpace accounts, there is a
reasonable likelihood of additional relevant and material information on the non-public
portions of these sites. Zimmerman voluntarily posted all of the pictures and information on
his Facebook and MySpace sites to share with other users of these social network sites, and
he cannot now claim he possesses any reasonable expectation of privacy to prevent Weis
Markets from access to such information. By definition, a social networking site is the
interactive sharing of your personal life with others; the recipients are not limited in what
they do with such knowledge. With the initiation of litigation to seek a monetary award
based upon limitations or harm to one’s person, any relevant, non-privileged information
about one’s life that is shared with others and can be gleaned by defendants from the
internet is fair game in today’s society. Accordingly, Weis Markets’ Motion to Compel is
granted.
6 It is well publicized that Facebook’s privacy policy and its revisions have been the subject of criticism and
controversy that may be never ending. One need only “Google” search the terms “Facebook privacy” for an
exhaustive list of access to articles on the topic.
408.
Based on the foregoing, the following Order is entered:
AND NOW, this 19th day of May, 2011, it is hereby ORDERED that Plaintiff shall provide
all passwords, user names and log-in names for any and all MySpace and Facebook
accounts to Defendant within twenty (20) days from the date hereof. It is FURTHER
ORDERED that Plaintiff shall not take steps to delete or alter existing information and
posts of his MySpace or Facebook accounts.
409.
Farley v. Callais & Sons LLC, 2015 WL 4730729 (E.D. La. 2015)
Before the Court is a Motion to Compel Production of Facebook Records filed by Defendant,
Callais & Sons, LLC (“Callais”). That motion seeks an order compelling personal-injury
plaintiff, Carl M. Farley (“Farley”), to produce:
all of his Facebook activity and records subsequent to the alleged incident on
May 24, 2014….
At first blush, it appears Callais seeks broad discovery from Farley of “all Facebook
activity” from his accident date through the present. Actually, it seeks something more —
by virtue of its request that this Court compel Farley to provide password and log-in
information and execute the authorization it included as part of its requests, it seeks
unsupervised and ongoing entry into (and even “real-time” monitoring of) the
“private”1 portions of Farley’s Facebook account(s) in order to conduct its own survey and
analysis of what might be helpful to it in this litigation….
The Court suspects that even a casual reader would view these requests as intrusive,
particularly given the fact that the combination of requests for log-in and password
information and an accompanying request for an authorization that Facebook turn over all
the sought-after information would essentially render moot any exercise of discretion by
Farley or his counsel in determining what, if any, information was actually discoverable. If
this were a “traditional” document request, that would certainly be the case. But these are
requests for “social media”-based information, so the suggestion has been made that a new,
perhaps yet-to-be-determined, set of discovery principles and rules should apply here. The
Court disagrees.
No doubt the proliferation of activity on social networking sites (“SNS”) is affecting what
have been fairly well-established conventions when it comes to formal discovery in federal-
court litigation. Smart, opportunistic lawyers are now routinely seeking to exploit the
“brave new world” feel of this ever-evolving aspect of how many average Americans go
about their daily lives to gain an advantage in litigation. This Court’s recent experience and
research confirms this observation, evident not only in the cascade of motions like the one
now before this Court that seek surprisingly broad disclosure of “private” online discourse,
but in the relative paucity of on-all-fours precedent that might otherwise guide us as to how
a litigant’s social-media activity and conduct fit into what lawyers and judges already
understand about the breadth and limits of discovery under the Federal Rules of Civil
Procedure.
….[Callais makes] a rather bold argument, the tagline of which is “[i]f the plaintiff has
nothing to hide, then he should not object to producing his Facebook records.” This
statement reveals a fundamental misunderstanding of the general scope of discovery and
where SNS information fits within that scope.
1 As the Court noted and counsel agreed at the hearing on this motion, any information on Plaintiffs “public”
Facebook area is, by definition, already available to Callais and that information is not the subject of this
motion.
410.
The present motion is about discovery of social media communications, which some lawyers
and litigants apparently perceive to be different in kind than “other” discovery we are more
accustomed to seeing. The Federal Rules do not allow for that distinction. The question
created by the present motion and counsel’s argument in support of it is whether the
manner in which something is communicated to a select group of people (“friends” in the
SNS parlance) matters under Rule 26. When it comes to one of the key indices of
discoverability — relevance — is there a meaningful difference between typing a message
into a cellphone or a computer keyboard, as opposed to speaking it out loud to another
person or writing it on paper? In this Court’s view, the answer to that question must be
“no.”…
[A prior Kansas district court opinion, Smith v. Hillshire Brands, discussed similar issues:]
The next request was problematic for the court, raising a “more complex issue, as it seeks
documentation of all of plaintiff’s activity on the named social networks since January 1,
2013, regardless of whether the activity has anything at all to do with this case or the
allegations made in plaintiff’s complaint.” The Smith Court found this request facially
flawed, as it sought clearly irrelevant information:
Although it is apparent to the court that plaintiff’s social networking activity
that references in any way defendant or matters asserted in plaintiff’s
complaint is relevant, it is less apparent why unfettered access to plaintiff’s
social media activity over the past year-and-a-half is relevant. The burden
therefore falls on defendant to establish relevancy….
Information on social networking sites is not entitled to special protection, but a discovery
request seeking it nevertheless must meet Fed. R. Civ. P. 26’s requirement that it be
tailored “so that it ‘appears reasonably calculated to lead to the discovery of admissible
evidence.’” Citing a decision from the Western District of Pennsylvania, the Smith Court
aptly described the concern raised by such overbroad requests:
Ordering plaintiff to permit access to or produce complete copies of his social
networking accounts would permit defendant to cast too wide a net and
sanction an inquiry into scores of quasi-personal information that would be
irrelevant and non-discoverable. Defendant is no more entitled to such
unfettered access to plaintiff’s personal email and social networking
communications than it is to rummage through the desk drawers and closets
in plaintiff’s home….
[In a different case, a judge wrote:]
Simply placing their mental and physical conditions at issue is not sufficient
to allow [Defendant] to rummage through [Plaintiffs’] social media sites.
Almost every plaintiff places his or her mental or physical condition at issue,
and this Court is reticent to create a bright-line rule that such conditions
allow defendants unfettered access to a plaintiff’s social networking sites that
he or she has limited from public view
This observation is notably applicable here because Callais, through counsel, has argued in
the present motion that the broad Facebook discovery it seeks is proper and relevant
411.
because Plaintiff has placed both his physical and mental condition at issue in this case.
While this Court concludes this “placing at issue” by Plaintiff makes some of his SNS
information discoverable, that rather predictable decision by Plaintiff cannot and does not
justify the broad discovery sought by Callais in this motion.
Based on all the foregoing authority and the facts of this case, the Court finds the following
categories of information discoverable from Farley’s Facebook account, from March 24, 2014
(the date of accident) to the present:
1) postings by Farley that refer or relate to the accident in question;
2) postings that refer or relate to emotional distress that Farley alleges he
suffered as a result of the accident and any treatment that he received
therefor;
3) postings or photographs that refer or relate to alternative potential
emotional stressors or that are inconsistent with the mental injuries he
alleges here;
4) postings that refer or relate to physical injuries that Farley alleges he
sustained as a result of the accident and any treatment that he received
therefor;
5) postings that refer or relate to other, unrelated physical injuries suffered
or sustained by Farley; and
6) postings or photograph that reflect physical capabilities that are
inconsistent with the injuries that Farley allegedly suffered as a result of the
accident.
In considering this matter, the Court declines to require Plaintiff to share his log-in or
password information with Callais or to require him to sign any type of authorization to
allow Callais to seek this information directly from Facebook….[T]he Court directs that
Plaintiff’s postings be made immediately available to Plaintiff’s counsel and that they be
reviewed by Plaintiff’s counsel — not Plaintiff himself — to determine whether they fit into
one or more of the categories set forth above….11
NOTES AND QUESTIONS
Are the Zimmerman and Farley opinions reconcilable? If not, what explains the differences?
Which solution do you find more sensible?
Why did the Farley judge say the plaintiff’s counsel, and not plaintiff, should sort the
postings? Do you share the judge’s apparent confidence in the plaintiff’s counsel integrity?
Impact of Privacy Settings. In civil case discovery, it normally doesn’t matter if social media
posts have been made to the world, the poster’s “friends,” or some subset. See Forman v.
Henkin, 22 N.Y.S.3d 178 (N.Y. Ct. App. 2018) (“we reject the notion that the account
11 Counsel for Callais suggested at the hearing that this Court conduct an in camera review of all of Farley's
Facebook data to determine what should be produced. While in camera review is often appropriate to resolve
claims of privilege, for reasons too numerous to list here, this Court declines to adopt a policy of reviewing
documents in camera for relevance.
412.
holder’s so-called “privacy” settings govern the scope of disclosure of social media
materials”).
In criminal cases, social media services are only required to disclose third parties’ “public”
posts to criminal defendants. See Facebook, Inc. v. Superior Court of San Francisco (ex rel
Hunter), 4 Cal.5th 1245 (Cal. 2018).
The Trend to Limit Access to Social Media Evidence. Like the Farley opinion, other courts
have begun to question the legitimacy of broad access to social media evidence:
Social media presents some unique challenges to courts in their efforts to
determine the proper scope of discovery of relevant information and
maintaining proportionality. While it is conceivable that almost any post to
social media will provide some relevant information concerning a person’s
physical and/or emotional health, it also has the potential to disclose more
information than has historically occurred in civil litigation. While we can
debate the wisdom of individuals posting information which has historically
been considered private, we must recognize people are providing a great deal
of personal information publicly to a very loosely defined group of “friends,” or
even the entire public internet. People have always shared thoughts and
feelings, but typically not in such a permanent and easily retrievable format.
No court would have allowed unlimited depositions of every friend, social
acquaintance, co-employee or relative of a plaintiff to inquire as to all
disclosures, conversations or observations. Now far more reliable disclosures
can be obtained with a simple download of a social media history. A few clicks
on the computer and you shortly have what can consist of hundreds of pages
of recorded postings and conversations of a party. There can be little doubt
that within those postings there will be information which is relevant to some
issue in the litigation. It is equally clear that much of the information will be
irrelevant.
Just because the information can be retrieved quickly and inexpensively does
not resolve the issue. Discovery can be burdensome even as it is inexpensive.
Courts have long denied discovery of information which was easy to obtain,
but which was not discoverable….
The Defendant correctly observes that there would be very little time or
expense involved in the initial production of Plaintiff’s Facebook history.
That’s true on the front end. The problem is that such vast information has
the potential to generate additional discovery or impact trial testimony. It’s
not difficult to imagine a plaintiff being required to explain every statement
contained within a lengthy Facebook history in which he or she expressed
some degree of angst or emotional distress or discussing life events which
could be conceived to cause emotion upset, but which is extremely personal
and embarrassing. There is also substantial risk that the fear of humiliation
and embarrassment will dissuade injured plaintiffs from seeking recovery for
legitimate damages or abandon legitimate claims. That being said, Defendant
has a legitimate interest in discovery which is important to the claims and
damages it is being asked to pay. Information in social media which reveals
413.
that the plaintiff is lying or exaggerating his or her injuries should not be
protected from disclosure. Courts must balance these realities regarding
discovery of social media and that is what most of the courts which have
addressed this issue have done….
Granting access to Plaintiff’s entire Facebook history would provide minimal
relevant information while exposing substantial irrelevant information. As
such the discovery would exceed the proper limits of proportionality.
Gordon v. T.G.R. Logistics, Inc., 321 F.R.D. 401 (D. Wy. 2017); see also Forman v. Henkin,
22 N.Y.S.3d 178 (N.Y. Ct. App. 2018) (“Directing disclosure of a party’s entire Facebook
account is comparable to ordering discovery of every photograph or communication that
party shared with any person on any topic prior to or since the incident giving rise to
litigation – such an order would be likely to yield far more nonrelevant than relevant
information.”),
The Forman court offered one approach to balancing the competing interests:
courts should first consider the nature of the event giving rise to the
litigation and the injuries claimed, as well as any other information specific
to the case, to assess whether relevant material is likely to be found on the
Facebook account. Second, balancing the potential utility of the information
sought against any specific “privacy” or other concerns raised by the account
holder, the court should issue an order tailored to the particular controversy
that identifies the types of materials that must be disclosed while avoiding
disclosure of nonrelevant materials. In a personal injury case such as this it
is appropriate to consider the nature of the underlying incident and the
injuries claimed and to craft a rule for discovering information specific to
each. Temporal limitations may also be appropriate – for example, the court
should consider whether photographs or messages posted years before an
accident are likely to be germane to the litigation. Moreover, to the extent the
account may contain sensitive or embarrassing materials of marginal
relevance, the account holder can seek protection from the court. Here, for
example, Supreme Court exempted from disclosure any photographs of
plaintiff depicting nudity or romantic encounters.
Exception for Evidence of Mental or Emotional States. If a plaintiff’s claim or damages
request relates to his or her mental or emotional state, the defense might be able to seek
many of their social media posts as contemporaneous evidence of those states:
On relevancy, common sense dictates that information in Ms. Crossman’s
social media, including her Facebook and Instagram accounts, relates to her
contemporaneous mental and emotional states and therefore relates to the
injuries she claims she suffered at the hands of Carrington Mortgage,
including loss of enjoyment of life….On privacy, she has ceded some by
sharing her personal information with others on social media and by bringing
this lawsuit subject to the public right of access. To the extent she has not, a
confidentiality agreement suffices to protect her interests, and the obligations
of members of the Court’s bar suffices to deter misuse of the information.
414.
Crossman v. Carrington Mortgage Services, LLC, 2020 WL 2114639 (M.D. Fla. 2020).
Social Media and Dual Personae. The caselaw is filled with examples where litigants make
a claim in court and make contradictory statements online. See, e.g., People v. Franco, 2009
WL 3165840 (Cal. App. Ct. 2009):
At about 10:30 a.m. on June 6, 2006, Franco and Henry Chavez were seen
racing each other in their Mustang vehicles on the Ventura Freeway, each
reaching speeds of approximately 100 miles per hour. Franco applied her
brakes while Chavez was directly behind her, causing him to lose control of
his vehicle. The vehicle travelled to the other side of the freeway, flipped, and
landed in a strawberry field. Chavez was killed. Franco did not stop.
Franco testified that she was driving approximately 75 miles an hour on the
freeway when Chavez began tailgating her. When she changed lanes, he
followed her. Noticing that her speed had increased, she tapped on her brakes
to slow down. Chavez veered to avoid hitting her, then lost control of his
vehicle. She saw a plume of dust but kept driving as her boyfriend advised
when she called him on her cell phone. The day before the accident, however,
Franco had written on her MySpace page, “If you find me on the freeway and
you can keep up I have a really bad habit of racing random people.”
Then again, the strong possibility that people are maintaining dual personae could
undermine the credibility of social media evidence. See Hawes v. Holland, 2015 WL
4112405 (E.D. Cal. 2015):
Petitioner contends trial counsel was ineffective for failing to obtain
information from M.’s electronic and social media activity. He asserts that, at
the time of his arrest, M. described her life as “perfect” on her Facebook
profile and that emails and messages between M. and her friends would
support petitioner’s theory that M.’s story was “ever changing.”…
It is not surprising that a teenage girl would describe her life as “perfect” on
social media but in reality experience horrific circumstances at home. Here,
M had resisted telling anyone about the molest for a lengthy period of time. It
is therefore not surprising, or worthy of an evidentiary hearing, to view
records where M had not presented herself as an unwilling participant in
years of abuse. A recordation of abuse would have meant that M had
determined to turn her stepfather over to authorities—a decision that would
inevitably involve M in reliving all of the abuse, and having such abuse
become the focal point of her life for months in a criminal process. This is a
decision that is seldom made at the start of an abusive relationship.
Moreover, it is beyond cavil that most youths like to portray themselves as
attractive to other persons. A recoded chronology of being abused would have
made M very unattractive to many persons, making most persons shy away—
either not wanting to be vicariously involved in what was undeniably a
criminal situation, or not having a relationship with someone who would be
415.
most certainly psychologically scarred. Reflecting that her life was “perfect”
on social media is no different than her saying “good,” when asked by anyone
“how are you doing?”
In addition, petitioner’s reasoning for seeking M.’s text messages—that she
texted her friends a lot—does not describe a unique characteristic of M.
Indeed M., like any teenage girl with a cell phone, sent text messages to her
friends. There is no indication that a review of those text messages would
have lead [sic] to relevant, exculpatory evidence….
416.
The next case shows the legal consequences of a teenager’s poor online choices.
In re Rolando S., 197 Cal. App. 4th 936 (Cal. App. Ct. 2011)
…FACTUAL AND PROCEDURAL BACKGROUND
Appellant was one of several recipients of an unsolicited text message providing the
password to the victim’s email account. Appellant used the victim’s email password and
account to gain access to her Facebook account, where he posted, in her name, prurient
messages on two of her male friends’ pages (walls) and altered her profile description in a
vulgar manner.2 The victim found out about the messages and informed her father, who
removed the messages from her account and later called the police.
Appellant admitted to the police that he posted the messages from the victim’s Facebook
account and altered her profile. A juvenile petition was filed alleging one count of violating
section 530.5, subdivision (a) (willfully obtaining personal identifying information and
using it for an unlawful purpose). After a contested jurisdiction hearing, the juvenile court
found beyond a reasonable doubt that appellant had committed the crime charged and
sustained the petition.
At the disposition hearing, the juvenile court denied appellant’s motion to reduce the crime
from a felony to a misdemeanor, without prejudice. The court noted its concern with the
short time span between this offense and the disposition of a prior offense—assault with a
deadly weapon (a car), where appellant had driven his car at three girls with the intent of
scaring them. The court found the maximum confinement time for the offense to be three
years, and found the aggregated maximum confinement time to be three years and three
months. The court ordered appellant committed to the Kings County Juvenile Academy
Alpha Program for 90 days to a year, and put him on probation.
DISCUSSION
Section 530.5(a) states in pertinent part:
Every person who willfully obtains personal identifying information, as
defined in subdivision (b) of Section 530.55, of another person, and uses that
information for any unlawful purpose, including to obtain, or attempt to
obtain, credit, goods, services, real property, or medical information without
the consent of that person, is guilty of a public offense....
The offense is a “wobbler,” punishable either as a misdemeanor or a felony. Section 530.55,
subdivision (b) includes “unique electronic data” as “personal identifying information.”
2 Appellant posted, as the victim, on a male classmate’s wall: “I want to stick your dick in my mouth and then in
my pussy and fuck me really hard and cum on my face.” On another male classmate’s wall he posted: “When we
were dating we should have had sex. I always thought you had a cute dick, maybe we can have sex sometime.”
On the victim’s profile description, appellant posted: “Hey, Face Bookers, [ sic ] I’m [S.], a junior in high school
and college, 17 years young, I want to be a pediatrician but I’m not sure where I want to go to college yet. I have
high standards for myself and plan to meet them all. I love to suck dick.”
417.
“[T]o be guilty under section 530.5, subdivision (a), the defendant must (1) willfully obtain
personal identifying information of another person, and (2) use the identifying information
for an unlawful purpose without the person’s consent.” The facts here are not in dispute.
Appellant asserts the facts fail to satisfy the elements of section 530.5(a). We disagree.
A. Appellant Willfully Obtained the Victim’s Email Account Password
Appellant essentially argues that because he made no effort to obtain the password, instead
passively receiving the text message on his cell phone “without his prior knowledge or
consent,” he did not “willfully” obtain the victim’s email account password for purposes of
the statute. Respondent focuses its argument on asserting that appellant “obtained” the
password, and evidenced his willfulness by using the password, rather than deleting it
when he received it. We conclude appellant willfully obtained the victim’s password when
he chose to remember the password from the text message, and later affirmatively used the
password to gain access to the victim’s electronic accounts.
…Appellant freely accepted the password information provided in the text message. While
the text message itself was unsolicited, no evidence suggests appellant was forced to
remember the password or otherwise keep a record of it so that he could use it later, as he
admitted to doing. On the record before us, we conclude that appellant willfully obtained
the password information from the text message, knowing that he was continuing to
possess the password, intending to do so, and was a free agent when securing the password
for his future use.
Moreover, appellant used the email password he willfully obtained from the text message to
then willfully obtain the victim’s Facebook account password. Facebook accounts are linked
to a user’s email account. If the user forgets his or her Facebook password, he or she can
regain access to his or her Facebook account by having Facebook email a verification
procedure to the user’s email address. By completing the Facebook verification procedure,
the user is directed to a Facebook page where they can then reset his or her Facebook
password by entering a new one, which then logs him or her back into the Facebook account
with the new password.
The victim’s father testified the victim’s Facebook password was being changed dozens of
times over several weeks and it was only after they deleted her email account that they
were able to regain control over her Facebook account. Appellant admitted to Officer Lucio
that he used the email account password he received from the text message to gain access
to the victim’s Facebook account. By resetting the victim’s Facebook account password
himself using the above-described process, appellant would have been able to log in to her
account and pose as the victim as he posted on her friends’ walls and on her profile. The
record makes no indication appellant received the victim’s Facebook account password in
another manner. It is reasonable to infer he used this process of resetting the password
through the victim’s email account to gain access to the victim’s Facebook account. Not only
did appellant willfully obtain the email password from the text message, he also willfully
obtained the Facebook account password by purposely using the email account as a vehicle
to alter the Facebook account password.
418.
B. Appellant Used the Victim’s Information for an Unlawful Purpose
Appellant next contends his conduct fails to satisfy the second element of section 530.5(a),
that he “use[d] [the victim’s] information for any unlawful purpose.” He argues that at most
he “possibly defamed” the victim, but asserts that civil torts do not constitute an “unlawful
purpose” for purposes of the statute. Respondent argues appellant’s conduct was unlawful
under section 647.6, subdivision (a)(1) (annoying or molesting a child). In the alternative,
respondent contends that civil torts constitute an unlawful purpose, and appellant’s
conduct amounted to libel under Civil Code section 45. We disagree with respondent that
appellant’s conduct constituted unlawful behavior under section 647.6, subdivision (a)(1).
However, we hold that intentional civil torts, such as libel, constitute an “unlawful purpose”
for purposes of section 530.5(a), and affirm the judgment.
1. Appellant’s Conduct Was Not Unlawful Under Section 647.6
Section 647.6, subdivision (a)(1) makes it a misdemeanor when a person, “annoys or molests
any child under 18 years of age.” Our Supreme Court has held that the statute requires “(1)
conduct a ‘“normal person would unhesitatingly be irritated by”’ [citations], and (2) conduct
‘“motivated by an unnatural or abnormal sexual interest”’ in the victim [citations].” We
agree with appellant that the facts fail to demonstrate the prosecution satisfied the second
element….
Here, appellant posted three sexually explicit comments from the victim’s account. The
record makes no indication he attempted to contact the victim previously, or that he had
prior encounters with her that would indicate he was motivated by his sexual interest,
abnormal or otherwise. The juvenile court noted he had a girlfriend, and the probation
officer’s report indicates appellant intended his comments to be taken as a joke. We
conclude there is insufficient evidence to support the prosecution’s assertion that
appellant’s conduct was motivated by an unnatural or abnormal sexual interest in the
victim and therefore unlawful under section 647.6.
2. “Any Unlawful Purpose” Includes Causes of Action Under Civil Tort Law
Appellant contends the Legislature intended to limit “any unlawful purpose” to strictly
criminal conduct. We disagree….
Prior to the amendment, identity theft was a misdemeanor crime and had to specifically
involve the perpetrator’s use of the victim’s information “to obtain, or attempt to obtain,
credit, goods, or services” in the name of the victim without his or her consent. In adding
“for any unlawful purpose, including” before the clause beginning “to obtain,” the
amendment expanded the range of unlawful purposes for which a perpetrator could be
found guilty of committing identity theft and specifically denoted the non-exclusive nature
of the list of unlawful purposes set forth in the statute. The Legislature clearly intended to
greatly expand the scope of unlawful conduct underlying the identity theft offense.6…
6 In his reply brief, appellant raised for the first time the argument that section 528.5, which makes it a
misdemeanor to impersonate another person through an internet website for the purposes of harming,
intimidating, threatening, or defrauding another person, makes appellant’s conduct criminal. He argues that
his conduct was not criminal before section 528.5’s effective date, that is, before January 1, 2011.
419.
Libel is an intentional tort. Civil Code section 45 defines the civil tort of libel: “Libel is a
false and unprivileged publication by writing, printing, picture, effigy, or other fixed
representation to the eye, which exposes any person to hatred, contempt, ridicule, or
obloquy, or which causes him to be shunned or avoided, or which has a tendency to injure
him in his occupation.” Appellant practically concedes the point, arguing the “prosecution
proved only that [appellant] humiliated, embarrassed, and defamed [the victim].” Here,
appellant wrote sexually explicit and vulgar comments on the victims’ friends’ walls,
accessible by the victims’ friends and acquaintances, and purportedly as her. Appellant
clearly exposed the victim to hatred, contempt, ridicule and obloquy with his actions.9
3. Appellant’s Actions Establish an Unlawful Purpose Under Section 653m
Even assuming that a civil intentional tort failed to constitute an “unlawful purpose” for
purposes of section 530.5, appellant’s conduct was sufficient to satisfy section 530.5 based
on his conduct constituting a criminal offense under section 653m, subdivision (a)
(hereafter section 653m(a)).
Section 653m(a) states in pertinent part: “Every person who, with intent to annoy ... makes
contact by means of an electronic communication device with another and addresses to or
about the other person any obscene language ... is guilty of a misdemeanor.”
Section 653m, subdivision (c) (hereafter section 653m(c)) states in pertinent part: “Any
offense committed by use of an electronic communication device or medium, including the
Internet, may be deemed to have been committed when and where the electronic
communication or communications were originally sent or first viewed by the recipient.”
Appellant’s fraudulent posts as the victim would have shown up on her personal Facebook
page. He also altered her profile on her personal Facebook page. Section 653m(c) makes
clear the offense is committed as of sending the communication. Therefore, appellant
willfully obtained the victim’s Facebook password and then used that information for the
unlawful purpose of violating section 653m(a).
We note, however, that section 530.5 has different elements from section 528.5. Section 530.5 requires that
a person willfully obtain personal identifying information and use it for an unlawful purpose. Section 528.5 does
not include a requirement that a perpetrator obtain personal identifying information. As a result, a person could
violate section 528.5 by merely posting comments on a blog impersonating another person. There is no
requirement, under these circumstances, that the person obtain a password—a key distinction.
Further, section 528.5 does not require the perpetrator act with an unlawful purpose—merely that he or
she acted with the purpose of harming, intimidating, threatening, or defrauding a person. At least the terms
“harming” and “intimidating” do not necessarily have to be done for an unlawful purpose.
The act of willfully obtaining someone else’s password, and then using it for an unlawful purpose, justifies
more harsh treatment under section 530.5. We believe if appellant had committed these same acts after
January 1, 2011, he could have been charged under both sections 528.5 and 530.5. 9 At the disposition hearing, the victim’s mother read a statement from the victim, which stated: “[l]astb year,
when this started, I had people at school call me a slut and a whore. I had no idea what was going on or what I
had done to be called those names. [¶] After [appellant] was found guilty, some of his friends at school started
wearing “Team [Appellant]” shirts, saying I had made this up to get [appellant] in trouble.” She further related
that, “[appellant’s friends] have ruined half of my junior year and, now, my senior year of school. I used to love
going to school. Now, I dread dealing with this every day.”
420.
NOTES AND QUESTIONS
Unquestionably, the defendant engaged in bad behavior. Combined with the driving
incident, it also appears the defendant was making a series of poor choices. However, don’t
lose sight of the conclusion. This court says that the defendant feloniously stole the victim’s
identity by misusing a password to log into the victim’s Facebook account and post fake
messages in her name. Do you know anyone who has ever done something like that? Have
you? What percentage of teenagers would do something similar to Rolando’s prank if they
obtained a high school peer’s Facebook password?
Do you think there are, or should be, any constitutional limits on a prosecution like this?
As a further example of how broadly this ruling could apply to ordinary juvenile behavior,
see
Identity Theft, Redux. In In re E.D. 2019 WL 4060198 (Cal. App. Ct. 2019), a 12-year old
girl committed identity theft (violating both 530.5 and 528.5) by creating a fake Instagram
profile of her teacher.
In contrast to California’s, Oregon’s identity theft crime requires an intent to defraud, and
that element changed the outcome in this case:
Defendant created a Facebook account under the name of a teacher at Falcon
Heights Academy, A. To create the profile, defendant took pictures from A's
Facebook page—which was a public profile—as well as her first name. Once
the account was set up, defendant began contacting former students of A. The
messages were sexual and flirtatious…. Defendant claimed that he had
created the account in an effort to gain information about a woman he once
dated and used A’s pictures because it gave him “greater access.”
The court dismisses the identity theft charge:
it can be inferred that defendant intended to contact A’s former students for
personal reasons and that he intended to deceive them. It also can be inferred
that defendant did so with an awareness of the fact that he would injure A’s
reputation. However, “intent to defraud” requires more than a knowing or
even reckless mental state; it requires that a defendant act with a specific
intent—that is, a conscious objective—of causing the injury to another’s legal
rights or interest. On this record, no reasonable factfinder could infer that
defendant had the specific intent to cause injury to legal rights or interests of
A or her former students
State v. Horton, 291 Or. App. 65 (Or. Ct. App. 2018).
421.
The book concludes with a classic Internet Law opinion that offers many lessons for
us as lawyers and citizens.
Moreno v. Hanford Sentinel, Inc., 172 Cal. App. 4th 1125 (Cal. App. Ct. 2009).
The issue presented by this appeal is whether an author who posts an article on
myspace.com can state a cause of action for invasion of privacy and/or intentional infliction
of emotional distress against a person who submits that article to a newspaper for
republication. The trial court concluded not and sustained the demurrer to appellants’
complaint without leave to amend.
Appellants contend the republication constituted a public disclosure of private facts that
were not of legitimate public concern and thus was an invasion of privacy. Appellants note
that the republication included the author’s last name whereas the myspace.com posting
did not. Appellants further argue that the person who submitted the article to the
newspaper did so with the intent of punishing appellants and thus they have a claim for
intentional infliction of emotional distress.
As discussed in the published portion of this opinion, the trial court properly sustained the
demurrer without leave to amend to appellants’ invasion of privacy cause of action. The
facts contained in the article were not private. Rather, once posted on myspace.com, this
article was available to anyone with internet access. As discussed in the nonpublished
portion, the trial court should have overruled the demurrer to the intentional infliction of
emotional distress cause of action. Under the circumstances here, a jury should determine
whether the alleged conduct was outrageous. Accordingly, the judgment will be affirmed in
part and reversed in part.
[Cynthia Moreno guest-lecturing at Prof. Eric Goldman’s Internet Law course, Santa Clara
University School of Law, 2012]
422.
BACKGROUND…
Following a visit to her hometown of Coalinga, appellant, Cynthia Moreno, wrote “An ode to
Coalinga” (Ode) and posted it in her online journal on myspace.com. The Ode opens with
“the older I get, the more I realize how much I despise Coalinga” and then proceeds to make
a number of extremely negative comments about Coalinga and its inhabitants. Six days
later, Cynthia removed the Ode from her journal. At the time, Cynthia was attending the
University of California at Berkeley. However, Cynthia’s parents, appellants David and
Maria Moreno, and Cynthia’s sister, appellant Araceli Moreno, were living in Coalinga.
Araceli was a student at Coalinga High School.
Respondent, Roger Campbell, was the principal of Coalinga High School and an employee of
respondent, Coalinga-Huron Unified School District. The day after Cynthia removed the
Ode from her online journal, appellants learned that Campbell had submitted the Ode to
the local newspaper, the Coalinga Record, by giving the Ode to his friend, Pamela Pond.
Pond was the editor of the Coalinga Record.
The Ode was published in the Letters to the Editor section of the Coalinga Record. The Ode
was attributed to Cynthia, using her full name. Cynthia had not stated her last name in her
online journal.
The community reacted violently to the publication of the Ode. Appellants received death
threats and a shot was fired at the family home, forcing the family to move out of Coalinga.
Due to severe losses, David closed the 20-year-old family business.
Based on the publication of the Ode, appellants filed the underlying complaint alleging
causes of action for invasion of privacy and intentional infliction of emotional distress. In
addition to respondents, appellants named Lee Enterprises, Inc., Lee Enterprises
Newspapers, Inc., and Hanford Sentinel, Inc., the publishers of the Coalinga Record, as
defendants. However, these publisher defendants were dismissed following their motion to
strike the complaint as a SLAPP suit (strategic lawsuits against public participation)
pursuant to Code of Civil Procedure section 425.16. Appellants abandoned their appeal
from this judgment.
DISCUSSION
1. Appellants did not state a cause of action for invasion of privacy….
Here, the allegations involve a public disclosure of private facts. The elements of this tort
are: “‘(1) public disclosure (2) of a private fact (3) which would be offensive and objectionable
to the reasonable person and (4) which is not of legitimate public concern.’” The absence of
any one of these elements is a complete bar to liability.
a. Having been published on myspace.com, the Ode was not private.
As noted above, a crucial ingredient of the applicable invasion of privacy cause of action is a
public disclosure of private facts. A matter that is already public or that has previously
become part of the public domain is not private.
423.
Here, Cynthia publicized her opinions about Coalinga by posting the Ode on myspace.com,
a hugely popular internet site. Cynthia’s affirmative act made her article available to any
person with a computer and thus opened it to the public eye. Under these circumstances, no
reasonable person would have had an expectation of privacy regarding the published
material.
As pointed out by appellants, to be a private fact, the expectation of privacy need not be
absolute. Private is not equivalent to secret. “[T]he claim of a right of privacy is not ‘“so
much one of total secrecy as it is of the right to define one’s circle of intimacy—to choose
who shall see beneath the quotidian mask.”’ Information disclosed to a few people may
remain private.” Nevertheless, the fact that Cynthia expected a limited audience does not
change the above analysis. By posting the article on myspace.com, Cynthia opened the
article to the public at large. Her potential audience was vast.
That Cynthia removed the Ode from her online journal after six days is also of no
consequence. The publication was not so obscure or transient that it was not accessed by
others. The only place that Campbell could have obtained a copy of the Ode was from the
internet, either directly or indirectly.
Finally, Cynthia’s last name was not a private fact. Although her online journal only used
the name “Cynthia,” it is clear that her identity was readily ascertainable from her
MySpace page. Campbell was able to attribute the article to her from the internet source.
There is no allegation that Campbell obtained Cynthia’s identification from a private
source. In fact, Cynthia’s MySpace page included her picture. Thus, Cynthia’s identity as
the author of the Ode was public. In disclosing Cynthia’s last name, Campbell was merely
giving further publicity to already public information. Such disclosure does not provide a
basis for the tort.
b. The other members of Cynthia’s family do not have an independent cause of action for
invasion of privacy.
Based on the direct damages they allegedly incurred due to publication of the Ode,
Cynthia’s parents, David and Maria, and Cynthia’s sister, Araceli, argue that they have
standing to sue for invasion of privacy. However, because the publication of the Ode was
not an invasion of Cynthia’s privacy, these appellants cannot state a claim based on the
same alleged invasion.
Moreover, the right of privacy is purely personal. It cannot be asserted by anyone other
than the person whose privacy has been invaded. Thus, even if Cynthia did have an
invasion of privacy claim, David, Maria and Araceli would not have standing. The Coalinga
Record did not identify David, Maria and Araceli when it published the Ode. Their invasion
of privacy claim is primarily based on their relationship to Cynthia and the community
reaction to Cynthia’s opinions, not on respondents’ conduct directed toward them.
424.
In sum, because the Ode was not private, appellants’ claim is precluded under California
privacy tort law.4 Accordingly, the trial court properly sustained the demurrer to the
invasion of privacy cause of action.
2. A jury must determine whether respondents’ conduct was sufficiently extreme and
outrageous to result in liability for intentional infliction of emotional distress.*
“The elements of a cause of action for intentional infliction of emotional distress are (1)
outrageous conduct by the defendant, (2) intention to cause or reckless disregard of the
probability of causing emotional distress, (3) severe emotional suffering, and (4) actual and
proximate causation of the emotional distress.”
To be outrageous, conduct must be so extreme that it exceeds all bounds of that usually
tolerated in a civilized community. However, conduct that might not otherwise be
considered extreme and outrageous may be found to be so if a (1) defendant abuses a
relation or position that gives him power to damage the plaintiff’s interest; (2) knows the
plaintiff is susceptible to injuries through mental distress; or (3) acts intentionally or
unreasonably with the recognition that the acts are likely to result in illness through
mental distress.
It is for the court to determine in the first instance whether the defendant’s conduct may
reasonably be regarded as so extreme and outrageous as to permit recovery. In making this
determination, the court employs an objective standard applied to the actual conduct, i.e.,
how reasonable people might view it, excluding from that category those who are either
overly sensitive or callous. But, “‘[w]here reasonable men may differ, it is for the jury,
subject to the control of the court, to determine whether, in the particular case, the conduct
has been sufficiently extreme and outrageous to result in liability.’” Here, the trial court
concluded that Campbell’s conduct did not meet the standard of outrageousness necessary
to constitute a cause of action for intentional infliction of emotional distress as a matter of
law.
In stating their claim for intentional infliction of emotional distress, appellants alleged that
Campbell submitted the Ode to the Coalinga Record, knowing he did not have permission
to do so. Appellants further alleged that Campbell engaged in this act to punish appellants
for the contents of the Ode and intended to cause them emotional distress. Appellants
contend that this conduct was extreme and outrageous, especially in light of Campbell’s
position as Araceli’s principal.
Since this appeal is from the sustaining of a demurrer without leave to amend, this court
must assume the truth of appellants’ allegations against Campbell. Based on these
allegations, we conclude that reasonable people may differ on whether Campbell’s actions
were extreme and outrageous. Accordingly, it is for a jury to make this determination.
Thus, the trial court erred in sustaining the demurrer to the intentional infliction of
emotional distress cause of action….
4 Whether the publication of the Ode infringed on any federal copyright protection the Ode may have had is not
before this court and we express no opinion on that issue. * [Editor’s note: this portion of the opinion was not certified for publication.]
425.
NOTES AND QUESTIONS
The Full Text of Moreno’s Post as Published in the Coalinga Record:
An ode to Coalinga
So, after three years, I decided to go to Coalinga for the football homecoming.
I didn’t go to see who I would run into, because running into friends from the
past is inevitable. I have to say, that the older I get, the more I realize how
much I despise Coalinga.
Every time I look at where I am at, where I am going and what I have
become, I can’t help but look at everyone else as if they haven’t matured nor
broken out of the Coalinga norms; I don’t blame them. Its actually a little
pathetic and sad! These people have a lot, and I mean, a lot to learn, alot to
experience, and more to overcome. They are merely beginning new phases in
their lives that will prove more difficult as time goes by. I don’t give them my
sympathy for I was always two steps ahead of the game; always had the
advantage of being far and secluded from everyone in Coalinga because I had
ambitions and aspirations that kept me focused. I never diverted from what
was more important in my life; and with that note, I still haven’t.
I’m on my way to becoming a lawyer. One bad *** corporate latina lawyer
who is not going to take *** from anyone, or anything. Ill be up there soon
enough to help out mi rata in every way possible. Looking back at the people
I saw in Coalinga this weekend...I pity them. They say that the friendships
you make in college are the ones that are true and the ones that last a
lifetime. I’m a firm believer in that.
When I look back to my friends from Coalinga, I don’t miss a single moment
with them because the moments were never real. Instead, I find that here in
college, I am immersed in an intellectual environment where individuals here
value hard work and commitment in all aspects of their lives, and who have
worked their asses off to come to a school as prestigious as UCB...those are
the friends I admire; the people who can hold conversations of substance and
value…people whom are going to be doctors, and lawyers, politicians,
psychologists, etc...in a society where we will all stand aside one another
because we have all been through the educational struggles similarly.
I don’t care much for Coalinga. or the people that reside there or the friends I
used to have while being there. In comparison to my college friends, they are
nothing, were nothing, and remain nothing. In a nutshell, their histories and
reputations are so denigrating and their focuses are set on such superficial
and unimportant things that breaking out of it for an instant scares
them....it’s no wonder they always come back to Coalinga...they can never be
strong enough to befriend any one else in other places, unless its through
others, or stand alone or for themselves to become accomplished. They can’t
do it without their “cliques” their “gossip” and especially their ‘jealousy.” The
426.
sight of success is unbeknownst to them, just as much as their fervor for
being involved with others businesses abhors me. Why don’t they focus on
themselves and see their status in society? Its nothing...so get over
yourselves. How terribly sad. It must be a small town thing...or maybe a
close-minded group of individuals who are afraid of change. I think inside
these individuals (and you all know who you are) know they can’t make it in
life. Their only way of success is by criticizing those around them, as if doing
so will make them feel better about themselves. You all have alot to learn...I
pray to God that you see the light one day. Because when you do, (even if you
never do), we are all going to be on top. You think you got us fooled? Im a
smarter cookie than you think.
So for an ode to Coalinga; I have none. I only value the few that have
contributed to my success, those teachers, mentors and family who have kept
the positive path looking brighter and brighter. Who the hell wouldn’t want
to get out of Coalinga to come to a school like CAL...and experience
everything that I have thus far? That’s right ******...envy me because thats
all you can do....literally, that is all you can do...and I mean that on more
than one symbolic level and interpret and talk about this like you never have
before, because that is all that you really can do...talk nonsense **** because
you are nothing....
So glad to be out of that damn town!
Gracias a dios,
Cynthia Moreno
Editor’s Note
It saddens us to know that a product of this community, a community that
takes such pride in its youth, would have such negative thoughts of what was
once their home. This article was found on the Internet and submitted for
publication.
Questions. In addition to the claims discussed above, did Moreno have any other claims she
could have brought? Did MySpace have any legal claims?
Moreno claims she had configured MySpace’s privacy settings so that her Ode was only
shared with her “friends,” about 300 people, and not the world at large. If true, do you think
that should change the legal analysis? Is it possible to share something “privately” with
hundreds of people?
Denouement. In September 2010, a jury ruled that Campbell acted outrageously but did not
award any damages. Separately, Principal Campbell was promoted to superintendent of the
Coalinga-Huron Joint Unified School District.
Pamela Pond was fired from the newspaper for her decision to republish Moreno’s post.
Moreno academically disqualified from UC Berkeley due to the stress caused by the
newspaper publication and community reaction, but she regained admittance after some
427.
time at a local community college and ultimately graduated. She became a reporter for the
Fresno Spanish-language newspaper Vida en el Valle and a television personality for
Univision. As of 2020, she works in California’s Department of Motor Vehicles as a public
relations executive. However, she has not (yet) become a bad-ass corporate Latina lawyer.
Further, as of 2012 (7 years after the posting), her family still was wrestling with the
consequences of the post, especially her sister Araceli.
For more on Cynthia Moreno’s story, see:
a video of her guest lecture to Prof. Eric Goldman’s Internet Law course, November
2012: https://youtu.be/pg2JNZlMbk0
PowerPoint slides from her 2012 guest lecture:
http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?filename=0&article=1211&co
ntext=historical&type=additional
photos from her 2012 guest lecture:
https://secure.flickr.com/photos/81901130@N03/sets/72157632273484970/
428.
REVIEW QUESTION ANSWERS
Chapter 1, Q1: (c), (d) and (e) are all examples of Internet exceptionalism. Applying
employment laws to sharing economy services doesn’t purport to treat Uber any differently
than offline transportation services. Imposing a bed tax on hotels, both online and off, isn’t
exceptionalism, even if Airbnb doesn’t function like a normal hotel. In (c), (d) and (e), the
rules treat the actor differently solely because it works online.
Chapter 1, Q2: All of them! With respect to credit card numbers, the first few digits of
Mastercard and Visa numbers tell you what bank issued the card. See, e.g.,
https://www.nerdwallet.com/article/credit-cards/how-to-decode-credit-card-number. Using
this information, it’s possible to determine the bank’s country of origin. Because banks
typically issue credit cards only in that country, the credit card number could be used to
determine the user’s country.
With respect to social security numbers, the first few digits are dictated by the registrant’s
geography. See, e.g., https://www.eff.org/pages/structure-social-security-numbers.
Chapter 2, Q1: (e). Typically, the ability to make purchases from an e-commerce website
does not create general jurisdiction in the buyer’s state because there’s no physical presence
or the virtual equivalent of it. Furthermore, specific jurisdiction should not be available for
a slip-and-fall case because there is no connection between the website and the tort.
Chapter 3, Q1: Yes. See CX Digital Media, Inc. v. Smoking Everywhere, Inc., 2011 WL
1102782 (S.D. Fl. 2011).
Chapter 3, Q2:
(a) I think this is a properly executed clickthrough agreement and the terms of the “user
agreement” are part of the contract.
(b) I think this is not a contract and that courts would characterize it as an unenforceable
“browsewrap.”
(c) This implementation is missing a call-to-action connecting the “terms and conditions” in
the scrollbox to the checkbox or the “continue” button. As a result, users are only bound to
the language to the right of each checkbox, not the “terms and conditions.” See Small
Justice v. Xcentric Ventures, 99 F. Supp. 3d 190 (D. Mass. 2015); see also Sgouros v.
TransUnion Corp., 817 F.3d 1029 (7th Cir. 2016).
(d) Yes. See Pincaro v. Glassdoor, Inc., 2017 WL 4046317 (S.D.N.Y. 2017). However, this is
an old-school implementation that could be modified to increase its odds of enforceability.
What changes would you recommend Glassdoor make?
Chapter 4, Q1: Under California law, there probably is no common law trespass to chattel
claim unless Shamazon can show that it suffered some damage to its computer systems. If
the independent contractor automated the price gathering process and the automated
inquiries overloaded Shamazon’s systems, showing harm to the computer systems might be
a possibility. Otherwise, a California-based common law trespass to chattels claim will fail.
429.
Outside of California, Shamazon’s common law trespass to chattels claim might succeed if
it can show that it provided sufficient notice to the independent contractor that it didn’t
want their activity. The disclosure in the terms of use might be sufficient, though a judge
could feel it was too obscure and more prominent disclosures were required. A cease-and-
desist letter from Shamazon would likely constitute sufficient notice even if the terms of
use didn’t. A court might also want to see Shamazon take some form of technological self-
help, such as efforts to block the contractors’ IP addresses, before granting an injunction.
Note the ambiguity about whether Shamazon could pursue Bet directly, or if Shamazon’s
only recourse would be against the independent contractors. Unless the contractors are
Bet’s agents, it’s possible there would be no legal theory extending common law liability to
Bet.
Also note the public policy concerns hanging over Shamazon’s actions. Bet’s activities are
designed to promote price competition, so Shamazon’s actions are fundamentally anti-
consumer. Would the public policy implications sway a judge?
Shamazon’s CFAA success may depend on whether it can show (1) $5,000 worth of damage,
and (2) a lack of authorization. Nosal I indicated that a website’s terms of use, without
more, can’t deprive a user of authorization, so arguably there is no CFAA violation.
However, Nosal II suggests that Bet could still be in trouble if it relied upon contractors to
deliberately work around its lack of authorization. Furthermore, the Power Ventures ruling
suggests that Shamazon could easily remove authorization with a cease-and-desist letter.
If the notice was sufficient, Shamazon would seemingly have a prima facie case under
Penal Code § 502, at least against the contractor.
Chapter 4, Q2: First, has the bank suffered any damage for CFAA purposes? In Scenario
(a), it’s hard to see any harm to the bank. In Scenario (b), we’d need to know if Karen will
bear all of the loss of the looting or if the bank will bear some or all of the responsibility. If
the bank bears no responsibility, has it suffered a cognizable loss?
If we believe Nosal I, then Karen’s violation of its Terms of Use should not constitute a lack
of authorization. Even in Scenario (b), where Joe is accessing the bank account for improper
purposes, it’s not clear the Terms of Use delimit his server access rights. Of course, in
Scenario (b), Joe likely broke many other laws, but the CFAA may not apply.
Chapter 5, Q1: all of these are potentially eligible for copyright protection except the Yelp
star rating, which as a single number shouldn’t have sufficient expression to qualify as a
work of authorship. Advertisements, emails, text messages, and even tweets may be
copyrightable if they have sufficient expression to constitute a work of authorship. A single
word text message shouldn’t be copyrightable, but a text message or email with a few
sentences probably would be. An individual emoji is potentially copyrightable, though it
may be debatable who owns the copyright. See Eric Goldman, Emojis and the Law, 93
WASH. L. REV. 1227 (2018), https://ssrn.com/abstract=3133412. A selfie is typically
copyrightable by the photographer.
430.
Chapter 5, Q2: (e). The designation of an agent with the Copyright Office is a prerequisite
for the safe harbor, so the failure to make the designation categorically bars the safe
harbor. A subsequent designation can potentially start the safe harbor at the point of
designation but won’t revitalize the safe harbor for any user-caused infringement before the
designation. Because the designation is a separate required formality, (a) is incorrect. See
BWP Media USA, Inc. v. Hollywood Fan Sites LLC, 115 F. Supp. 3d 397 (S.D.N.Y. 2015).
Lesson: if you want the § 512(c) safe harbor, check, double-check and triple-check that you
comply with each and every requirement—and make sure you track the expiration of
designations.
Chapter 6, Q1: all of these items could become a trademark with the possible exception of
a meme GIF, which rarely acts as a designator of the source of goods/services in the
marketplace. Meme GIFs are more likely protectable (if at all) under copyright law. For the
other items to qualify for trademark protection, they would need to be used in commerce as
source designators; and if they are descriptive, they would need to achieve secondary
meaning (i.e., consumers recognize the brand as uniquely identifying one vendor in the
marketplace). That may be tricky for some items, like a hashtag, which is rarely used as a
source designator and, if descriptive, may not achieve secondary meaning. See Alexandra J.
Roberts, Tagmarks, 105 CALIF. L. REV. 599 (2017).
Chapter 8, Q1: Unless the claim fits into one of the statutory exceptions (IP, ECPA,
federal criminal prosecutions, FOSTA), Section 230 should apply to all of these scenarios.
Chapter 8, Q2: Yes. See, e.g., Fields v. Twitter, Inc., 217 F. Supp. 3d 1116 (N.D. Cal. Nov.
18, 2016); Cohen v. Facebook, Inc., 252 F. Supp. 3d 140 (E.D.N.Y. 2017); Crosby v. Twitter,
Inc., 303 F. Supp. 3d 564 (E.D. Mich. 2018).
Chapter 8, Q3: None of these. Regarding (a), Google has adopted a voluntary policy to
delete social security numbers (see
https://support.google.com/websearch/answer/2744324?hl=en), but it cannot be compelled to
do so. Regarding (b), if the photo was a selfie, or if the depicted individual otherwise owns
the copyright, then Section 512(c)/(d)’s notice-and-takedown provision would apply; but
most people don’t own the copyrights to the photos of themselves, so ordinarily the depicted
individual can’t scrub a photo of themselves. Regarding (e), even if California’s online
eraser law applied, the takedown right does not extend to third-party sites the content may
have migrated to.